def test_cookie_tampering_future_timestamp(self):
handler = CookieTestRequestHandler()
# this string base64-encodes to '12345678'
handler.set_secure_cookie('foo', binascii.a2b_hex(b'd76df8e7aefc'))
cookie = handler._cookies['foo']
match = re.match(br'12345678\|([0-9]+)\|([0-9a-f]+)', cookie)
self.assertTrue(match)
timestamp = match.group(1)
sig = match.group(2)
self.assertEqual(
_create_signature(handler.application.settings["cookie_secret"],
'foo', '12345678', timestamp),
sig)
# shifting digits from payload to timestamp doesn't alter signature
# (this is not desirable behavior, just confirming that that's how it
# works)
self.assertEqual(
_create_signature(handler.application.settings["cookie_secret"],
'foo', '1234', b'5678' + timestamp),
sig)
# tamper with the cookie
handler._cookies['foo'] = utf8('1234|5678%s|%s' % (
to_basestring(timestamp), to_basestring(sig)))
# it gets rejected
with ExpectLog(gen_log, "Cookie timestamp in future"):
self.assertTrue(handler.get_secure_cookie('foo') is None)
def test_cookie_tampering_future_timestamp(self):
handler = CookieTestRequestHandler()
# this string base64-encodes to '12345678'
handler.set_secure_cookie('foo', binascii.a2b_hex(b('d76df8e7aefc')))
cookie = handler._cookies['foo']
match = re.match(b(r'12345678\|([0-9]+)\|([0-9a-f]+)'), cookie)
self.assertTrue(match)
timestamp = match.group(1)
sig = match.group(2)
self.assertEqual(
_create_signature(handler.application.settings["cookie_secret"],
'foo', '12345678', timestamp),
sig)
# shifting digits from payload to timestamp doesn't alter signature
# (this is not desirable behavior, just confirming that that's how it
# works)
self.assertEqual(
_create_signature(handler.application.settings["cookie_secret"],
'foo', '1234', b('5678') + timestamp),
sig)
# tamper with the cookie
handler._cookies['foo'] = utf8('1234|5678%s|%s' % (
to_basestring(timestamp), to_basestring(sig)))
# it gets rejected
self.assertTrue(handler.get_secure_cookie('foo') is None)
def handle_stream(self, stream, address):
self.selected_db = 0
self._stream = stream
CRLF = b'\r\n'
n_args = yield gen.Task(stream.read_until, CRLF)
n_args = to_basestring(n_args)
while n_args and n_args[0] == '*':
yield gen.Task(stream.read_until, CRLF)
command = yield gen.Task(stream.read_until, CRLF)
command = to_basestring(command)
# Read command arguments
arg_num = int(n_args.strip()[1:]) - 1
if arg_num > 0:
for __ in range(0, arg_num):
# read the $N line
yield gen.Task(stream.read_until, CRLF)
# read the argument line
arg = yield gen.Task(stream.read_until, CRLF)
arg = to_basestring(arg)
if command == 'SELECT\r\n':
self.selected_db = int(arg.strip())
stream.write(b'+OK\r\n')
# Read the next command
n_args = yield gen.Task(stream.read_until, CRLF)
n_args = to_basestring(n_args)
def _oauth_request_parameters(self, url, access_token, parameters={},
method="GET"):
"""Returns the OAuth parameters as a dict for the given request.
parameters should include all POST arguments and query string arguments
that will be sent with the request.
"""
consumer_token = self._oauth_consumer_token()
base_args = dict(
oauth_consumer_key=escape.to_basestring(consumer_token["key"]),
oauth_token=escape.to_basestring(access_token["key"]),
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(binascii.b2a_hex(uuid.uuid4().bytes)),
oauth_version="1.0",
)
args = {}
args.update(base_args)
args.update(parameters)
if getattr(self, "_OAUTH_VERSION", "1.0a") == "1.0a":
signature = _oauth10a_signature(consumer_token, method, url, args,
access_token)
else:
signature = _oauth_signature(consumer_token, method, url, args,
access_token)
base_args["oauth_signature"] = escape.to_basestring(signature)
return base_args
def _oauth_request_token_url(self, callback_uri=None, extra_params=None):
consumer_token = self._oauth_consumer_token()
url = self._OAUTH_REQUEST_TOKEN_URL
args = dict(
oauth_consumer_key=escape.to_basestring(consumer_token["key"]),
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(
binascii.b2a_hex(uuid.uuid4().bytes)),
oauth_version=getattr(self, "_OAUTH_VERSION", "1.0a"),
)
if getattr(self, "_OAUTH_VERSION", "1.0a") == "1.0a":
if callback_uri == "oob":
args["oauth_callback"] = "oob"
elif callback_uri:
args["oauth_callback"] = urlparse.urljoin(
self.request.full_url(), callback_uri)
if extra_params:
args.update(extra_params)
signature = _oauth10a_signature(consumer_token, "GET", url, args)
else:
signature = _oauth_signature(consumer_token, "GET", url, args)
args["oauth_signature"] = signature
x = url + "?" + urllib.urlencode(args)
print "XXX", x
return x
def handle_stream(self, stream, address):
self.selected_db = 0
self._stream = stream
CRLF = b'\r\n'
n_args = yield gen.Task(stream.read_until, CRLF)
n_args = to_basestring(n_args)
while n_args and n_args[0] == '*':
yield gen.Task(stream.read_until, CRLF)
command = yield gen.Task(stream.read_until, CRLF)
command = to_basestring(command)
# Read command arguments
arg_num = int(n_args.strip()[1:]) - 1
if arg_num > 0:
for __ in range(0, arg_num):
# read the $N line
yield gen.Task(stream.read_until, CRLF)
# read the argument line
arg = yield gen.Task(stream.read_until, CRLF)
arg = to_basestring(arg)
if command == 'SELECT\r\n':
self.selected_db = int(arg.strip())
stream.write(b'+OK\r\n')
# Read the next command
n_args = yield gen.Task(stream.read_until, CRLF)
n_args = to_basestring(n_args)
def _oauth_request_token_url(
self,
callback_uri: Optional[str] = None,
extra_params: Optional[Dict[str, Any]] = None,
) -> str:
handler = cast(RequestHandler, self)
consumer_token = self._oauth_consumer_token()
url = self._OAUTH_REQUEST_TOKEN_URL # type: ignore
args = dict(
oauth_consumer_key=escape.to_basestring(consumer_token["key"]),
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(
binascii.b2a_hex(uuid.uuid4().bytes)),
oauth_version="1.0",
)
if getattr(self, "_OAUTH_VERSION", "1.0a") == "1.0a":
if callback_uri == "oob":
args["oauth_callback"] = "oob"
elif callback_uri:
args["oauth_callback"] = urllib.parse.urljoin(
handler.request.full_url(), callback_uri)
if extra_params:
args.update(extra_params)
signature = _oauth10a_signature(consumer_token, "GET", url, args)
else:
signature = _oauth_signature(consumer_token, "GET", url, args)
args["oauth_signature"] = signature
return url + "?" + urllib.parse.urlencode(args)
async def get(self):
args = self.request.arguments
url = to_basestring(args.get('url')[0])
selector = to_basestring(args.get('selector')[0])
if args is None:
self.finish(None)
return
if not urlparse(url).scheme:
url = 'http://' + url
headers = {
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5)'
}
http_client = AsyncHTTPClient()
response = await http_client.fetch(url, headers=headers)
soup = BeautifulSoup(response.body, features="html.parser")
selection = soup.body
if selector:
selection = soup.select(selector)
if not selection:
self.finish(None)
return
elif isinstance(selection, Tag):
selection = [selection]
data = ' '.join([tag.get_text() for tag in selection])
self.finish({
'data': data,
'counts': get_counts(data),
})
def _oauth_access_token_url(self, request_token: Dict[str, Any]) -> str:
consumer_token = self._oauth_consumer_token()
url = self._OAUTH_ACCESS_TOKEN_URL # type: ignore
args = dict(
oauth_consumer_key=escape.to_basestring(consumer_token["key"]),
oauth_token=escape.to_basestring(request_token["key"]),
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(binascii.b2a_hex(uuid.uuid4().bytes)),
oauth_version="1.0",
)
if "verifier" in request_token:
args["oauth_verifier"] = request_token["verifier"]
if getattr(self, "_OAUTH_VERSION", "1.0a") == "1.0a":
signature = _oauth10a_signature(
consumer_token, "GET", url, args, request_token
)
else:
signature = _oauth_signature(
consumer_token, "GET", url, args, request_token
)
args["oauth_signature"] = signature
return url + "?" + urllib.parse.urlencode(args)
def _oauth_request_token_url(self, callback_uri=None, extra_params=None):
consumer_token = self._oauth_consumer_token()
url = self._OAUTH_REQUEST_TOKEN_URL
args = dict(
oauth_consumer_key=escape.to_basestring(consumer_token["key"]),
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(binascii.b2a_hex(uuid.uuid4().bytes)),
oauth_version=getattr(self, "_OAUTH_VERSION", "1.0a"),
)
if getattr(self, "_OAUTH_VERSION", "1.0a") == "1.0a":
if callback_uri == "oob":
args["oauth_callback"] = "oob"
elif callback_uri:
args["oauth_callback"] = urlparse.urljoin(
self.request.full_url(), callback_uri)
if extra_params:
args.update(extra_params)
signature = _oauth10a_signature(consumer_token, "GET", url, args)
else:
signature = _oauth_signature(consumer_token, "GET", url, args)
args["oauth_signature"] = signature
x = url + "?" + urllib.urlencode(args)
print "XXX", x
return x
def _oauth_request_token_url(
self, callback_uri: str = None, extra_params: Dict[str, Any] = None
) -> str:
handler = cast(RequestHandler, self)
consumer_token = self._oauth_consumer_token()
url = self._OAUTH_REQUEST_TOKEN_URL # type: ignore
args = dict(
oauth_consumer_key=escape.to_basestring(consumer_token["key"]),
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(binascii.b2a_hex(uuid.uuid4().bytes)),
oauth_version="1.0",
)
if getattr(self, "_OAUTH_VERSION", "1.0a") == "1.0a":
if callback_uri == "oob":
args["oauth_callback"] = "oob"
elif callback_uri:
args["oauth_callback"] = urllib.parse.urljoin(
handler.request.full_url(), callback_uri
)
if extra_params:
args.update(extra_params)
signature = _oauth10a_signature(consumer_token, "GET", url, args)
else:
signature = _oauth_signature(consumer_token, "GET", url, args)
args["oauth_signature"] = signature
return url + "?" + urllib.parse.urlencode(args)
def _oauth_request_parameters(
self,
url: str,
access_token: Dict[str, Any],
parameters: Dict[str, Any] = {},
method: str = "GET",
) -> Dict[str, Any]:
"""Returns the OAuth parameters as a dict for the given request.
parameters should include all POST arguments and query string arguments
that will be sent with the request.
"""
consumer_token = self._oauth_consumer_token()
base_args = dict(
oauth_consumer_key=escape.to_basestring(consumer_token["key"]),
oauth_token=escape.to_basestring(access_token["key"]),
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(
binascii.b2a_hex(uuid.uuid4().bytes)),
oauth_version="1.0",
)
args = {}
args.update(base_args)
args.update(parameters)
if getattr(self, "_OAUTH_VERSION", "1.0a") == "1.0a":
signature = _oauth10a_signature(consumer_token, method, url, args,
access_token)
else:
signature = _oauth_signature(consumer_token, method, url, args,
access_token)
base_args["oauth_signature"] = escape.to_basestring(signature)
return base_args
def _oauth_access_token_url(self, request_token: Dict[str, Any]) -> str:
consumer_token = self._oauth_consumer_token()
url = self._OAUTH_ACCESS_TOKEN_URL # type: ignore
args = dict(
oauth_consumer_key=escape.to_basestring(consumer_token["key"]),
oauth_token=escape.to_basestring(request_token["key"]),
oauth_signature_method="HMAC-SHA1",
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(binascii.b2a_hex(uuid.uuid4().bytes)),
oauth_version="1.0",
)
if "verifier" in request_token:
args["oauth_verifier"] = request_token["verifier"]
if getattr(self, "_OAUTH_VERSION", "1.0a") == "1.0a":
signature = _oauth10a_signature(
consumer_token, "GET", url, args, request_token
)
else:
signature = _oauth_signature(
consumer_token, "GET", url, args, request_token
)
args["oauth_signature"] = signature
return url + "?" + urllib.parse.urlencode(args)
def get_request_data(self):
"""
获取请求数据。
客户端请求需在请求体中包含 data 属性,例如 $.ajax({url: url, data: {data: some_obj}...
"""
if 'data' not in self.request.body_arguments:
body = b'{"data":' in self.request.body and json_util.loads(
to_basestring(self.request.body)).get('data')
else:
body = json_util.loads(
to_basestring(self.get_body_argument('data')))
return body or {}
def _parse_json(handler):
if request_arg is None:
s = to_basestring(handler.request.body)
else:
arg = handler.get_argument(request_arg, None)
if arg is None and not optional_request_arg:
raise HTTPError(400,
"Argument missing: {}".format(request_arg))
s = to_basestring(arg)
return parse_json(
s,
underscore_case=underscore_case,
object_dict_wrapper=object_dict_wrapper) if s else None
def parse_body(self):
content_type = self.get_content_type()
if content_type == 'application/graphql':
return {'query': to_basestring(self.request.body)}
elif content_type == 'application/json':
try:
request_json = json_decode(self.request.body)
except Exception as e:
raise HttpBadRequestError(
'The received data is not a valid JSON query.',
reason=str(e))
if self.batch:
assert isinstance(request_json, list), (
'Batch requests should receive a list, but received {}.'
).format(repr(request_json))
assert len(request_json) > 0, (
'Received an empty list in the batch request.')
else:
assert isinstance(
request_json,
dict), ('The received data is not a valid JSON query.')
return request_json
elif content_type in ('application/x-www-form-urlencoded',
'multipart/form-data'):
return {
k: self.decode_argument(v[0])
for k, v in self.request.arguments.items()
}
return {}
def post(self):
uid = self.get_current_user(info=False)
if not uid:
self.return_json_by_num('002', finish=True)
return
page = self.get_argument('page', 1)
user_activity = UserActivity()
total = user_activity.getActivityTotalByUid(uid)
#分页
page_obj = Page(total_entries=int(total), entries_per_page=int(options.page_limit['activity_limit']), current_page=page)
page_obj.current_page(page)
user_activity_list = user_activity.getActivities(uid, page_obj.current_page())
if not user_activity_list:
self.return_json_by_num('054', finish=True)
return
page_str = page_obj.getPageStr('/ucenter/userActs')
self._context.page_str = page_str
self._context.page_class = 'pagination pagination-sm'
self._context.page_style = 'margin:0px;'
user_activities = {'code': 'success'}
user_activities["res"] = escape.to_basestring(self.render_string("ucenter/include/activity_list.html", user_activity_list=user_activity_list))
self.write(user_activities)
self.finish()
return
def _handle_response(r, handle_response, handle_error, binary_res, params_for_handler):
if r.error:
return handle_error(r.error)
else:
try:
sc = r.headers._dict.get('Set-Cookie') if hasattr(r.headers, '_dict') else r.headers.get('Set-Cookie')
if sc:
text = native_str(sc)
text = re.sub(r'Path=/(,)?', '', text)
global_cookie.update(Cookie.SimpleCookie(text))
while True:
global_cookie.update(Cookie.SimpleCookie(text))
if ',' not in text:
break
text = text[text.find(',') + 1:]
if binary_res and r.body:
return handle_response(r.body, **params_for_handler)
else:
try:
body = str(r.body, encoding='utf-8').strip()
except UnicodeDecodeError:
body = str(r.body, encoding='gb18030').strip()
except TypeError:
body = to_basestring(r.body).strip()
return _handle_body(body, params_for_handler, handle_response, handle_error)
except ValueError as err:
return handle_error(str(err))
except Exception as err:
# err = '错误(%s): %s' % (err.__class__.__name__, str(err))
traceback.print_exc()
return handle_error(err)
def b64_decode(val):
val = utf8(val)
result = base64.b64decode(val)
return to_basestring(result)
def __repr__(self):
identity = inspect(self).identity
if identity is None:
pk = "(transient {0})".format(id(self))
else:
pk = ', '.join(to_basestring(value) for value in identity)
return '<{0} {1}>'.format(type(self).__name__, pk)
def _parse_json(request):
s = to_basestring(request.body)
if underscore_case:
json_dict = json.loads(s, object_hook=_process_camel_case)
else:
json_dict = json.loads(s)
return ObjectDict(json_dict)
def process_data(self, data, cmd_line):
data = to_basestring(data)
data = data[:-2] # strip \r\n
if data == '$-1':
response = None
elif data == '*0' or data == '*-1':
response = []
else:
head, tail = data[0], data[1:]
if head == '*':
return partial(self.consume_multibulk, int(tail), cmd_line)
elif head == '$':
return partial(self._consume_bulk, tail)
elif head == '+':
response = tail
elif head == ':':
response = int(tail)
elif head == '-':
if tail.startswith('ERR'):
tail = tail[4:]
response = ResponseError(tail, cmd_line)
else:
raise ResponseError('Unknown response type %s' % head,
cmd_line)
return response
def callback(r):
if r.error:
if handle_error:
handle_error(r.error)
else:
self.render('_error.html',
code=500,
message='错误1: ' + str(r.error))
else:
try:
if binary_response and r.body:
handle_response(r.body, **params_for_handler)
else:
try:
body = str(r.body, encoding='utf-8').strip()
except UnicodeDecodeError:
body = str(r.body, encoding='gb18030').strip()
except TypeError:
body = to_basestring(r.body).strip()
self._handle_body(body, params_for_handler,
handle_response, handle_error)
except Exception as err:
err = '错误(%s): %s' % (err.__class__.__name__, str(err))
if handle_error:
handle_error(err)
else:
self.render('_error.html', code=500, message=err)
def format_command(self, *tokens, **kwargs):
cmds = []
for t in tokens:
e_t = self.encode(t)
e_t_s = to_basestring(e_t)
cmds.append('$%s\r\n%s\r\n' % (len(e_t), e_t_s))
return '*%s\r\n%s' % (len(tokens), ''.join(cmds))
def format_command(self, *tokens, **kwargs):
cmds = []
for t in tokens:
e_t = self.encode(t)
e_t_s = to_basestring(e_t)
cmds.append('$%s\r\n%s\r\n' % (len(e_t), e_t_s))
return '*%s\r\n%s' % (len(tokens), ''.join(cmds))
def process_data(self, data, cmd_line):
data = to_basestring(data)
data = data[:-2] # strip \r\n
if data == '$-1':
response = None
elif data == '*0' or data == '*-1':
response = []
else:
head, tail = data[0], data[1:]
if head == '*':
return partial(self.consume_multibulk, int(tail), cmd_line)
elif head == '$':
return partial(self._consume_bulk, tail)
elif head == '+':
response = tail
elif head == ':':
response = int(tail)
elif head == '-':
if tail.startswith('ERR'):
tail = tail[4:]
response = ResponseError(tail, cmd_line)
else:
raise ResponseError('Unknown response type %s' % head,
cmd_line)
return response
def b64_decode(val):
val = utf8(val)
result = base64.b64decode(val)
return to_basestring(result)
def update_modules(fobjs):
timestamp = long(time.time())
mods = {}
for filename, pybody in fobjs:
filename = filename
fname, _, suffix = filename.rpartition('.')
assert suffix == 'py', '文件名:%r, 只接受 ".py" 后缀文件名.' % filename
for c in fname:
i = ord(c)
assert MODULE_NAME_VALID_CHCKS[
i], '修改模块名,c:%c[%d] filename:%r, fname:%r, iname:%r, 合法字符集为:大写字母[A-Z],小写字母[a-z],数字[0-9],下划线"_"' % (
c, i, filename, fname, [ord(c) for c in fname])
fname = escape.to_basestring(fname)
rpath = os.path.abspath(os.sep.join([MODULES_DIR, '%s.dat' % fname]))
codeobject = builtins.compile(pybody,
'<string>',
'exec',
dont_inherit=True)
with open(rpath, 'wb') as datf:
datf.write('\0\0\0\0')
wr_long(datf, timestamp)
dumps = marshal.dumps(codeobject)
fobj = StringIO()
gzf = gzip.GzipFile(fileobj=fobj, mode='wb')
gzf.write(dumps)
gzf.flush()
gzf.close()
datf.write(fobj.getvalue())
datf.flush()
datf.seek(0, 0)
datf.write(MAGIC)
datf.flush()
mods[escape.to_basestring(fname)] = Vmodel(fname,
load_dat(fname, rpath))
changes = []
global MODELS
for k, m in mods.items():
om = MODELS.pop(k, None)
MODELS[k] = m
if om is not None:
changes.append([k, id(om), id(m)])
del om
else:
changes.append([k, None, id(m)])
return sorted(changes, key=lambda x: x[0])
def get_current_user(self):
'''
Fetch current users information.
'''
user = escape.to_basestring(self.get_secure_cookie("mobius_user"))
if user is None:
return None
return JSONObject(user)
def send_to_update(self, waits, chat):
current_user = self.get_current_user()
html_info = {}
html_info['user'] = current_user
html_info['html'] = to_basestring(
self.render_string("ajax/single_message.html", data=chat))
for wait in waits:
wait.write_message(html_info)
def perform_user_list(self, users):
return {
'parent':
'user_list',
'html':
escape.to_basestring(
self.render_string('tornado_chat/list.html', users=users))
}
def _decode(self, body: bytes) -> Optional[JsonType]:
"""
Decode a response body
"""
result = None
if body is not None and len(body) > 0:
result = cast(JsonType, json.loads(escape.to_basestring(body)))
return result
def do_api_request(path, method, post_data={}, body=''):
try:
url = urljoin('https://%s.hackpad.com/api/1.0/' % settings.get('hackpad_domain'), path)
args = dict(
oauth_consumer_key=escape.to_basestring(settings.get('hackpad_oauth_client_id')),
oauth_signature_method='HMAC-SHA1',
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(binascii.b2a_hex(uuid.uuid4().bytes)),
oauth_version='1.0a',
)
signature = _oauth10a_signature(
{
'key':settings.get('hackpad_oauth_client_id'),
'secret':settings.get('hackpad_oauth_secret')
},
method,
url,
args
)
args['oauth_signature'] = signature
api_link = url + '?' + urllib.urlencode(args)
logging.info(api_link)
hackpad = {}
if method.lower() == 'post':
r = requests.post(
api_link,
data=body,
headers={'Content-Type': 'text/plain'},
verify=False
)
hackpad = r.json
else:
r = requests.get(
api_link,
headers={'Content-Type': 'text/plain'},
verify=False
)
hackpad = r.json
except:
logging.info(sys.exc_info()[0])
hackpad = {}
return hackpad
def prepare(self):
super(MahuaHandler, self).prepare()
if self.request.body:
try:
self._data = json.loads(to_basestring(self.request.body),
object_hook=DottedDict)
except Exception as e:
logging.exception(e)
else:
self._data = DottedDict()
def post(self):
email = escape.to_basestring(self.get_argument('email'))
password = escape.to_basestring(self.get_argument('password'))
user = yield load_user(email, self._loop)
if user is None:
self.render('login.html',
error="Incorrect Credentials",
next_page=self.get_argument('next_page', '/'))
return
hashed_password = yield hash_password(password, salt=user.password, loop=self._loop)
if hashed_password == user.password:
# don't forget to delete the password from the cookie
del user.password
self.set_secure_cookie("mobius_user", user.json_string)
self.redirect(self.get_argument('next_page', '/'))
else:
self.render("login.html", error="Incorrect Credentials")
def post(self):
'''
Create new user.
'''
email = escape.to_basestring(self.get_argument('email'))
password = escape.to_basestring(self.get_argument('password'))
log.info("Creating new user: {} - {}".format(email, password))
hashed_password = yield hash_password(password, salt=None, loop=self._loop)
try:
new_user = yield create_user(email, hashed_password, loop=self._loop)
if new_user is None:
raise RequestError("Failed to create user. User possibly already exists.")
if "password" in new_user:
del new_user.password
self.set_secure_cookie("mobius_user", new_user.json_string)
self.redirect(self.get_argument("next_page", "/"))
except RequestError as req_err:
self.render("login.html", error=str(req_err))
def parse_response(response):
body = response.body and to_basestring(response.body) or '{}'
if body and body.startswith('{'):
body = json_util.loads(body)
if 'data' in body and isinstance(body['data'], dict): # 将data的内容赋给body,以便测试使用
body.update(body['data'])
elif 'error' in body and isinstance(body['error'], dict):
body.update(body['error'])
if response.code != 200 and 'code' not in body:
body = dict(code=response.code, message=response.reason)
return body
def json_decode(data):
"""Decode json.
Decodes json but performs escaping first.
Args:
data (str): A json string.
Returns:
obj: The decoded json.
"""
return json.loads(escape.to_basestring(data))
def parse_bool(arguments: dict, key: str, default_val: bool = True) -> bool:
"""
parses a boolean get value of the key if it is in the dict, returns default_val otherwise
:param arguments:
:param key:
:param default_val:
:return:
"""
if key in args and to_basestring(
arguments[key][0]).lower() == str(not default_val).lower():
return not default_val
return default_val
def do_api_request(path, method, post_data={}, body=''):
try:
url = urljoin(
'https://%s.hackpad.com/api/1.0/' % settings.get('hackpad_domain'),
path)
args = dict(
oauth_consumer_key=escape.to_basestring(
settings.get('hackpad_oauth_client_id')),
oauth_signature_method='HMAC-SHA1',
oauth_timestamp=str(int(time.time())),
oauth_nonce=escape.to_basestring(
binascii.b2a_hex(uuid.uuid4().bytes)),
oauth_version='1.0a',
)
signature = _oauth10a_signature(
{
'key': settings.get('hackpad_oauth_client_id'),
'secret': settings.get('hackpad_oauth_secret')
}, method, url, args)
args['oauth_signature'] = signature
api_link = url + '?' + urllib.urlencode(args)
logging.info(api_link)
hackpad = {}
if method.lower() == 'post':
r = requests.post(api_link,
data=body,
headers={'Content-Type': 'text/plain'},
verify=False)
hackpad = r.json
else:
r = requests.get(api_link,
headers={'Content-Type': 'text/plain'},
verify=False)
hackpad = r.json
except:
logging.info(sys.exc_info()[0])
hackpad = {}
return hackpad
def on_message(self, message):
parsed = escape.json_decode(message)
chat = {
'parent': 'inbox',
'body': parsed['body'] if len(parsed['body']) <= 128 else 'D`oh.',
'user': parsed['user'],
'time': datetime.datetime.now().strftime('%H:%M:%S %Y-%m-%d')
}
self.update_channel_history(chat)
chat['html'] = escape.to_basestring(
self.render_string('include/message.html', message=chat)
)
self.waiters.broadcast(self.chnl, chat)
def log_request(handler):
"""修改tornado日志消息格式"""
if handler.get_status() < 400:
log_method = access_log.info
elif handler.get_status() < 500:
log_method = access_log.warning
else:
log_method = access_log.error
request_time = 1000.0 * handler.request.request_time()
# 屏蔽掉静态文件输出
if ('/static' not in handler.request.uri) or handler.get_status() > 304:
log_method("""%d %s %s %.2fms
%s""", handler.get_status(), handler._request_summary(), handler.current_user,
request_time, to_basestring(handler.request.body))
def post(self, file_type):
with model.session_scope() as session:
user_session = self.get_user_session(session)
policy = user_session.policy.derive({})
policy.verify('custom_query_preview')
text = to_basestring(self.request.body)
if not text:
raise errors.ModelError("Query is empty")
custom_query = model.CustomQuery(description="Preview", text=text)
conf = self.get_config(session)
yield self.export(custom_query, conf, file_type)
self.finish()
def on_message(self, message):
parsed = escape.json_decode(message)
logger.warning('GOT MESSAGE %s' % parsed)
if 'dummy' in parsed:
return
chat = {
'parent': 'inbox',
'body': parsed['body'] if len(parsed['body']) <= 128 else 'D`oh.',
'user': parsed['user'],
'time': datetime.datetime.now().strftime('%H:%M:%S %Y-%m-%d')
}
self.update_channel_history(chat)
chat['html'] = escape.to_basestring(
self.render_string('tornado_chat/message.html', message=chat))
self.send_updates(chat)
def on_message(self, message):
logging.info("got message %r", message)
parsed = escape.json_decode(message)
chat = {
'id': str(uuid.uuid4()),
'body': parsed.get('body', ''),
'type': "message",
"client_id": self.client_id,
"username": parsed['username'],
"datetime": datetime.now().strftime("%Y-%m-%d %H:%M:%S")
}
chat['html'] = escape.to_basestring(
self.render_string("message.html", message=chat))
ChatRoom().update_chat_room_messages(chat=chat)
ChatSocketHandler.send_updates(chat=chat)
def on_message(self, message):
parsed = escape.json_decode(message)
logger.warning('GOT MESSAGE %s' % parsed)
if 'dummy' in parsed:
return
chat = {
'parent': 'inbox',
'body': parsed['body'] if len(parsed['body']) <= 128 else 'D`oh.',
'user': parsed['user'],
'time': datetime.datetime.now().strftime('%H:%M:%S %Y-%m-%d')
}
self.update_channel_history(chat)
chat['html'] = escape.to_basestring(
self.render_string('include/message.html', message=chat)
)
self.send_updates(chat)
def _on_request_token(self, authorize_url, callback_uri, response):
if response.error:
raise Exception("Could not get request token")
consumer_token = self._oauth_consumer_token()
request_token = _oauth_parse_response(response.body)
data = (base64.b64encode(request_token["key"]) + b("|") +
base64.b64encode(request_token["secret"]))
self.set_cookie("_oauth_request_token", data)
args = dict(
oauth_token=request_token["key"],
oauth_consumer_key=escape.to_basestring(consumer_token['key']),
)
if callback_uri == "oob":
self.finish(authorize_url + "?" + urllib.urlencode(args))
return
elif callback_uri:
args["oauth_callback"] = urlparse.urljoin(
self.request.full_url(), callback_uri)
self.redirect(authorize_url + "?" + urllib.urlencode(args))
async def post(self):
""" Send system message in room, for attention users """
room = self.get_argument('r', False)
user = self.get_argument('u', False)
message = self.get_argument('msg', 'no message')
if not room or not user or user != 'system':
raise tornado.web.HTTPError(404, 'Incorrect params of query')
logging.info('Got system message {0}, room "{1}"'.format(message, room))
chat = {
"id": str(uuid.uuid4()),
"body": message,
"user": user,
"time": str(int(time.time()))
}
chat['html'] = to_basestring(
self.render_string('system_message.html', message=chat)
)
ChatSocketHandler.update_cache(chat, room)
ChatSocketHandler.send_updates(chat, room)
def on_message(self, message):
""" Performed when a message arrives from a client
:param message:
"""
room = self.get_argument('r', False)
if not room:
raise tornado.web.HTTPError(404, 'Incorrect params of query')
logging.info('Got message {0} for room "{1}"'.format(message, room))
parsed = json_decode(message)
parsed['body'] = replace_smiles(spam_links(parsed['body']))
chat = {
"id": str(uuid.uuid4()),
"body": parsed['body'],
"user": parsed['user'],
"time": str(int(time.time()))
}
chat['html'] = to_basestring(
self.render_string('message.html', message=chat)
)
# put it in cache and give to listeners
ChatSocketHandler.update_cache(chat, room)
ChatSocketHandler.send_updates(chat, room)
def tex_escape(text):
return REGEX.sub(lambda match: CONV[match.group()], to_basestring(text))
def json_decode(value):
return json.loads(to_basestring(value), object_hook=datetime_decoder)
def post(self):
data, errors = TokenRequestSchema().loads(
self.request.body.decode('utf-8'))
if errors:
self.send_error(400, message='Wrong input parameters',
errors=errors)
return
provider = USERINFO_ENDPOINTS[data['provider']]
query_params = {'access_token': data['access_token']}
query_params.update(provider['additional_params'])
userinfo_url = url_concat(provider['url'], query_params)
http_client = AsyncHTTPClient()
response = yield http_client.fetch(userinfo_url, raise_error=False)
if response.error:
errors = json_decode(response.body) if response.body else None
self.send_error(400, message='Authentication server error',
errors=errors)
return
else:
logging.info(json_decode(response.body))
schema = module_member(provider['schema'])()
userinfo, errors = schema.loads(to_basestring(response.body))
if errors:
self.send_error(400, message='Wrong authentication data received',
errors=errors)
return
account = self.db.execute(
'SELECT * FROM accounts WHERE provider = ? AND sub = ?',
(data['provider'], userinfo['sub'], )
).fetchone()
if account:
user = self.db.execute(
'SELECT * FROM users WHERE email = ?', (account['email'], )
).fetchone()
if not user:
self.send_error(500, message='DB error. User not found.')
return
else:
user = {
'id': str(uuid.uuid4()),
'email': userinfo['email']
}
self.db.execute(
'INSERT INTO users (id, email) VALUES (:id, :email)', user)
account = {
'user_id': user['id'],
'provider': data['provider']
}
account.update(userinfo)
self.db.execute(
'INSERT INTO '
'accounts (user_id, provider, sub, email, email_verified, name, given_name, family_name, profile, picture, gender) '
'VALUES (:user_id, :provider, :sub, :email, :email_verified, :name, :given_name, :family_name, :profile, :picture, :gender)',
account
)
self.db.commit()
now = datetime.utcnow()
token = {
'id': generate_token(options.token_length),
'user_id': user['id'],
'issued': now,
'expired': now + options.token_expire_time
}
self.db.execute(
'INSERT INTO tokens (id, user_id, issued, expired) '
'VALUES (:id, :user_id, :issued, :expired)',
token
)
self.db.commit()
self.finish(TokenResponseSchema().dumps(token).data)
def html_escape(self, value):
return self.ESCAPE_RE.sub(lambda m: self.ESCAPE_DICT[m.group(0)],
escape.to_basestring(value))
def json_decode(value):
return json.loads(to_basestring(value))
def perform_user_list(self, users):
return {'parent': 'user_list',
'html': escape.to_basestring(
self.render_string('include/user_list.html', users=users)
)}
def jwt_encode(val, key):
result = jwt.encode(val, key)
return to_basestring(result)
def json_decode(value, **kwargs):
"""Returns Python objects for the given JSON string."""
return json.loads(to_basestring(value), **kwargs)
def send(obj, msg):
msg["html"] = to_basestring(
obj.render_string("message.html", message=msg)
)
obj.write_message(msg)
