def test_override_token_post():
responses.add(responses.POST, "https://slack.com/api/chat.postMessage")
app = Flask(__name__)
slack_bp = make_slack_blueprint(
client_id="foo", client_secret="bar",
backend=MemoryBackend({"access_token": "abcde"}),
)
app.register_blueprint(slack_bp, url_prefix="/login")
with app.test_request_context("/"):
app.preprocess_request()
resp = slack.post("chat.postMessage", data={
"token": "xyz",
"channel": "#general",
"text": "ping",
"icon_emoji": ":robot_face:",
})
request_data = url_decode(resp.request.body)
assert request_data["token"] == "xyz"
assert request_data["channel"] == "#general"
assert request_data["text"] == "ping"
assert request_data["icon_emoji"] == ":robot_face:"
# should not be present
url = URLObject(resp.request.url)
assert "token" not in url.query_dict
def qyAppSubscribe():
sReqMsgSig = request.args.get('msg_signature')
sReqTimeStamp = request.args.get('timestamp')
sReqNonce = request.args.get('nonce')
if request.method == 'GET':
# wxcpt = WXBizMsgCrypt(TOKEN_QY, AESKEY_QY, APP_ID_QY)
ret, sEchoStr = wxcpt.VerifyURL(
url_decode(request.query_string)['msg_signature'],
url_decode(request.query_string)['timestamp'],
url_decode(request.query_string)['nonce'],
url_decode(request.query_string)['echostr'])
# print ret
return sEchoStr
# app.logger.info(request.data)
# app.logger.info(sReqMsgSig)
# app.logger.info(sReqTimeStamp)
# app.logger.info(sReqNonce)
ret, decodeXML = getDecryptMsg(request.data, sReqMsgSig, sReqTimeStamp,
sReqNonce)
# app.logger.info(str(ret))
# app.logger.info(decodeXML)
if decodeXML:
userid = decodeXML.find("FromUserName").text
my = decodeXML.find("ToUserName").text
app.logger.info(userid)
msgType = decodeXML.find("MsgType").text
if msgType == 'event':
event = decodeXML.find("Event").text
if event == 'subscribe':
userid = decodeXML.find("FromUserName").text
detail = getPsnDetail(userid)
if detail.has_key('weixinid'):
psn = wx_session.query(Document_psn).filter(
Document_psn.qywxid == userid).first()
psn.weixinid = detail['weixinid']
wx_session.merge(psn)
wx_session.commit()
retXML = ''
retXML += '<xml>'
retXML += '<ToUserName><![CDATA[' + userid + ']]></ToUserName>'
retXML += '<FromUserName><![CDATA[' + my + ']]></FromUserName>'
retXML += '<CreateTime>' + str(int(
sysTime.time() * 1000)) + '</CreateTime>'
retXML += '<MsgType><![CDATA[text]]></MsgType>'
retXML += '<Content><![CDATA[欢迎关注国贸集团企业号,获取公司内部网信息,增进交流,提升工作效率。]]></Content>'
retXML += '</xml>'
retXML = retXML.replace('<', '<').replace('>', '>')
ret, sEncryptMsg = wxcpt.EncryptMsg(retXML, sReqNonce,
sReqTimeStamp)
return sEncryptMsg
return ''
def test_redirect_to_records(self):
self.company_A = self.env['res.company'].create({
'name': 'Company A',
'user_ids': [(4, self.ref('base.user_admin'))],
})
self.company_B = self.env['res.company'].create({
'name': 'Company B',
})
self.multi_company_record = self.env['mail.test.multi.company'].create({
'name': 'Multi Company Record',
'company_id': self.company_A.id,
})
# Test Case 0
# Not logged, redirect to web/login
response = self.url_open('/mail/view?model=%s&res_id=%s' % (
self.multi_company_record._name,
self.multi_company_record.id), timeout=15)
path = url_parse(response.url).path
self.assertEqual(path, '/web/login')
self.authenticate('admin', 'admin')
# Test Case 1
# Logged into company 1, try accessing record in company A
# _redirect_to_record should add company A in allowed_company_ids
response = self.url_open('/mail/view?model=%s&res_id=%s' % (
self.multi_company_record._name,
self.multi_company_record.id), timeout=15)
self.assertEqual(response.status_code, 200)
fragment = url_parse(response.url).fragment
cids = url_decode(fragment)['cids']
self.assertEqual(cids, '1,%s' % (self.company_A.id))
# Test Case 2
# Logged into company 1, try accessing record in company B
# _redirect_to_record should redirect to messaging as the user
# doesn't have any access for this company
self.multi_company_record.company_id = self.company_B
response = self.url_open('/mail/view?model=%s&res_id=%s' % (
self.multi_company_record._name,
self.multi_company_record.id), timeout=15)
self.assertEqual(response.status_code, 200)
fragment = url_parse(response.url).fragment
action = url_decode(fragment)['action']
self.assertEqual(action, 'mail.action_discuss')
def qyApp3receive():
sReqMsgSig = request.args.get('msg_signature')
sReqTimeStamp = request.args.get('timestamp')
sReqNonce = request.args.get('nonce')
if request.method == 'GET':
# wxcpt = WXBizMsgCrypt(TOKEN_QY, AESKEY_QY, APP_ID_QY)
ret, sEchoStr = wxcpt.VerifyURL(url_decode(request.query_string)['msg_signature'],
url_decode(request.query_string)['timestamp'],
url_decode(request.query_string)['nonce'],
url_decode(request.query_string)['echostr'])
# print ret
return sEchoStr
retXML = ''
ret, decodeXML = getDecryptMsg(request.data, sReqMsgSig, sReqTimeStamp, sReqNonce)
if decodeXML:
userid = decodeXML.find("FromUserName").text
my = decodeXML.find("ToUserName").text
retXML += '<xml>'
retXML += '<ToUserName><![CDATA[' + userid + ']]></ToUserName>'
retXML += '<FromUserName><![CDATA[' + my + ']]></FromUserName>'
retXML += '<CreateTime>' + str(int(sysTime.time() * 1000)) + '</CreateTime>'
retXML += '<MsgType><![CDATA[text]]></MsgType>'
retXML += '<Content><![CDATA[%s]]></Content>'
retXML += '</xml>'
retXML = retXML.replace('<', '<').replace('>', '>')
msgType = decodeXML.find("MsgType").text
if msgType == 'text':
content = decodeXML.find("Content").text
if content != '':
userid = decodeXML.find("FromUserName").text
app.logger.info(content)
ret = getPsnPhoneVOs(u'oGWhot6q83jPLENglsitEv1xjYCw', content)
if ret['code'] != 0:
retXML = retXML % ret['msg'].encode('utf-8')
else:
rsMsg = ''
for psn in ret['psn']:
rsMsg += '【' + str(psn['psnname']) + '】\n'
rsMsg += ((psn['email'] == 'null' or psn['email'] == '') and '' or (
u'\U00002709'.encode('utf-8') + str(psn['email']) + '\n'))
if (psn['yglb'] != "0001V410000000001OPY"):
rsMsg += ((psn['officephone'] == 'null' or psn['officephone'] == '') and '' or (
u'\U0000260E'.encode('utf-8') + str(psn['officephone']) + '\n'))
rsMsg += ((psn['mobile'] == 'null' or psn['mobile'] == '') and '' or (
u'\U0001F4F1'.encode('utf-8') + str(psn['mobile']) + '\n'))
retXML = retXML % rsMsg
ret, sEncryptMsg = wxcpt.EncryptMsg(retXML, sReqNonce, sReqTimeStamp)
return sEncryptMsg
def qyAppSubscribe():
sReqMsgSig = request.args.get('msg_signature')
sReqTimeStamp = request.args.get('timestamp')
sReqNonce = request.args.get('nonce')
if request.method == 'GET':
# wxcpt = WXBizMsgCrypt(TOKEN_QY, AESKEY_QY, APP_ID_QY)
ret, sEchoStr = wxcpt.VerifyURL(url_decode(request.query_string)['msg_signature'],
url_decode(request.query_string)['timestamp'],
url_decode(request.query_string)['nonce'],
url_decode(request.query_string)['echostr'])
# print ret
return sEchoStr
# app.logger.info(request.data)
# app.logger.info(sReqMsgSig)
# app.logger.info(sReqTimeStamp)
# app.logger.info(sReqNonce)
ret, decodeXML = getDecryptMsg(request.data, sReqMsgSig, sReqTimeStamp, sReqNonce)
# app.logger.info(str(ret))
# app.logger.info(decodeXML)
if decodeXML:
userid = decodeXML.find("FromUserName").text
my = decodeXML.find("ToUserName").text
app.logger.info(userid)
msgType = decodeXML.find("MsgType").text
if msgType == 'event':
event = decodeXML.find("Event").text
if event == 'subscribe':
userid = decodeXML.find("FromUserName").text
detail = getPsnDetail(userid)
if detail.has_key('weixinid'):
psn = wx_session.query(Document_psn).filter(Document_psn.qywxid == userid).first()
psn.weixinid = detail['weixinid']
wx_session.merge(psn)
wx_session.commit()
retXML = ''
retXML += '<xml>'
retXML += '<ToUserName><![CDATA[' + userid + ']]></ToUserName>'
retXML += '<FromUserName><![CDATA[' + my + ']]></FromUserName>'
retXML += '<CreateTime>' + str(int(sysTime.time() * 1000)) + '</CreateTime>'
retXML += '<MsgType><![CDATA[text]]></MsgType>'
retXML += '<Content><![CDATA[欢迎关注国贸集团企业号,获取公司内部网信息,增进交流,提升工作效率。]]></Content>'
retXML += '</xml>'
retXML = retXML.replace('<', '<').replace('>', '>')
ret, sEncryptMsg = wxcpt.EncryptMsg(retXML, sReqNonce, sReqTimeStamp)
return sEncryptMsg
return ''
def test_url_decoding(self):
x = urls.url_decode("foo=42&bar=23&uni=H%C3%A4nsel")
assert x["foo"] == "42"
assert x["bar"] == "23"
assert x["uni"] == u"Hänsel"
x = urls.url_decode("foo=42;bar=23;uni=H%C3%A4nsel", separator=";")
assert x["foo"] == "42"
assert x["bar"] == "23"
assert x["uni"] == u"Hänsel"
x = urls.url_decode("%C3%9Ch=H%C3%A4nsel", decode_keys=True)
assert x[u"Üh"] == u"Hänsel"
def test_url_decoding(self):
x = urls.url_decode(b'foo=42&bar=23&uni=H%C3%A4nsel')
self.assert_strict_equal(x['foo'], u'42')
self.assert_strict_equal(x['bar'], u'23')
self.assert_strict_equal(x['uni'], u'Hänsel')
x = urls.url_decode(b'foo=42;bar=23;uni=H%C3%A4nsel', separator=b';')
self.assert_strict_equal(x['foo'], u'42')
self.assert_strict_equal(x['bar'], u'23')
self.assert_strict_equal(x['uni'], u'Hänsel')
x = urls.url_decode(b'%C3%9Ch=H%C3%A4nsel', decode_keys=True)
self.assert_strict_equal(x[u'Üh'], u'Hänsel')
def test_url_decoding():
x = urls.url_decode(b"foo=42&bar=23&uni=H%C3%A4nsel")
strict_eq(x["foo"], u"42")
strict_eq(x["bar"], u"23")
strict_eq(x["uni"], u"Hänsel")
x = urls.url_decode(b"foo=42;bar=23;uni=H%C3%A4nsel", separator=b";")
strict_eq(x["foo"], u"42")
strict_eq(x["bar"], u"23")
strict_eq(x["uni"], u"Hänsel")
x = urls.url_decode(b"%C3%9Ch=H%C3%A4nsel", decode_keys=True)
strict_eq(x[u"Üh"], u"Hänsel")
def test_url_decoding(self):
x = urls.url_decode('foo=42&bar=23&uni=H%C3%A4nsel')
assert x['foo'] == '42'
assert x['bar'] == '23'
assert x['uni'] == u'Hänsel'
x = urls.url_decode('foo=42;bar=23;uni=H%C3%A4nsel', separator=';')
assert x['foo'] == '42'
assert x['bar'] == '23'
assert x['uni'] == u'Hänsel'
x = urls.url_decode('%C3%9Ch=H%C3%A4nsel', decode_keys=True)
assert x[u'Üh'] == u'Hänsel'
def test_url_decoding(self):
x = urls.url_decode('foo=42&bar=23&uni=H%C3%A4nsel')
assert x['foo'] == '42'
assert x['bar'] == '23'
assert x['uni'] == u'Hänsel'
x = urls.url_decode('foo=42;bar=23;uni=H%C3%A4nsel', separator=';')
assert x['foo'] == '42'
assert x['bar'] == '23'
assert x['uni'] == u'Hänsel'
x = urls.url_decode('%C3%9Ch=H%C3%A4nsel', decode_keys=True)
assert x[u'Üh'] == u'Hänsel'
def _validate(arg_name, validator, required_args):
if isinstance(validator, ArgumentValidator):
validator.application = current_app
try:
if not len(request.form) and not len(
request.args) and request.data:
from werkzeug.urls import url_decode
args = url_decode(request.data)
if arg_name not in args:
raise KeyError(arg_name)
value = args[arg_name]
else:
value = request.form[
arg_name] if arg_name in request.form else request.args[
arg_name]
if not validator.validate(value):
raise errors.InvalidParameterValue(arg_name)
except KeyError:
if validator.required:
raise errors.MissingRequiredParameter(arg_name)
value = validator.default_value
required_args[arg_name] = validator.get_value(
value) if value is not None else None
else:
raise ValueError(
"Invalid parameter in argument validator description: %s" %
str(validator))
def getParams():
params = url_decode(
getattr(flask.request, 'environ').get('QUERY_STRING', ''))
reg = re.compile('^[a-z0-9_\.]+$')
current = temp = {}
for param, value in sorted(params.iteritems()):
nest = re.split("([\[\]]+)", param)
if len(nest) > 1:
nested = []
for key in nest:
if reg.match(key):
nested.append(key)
current = temp
for item in nested:
if item is nested[-1]:
current[item] = toUnicode(unquote(value))
else:
try:
current[item]
except:
current[item] = {}
current = current[item]
else:
temp[param] = toUnicode(unquote(value))
return dictToList(temp)
def receive_verifier(oauth_token,
oauth_verifier,
consumer_key=None,
consumer_secret=None):
temp_token = OAuthToken.query.get(oauth_token)
if not temp_token:
raise Exception("OAuth token has expired")
twitter = Twitter(auth=OAuth(temp_token.token, temp_token.token_secret,
consumer_key, consumer_secret),
format='',
api_version=None)
resp = url_decode(
twitter.oauth.access_token(oauth_verifier=oauth_verifier))
db.session.delete(temp_token)
new_token = OAuthToken(token=resp['oauth_token'],
token_secret=resp['oauth_token_secret'])
new_token = db.session.merge(new_token)
new_twitter = Twitter(auth=OAuth(new_token.token, new_token.token_secret,
consumer_key, consumer_secret))
remote_acct = new_twitter.account.verify_credentials()
acct = account_from_api_user_object(remote_acct)
acct = db.session.merge(acct)
new_token.account = acct
db.session.commit()
return new_token
def _parse_urlencoded(self, stream, mimetype, content_length, options):
if self.max_form_memory_size is not None and \
content_length > self.max_form_memory_size:
raise RequestEntityTooLarge()
form = url_decode(stream.read(), self.charset,
errors=self.errors, cls=self.cls)
return _empty_stream, form, self.cls()
def parse_form_data(environ, stream_factory = None, charset = 'utf-8', errors = 'ignore', max_form_memory_size = None, max_content_length = None, cls = None, silent = True):
content_type, extra = parse_options_header(environ.get('CONTENT_TYPE', ''))
try:
content_length = int(environ['CONTENT_LENGTH'])
except (KeyError, ValueError):
content_length = 0
if cls is None:
cls = MultiDict
if max_content_length is not None and content_length > max_content_length:
raise RequestEntityTooLarge()
stream = _empty_stream
files = ()
if content_type == 'multipart/form-data':
try:
form, files = parse_multipart(environ['wsgi.input'], extra.get('boundary'), content_length, stream_factory, charset, errors, max_form_memory_size=max_form_memory_size)
except ValueError as e:
if not silent:
raise
form = cls()
else:
form = cls(form)
elif content_type == 'application/x-www-form-urlencoded' or content_type == 'application/x-url-encoded':
if max_form_memory_size is not None and content_length > max_form_memory_size:
raise RequestEntityTooLarge()
form = url_decode(environ['wsgi.input'].read(content_length), charset, errors=errors, cls=cls)
else:
form = cls()
stream = LimitedStream(environ['wsgi.input'], content_length)
return (stream, form, cls(files))
def parse_url(self, url_string):
url = urllib.parse.urlparse(url_string)
url_adapter = self.url_map.bind(server_name=url.hostname,
url_scheme=url.scheme,
path_info=url.path)
query_args = url_decode(url.query)
return url, url_adapter, query_args
def index():
if request.args.has_key("magnet"):
magnet = url_unquote(request.args["magnet"]).encode(request.charset)
magnet_xt = url_decode(magnet[magnet.index("?") + 1 :])["xt"]
torrent = cache.get(magnet_xt)
if not torrent:
try:
handle = lt.add_magnet_uri(
ses,
magnet,
{"save_path": "./invalid", "paused": False, "auto_managed": False, "duplicate_is_error": False},
)
while not handle.has_metadata():
time.sleep(0.01)
handle.pause()
info = handle.get_torrent_info()
torrent = create_torrent(info)
cache.set(magnet_xt, torrent)
ses.remove_torrent(handle, lt.options_t.delete_files)
except:
torrent = cache.get(magnet_xt)
response = Response(response=torrent[1], mimetype="application/x-bittorrent")
response.headers.add("Content-Disposition", "attachment", filename=torrent[0])
return response
return render_template("index.html")
def args(self):
return url_decode(
self.environ.get("QUERY_STRING", ""),
self.url_charset,
errors=self.encoding_errors,
cls=self.parameter_storage_class,
)
def callback():
"""Callback from Twitter."""
try:
resource_owner_key = cookie.pop('twitter_oauth_token')
resource_owner_secret = cookie.pop('twitter_oauth_token_secret')
except KeyError:
abort(401)
config = current_app.config
oauth = OAuth1(config['TWITTER_API_KEY'],
client_secret=config['TWITTER_API_SECRET'],
resource_owner_key=resource_owner_key,
resource_owner_secret=resource_owner_secret,
verifier=request.args['oauth_verifier'])
r = requests.post(url=config['TWITTER_ACCESS_TOKEN_URL'], auth=oauth)
response = url_decode(r.content)
user = session.query(User) \
.filter_by(twitter_user_id=response['user_id']).first()
if not user:
user = User(twitter_user_id=response['user_id'])
session.add(user)
user.twitter_oauth_token = response['oauth_token']
user.twitter_oauth_token_secret = response['oauth_token_secret']
user.screen_name = response['screen_name']
session.commit()
cookie['user_id'] = user.id
return redirect(url_for('.home'))
def _get_specific_rendering_values(self, processing_values):
""" Override of payment to return Mollie-specific rendering values.
Note: self.ensure_one() from `_get_processing_values`
:param dict processing_values: The generic and specific processing values of the transaction
:return: The dict of acquirer-specific rendering values
:rtype: dict
"""
res = super()._get_specific_rendering_values(processing_values)
if self.provider != 'mollie':
return res
payload = self._mollie_prepare_payment_request_payload()
_logger.info("sending '/payments' request for link creation:\n%s", pprint.pformat(payload))
payment_data = self.acquirer_id._mollie_make_request('/payments', data=payload)
# The acquirer reference is set now to allow fetching the payment status after redirection
self.acquirer_reference = payment_data.get('id')
# Extract the checkout URL from the payment data and add it with its query parameters to the
# rendering values. Passing the query parameters separately is necessary to prevent them
# from being stripped off when redirecting the user to the checkout URL, which can happen
# when only one payment method is enabled on Mollie and query parameters are provided.
checkout_url = payment_data['_links']['checkout']['href']
parsed_url = urls.url_parse(checkout_url)
url_params = urls.url_decode(parsed_url.query)
return {'api_url': checkout_url, 'url_params': url_params}
def __call__(self, environ, start_response):
if '__method__' in environ.get('QUERY_STRING', ''):
args = url_decode(environ['QUERY_STRING'])
method = args.get('__method__')
if method:
environ['REQUEST_METHOD'] = method
return self.app(environ, start_response)
def login_url(login_view, next_url=None, next_field='next'):
'''
Creates a URL for redirecting to a login page. If only `login_view` is
provided, this will just return the URL for it. If `next_url` is provided,
however, this will append a ``next=URL`` parameter to the query string
so that the login view can redirect back to that URL.
:param login_view: The name of the login view. (Alternately, the actual
URL to the login view.)
:type login_view: str
:param next_url: The URL to give the login view for redirection.
:type next_url: str
:param next_field: What field to store the next URL in. (It defaults to
``next``.)
:type next_field: str
'''
base = expand_login_view(login_view)
if next_url is None:
return base
parsed_result = urlparse(base)
md = url_decode(parsed_result.query)
md[next_field] = make_next_param(base, next_url)
parsed_result = parsed_result._replace(query=url_encode(md, sort=True))
return urlunparse(parsed_result)
def parse_redirect(self, location, parse_fragment=False):
from werkzeug.urls import url_parse, url_decode, url_unparse
scheme, netloc, script_root, qs, anchor = url_parse(location)
return (
url_unparse((scheme, netloc, script_root, '', '')),
url_decode(anchor if parse_fragment else qs)
)
def login_url(login_view, next_url=None, next_field='next'):
'''
Creates a URL for redirecting to a login page. If only `login_view` is
provided, this will just return the URL for it. If `next_url` is provided,
however, this will append a ``next=URL`` parameter to the query string
so that the login view can redirect back to that URL.
:param login_view: The name of the login view. (Alternately, the actual
URL to the login view.)
:type login_view: str
:param next_url: The URL to give the login view for redirection.
:type next_url: str
:param next_field: What field to store the next URL in. (It defaults to
``next``.)
:type next_field: str
'''
base = expand_login_view(login_view)
if next_url is None:
return base
parsed_result = urlparse(base)
md = url_decode(parsed_result.query)
md[next_field] = make_next_param(base, next_url)
parsed_result = parsed_result._replace(query=url_encode(md, sort=True))
return urlunparse(parsed_result)
def test_auto_token_get():
responses.add(responses.GET, "https://slack.com/api/chat.postMessage")
app = Flask(__name__)
slack_bp = make_slack_blueprint(
client_id="foo",
client_secret="bar",
backend=MemoryBackend({"access_token": "abcde"}),
)
app.register_blueprint(slack_bp, url_prefix="/login")
with app.test_request_context("/"):
app.preprocess_request()
resp = slack.get("chat.postMessage",
data={
"channel": "#general",
"text": "ping",
"icon_emoji": ":robot_face:",
})
request_data = url_decode(resp.request.body)
assert request_data["channel"] == "#general"
assert request_data["text"] == "ping"
assert request_data["icon_emoji"] == ":robot_face:"
# the `token` parameter should have been automatically added
assert request_data["token"] == "abcde"
def login_url(login_view, next_url=None, next_field='next'):
'''
Creates a URL for redirecting to a login page. If only `login_view` is
provided, this will just return the URL for it. If `next_url` is provided,
however, this will append a ``next=URL`` parameter to the query string
so that the login view can redirect back to that URL. Flask-Login's default
unauthorized handler uses this function when redirecting to your login url.
To force the host name used, set `FORCE_HOST_FOR_REDIRECTS` to a host. This
prevents from redirecting to external sites if request headers Host or
X-Forwarded-For are present.
:param login_view: The name of the login view. (Alternately, the actual
URL to the login view.)
:type login_view: str
:param next_url: The URL to give the login view for redirection.
:type next_url: str
:param next_field: What field to store the next URL in. (It defaults to
``next``.)
:type next_field: str
'''
base = expand_login_view(login_view)
if next_url is None:
return base
parsed_result = urlparse(base)
md = url_decode(parsed_result.query)
md[next_field] = make_next_param(base, next_url)
netloc = current_app.config.get('FORCE_HOST_FOR_REDIRECTS') or \
parsed_result.netloc
parsed_result = parsed_result._replace(netloc=netloc,
query=url_encode(md, sort=True))
return urlunparse(parsed_result)
def auth():
try:
back = request.args['back']
except KeyError:
redirect_uri = url_for('auth', _external=True)
initial = True
else:
redirect_uri = url_for('auth', back=back, _external=True)
initial = False
params = {
'client_id': current_app.config['CLIENT_ID'],
'client_secret': current_app.config['CLIENT_SECRET'],
'redirect_uri': redirect_uri,
'code': request.args['code'],
'state': get_oauth_state()
}
response = urllib2.urlopen('https://github.com/login/oauth/access_token',
url_encode(params))
auth_data = url_decode(response.read())
response.close()
token = auth_data['access_token']
if initial:
with open_token_file('w') as f:
f.write(token)
current_app.config['ACCESS_TOKEN'] = token
return_url = url_for('home')
else:
return_url = base64.urlsafe_b64decode(str(back))
session['login'] = token
return redirect(return_url)
def __call__(self, rev, contenttype=None, arguments=None):
item_name = rev.item.name
query_keys = {'do': 'get', 'rev': rev.revid}
attrib = {}
if arguments:
query = arguments.keyword.get(xinclude.href)
if query and query.query:
# query.query value is similar to "w=75" given a transclusion "{{jpeg||&w=75 class="top"}}"
query_keys.update(url_decode(query.query))
attrib = arguments.keyword
query = url_encode(query_keys, charset=CHARSET, encode_keys=True)
attrib.update({
moin_page.type_:
str(self.input_type),
xlink.href:
Iri(scheme='wiki',
authority='',
path='/' + rev.item.fqname.fullname,
query=query),
})
if rev.meta.get(SUMMARY) and html.alt not in attrib:
attrib[html.alt] = rev.meta[SUMMARY]
obj = moin_page.object_(attrib=attrib, children=[
item_name,
])
body = moin_page.body(children=(obj, ))
return moin_page.page(children=(body, ))
def __call__(self, environ, start_response):
if '__method__' in environ.get('QUERY_STRING', ''):
args = url_decode(environ['QUERY_STRING'])
method = args.get('__method__')
if method:
environ['REQUEST_METHOD'] = method
return self.app(environ, start_response)
def connect(self, sid, environ):
"""
Called on new client connection.
Client must identify itself using the query string parameter 'user'
:param str sid: socketio's socket identifier
:param dict environ: wsgi environment
:returns: True if connection is accepted False otherwise
"""
params = urls.url_decode(environ['QUERY_STRING'])
if 'user' not in params:
return False
username = params['user']
if username in self.users:
return False
if sid in self.connections:
return False
self.users[username] = sid
self.connections[sid] = username
logger.info('New connection from %s', username)
return True
def getParams():
params = url_decode(getattr(flask.request, 'environ').get('QUERY_STRING', ''))
reg = re.compile('^[a-z0-9_\.]+$')
current = temp = {}
for param, value in sorted(params.iteritems()):
nest = re.split("([\[\]]+)", param)
if len(nest) > 1:
nested = []
for key in nest:
if reg.match(key):
nested.append(key)
current = temp
for item in nested:
if item is nested[-1]:
current[item] = toUnicode(unquote(value))
else:
try:
current[item]
except:
current[item] = {}
current = current[item]
else:
temp[param] = toUnicode(unquote(value))
return dictToList(temp)
def login_url(login_view, next_url=None, next_field='next'):
'''
Creates a URL for redirecting to a login page. If only `login_view` is
provided, this will just return the URL for it. If `next_url` is provided,
however, this will append a ``next=URL`` parameter to the query string
so that the login view can redirect back to that URL.
:param login_view: The name of the login view. (Alternately, the actual
URL to the login view.)
:type login_view: str
:param next_url: The URL to give the login view for redirection.
:type next_url: str
:param next_field: What field to store the next URL in. (It defaults to
``next``.)
:type next_field: str
'''
if login_view.startswith(('https://', 'http://', '/')):
base = login_view
else:
base = url_for(login_view)
if next_url is None:
return base
parts = list(urlparse(base))
md = url_decode(parts[4])
md[next_field] = make_next_param(base, next_url)
parts[4] = url_encode(md, sort=True)
return urlunparse(parts)
def twitter_request(self, original_url):
conf_ = conf['twitter']
original_url = oauth_base + conf_['callback_base'] + url_quote(original_url)
consumer = oauth2.Consumer(conf_['consumer_key'], conf_['consumer_secret'])
client = oauth2.Client(consumer)
q, content = client.request(conf_['token_url'], "POST",
body = url_encode({'oauth_callback':original_url}))
if q['status'] != "200":
stderr.write("Login error twitter auth:\n %s\n" % q.content)
return self.redirect('/?msg=2')
del q
oauth_data = url_decode(content)
oauth_token = oauth_data['oauth_token']
oauth_token_secret = oauth_data['oauth_token_secret']
del content
del oauth_data
f = open(oauth_secrets_path_prefix + oauth_token, 'w')
f.write(oauth_token_secret)
f.close()
self.redirect(conf_['authenticate'] + "?oauth_token=" + oauth_token)
def auth():
try:
back = request.args['back']
except KeyError:
redirect_uri = url_for('auth', _external=True)
initial = True
else:
redirect_uri = url_for('auth', back=back, _external=True)
initial = False
params = {
'client_id': current_app.config['CLIENT_ID'],
'client_secret': current_app.config['CLIENT_SECRET'],
'redirect_uri': redirect_uri,
'code': request.args['code'],
'state': get_oauth_state()
}
response = urllib2.urlopen(
'https://github.com/login/oauth/access_token',
url_encode(params)
)
auth_data = url_decode(response.read())
response.close()
token = auth_data['access_token']
if initial:
with open_token_file('w') as f:
f.write(token)
current_app.config['ACCESS_TOKEN'] = token
return_url = url_for('home')
else:
return_url = base64.urlsafe_b64decode(str(back))
session['login'] = token
return redirect(return_url)
def __call__(self, environ, start_response):
if '_method' in environ.get('QUERY_STRING', ''):
args = url_decode(environ['QUERY_STRING'])
method = args.get('_method')
if method:
method = method.encode('ascii', 'replace')
environ['REQUEST_METHOD'] = method
return self.app(environ, start_response)
def dispatch_request(self, request):
adapter = self.routes.bind_to_environ(request.environ)
request.GET = url_decode(request.environ['QUERY_STRING'])
try:
endpoint, values = adapter.match()
return getattr(self, endpoint)(request, **values)
except NotFound, e:
return self.error_404()
def __call__(self, environ, start_response):
if self.method_param_q in environ.get("QUERY_STRING", ""):
args = url_decode(environ["QUERY_STRING"])
method = args.pop(self.method_param, None)
if method:
method = method.upper().encode("ascii", "replace")
environ["REQUEST_METHOD"] = method
environ["QUERY_STRING"] = url_encode(args)
return self.app(environ, start_response)
def POST(self):
if self.route.is_flask():
return self.request.form or self.request.args or url_decode(self.request.data)
elif self.route.is_django():
return self.request.POST
elif self.route.is_appengine():
return self.request.REQUEST
elif self.route.is_dummy() or self.route.is_standalone():
return self.request.data
raise NotImplementedError
def test_signing_in_redirects_me_to_signon(self):
response = self.client.get('/sign-in')
params = url_decode(response.headers['Location'].split('?')[1])
assert_that(response, has_status(302))
assert_that(params, has_entry('response_type', 'code'))
assert_that(params, has_entry('redirect_uri',
'http://backdrop-admin.dev.gov.uk/authorized'))
assert_that(params, has_entry('client_id',
app.app.config['OAUTH_CLIENT_ID']))
def REQUEST(self):
if self.route.is_flask():
return self.request.form or self.request.args or url_decode(self.request.data)
elif self.route.is_django():
return self.request.REQUEST
elif self.route.is_appengine():
return dict(map(lambda i: (i, self.request.get(i)), \
self.request.arguments()))
elif self.route.is_dummy() or self.route.is_standalone():
return self.request.data
raise NotImplementedError
def login_url(login_view, next_url=None, next_field="next"):
if login_view.startswith(("https://", "http://", "/")):
base = login_view
else:
base = url_for(login_view)
if next_url is None:
return base
parts = list(urlparse(base))
md = url_decode(parts[4])
md[next_field] = make_next_param(base, next_url)
parts[4] = url_encode(md, sort=True)
return urlunparse(parts)
def preprocess_request(self, request):
request_header_validator = valid.DictValidator({
'Content-Length': valid.IntegerValidator(max=MAX_BODY_LENGTH),
'Content-Type': valid.ConstValidator('application/json'),
})
if request.method in ['POST', 'PUT'] and\
not re.match(self.storage_url, request.path):
request_header_validator(dict(request.headers))
#TODO: FIXME GK
if request.method == 'GET':
data = url_decode(request.query_string, cls=dict)
request.data = json.dumps(data)
