def setUp(self):
super(RootResourceTest, self).setUp()
factory = FluidinfoSessionFactory('API-9000')
transact = Transact(self.threadPool)
createSystemData()
self.checker = AnonymousChecker()
self.checker.facadeClient = Facade(transact, factory)
getConfig().set('service', 'allow-anonymous-access', 'False')
def setUp(self):
super(RootResourceTest, self).setUp()
factory = FluidinfoSessionFactory('API-9000')
transact = Transact(self.threadPool)
createSystemData()
self.checker = AnonymousChecker()
self.checker.facadeClient = Facade(transact, factory)
getConfig().set('service', 'allow-anonymous-access', 'False')
def getObjectIndex():
"""Get an L{ObjectIndex}.
@return: An L{ObjectIndex} configured to communicate with a Solr index.
"""
url = getConfig().get('index', 'url')
shards = getConfig().get('index', 'shards')
client = SolrClient(url)
return ObjectIndex(client, shards=shards)
def getObjectIndex():
"""Get an L{ObjectIndex}.
@return: An L{ObjectIndex} configured to communicate with a Solr index.
"""
url = getConfig().get('index', 'url')
shards = getConfig().get('index', 'shards')
client = SolrClient(url)
return ObjectIndex(client, shards=shards)
def testRequestAvatarIdWithAnonymousAccessDenied(self):
"""
L{FacadeAnonymousCheckerTest.requestAvatarId} returns
C{UnauthorizedLogin} for the C{anon} user if the
C{allow-anonymous-access} configuration option is C{False}.
"""
getConfig().set('service', 'allow-anonymous-access', 'False')
self.store.commit()
session = yield self.checker.requestAvatarId(credentials=None)
self.assertTrue(isinstance(session, UnauthorizedLogin))
def testRequestAvatarId(self):
"""
L{FacadeAnonymousCheckerTest.requestAvatarId} creates a
L{FluidinfoSession} for the anonymous 'anon' user if the
C{allow-anonymous-access} configuration option is C{True}.
"""
getConfig().set('service', 'allow-anonymous-access', 'True')
self.store.commit()
session = yield self.checker.requestAvatarId(credentials=None)
self.assertEqual('anon', session.auth.username)
def _extractAbouts(self, text):
abouts = []
config = getConfig()
# The following 4 extractions are done in a non-alphabetical order
# because (historically at least, for loveme.do) we want to have a
# URL as the first about value in the about list, if any URLs are
# present. If you change the order here, you'll probably need to
# change tests in tests/test_comment.py too.
if config.getboolean('comments', 'extract-urls'):
# Add any URLs in the text to the abouts list.
abouts.extend(extractURLs(text))
if config.getboolean('comments', 'extract-files'):
# Add (in lower case) any files in the text to the abouts list.
files = map(unicode.lower, extractFiles(text))
if files:
abouts.extend(files)
abouts.append(
config.get('comments', 'file-object').decode('utf-8'))
if config.getboolean('comments', 'extract-hashtags'):
# Add (in lowercase) any hashtags in the text.
abouts.extend(map(unicode.lower, extractHashtags(text)))
if config.getboolean('comments', 'extract-plustags'):
# Add (in lowercase) any +plustags in the text.
abouts.extend(map(unicode.lower, extractPlustags(text)))
if config.getboolean('comments', 'extract-atnames'):
# Add (in lowercase) any @names in the text.
abouts.extend(map(unicode.lower, extractAtnames(text)))
return abouts
def makeService(self, options):
port, site, application = setupApplication(options)
# Check database health.
logging.info('Checking database health.')
try:
verifyStore()
except Exception as error:
logging.error(error)
logging.critical('Shutting down.')
sys.exit(1)
else:
logging.info('Database is up-to-date.')
# Log configuration parameters.
config = getConfig()
logging.info('PID is %s', os.getpid())
logging.info('service/temp-path is %s',
config.get('service', 'temp-path'))
logging.info('service/max-threads is %s',
config.get('service', 'max-threads'))
logging.info('service/port is %s', config.get('service', 'port'))
logging.info('store/main-uri is %s', config.get('store', 'main-uri'))
logging.info('index/url is %s', config.get('index', 'url'))
# Register the application.
return TCPServer(int(options['port']), site)
def decrypt(cls, consumerUser, encryptedToken):
"""Decrypt a token and convert it into a stateful object.
@param cls: The class representing the token.
@param consumerUser: The L{User} instance of the consumer that holds
the token.
@param: The encrypted token as a C{str}.
@raise UnknownConsumerError: Raised if C{consumerUser} doesn't have a
matching L{OAuthConsumer} in the system.
@raise UnknownUserError: Raised if the L{User} the token provides
access on behalf of doesn't exist.
@return: An instance of C{cls}.
"""
result = getOAuthConsumers(userIDs=[consumerUser.id]).one()
if result is None:
raise UnknownConsumerError("'%s' is not a consumer." %
consumerUser.username)
_, consumer = result
salt = getConfig().get('oauth', cls.configName)
secret = salt + consumer.secret
data = tokenToData(secret, encryptedToken)
username = data['username'].lower()
user = getUser(username)
if user is None:
raise UnknownUserError([username])
token = cls(consumerUser, user)
try:
token.creationTime = datetime.strptime(data['creationTime'],
'%Y%m%d-%H%M%S')
except KeyError:
token.creationTime = None
return token
def getQueryParser():
"""Get a L{QueryParser} to parse Fluidinfo queries.
The process of building a L{QueryParser} is quite expensive. PLY
generates parse tables and writes them to a file on disk. As a result, a
single parser instance is generated and cached in memory. The same
L{QueryParser} instance is returned each time this function is called.
As a result, you must be especially careful about thread-safety. The
L{QueryParser} must only be used to parse one input at a time and never
shared among threads.
@raise FeatureError: Raised if this function is invoked outside the main
thread.
@return: The global L{QueryParser} instance.
"""
if currentThread().getName() != 'MainThread':
raise FeatureError(
'A query parser may only be used in the main thread.')
global _parser
if _parser is None:
lexer = getQueryLexer()
parser = QueryParser(lexer.tokens)
parser.build(module=parser, debug=False,
outputdir=getConfig().get('service', 'temp-path'))
_parser = parser
# Setup illegal queries to ensure we do it in a safe way and avoid
# races.
getIllegalQueries()
return _parser
def _extractAbouts(self, text):
abouts = []
config = getConfig()
# The following 4 extractions are done in a non-alphabetical order
# because (historically at least, for loveme.do) we want to have a
# URL as the first about value in the about list, if any URLs are
# present. If you change the order here, you'll probably need to
# change tests in tests/test_comment.py too.
if config.getboolean('comments', 'extract-urls'):
# Add any URLs in the text to the abouts list.
abouts.extend(extractURLs(text))
if config.getboolean('comments', 'extract-files'):
# Add (in lower case) any files in the text to the abouts list.
files = map(unicode.lower, extractFiles(text))
if files:
abouts.extend(files)
abouts.append(config.get('comments',
'file-object').decode('utf-8'))
if config.getboolean('comments', 'extract-hashtags'):
# Add (in lowercase) any hashtags in the text.
abouts.extend(map(unicode.lower, extractHashtags(text)))
if config.getboolean('comments', 'extract-plustags'):
# Add (in lowercase) any +plustags in the text.
abouts.extend(map(unicode.lower, extractPlustags(text)))
if config.getboolean('comments', 'extract-atnames'):
# Add (in lowercase) any @names in the text.
abouts.extend(map(unicode.lower, extractAtnames(text)))
return abouts
def makeService(self, options):
port, site, application = setupApplication(options)
# Check database health.
logging.info('Checking database health.')
try:
verifyStore()
except Exception as error:
logging.error(error)
logging.critical('Shutting down.')
sys.exit(1)
else:
logging.info('Database is up-to-date.')
# Log configuration parameters.
config = getConfig()
logging.info('PID is %s', os.getpid())
logging.info('service/temp-path is %s',
config.get('service', 'temp-path'))
logging.info('service/max-threads is %s',
config.get('service', 'max-threads'))
logging.info('service/port is %s', config.get('service', 'port'))
logging.info('store/main-uri is %s', config.get('store', 'main-uri'))
logging.info('index/url is %s', config.get('index', 'url'))
# Register the application.
return TCPServer(int(options['port']), site)
def testAuthenticateOAuthWithIncorrectSignature(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the signature in the L{OAuthCredentials} is incorrect.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
user = getUser(u'user')
api = OAuthConsumerAPI()
consumer = api.register(consumerUser, secret='abyOTsAfo9MVN0qz')
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': user.username,
'creationTime': '2012-12-28 16:18:23'})
signature = 'wrong'
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', consumerUser.username, token, 'HMAC-SHA1',
signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo',
headers, arguments)
self.assertRaises(AuthenticationError, api.authenticate, credentials)
def decrypt(cls, consumerUser, encryptedToken):
"""Decrypt a token and convert it into a stateful object.
@param cls: The class representing the token.
@param consumerUser: The L{User} instance of the consumer that holds
the token.
@param: The encrypted token as a C{str}.
@raise UnknownConsumerError: Raised if C{consumerUser} doesn't have a
matching L{OAuthConsumer} in the system.
@raise UnknownUserError: Raised if the L{User} the token provides
access on behalf of doesn't exist.
@return: An instance of C{cls}.
"""
result = getOAuthConsumers(userIDs=[consumerUser.id]).one()
if result is None:
raise UnknownConsumerError("'%s' is not a consumer."
% consumerUser.username)
_, consumer = result
salt = getConfig().get('oauth', cls.configName)
secret = salt + consumer.secret
data = tokenToData(secret, encryptedToken)
username = data['username'].lower()
user = getUser(username)
if user is None:
raise UnknownUserError([username])
token = cls(consumerUser, user)
try:
token.creationTime = datetime.strptime(data['creationTime'],
'%Y%m%d-%H%M%S')
except KeyError:
token.creationTime = None
return token
def testAuthenticateOAuthWithUnknownConsumer(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the consumer is not registered.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
secret = 'a' * 16
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'})
signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo='
nonce = 'nonce'
oauthConsumerAPI = OAuthConsumerAPI()
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
def getQueryParser():
"""Get a L{QueryParser} to parse Fluidinfo queries.
The process of building a L{QueryParser} is quite expensive. PLY
generates parse tables and writes them to a file on disk. As a result, a
single parser instance is generated and cached in memory. The same
L{QueryParser} instance is returned each time this function is called.
As a result, you must be especially careful about thread-safety. The
L{QueryParser} must only be used to parse one input at a time and never
shared among threads.
@raise FeatureError: Raised if this function is invoked outside the main
thread.
@return: The global L{QueryParser} instance.
"""
if currentThread().getName() != 'MainThread':
raise FeatureError(
'A query parser may only be used in the main thread.')
global _parser
if _parser is None:
lexer = getQueryLexer()
parser = QueryParser(lexer.tokens)
parser.build(module=parser,
debug=False,
outputdir=getConfig().get('service', 'temp-path'))
_parser = parser
# Setup illegal queries to ensure we do it in a safe way and avoid
# races.
getIllegalQueries()
return _parser
def testAuthenticateOAuthWithUnknownUser(self):
"""
L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception
if the user in the L{OAuthCredentials} token doesn't exist.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
oauthConsumerAPI = OAuthConsumerAPI()
consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
timestamp = 1314976811
headers = {'header1': 'foo'}
arguments = 'argument1=bar'
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': '******'})
signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo='
nonce = 'nonce'
credentials = OAuthCredentials(
'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature,
timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers,
arguments)
self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate,
credentials)
def _stopSession(self, result=None):
"""Stop the session and persist it to disk.
@param result: The result so far in the request processing.
Note that this has a default C{None} value because this method
can be called directly above (not as part of an errback chain).
@return: the C{result} we were passed.
"""
if not self.session.running:
logging.warning('Trying to stop session %s twice.',
self.session.id)
return result
self.session.stop()
config = getConfig()
# FIXME This is a hack to avoid breaking old tests.
if config:
tracePath = config.get('service', 'trace-path')
port = config.get('service', 'port')
logPath = os.path.join(tracePath,
'fluidinfo-api-trace-%s.log' % port)
storage = SessionStorage()
storage.dump(self.session, logPath)
if self.session.duration.seconds > 0:
logging.warning('Long request: %s. Time: %s.', self.session.id,
self.session.duration)
return result
def _stopSession(self, result=None):
"""Stop the session and persist it to disk.
@param result: The result so far in the request processing.
Note that this has a default C{None} value because this method
can be called directly above (not as part of an errback chain).
@return: the C{result} we were passed.
"""
if not self.session.running:
logging.warning('Trying to stop session %s twice.',
self.session.id)
return result
self.session.stop()
config = getConfig()
# FIXME This is a hack to avoid breaking old tests.
if config:
tracePath = config.get('service', 'trace-path')
port = config.get('service', 'port')
logPath = os.path.join(tracePath,
'fluidinfo-api-trace-%s.log' % port)
storage = SessionStorage()
storage.dump(self.session, logPath)
if self.session.duration.seconds > 0:
logging.warning('Long request: %s. Time: %s.',
self.session.id, self.session.duration)
return result
def make(self, dependency_resources):
"""Setup the configuration instance."""
from fluiddb.application import setupConfig
config = setupConfig(path=None, port=None, development=True)
self._originalConfig = getConfig()
setConfig(config)
return config
def testGetDevelopmentModeEnabled(self):
"""
L{getDevelopmentMode} returns the flag specifying whether or not
development mode is in use.
"""
config = getConfig()
config.set('service', 'development', 'True')
self.assertTrue(getDevelopmentMode())
def testGetDevelopmentModeEnabled(self):
"""
L{getDevelopmentMode} returns the flag specifying whether or not
development mode is in use.
"""
config = getConfig()
config.set('service', 'development', 'True')
self.assertTrue(getDevelopmentMode())
def encrypt(self):
"""Convert this token into an encrypted blob.
@return: A encrypted token as a C{str}.
"""
result = getOAuthConsumers(userIDs=[self.consumer.id]).one()
if result is None:
raise UnknownConsumerError("'%s' is not a consumer."
% self.consumer.username)
_, consumer = result
salt = getConfig().get('oauth', self.configName)
secret = salt + consumer.secret
creationTime = self.creationTime.strftime('%Y%m%d-%H%M%S')
return dataToToken(secret, {'username': self.user.username,
'creationTime': creationTime})
def testDecryptTokenWithoutCreationTime(self):
"""
L{OAuthTokenBase.decrypt} correctly decrypts tokens without a
C{creationTime} field, since old OAuth tokens didn't have these.
"""
UserAPI().create([
(u'consumer', u'secret', u'Consumer', u'*****@*****.**'),
(u'user', u'secret', u'User', u'*****@*****.**')])
consumerUser = getUser(u'consumer')
consumer = OAuthConsumerAPI().register(consumerUser)
salt = getConfig().get('oauth', self.cls.configName)
secret = salt + consumer.secret
encryptedToken = dataToToken(secret, {'username': u'user'})
token = self.cls.decrypt(consumerUser, encryptedToken)
self.assertIdentical(None, token.creationTime)
def testAuthenticateOAuth2WithUnknownConsumer(self):
"""
L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError}
exception if the consumer is not registered.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
secret = 'a' * 16
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'})
oauthConsumerAPI = OAuthConsumerAPI()
credentials = OAuth2Credentials(u'user1', u'secret1', token)
self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate,
credentials)
def encrypt(self):
"""Convert this token into an encrypted blob.
@return: A encrypted token as a C{str}.
"""
result = getOAuthConsumers(userIDs=[self.consumer.id]).one()
if result is None:
raise UnknownConsumerError("'%s' is not a consumer." %
self.consumer.username)
_, consumer = result
salt = getConfig().get('oauth', self.configName)
secret = salt + consumer.secret
creationTime = self.creationTime.strftime('%Y%m%d-%H%M%S')
return dataToToken(secret, {
'username': self.user.username,
'creationTime': creationTime
})
def testAuthenticateOAuth2WithUnknownUser(self):
"""
L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception
if the user in the L{OAuth2Credentials} token doesn't exist.
"""
UserAPI().create([(u'user1', u'secret1', u'User1',
u'*****@*****.**')])
user1 = getUser(u'user1')
oauthConsumerAPI = OAuthConsumerAPI()
consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz')
oauthEchoSecret = getConfig().get('oauth', 'access-secret')
token = dataToToken(oauthEchoSecret + consumer.secret,
{'username': '******'})
credentials = OAuth2Credentials(u'user1', u'secret1', token)
self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate,
credentials)
def renewToken(self, renewalToken):
"""Use an L{OAuthRenewalToken} to generate a new L{OAuthAccessToken}.
@param renewalToken: The L{OAuthRenewalToken} to use to generate a new
L{OAuthAccessToken}.
@raise ExpiredOAuthTokenError: Raised if C{renewalToken} is expired.
@raise UnknownConsumerError: Raised if C{consumerUser} doesn't have a
matching L{OAuthConsumer} in the system.
@return: An C{(OAuthRenewalToken, OAuthAccessToken)} 2-tuple.
"""
duration = getConfig().getint('oauth', 'renewal-token-duration')
duration = timedelta(hours=duration)
if renewalToken.creationTime < datetime.utcnow() - duration:
raise ExpiredOAuthTokenError('Renewal token is expired.')
newRenewalToken = self.getRenewalToken(renewalToken.consumer,
renewalToken.user)
accessToken = self.getAccessToken(renewalToken.consumer,
renewalToken.user)
return newRenewalToken, accessToken
def renewToken(self, renewalToken):
"""Use an L{OAuthRenewalToken} to generate a new L{OAuthAccessToken}.
@param renewalToken: The L{OAuthRenewalToken} to use to generate a new
L{OAuthAccessToken}.
@raise ExpiredOAuthTokenError: Raised if C{renewalToken} is expired.
@raise UnknownConsumerError: Raised if C{consumerUser} doesn't have a
matching L{OAuthConsumer} in the system.
@return: An C{(OAuthRenewalToken, OAuthAccessToken)} 2-tuple.
"""
duration = getConfig().getint('oauth', 'renewal-token-duration')
duration = timedelta(hours=duration)
if renewalToken.creationTime < datetime.utcnow() - duration:
raise ExpiredOAuthTokenError('Renewal token is expired.')
newRenewalToken = self.getRenewalToken(renewalToken.consumer,
renewalToken.user)
accessToken = self.getAccessToken(renewalToken.consumer,
renewalToken.user)
return newRenewalToken, accessToken
def __init__(self):
self._client = getCacheClient()
config = getConfig()
self.expireTimeout = config.getint('cache', 'expire-timeout')
def requestAvatarId(self, credentials):
allowAnonymousAccess = getConfig().getboolean('service',
'allow-anonymous-access')
if not allowAnonymousAccess:
return error.UnauthorizedLogin('Invalid credentials')
return self.facadeClient.createAnonymousSession()
def requestAvatarId(self, credentials):
allowAnonymousAccess = getConfig().getboolean(
'service', 'allow-anonymous-access')
if not allowAnonymousAccess:
return error.UnauthorizedLogin('Invalid credentials')
return self.facadeClient.createAnonymousSession()
def __init__(self):
self._client = getCacheClient()
config = getConfig()
self.expireTimeout = config.getint('cache', 'expire-timeout')
