def on_delete(self, req, resp, orgid):
"""
Remove an Organization specified by the orgid
:param req:
:param resp:
:param appid:
:return:
"""
mapper = self.meta.get('mapper')
o = mapper.organization.Organization.get_by_uid(orgid, user_flag=True)
if o is None:
raise falcon.HTTPInvalidParam('Organization not found', orgid)
if o.status != 'DISABLED':
raise falcon.HTTPConflict(falcon.HTTP_409, 'Organization must be disabled before deletion is possible')
if len(o.users) > 0 or len(o.admins) > 0:
raise falcon.HTTPConflict(
falcon.HTTP_409,
'Users must be deleted or updated before application deletion is possible'
)
mapper.organization.Organization.delete_from_object(o)
resp.body = {"deleted": True}
return True
def on_delete(self, req, resp, groupid):
"""
Remove a Group specified by the groupid
:param req:
:param resp:
:param groupid:
:return:
"""
mapper = self.meta.get('mapper')
o = mapper.group.Group.get_by_uid(groupid, user_flag=True)
if o is None:
raise falcon.HTTPInvalidParam('Group not found', groupid)
if o.status != 'DISABLED':
raise falcon.HTTPConflict(falcon.HTTP_409, 'Group must be disabled before deletion is possible')
if len(o.users) > 0:
raise falcon.HTTPConflict(
falcon.HTTP_409,
'Users must be deleted or updated before group deletion is possible'
)
mapper.group.Group.delete_from_object(o)
resp.body = {"deleted": True}
return True
def try_it(*args, **kwargs):
try:
return fun(*args, **kwargs)
except falcon.HTTPError:
raise
except exceptions.DoesNotExistException:
raise falcon.HTTPNotFound
except exceptions.MultipleMetricsException as ex:
raise falcon.HTTPConflict("MultipleMetrics", ex.message)
except exceptions.AlreadyExistsException as ex:
raise falcon.HTTPConflict(ex.__class__.__name__, ex.message)
except exceptions.InvalidUpdateException as ex:
raise HTTPUnprocessableEntityError(ex.__class__.__name__, ex.message)
except exceptions.RepositoryException as ex:
LOG.exception(ex)
msg = " ".join(map(str, ex.message.args))
raise falcon.HTTPInternalServerError('The repository was unable '
'to process your request',
msg)
except Exception as ex:
LOG.exception(ex)
raise falcon.HTTPInternalServerError('Service unavailable',
ex.message)
def handle_exceptions(exception):
if isinstance(exception, orm.ObjectNotFound):
raise falcon.HTTPNotFound()
elif isinstance(exception, orm.TransactionIntegrityError):
raise falcon.HTTPConflict()
elif isinstance(exception, orm.CacheIndexError):
raise falcon.HTTPConflict()
elif isinstance(exception, KeyError):
raise falcon.HTTPBadRequest()
else:
raise exception
def createHostCert(session, token_id, host_id, pub):
token = session.query(Token).get(token_id)
if token is None:
raise falcon.HTTPNotFound(description='No Token found with that ID')
if token.host_id != host_id:
raise falcon.HTTPConflict(
description='The token is not valid for this instance ID')
fingerprint = sshpubkeys.SSHKey(pub).hash_md5()
if token.used:
if token.fingerprint_used != fingerprint:
raise falcon.HTTPConflict(
description='Token already signed a different public key')
# The token was already used for same host and pub key. Return record.
host = session.query(HostCert).get([host_id, fingerprint])
if host is None:
raise falcon.HTTPInternalServerError(
description='Token already used, but Host record not found.')
if host.token_id == token_id:
return host
raise falcon.HTTPConflict(
description='The presented token was previously used')
auth = getAuthority(session, token.auth_id)
if auth is None:
raise falcon.HTTPNotFound(
description='No Authority found with that ID')
certRecord = session.query(HostCert).get([host_id, fingerprint])
if certRecord is not None:
raise falcon.HTTPConflict('This public key is already signed.')
cert = generateCert(get_secret(auth.host_key),
pub,
user=False,
days_valid=365,
identity=token.hostname)
if cert == '':
raise falcon.HTTPInternalServerError(
"Failed to generate the certificate")
host = HostCert(host_id=host_id,
fingerprint=fingerprint,
auth_id=token.auth_id,
token_id=token_id,
pubkey=pub,
cert=cert,
hostname=token.hostname)
session.add(host)
# Update the token
token.used = True
token.date_used = datetime.utcnow()
token.fingerprint_used = host.fingerprint
session.add(token)
session.commit()
return host
def on_post(self, req, resp, conn):
req._parse_form_urlencoded() # Merge POST-ed stuff to get_param
certificates = req.get_param_as_list("certificates") or ()
username = req.get_param("name", required=True)
gn = req.get_param("gn", required=True)
sn = req.get_param("sn")
common_name = " ".join([gn, sn])
dn = "cn=%s,cn=Users,%s" % (common_name, config.LDAP_BASEDN)
upn = "%s@%s" % (username, config.REALM.lower())
pwd = req.get_param("password")
# Make sure we're not getting hacked
RESERVED_GROUPS = set(["root", "audio", "video", "wheel", "sudo", \
"admin", "daemon", "bin", "lp", "pulse", "lightdm", "dnsmasq", \
"nobody", "nogroup", "shadow", "kvm", "tape", "floppy", "cdrom", \
"nslcd", "proxy", "man", "news", "tty", "adm", "disk"])
if username in RESERVED_GROUPS: # TODO: Use better HTTP status code
click.echo("Username %s is reserved" % subject_username)
raise falcon.HTTPConflict("Error", "Username is reserved")
ldif_user = modlist.addModlist({
"displayName":
common_name.encode("utf-8"),
"samaccountname":
username.encode("utf-8"),
"givenName":
gn.encode("utf-8"),
"sn":
sn.encode("utf-8"),
"c":
req.get_param("c", default="").encode("utf-8"),
#"birthdate": req.get_param("birthday", default="").encode("utf-8"),
#"gender": req.get_param("gender", default="").encode("utf-8"),
"otherMailbox":
req.get_param("mail").encode("utf-8"),
"mail": ("%s@%s" % (username, config.MAIL_DOMAIN)).encode("utf-8"),
"unicodePwd": ("\"%s\"" % pwd).encode("utf-16-le") if pwd else b"",
"userAccountControl":
b"544",
"userPrincipalName":
upn.encode("utf-8"),
"objectclass":
[b"top", b"person", b"organizationalPerson", b"user"],
"userCertificate": [b64decode(j) for j in certificates]
if req.get_param_as_bool("import_certificates") else [],
#"altSecurityIdentities": TODO
})
try:
conn.add_s(dn, ldif_user)
except ldap.ALREADY_EXISTS:
raise falcon.HTTPConflict(
"Error", "User with such full name already exists")
def on_post(self, req, resp, dataset_info, **kwargs):
"""Create a new dataset on the service
This method will create a new empty dataset, and returns a 201 CREATED
with Location header filled with the URI of new dataset.
:param HTTPUserDatasetDTO dataset_info: HTTP Client dataset information
:query int dataset_type: The dataset type (optional)
:returns: Location header with new path to dataset object
"""
dao = data_access.DatasetDAO()
# Get dataset type
dts_type = req.get_param_as_int("dataset_type")
dataset_type = dao.get_dataset_types()[dts_type]["class"]
id_dts, err = dao.insert_empty_dataset(
dataset_type,
name=dataset_info.name,
description=dataset_info.description)
if id_dts is None and err[0] == 409:
raise falcon.HTTPConflict(title="The dataset name is already used",
description=err[1])
elif id_dts is None and err[0] == 500:
raise falcon.HTTPInternalServerError(description=err[1])
else:
# Dataset created, evrything is done
resp.status = falcon.HTTP_201
resp.body = json.dumps({"dataset": {"id": id_dts}})
resp.location = "/datasets/" + str(id_dts)
def on_post(self, req, resp):
try:
params = {}
req.get_param_as_list('ids', transform=int, store=params)
req.get_param_as_list('statuses', transform=Status.parse, store=params)
req.get_param('tracker', store=params)
if len(params) > 1:
raise falcon.HTTPBadRequest("wrong params count",
'Only one of params are supported: ids, statuses or tracker, ' +
'but {0} was provided'.format(', '.join(params.keys())))
if 'ids' in params:
ids = params['ids']
elif 'statuses' in params:
ids = self.engine_runner.trackers_manager.get_status_topics_ids(params['statuses'])
elif 'tracker' in params:
topics = self.engine_runner.trackers_manager.get_tracker_topics(params['tracker'])
ids = [topic.id for topic in topics]
else:
ids = None
if ids is not None and len(ids) == 0:
raise falcon.HTTPConflict("Can't get any ids", "This request doesn't produce any topics for execute")
self.engine_runner.execute(ids)
except Exception as e:
log.error("An error has occurred", exception=str(e))
raise
def on_put(self, req, resp):
# Consume token
now = time()
timestamp = req.get_param_as_int("t", required=True)
username = req.get_param("u", required=True)
user = User.objects.get(username)
csum = hashlib.sha256()
csum.update(config.TOKEN_SECRET)
csum.update(username.encode("ascii"))
csum.update(str(timestamp).encode("ascii"))
margin = 300 # Tolerate 5 minute clock skew as Kerberos does
if csum.hexdigest() != req.get_param("c", required=True):
raise falcon.HTTPForbidden("Forbidden", "Invalid token supplied, did you copy-paste link correctly?")
if now < timestamp - margin:
raise falcon.HTTPForbidden("Forbidden", "Token not valid yet, are you sure server clock is correct?")
if now > timestamp + margin + config.TOKEN_LIFETIME:
raise falcon.HTTPForbidden("Forbidden", "Token expired")
# At this point consider token to be legitimate
body = req.stream.read(req.content_length)
header, _, der_bytes = pem.unarmor(body)
csr = CertificationRequest.load(der_bytes)
common_name = csr["certification_request_info"]["subject"].native["common_name"]
assert common_name == username or common_name.startswith(username + "@"), "Invalid common name %s" % common_name
try:
_, resp.body = self.authority._sign(csr, body, profile="default",
overwrite=config.TOKEN_OVERWRITE_PERMITTED)
resp.set_header("Content-Type", "application/x-pem-file")
logger.info("Autosigned %s as proven by token ownership", common_name)
except FileExistsError:
logger.info("Won't autosign duplicate %s", common_name)
raise falcon.HTTPConflict(
"Certificate with such common name (CN) already exists",
"Will not overwrite existing certificate signing request, explicitly delete existing one and try again")
def on_put(self, req, resp):
json_input = self.validate_json_input(req)
model_name = json_input["model_name"]
service_name = json_input["service_name"]
# Load model
model = load_model(model_name)
if model is False:
raise falcon.HTTPNotFound(
description="model {} is not an available model in the API".
format(model_name))
# Check if the service exists
success = self.services.create_service(json_input, model)
if not success:
raise falcon.HTTPConflict({
"code": 409,
"name": "Bad request"
}, "The service '{}' already exists".format(service_name))
resp.body = json.dumps(
{
"title": {
"code": 201,
"name": "Success"
},
"description":
"service '{}' sucessfully created".format(service_name)
},
ensure_ascii=False)
resp.status = falcon.HTTP_201
def test_http_conflict_with_title_and_desc_and_challenges(self):
try:
raise falcon.HTTPConflict(title='Test', description='Testdescription')
except falcon.HTTPConflict as e:
self.assertEqual('Test', e.title, 'Title should be "Test"')
self.assertEqual('Testdescription', e.description,
'Description should be "Testdescription"')
def on_delete(self, req, resp, userid, apikeyid):
"""
DELETE an ApiKey from a User and delete it - delete
:param req:
:param resp:
:param userid:
:return:
"""
mapper = self.meta.get('mapper')
u = mapper.user.User.get_by_uid(userid)
o = mapper.apikey.ApiKey.get_by_key(apikeyid)
if not u:
raise Exception('User %s not found' % userid)
if not o:
raise Exception('ApiKey %s not found' % apikeyid)
if o.user.uid != u.uid:
raise Exception("ApiKey %s not found" % apikeyid)
if o.status != 'DISABLED':
raise falcon.HTTPConflict(
falcon.HTTP_409,
'ApiKey must be disabled before deletion is possible')
mapper.apikey.ApiKey.delete_from_object(o)
resp.body = {"deleted": True}
return True
def conflict(response, body='409 Conflict'):
response.status = falcon.HTTP_409
response.content_type = CONTENT_TYPE_JSON
if isinstance(body, bytes):
body = body.decode()
if body is not None:
response.body = falcon.HTTPConflict(description=body).to_json()
def on_post(self, req, resp, dataset_id, dataset_dto, entities):
"""Get the embedding given an entity or a list of entities (URI)
{"entities": ["Q1492", "Q2807", "Q1"]}
:param integer dataset_id: Unique ID of dataset
:param integer dataset_dto: Dataset DTO (from hook)
:param list entities: List of entities to get embeddings (from hook)
:returns: A list of list with entities and its embeddings
:rtype: list
"""
istrained = dataset_dto.is_trained()
if istrained is None or not istrained:
raise falcon.HTTPConflict(
title="Dataset has not a valid state",
description="Dataset {} has a {} state".format(
dataset_id, dataset_dto.status))
try:
result = async_tasks.find_embeddings_on_model(dataset_id, entities)
except OSError as err:
filerr = err.filename
raise falcon.HTTPNotFound(
title="The file on database couldn't be located",
description=("A file ({}) has been found on database, but it "
"does not exist on filesystem").format(filerr))
textbody = {"embeddings": result}
resp.body = json.dumps(textbody)
resp.status = falcon.HTTP_200
def process_response(self, req, resp, resource, req_succeeded):
if not resource:
return
session = req.context['session']
if not req_succeeded:
session.abort()
return
try:
# commit any changes to backing data stores
session.close()
except Exception as e:
if isinstance(e, DuplicateEntityException):
entity_cls = e.entity_cls
with self._session() as session:
query = entity_cls.exists_query(**req.media)
entity = session.find_one(query)
uri = self.link_converter.convert_to_link(entity)
resp.set_header('Location', uri)
raise falcon.HTTPConflict()
else:
logging.error(e)
raise
def on_patch(self, req, resp, target_name, command_name):
new_name = req.get_param("new_name", required=True)
if not get_command(target_name, new_name).update_name(new_name):
raise falcon.HTTPConflict(description="Command '" + new_name +
"' already exists for Target'" +
target_name + "'")
def on_put(self, req: Request, res: Response, item_id):
with self.make_session() as session:
try:
self.put_item(item_id, req.context["doc"], session)
put_json_to_context(res, {"created": item_id})
except IntegrityError as e:
raise falcon.HTTPConflict("Conflict", str(e))
def on_post(self, req, res):
vendor_name = req.context['data']['vendor_name']
vendor_item_id = req.context['data']['vendor_item_id']
quantity = req.context['data']['quantity']
results = VENDOR_ITEMS.query_2(vendor_name__eq=vendor_name,
vendor_item_id__eq=vendor_item_id)
results = [dict(r.items()) for r in results]
if not results:
title = 'Conflict'
description = "No item exists for vendor_name: '{0}' and vendor_item_id: '{1}'".format(
vendor_name, vendor_item_id)
raise falcon.HTTPConflict(title, description)
vendor_item = results.pop()
item_doc = {
'user_id': req.context['auth_user']['id'],
'name': vendor_item['item_name'],
'url': vendor_item['item_url'],
'image_url': vendor_item['item_image_url'],
'quantity': quantity,
'vendor_name': vendor_item['vendor_name'],
'vendor_item_id': vendor_item['vendor_item_id']
}
req.context['result'] = self.add_item(item_doc)
res.status = falcon.HTTP_OK
def test_http_conflict_no_title_and_desc_and_challenges(self):
try:
raise falcon.HTTPConflict()
except falcon.HTTPConflict as e:
self.assertEqual(status.HTTP_409, e.title,
'The title should be ' + status.HTTP_409 + ', but it is: ' + e.title)
self.assertEqual(None, e.description, 'The description should be None')
def on_delete(self, req: Request, res: Response, item_id):
with self.make_session() as session:
try:
ok = self.delete_item(item_id, session)
if not ok:
raise falcon.HTTPNotFound()
except IntegrityError as e:
raise falcon.HTTPConflict("Conflict", str(e))
def createHost(session, id, name, pat_bastions, srv_url):
host = Host(id=id, name=name, pat_bastions=pat_bastions, srv_url=srv_url)
session.add(host)
try:
session.commit()
except IntegrityError:
raise falcon.HTTPConflict(
"Failed to create SSH host record for {}.".format(name))
return host
def __execute(self, queryset):
try:
return self._connection.execute(queryset)
except sqlalchemy.exc.IntegrityError as error:
error_message = str(error._message())
error_message = error_message.split('1062')[1][3:][:-3]
raise falcon.HTTPConflict(title="Duplicate Entry",
description=error_message)
def _create_revision_documents(self, bucket_name, documents, validations):
try:
created_documents = db_api.documents_create(
bucket_name, documents, validations=validations)
except (deckhand_errors.DocumentExists,
deckhand_errors.SingletonDocumentConflict) as e:
raise falcon.HTTPConflict(description=e.format_message())
except Exception as e:
raise falcon.HTTPInternalServerError(description=six.text_type(e))
return created_documents
def __create__(self, **kwargs):
"""Internal method takes optional parameters and creates a new
Resource in Fedora, stores resulting triples in Fuseki and indexes
the Resource into Elastic Search
keyword args:
binary -- Binary object for the Fedora Object, metadata will
be stored as metadata to Binary.
doc_type -- Elastic search document type, defaults to None
id -- Existing identifier defaults to None
index -- Elastic search index, defaults to None
mimetype -- Mimetype for binary stream, defaults to application/octet-stream
rdf -- RDF graph of new object, defaults to None
rdf_type -- RDF Type, defaults to text/turtle
"""
if self.uuid:
description = """Cannot call Resource.__create__,
Fedora object {} already exists""".format(self.uuid)
raise falcon.HTTPConflict("Fedora object already exists",
description)
binary = kwargs.get('binary', None)
doc_type = kwargs.get('doc_type', None)
ident = kwargs.get('id', None)
index = kwargs.get('index', None)
mimetype = kwargs.get('mimetype', 'application/octet-stream')
rdf = kwargs.get('rdf', None)
rdf_type = kwargs.get('rdf_type', 'text/turtle')
resource_url = None
if ident:
fedora_post_url = "/".join([self.rest_url, ident])
else:
fedora_post_url = self.rest_url
# First check and add binary datastream
if binary:
resource_url = self.__new_binary__(fedora_post_url, binary,
mimetype, rdf)
# Next handle any attached RDF
if rdf and not binary:
resource_url = self.__new_by_rdf__(fedora_post_url, rdf, rdf_type)
# Finally, create a stub Fedora object if not resource_uri
if not resource_url:
stub_result = requests.post(fedora_post_url)
resource_url = stub_result.text
self.subject = rdflib.URIRef(resource_url)
self.graph = default_graph()
self.graph = self.graph.parse(resource_url)
self.uuid = str(
self.graph.value(subject=self.subject, predicate=FEDORA.uuid))
if index:
self.searcher.__index__(self.subject, self.graph, doc_type, index)
self.searcher.triplestore.__load__(self.graph)
return resource_url
def on_post(self, req, res):
user_doc = {
'email': req.context['data']['email'],
'password': hash_password(req.context['data']['password'])
}
try:
new_user = self.add_user(user_doc)
except IntegrityError:
title = 'Conflict'
description = 'Email in use'
raise falcon.HTTPConflict(title, description)
req.context['result'] = {'token': generate_token(new_user)}
res.status = falcon.HTTP_CREATED
def on_post(self, request, response):
query = dict()
try:
raw_json = request.stream.read()
except Exception as e:
raise falcon.HTTPError(falcon.HTTP_400, 'Error', e.message)
try:
data = json.loads(raw_json, encoding='utf-8')
except ValueError:
raise falcon.HTTPError(falcon.HTTP_400, 'Malformed JSON')
if "id" not in data:
raise falcon.HTTPConflict('Task creation', "ID is not specified.")
if "type" not in data:
raise falcon.HTTPConflict('Task creation',
"Type is not specified.")
transaction = self.client.push_task({"task": "vertex", "data": data})
response.body = json.dumps({"transaction": transaction})
response.status = falcon.HTTP_202
def on_get(self, req, resp, sanitized_params, revision_id):
include_encrypted = policy.conditional_authorize(
'deckhand:list_encrypted_documents', req.context, do_raise=False)
filters = {'metadata.storagePolicy': ['cleartext'], 'deleted': False}
if include_encrypted:
filters['metadata.storagePolicy'].append('encrypted')
documents = self._retrieve_documents_for_rendering(
revision_id, **filters)
substitution_sources = self._retrieve_substitution_sources()
try:
# NOTE(fmontei): `validate` is False because documents have already
# been pre-validated during ingestion. Documents are post-validated
# below, regardless.
document_layering = layering.DocumentLayering(documents,
substitution_sources,
validate=False)
rendered_documents = document_layering.render()
except (errors.InvalidDocumentLayer, errors.InvalidDocumentParent,
errors.IndeterminateDocumentParent, errors.MissingDocumentKey,
errors.UnsupportedActionMethod) as e:
raise falcon.HTTPBadRequest(description=e.format_message())
except (errors.LayeringPolicyNotFound,
errors.SubstitutionSourceNotFound) as e:
raise falcon.HTTPConflict(description=e.format_message())
except errors.errors.UnknownSubstitutionError as e:
raise falcon.HTTPInternalServerError(
description=e.format_message())
# Filters to be applied post-rendering, because many documents are
# involved in rendering. User filters can only be applied once all
# documents have been rendered. Note that `layering` module only
# returns concrete documents, so no filtering for that is needed here.
order_by = sanitized_params.pop('order', None)
sort_by = sanitized_params.pop('sort', None)
user_filters = sanitized_params.copy()
rendered_documents = [
d for d in rendered_documents
if utils.deepfilter(d, **user_filters)
]
if sort_by:
rendered_documents = utils.multisort(rendered_documents, sort_by,
order_by)
resp.status = falcon.HTTP_200
resp.body = self.view_builder.list(rendered_documents)
self._post_validate(rendered_documents)
def delete(self, req, resp, obj):
"""
Delete an existing record.
:param req: Falcon request
:type req: falcon.request.Request
:param resp: Falcon response
:type resp: falcon.response.Response
:param obj: the object to delete
"""
deleted = obj.delete()
if deleted == 0:
raise falcon.HTTPConflict(
'Conflict', 'Resource found but conditions violated')
def UpdateUser(**request_handler_args):
req = request_handler_args['req']
authUser(req, request_handler_args['resp'], ['createUser'])
doc = req.context['doc']
try:
user = User.objects.get(
{"_id": ObjectId(request_handler_args['uri_fields']['id'])})
except InvalidId as e:
raise falcon.HTTPBadRequest('Bad Request', str(e))
except User.DoesNotExist:
raise falcon.HTTPNotFound()
else:
try:
user.username = doc['username']
user.permissions = doc['permissions']
except KeyError as e:
raise falcon.HTTPMissingParam(str(e))
try:
user.password = doc['password']
except KeyError:
user.auth_b64 = User.GetAuthBase64(doc['username'], user.password)
pass
else:
user.auth_b64 = User.GetAuthBase64(doc['username'],
doc['password'])
try:
user.save()
except User.ValidationError as e:
raise falcon.HTTPBadRequest("Validation Error", e.message)
except User.DuplicateKeyError as e:
existing_user = User.objects.get({"username": user.username})
raise falcon.HTTPConflict(
"Conflict", {
"message":
"User with username '%s' already exists." % user.username,
"user": existing_user.to_dict()
})
else:
user.uri = req.uri
request_handler_args['resp'].location = user.uri
request_handler_args['req'].context['result'] = user.to_dict()
req.context['logger'].info({
'action':
'updateUser',
'message':
"'%s' user with id of %s was updated successfully." %
(user.username, user._id)
})
def dataset_untrained_status(req, resp, resource, params):
"""Raises an error if dataset is not on an untrained state
Must be executed after check_dataset_exsistence. This will not inform
about dataset existence, instead will return an undefined error.
If query param ignore_status is true, it will not raise any error
"""
status, dataset_dto = _get_dataset_status(params['dataset_id'])
ignore_status = req.get_param_as_bool("ignore_status")
# Dataset is trained if 0b0010 bit is on
if status & 0b0010 != 0 and not ignore_status:
raise falcon.HTTPConflict(
title="The dataset is not in a correct state",
description=(
"The dataset {id} has an status {status}, which "
"is not valid to insert triples. Required is 0 ").format(
**dataset_dto.to_dict()))
