def get_commit(cid):
try:
c = model.commit.get_commit(cid)
e_key, match_type, match_num, team = model.commit.parse_cid(cid)
obj = {"event":e_key, "match_type":match_type, "match_num": match_num, "team": team}
print c
form = MatchForm(flask.request.form, instance=c) if c else MatchForm(flask.request.form, **obj)
except ValueError:
raise ex.BadRequest("Commit id %s malformatted." % cid)
if flask.request.method == "POST" and form.validate():
if c: print c; c.delete()
form = MatchForm(flask.request.form)
form.save()
flask.flash("Thanks for your submission!")
return flask.redirect("/commit/submit")
return flask.render_template("commit_submit.html", form=form, type="match", furl=flask.request.url)
def before_inserting_jobs(jobs):
from flamenco import job_compilers, exceptions
for job in jobs:
job_status = job.get('status')
if job_status not in VALID_CREATION_STATUS:
# Jobs are forced to be 'under construction' when they are created.
# This will be set to 'queued' when job compilation is finished.
job['status'] = 'under-construction'
try:
job_compilers.validate_job(job)
except exceptions.JobSettingError as ex:
# We generally only submit one job at a time anyway.
raise wz_exceptions.BadRequest('Invalid job: %s' % ex)
def run_children_issues_generation(task):
"""Generate IssueTracker issues for objects of child type in parent."""
try:
params = getattr(task, "parameters", {})
parent_type = params.get("parent", {}).get("type")
parent_id = params.get("parent", {}).get("id")
child_type = params.get("child_type")
from ggrc.integrations import issuetracker_bulk_sync
bulk_creator = issuetracker_bulk_sync.IssueTrackerBulkChildCreator()
return bulk_creator.sync_issuetracker(parent_type, parent_id,
child_type)
except integrations_errors.Error as error:
logger.error('Bulk issue generation failed with error: %s',
error.message)
raise exceptions.BadRequest(error.message)
def check_appengine_appid(request):
"""Check if appengine app ID in whitelist."""
inbound_appid = request.headers.get("X-Appengine-Inbound-Appid")
if not inbound_appid:
# don't check X-GGRC-user if the request doesn't come from another app
return None
if inbound_appid not in settings.ALLOWED_QUERYAPI_APP_IDS:
# by default, we don't allow incoming app2app connections from
# non-whitelisted apps
raise exceptions.BadRequest(
"X-Appengine-Inbound-Appid header contains "
"untrusted application id: {}".format(inbound_appid))
return inbound_appid
def wrap(self, **kwargs):
if hasattr(wrap, 'input_schema'):
if location == 'body':
args = flask.request.get_json()
elif location == 'query':
# NOTE(lpeschke): issues with to_dict in python3.7,
# see https://github.com/pallets/werkzeug/issues/1379
args = dict(flask.request.args.lists())
try:
# ...here [2/2]
kwargs.update(wrap.input_schema(args))
except voluptuous.Invalid as e:
raise exceptions.BadRequest(
"Invalid data '{a}' : {m} (path: '{p}')".format(
a=args, m=e.msg, p=str(e.path)))
return f(self, **kwargs)
def classify():
"""
Classify endpoint for continuous guesses.
"""
game_state = "Playing"
# Check if image submitted correctly
if "image" not in request.files:
raise excp.BadRequest("No image submitted")
# Retrieve the image and check if it satisfies constraints
image = request.files["image"]
allowed_file(image)
# use player_id submitted by player to find game
player_id = request.values["player_id"]
# Get time from POST request
time_left = float(request.values["time"])
# Get label for game session
player = models.get_player(player_id)
game = models.get_game(player.game_id)
labels = json.loads(game.labels)
label = labels[game.session_num - 1]
certainty, best_guess = classifier.predict_image(image)
best_certainty = certainty[best_guess]
# The player has won if the game is completed within the time limit
has_won = (time_left > 0 and best_guess == label
and best_certainty >= setup.CERTAINTY_THRESHOLD)
# End game if player win or loose
if has_won or time_left <= 0:
# Update session_num in game and state for player
models.update_game_for_player(player.game_id, player_id, 1, "Done")
# save image
storage.save_image(image, label, best_certainty)
# Update game state to be done
game_state = "Done"
# translate labels into norwegian
translation = models.get_translation_dict()
certainty_translated = dict([(translation[label], probability)
for label, probability in certainty.items()])
data = {
"certainty": certainty_translated,
"guess": translation[best_guess],
"correctLabel": translation[label],
"hasWon": has_won,
"gameState": game_state,
}
return json.dumps(data), 200
def json_body_before_request():
"""Enforce JSON Request Body."""
# TODO(morgan): Allow other content-types when OpenAPI Doc or improved
# federation is implemented for known/valid paths. This function should
# be removed long term.
# exit if there is nothing to be done, (no body)
if not flask.request.get_data():
return None
try:
# flask does loading for us for json, use the flask default loader
# in the case that the data is *not* json or a dict, we should see a
# raise of werkzeug.exceptions.BadRequest, re-spin this to the keystone
# ValidationError message (as expected by our contract)
# Explicitly check if the content is supposed to be json.
if (flask.request.is_json
or flask.request.headers['Content-Type'] == ''):
json_decoded = flask.request.get_json(force=True)
if not isinstance(json_decoded, dict):
# In the case that the returned value was not a dict, force
# a raise that will be caught the same way that a Decode error
# would be handled.
raise werkzeug_exceptions.BadRequest(
_('resulting JSON load was not a dict'))
else:
# We no longer need enforcement on this API, set unenforced_ok
# we already hit a validation error. This is required as the
# request is never hitting the resource methods, meaning
# @unenforced_api is not called. Without marking the request
# as "unenforced_ok" the assertion check to ensure enforcement
# was called would raise up causing a 500 error.
ks_flask_common.set_unenforced_ok()
raise exception.ValidationError(attribute='application/json',
target='Content-Type header')
except werkzeug_exceptions.BadRequest:
# We no longer need enforcement on this API, set unenforced_ok
# we already hit a validation error. This is required as the
# request is never hitting the resource methods, meaning
# @unenforced_api is not called. Without marking the request
# as "unenforced_ok" the assertion check to ensure enforcement
# was called would raise up causing a 500 error.
ks_flask_common.set_unenforced_ok()
raise exception.ValidationError(attribute='valid JSON',
target='request body')
def before_replacing_user(request, lookup):
"""Prevents changes to any field of the user doc, except USER_EDITABLE_FIELDS."""
# Find the user that is being replaced
req = parse_request('users')
req.projection = json.dumps({key: 0 for key in USER_EDITABLE_FIELDS})
original = current_app.data.find_one('users', req, **lookup)
# Make sure that the replacement has a valid auth field.
put_data = request.get_json()
if put_data is None:
raise wz_exceptions.BadRequest('No JSON data received')
# We should get a ref to the cached JSON, and not a copy. This will allow us to
# modify the cached JSON so that Eve sees our modifications.
assert put_data is request.get_json()
# Reset fields that shouldn't be edited to their original values. This is only
# needed when users are editing themselves; admins are allowed to edit much more.
if not pillar.auth.current_user.has_cap('admin'):
for db_key, db_value in original.items():
if db_key[0] == '_' or db_key in USER_EDITABLE_FIELDS:
continue
if db_key in original:
put_data[db_key] = copy.deepcopy(original[db_key])
# Remove fields added by this PUT request, except when they are user-editable.
for put_key in list(put_data.keys()):
if put_key[0] == '_' or put_key in USER_EDITABLE_FIELDS:
continue
if put_key not in original:
del put_data[put_key]
# Always restore those fields
for db_key in USER_ALWAYS_RESTORE_FIELDS:
if db_key in original:
put_data[db_key] = copy.deepcopy(original[db_key])
else:
del put_data[db_key]
# Regular users should always have an email address
if 'service' not in put_data.get('roles', ()):
if not put_data.get('email'):
raise wz_exceptions.UnprocessableEntity(
'email field must be given')
def make_import(csv_data, dry_run, ie_job=None):
"""Make import"""
try:
converter = base.ImportConverter(ie_job,
dry_run=dry_run,
csv_data=csv_data)
converter.import_csv_data()
return converter.get_info()
except models_exceptions.ImportStoppedException:
raise
except Exception as e: # pylint: disable=broad-except
logger.exception("Import failed: %s", e.message)
if settings.TESTING:
raise
raise wzg_exceptions.BadRequest("{} {}".format(
app_errors.INTERNAL_SERVER_ERROR.format(job_type="Import"),
e.message))
def get_label():
"""
Provides the client with a new word.
"""
player_id = request.values["player_id"]
player = models.get_player(player_id)
game = models.get_game(player.game_id)
# Check if game complete
if game.session_num > setup.NUM_GAMES:
raise excp.BadRequest("Number of games exceeded")
labels = json.loads(game.labels)
label = labels[game.session_num - 1]
norwegian_label = models.to_norwegian(label)
data = {"label": norwegian_label}
return json.dumps(data), 200
def add():
args = request.args.copy()
if secret_key_var not in args or secret_val_var not in args:
raise exceptions.BadRequest(
"Invalid addition, secret name or value not specified")
key = args[secret_key_var]
val = args[secret_val_var]
del (args[secret_key_var])
del (args[secret_val_var])
claims = args
global sec_store
print claims
sec_store.addSecret(key, val, claims)
return "Created secret {}: {} with claims {}".format(key, val, str(claims))
def plug_vip(self, vip):
# Catch any issues with the subnet info json
try:
net_info = flask.request.get_json()
assert type(net_info) is dict
assert 'subnet_cidr' in net_info
assert 'gateway' in net_info
assert 'mac_address' in net_info
except Exception as e:
raise exceptions.BadRequest(
description='Invalid subnet information') from e
return self._plug.plug_vip(vip, net_info['subnet_cidr'],
net_info['gateway'],
net_info['mac_address'],
net_info.get('mtu'),
net_info.get('vrrp_ip'),
net_info.get('host_routes'))
def get_ggrc_user(request, mandatory):
"""Find user from email in "X-GGRC-user" header."""
email = parse_user_email(request, "X-GGRC-user", mandatory=mandatory)
if not email:
return None
if is_external_app_user_email(email):
# External Application User should be created if doesn't exist.
user = get_external_app_user(request)
else:
user = all_models.Person.query.filter_by(email=email).first()
if not user:
raise exceptions.BadRequest("No user with such email: %s" % email)
return user
def create_task(name,
url,
queued_callback=None,
parameters=None,
method=None,
operation_type=None):
"""Create a enqueue a bacground task."""
if not method:
method = request.method
# task name must be unique
if not parameters:
parameters = {}
parent_type, parent_id = None, None
if isinstance(parameters, dict):
parent_type = parameters.get("parent", {}).get("type")
parent_id = parameters.get("parent", {}).get("id")
if bg_operation_running(operation_type, parent_type, parent_id):
raise exceptions.BadRequest("Task '{}' already run for {} {}.".format(
operation_type, parent_type, parent_id))
bg_operation = create_bg_operation(operation_type, parent_type, parent_id)
task = BackgroundTask(
name=name + str(int(time())),
bg_operation=bg_operation,
)
task.parameters = parameters
task.modified_by = get_current_user()
_add_task_acl(task)
# schedule a task queue
if getattr(settings, 'APP_ENGINE', False):
from google.appengine.api import taskqueue
headers = collect_task_headers()
headers.add('X-Task-Id', task.id)
taskqueue.add(queue_name="ggrc",
url=url,
name="{}_{}".format(task.name, task.id),
params={'task_id': task.id},
method=method,
headers=headers)
elif queued_callback:
queued_callback(task)
return task
def add_stream():
if request.method == 'GET':
return render_template('streaming/add.html')
else:
name = request.values.get('name')
file = request.files.get('file')
if name and file:
filename = ms.save(file)
addstream = ms.api({'addstream': {name: {"source": filename}}})
streams = addstream['streams']
if streams.get('incomplete list') == 1 and name in streams:
if filename.endswith(AUDIO_EXTENSIONS):
return redirect('/streaming/audio')
elif filename.endswith(VIDEO_EXTENSIONS):
return redirect('/streaming/video')
raise exceptions.InternalServerError('Failed to add stream')
raise exceptions.BadRequest('\'name\' and/or \'file\' are not valid')
def database_create(self,
database_name,
admin_login,
admin_password,
master_password="******",
lang="en_US",
**kw):
if not re.match(DBNAME_PATTERN, database_name):
raise exceptions.BadRequest(_('Invalid database name.'))
http.dispatch_rpc('db', 'create_database', [
master_password, database_name,
bool(kw.get('demo')), lang, admin_password, admin_login,
kw.get('country_code') or False
])
return Response(json.dumps(True),
content_type='application/json;charset=utf-8',
status=200)
def route_add_coupon():
"""Add a coupon.
Request Content-Type must be :mimetype:`application/json` or operation will fail.
:raises: werkzeug.exceptions.BadRequest, sqlalchemy.SQLAlchemyError
:rtype: flask.Response
"""
assert_content_type()
# Use coupon schema to validate json data and create the coupon item
coupon, errors = coupon_schema.load(request.json)
if errors:
raise exceptions.BadRequest(errors)
db.session.add(coupon)
db.session.commit()
return jsonify(id=coupon.id), 201, {'Location': f'/coupons/{coupon.id}'}
def update_user_password(user_id):
"""
Change the password hash stored in the database for the given user to a newly calculated password hash derived from
the password provided in the json body of this request.
:param user_id:
:return: Response
"""
if not request.is_json:
raise exceptions.BadRequest()
body = request.get_json()
user = users.get_user(user_id)
etag = user["_etag"]
service.remove_nonupdatable_fields(user)
user["passwdhash"] = password.hash_password(body["passwd"])
resp = service.put("users/" + user_id,
json=user,
headers={"If-Match": etag})
return service.convert_response(resp)
def get_service_information(request):
service_data = request.form.get("serviceData_1")
if not service_data:
return exceptions.BadRequest()
# Update our current order.
current_order.order_schema = service_data
db.session.commit()
# Formulate a response.
# First, we need to set that it was available.
item_response = {"available": 1}
# Next, merge our item's data to our response.
item_response |= current_item.map_list()
# Lastly, add a tax amount.
item_response["taxInAmt_1"] = "1000000"
return item_response
def get_object(self, contest_slug, pk):
contest = get_contest(contest_slug)
db.session.expunge(contest) # prevent reloading from db
set_request_contest(contest)
if not contest.active:
raise exceptions.BadRequest("Contest already ended")
user_challenges = challenges_query(contest.id, current_user.id)
this_challenge = user_challenges.filter_by(id=pk).options(
joinedload(UserCrossword.crossword).undefer(
Crossword.description), ).first()
if not this_challenge:
abort(404)
if this_challenge.solved:
raise exceptions.Gone("Challenge already solved")
return this_challenge
def patch_assign_admin(self, org_id: bson.ObjectId, patch: dict):
"""Assigns a single user by User ID as admin of the organization.
The calling user must be admin of the organization.
"""
self._assert_is_admin(org_id)
# Do some basic validation.
try:
user_id = patch['user_id']
except KeyError:
raise wz_exceptions.BadRequest('No key "user_id" in patch.')
user_oid = str2id(user_id)
log.info('User %s uses PATCH to set user %s as admin for organization %s',
current_user().user_id, user_oid, org_id)
current_app.org_manager.assign_admin(org_id, user_id=user_oid)
def update_component(model, req, box_id, id):
component = (model.query.filter_by(box_id=box_id, id=id).first())
if not component:
raise exceptions.NotFound(str(model) + ' not found')
for field in req:
prev_attr = getattr(component, field)
if isinstance(req[field], (type(None), type(prev_attr))) or isinstance(
prev_attr, type(None)):
setattr(component, field, req[field])
else:
raise exceptions.BadRequest('wrong datatype: ' +
str(type(req[field])) +
' instead of ' + str(type(prev_attr)))
db.session.add(component)
db.session.commit()
def handle_login(db, request, response):
"""Reads username and password from POST data, creates session,
returns authenticated state.User on success, False on failure."""
args = request.form
username = args.get('username', '').lower()
secret = args.get('secret', False)
if username and secret:
if not request.is_secure: raise exceptions.BadRequest()
user = db.User.named(username)
if not user: user = db.User.find({'email': username})
if user and user.cmp_password(secret):
new_session(db, user, request, response)
user.logged_in = True
return user
else:
return Exception('Invalid credentials')
return False
def allowed_file(image):
"""
Check if image satisfies the constraints of Custom Vision.
"""
if image.filename == "":
raise excp.BadRequest("No image submitted")
# Check that the file is a png
is_png = image.content_type == "image/png"
# Ensure the file isn't too large
too_large = len(image.read()) > setup.MAX_IMAGE_SIZE
# Ensure the file has correct resolution
height, width = get_image_resolution(image)
MIN_RES = setup.MIN_RESOLUTION
correct_res = (height >= MIN_RES) and (width >= MIN_RES)
if not is_png or too_large or not correct_res:
raise excp.UnsupportedMediaType("Wrong image format")
image.seek(0)
def patch_request_task_log_file(self, task_id: bson.ObjectId, patch: dict):
"""Queue a request to the Manager to upload this task's log file."""
from flamenco import current_flamenco
from pillar.api.utils.authentication import current_user_id
tasks_coll = current_flamenco.db('tasks')
task = tasks_coll.find_one({'_id': task_id},
projection={
'job': 1,
'manager': 1,
'log_file': 1,
'project': 1,
'status': 1
})
if not current_flamenco.manager_manager.user_may_use(
mngr_doc_id=task['manager']):
log.warning(
'request_task_log_file(%s, %r): User %s is not allowed to use manager %s!',
task_id, patch, current_user_id(), task['manager'])
raise wz_exceptions.Forbidden()
status = task['status']
if status not in LOG_UPLOAD_REQUESTABLE_TASK_STATES:
ok = ', '.join(LOG_UPLOAD_REQUESTABLE_TASK_STATES)
raise wz_exceptions.BadRequest(
f'Log file not requestable while task is in status {status}, must be in {ok}'
)
# Check that the log file hasn't arrived yet (this may not be the
# first request for this task).
force_rerequest = patch.get('force_rerequest', False)
if task.get('log_file') and not force_rerequest:
url = url_for('flamenco.tasks.perproject.download_task_log_file',
project_url=get_project_url(task['project']),
task_id=task_id)
# Using 409 Conflict because a 303 See Other (which would be more
# appropriate) cannot be intercepted by some AJAX calls.
return redirect(url, code=409)
current_flamenco.manager_manager.queue_task_log_request(
task['manager'], task['job'], task_id)
def hard_reset_retrain(self):
"""
Train model on all labels and update iteration.
This method sleeps for 60 seconds to make sure all
old images are deleted from custom vision before
uploading original dataset.
"""
with api.app.app_context():
labels = models.get_all_labels()
# Wait 60 seconds to make sure all images are deleted in custom vision
time.sleep(60)
self.upload_images(labels, setup.CONTAINER_NAME_ORIGINAL)
try:
self.train(labels)
except CustomVisionErrorException as e:
msg = "No changes since last training"
print(e, "exiting...")
raise excp.BadRequest(msg)
def blender_cloud_addon_version():
"""Returns the version of the Blender Cloud Addon, or None if not given in the request.
Uses the 'Blender-Cloud-Addon' HTTP header.
:returns: the version of the addon, as tuple (major, minor, micro)
:rtype: tuple or None
:raises: werkzeug.exceptions.BadRequest if the header is malformed.
"""
header = request.headers.get('Blender-Cloud-Addon')
if not header:
return None
parts = header.split('.')
try:
return tuple(int(part) for part in parts)
except ValueError:
raise wz_exceptions.BadRequest('Invalid Blender-Cloud-Addon header')
def _assign_or_remove_project(self, manager_id: bson.ObjectId, patch: dict, action: str):
"""Assigns a manager to a project or removes it.
The calling user must be owner of the manager (always)
and member of the project (if assigning).
"""
from pillar.api.projects.utils import user_rights_in_project
from flamenco import current_flamenco
try:
project_strid = patch['project']
except KeyError:
log.warning('User %s sent invalid PATCH %r for manager %s.',
current_user_id(), patch, manager_id)
raise wz_exceptions.BadRequest('Missing key "project"')
project_id = str2id(project_strid)
if not current_flamenco.manager_manager.user_is_owner(mngr_doc_id=manager_id):
log.warning('User %s uses PATCH to %s manager %s to/from project %s, '
'but user is not owner of that Manager. Request denied.',
current_user_id(), action, manager_id, project_id)
raise wz_exceptions.Forbidden()
# Removing from a project doesn't require project membership.
if action != 'remove':
methods = user_rights_in_project(project_id)
if 'PUT' not in methods:
log.warning('User %s uses PATCH to %s manager %s to/from project %s, '
'but only has %s rights on project. Request denied.',
current_user_id(), action, manager_id, project_id, ', '.join(methods))
raise wz_exceptions.Forbidden()
log.info('User %s uses PATCH to %s manager %s to/from project %s',
current_user_id(), action, manager_id, project_id)
ok = current_flamenco.manager_manager.api_assign_to_project(
manager_id, project_id, action)
if not ok:
# Manager Manager will have already logged the cause.
raise wz_exceptions.InternalServerError()
def error_api():
if request.form.get("action") is None:
print("Received an error!")
print_multi(request.args)
print_multi(request.form)
return action_list["webApi_document_template"](request)
try:
# These values should be consistent for both v1 and v512.
if request.form["platform"] != "wii":
return exceptions.BadRequest()
action = request.form["action"]
return action_list[action](request)
except KeyError:
# This is not an action or a format we know of.
return exceptions.NotFound()
def _check_documents(documents) -> dict:
collection_ids = set()
for document in documents:
if not isinstance(
document, dict
) or "collection_id" not in document or not document["collection_id"]:
raise exceptions.BadRequest()
collection_ids.add(document["collection_id"])
collections_by_id = {}
for collection_id in collection_ids:
collection = service.get_item_by_id(
"collections",
collection_id,
params=service.params(
{"projection": collections.user_permissions_projection()}))
if not collections.get_user_permissions(collection).add_documents:
raise exceptions.Unauthorized()
collections_by_id[collection_id] = collection
return collections_by_id
