def setUp(self): super(RootResourceTest, self).setUp() factory = FluidinfoSessionFactory('API-9000') transact = Transact(self.threadPool) createSystemData() self.checker = AnonymousChecker() self.checker.facadeClient = Facade(transact, factory) getConfig().set('service', 'allow-anonymous-access', 'False')
def getObjectIndex(): """Get an L{ObjectIndex}. @return: An L{ObjectIndex} configured to communicate with a Solr index. """ url = getConfig().get('index', 'url') shards = getConfig().get('index', 'shards') client = SolrClient(url) return ObjectIndex(client, shards=shards)
def testRequestAvatarIdWithAnonymousAccessDenied(self): """ L{FacadeAnonymousCheckerTest.requestAvatarId} returns C{UnauthorizedLogin} for the C{anon} user if the C{allow-anonymous-access} configuration option is C{False}. """ getConfig().set('service', 'allow-anonymous-access', 'False') self.store.commit() session = yield self.checker.requestAvatarId(credentials=None) self.assertTrue(isinstance(session, UnauthorizedLogin))
def testRequestAvatarId(self): """ L{FacadeAnonymousCheckerTest.requestAvatarId} creates a L{FluidinfoSession} for the anonymous 'anon' user if the C{allow-anonymous-access} configuration option is C{True}. """ getConfig().set('service', 'allow-anonymous-access', 'True') self.store.commit() session = yield self.checker.requestAvatarId(credentials=None) self.assertEqual('anon', session.auth.username)
def _extractAbouts(self, text): abouts = [] config = getConfig() # The following 4 extractions are done in a non-alphabetical order # because (historically at least, for loveme.do) we want to have a # URL as the first about value in the about list, if any URLs are # present. If you change the order here, you'll probably need to # change tests in tests/test_comment.py too. if config.getboolean('comments', 'extract-urls'): # Add any URLs in the text to the abouts list. abouts.extend(extractURLs(text)) if config.getboolean('comments', 'extract-files'): # Add (in lower case) any files in the text to the abouts list. files = map(unicode.lower, extractFiles(text)) if files: abouts.extend(files) abouts.append( config.get('comments', 'file-object').decode('utf-8')) if config.getboolean('comments', 'extract-hashtags'): # Add (in lowercase) any hashtags in the text. abouts.extend(map(unicode.lower, extractHashtags(text))) if config.getboolean('comments', 'extract-plustags'): # Add (in lowercase) any +plustags in the text. abouts.extend(map(unicode.lower, extractPlustags(text))) if config.getboolean('comments', 'extract-atnames'): # Add (in lowercase) any @names in the text. abouts.extend(map(unicode.lower, extractAtnames(text))) return abouts
def makeService(self, options): port, site, application = setupApplication(options) # Check database health. logging.info('Checking database health.') try: verifyStore() except Exception as error: logging.error(error) logging.critical('Shutting down.') sys.exit(1) else: logging.info('Database is up-to-date.') # Log configuration parameters. config = getConfig() logging.info('PID is %s', os.getpid()) logging.info('service/temp-path is %s', config.get('service', 'temp-path')) logging.info('service/max-threads is %s', config.get('service', 'max-threads')) logging.info('service/port is %s', config.get('service', 'port')) logging.info('store/main-uri is %s', config.get('store', 'main-uri')) logging.info('index/url is %s', config.get('index', 'url')) # Register the application. return TCPServer(int(options['port']), site)
def decrypt(cls, consumerUser, encryptedToken): """Decrypt a token and convert it into a stateful object. @param cls: The class representing the token. @param consumerUser: The L{User} instance of the consumer that holds the token. @param: The encrypted token as a C{str}. @raise UnknownConsumerError: Raised if C{consumerUser} doesn't have a matching L{OAuthConsumer} in the system. @raise UnknownUserError: Raised if the L{User} the token provides access on behalf of doesn't exist. @return: An instance of C{cls}. """ result = getOAuthConsumers(userIDs=[consumerUser.id]).one() if result is None: raise UnknownConsumerError("'%s' is not a consumer." % consumerUser.username) _, consumer = result salt = getConfig().get('oauth', cls.configName) secret = salt + consumer.secret data = tokenToData(secret, encryptedToken) username = data['username'].lower() user = getUser(username) if user is None: raise UnknownUserError([username]) token = cls(consumerUser, user) try: token.creationTime = datetime.strptime(data['creationTime'], '%Y%m%d-%H%M%S') except KeyError: token.creationTime = None return token
def getQueryParser(): """Get a L{QueryParser} to parse Fluidinfo queries. The process of building a L{QueryParser} is quite expensive. PLY generates parse tables and writes them to a file on disk. As a result, a single parser instance is generated and cached in memory. The same L{QueryParser} instance is returned each time this function is called. As a result, you must be especially careful about thread-safety. The L{QueryParser} must only be used to parse one input at a time and never shared among threads. @raise FeatureError: Raised if this function is invoked outside the main thread. @return: The global L{QueryParser} instance. """ if currentThread().getName() != 'MainThread': raise FeatureError( 'A query parser may only be used in the main thread.') global _parser if _parser is None: lexer = getQueryLexer() parser = QueryParser(lexer.tokens) parser.build(module=parser, debug=False, outputdir=getConfig().get('service', 'temp-path')) _parser = parser # Setup illegal queries to ensure we do it in a safe way and avoid # races. getIllegalQueries() return _parser
def _extractAbouts(self, text): abouts = [] config = getConfig() # The following 4 extractions are done in a non-alphabetical order # because (historically at least, for loveme.do) we want to have a # URL as the first about value in the about list, if any URLs are # present. If you change the order here, you'll probably need to # change tests in tests/test_comment.py too. if config.getboolean('comments', 'extract-urls'): # Add any URLs in the text to the abouts list. abouts.extend(extractURLs(text)) if config.getboolean('comments', 'extract-files'): # Add (in lower case) any files in the text to the abouts list. files = map(unicode.lower, extractFiles(text)) if files: abouts.extend(files) abouts.append(config.get('comments', 'file-object').decode('utf-8')) if config.getboolean('comments', 'extract-hashtags'): # Add (in lowercase) any hashtags in the text. abouts.extend(map(unicode.lower, extractHashtags(text))) if config.getboolean('comments', 'extract-plustags'): # Add (in lowercase) any +plustags in the text. abouts.extend(map(unicode.lower, extractPlustags(text))) if config.getboolean('comments', 'extract-atnames'): # Add (in lowercase) any @names in the text. abouts.extend(map(unicode.lower, extractAtnames(text))) return abouts
def testAuthenticateOAuthWithIncorrectSignature(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the signature in the L{OAuthCredentials} is incorrect. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') user = getUser(u'user') api = OAuthConsumerAPI() consumer = api.register(consumerUser, secret='abyOTsAfo9MVN0qz') timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + consumer.secret, {'username': user.username, 'creationTime': '2012-12-28 16:18:23'}) signature = 'wrong' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', consumerUser.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(AuthenticationError, api.authenticate, credentials)
def testAuthenticateOAuthWithUnknownConsumer(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the consumer is not registered. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') secret = 'a' * 16 timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'}) signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo=' nonce = 'nonce' oauthConsumerAPI = OAuthConsumerAPI() credentials = OAuthCredentials( 'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)
def testAuthenticateOAuthWithUnknownUser(self): """ L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception if the user in the L{OAuthCredentials} token doesn't exist. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') oauthConsumerAPI = OAuthConsumerAPI() consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') timestamp = 1314976811 headers = {'header1': 'foo'} arguments = 'argument1=bar' oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + consumer.secret, {'username': '******'}) signature = 'Sno1ocDhYv9vwJnEJATE3cmUvSo=' nonce = 'nonce' credentials = OAuthCredentials( 'fluidinfo.com', user1.username, token, 'HMAC-SHA1', signature, timestamp, nonce, 'GET', u'https://fluidinfo.com/foo', headers, arguments) self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate, credentials)
def _stopSession(self, result=None): """Stop the session and persist it to disk. @param result: The result so far in the request processing. Note that this has a default C{None} value because this method can be called directly above (not as part of an errback chain). @return: the C{result} we were passed. """ if not self.session.running: logging.warning('Trying to stop session %s twice.', self.session.id) return result self.session.stop() config = getConfig() # FIXME This is a hack to avoid breaking old tests. if config: tracePath = config.get('service', 'trace-path') port = config.get('service', 'port') logPath = os.path.join(tracePath, 'fluidinfo-api-trace-%s.log' % port) storage = SessionStorage() storage.dump(self.session, logPath) if self.session.duration.seconds > 0: logging.warning('Long request: %s. Time: %s.', self.session.id, self.session.duration) return result
def make(self, dependency_resources): """Setup the configuration instance.""" from fluiddb.application import setupConfig config = setupConfig(path=None, port=None, development=True) self._originalConfig = getConfig() setConfig(config) return config
def testGetDevelopmentModeEnabled(self): """ L{getDevelopmentMode} returns the flag specifying whether or not development mode is in use. """ config = getConfig() config.set('service', 'development', 'True') self.assertTrue(getDevelopmentMode())
def encrypt(self): """Convert this token into an encrypted blob. @return: A encrypted token as a C{str}. """ result = getOAuthConsumers(userIDs=[self.consumer.id]).one() if result is None: raise UnknownConsumerError("'%s' is not a consumer." % self.consumer.username) _, consumer = result salt = getConfig().get('oauth', self.configName) secret = salt + consumer.secret creationTime = self.creationTime.strftime('%Y%m%d-%H%M%S') return dataToToken(secret, {'username': self.user.username, 'creationTime': creationTime})
def testDecryptTokenWithoutCreationTime(self): """ L{OAuthTokenBase.decrypt} correctly decrypts tokens without a C{creationTime} field, since old OAuth tokens didn't have these. """ UserAPI().create([ (u'consumer', u'secret', u'Consumer', u'*****@*****.**'), (u'user', u'secret', u'User', u'*****@*****.**')]) consumerUser = getUser(u'consumer') consumer = OAuthConsumerAPI().register(consumerUser) salt = getConfig().get('oauth', self.cls.configName) secret = salt + consumer.secret encryptedToken = dataToToken(secret, {'username': u'user'}) token = self.cls.decrypt(consumerUser, encryptedToken) self.assertIdentical(None, token.creationTime)
def testAuthenticateOAuth2WithUnknownConsumer(self): """ L{OAuthConsumerAPI.authenticate} raises an L{AuthenticationError} exception if the consumer is not registered. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) secret = 'a' * 16 oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + secret, {'user1': 'secret1'}) oauthConsumerAPI = OAuthConsumerAPI() credentials = OAuth2Credentials(u'user1', u'secret1', token) self.assertRaises(AuthenticationError, oauthConsumerAPI.authenticate, credentials)
def encrypt(self): """Convert this token into an encrypted blob. @return: A encrypted token as a C{str}. """ result = getOAuthConsumers(userIDs=[self.consumer.id]).one() if result is None: raise UnknownConsumerError("'%s' is not a consumer." % self.consumer.username) _, consumer = result salt = getConfig().get('oauth', self.configName) secret = salt + consumer.secret creationTime = self.creationTime.strftime('%Y%m%d-%H%M%S') return dataToToken(secret, { 'username': self.user.username, 'creationTime': creationTime })
def testAuthenticateOAuth2WithUnknownUser(self): """ L{OAuthConsumerAPI.authenticate} raises a L{UnknownUserError} exception if the user in the L{OAuth2Credentials} token doesn't exist. """ UserAPI().create([(u'user1', u'secret1', u'User1', u'*****@*****.**')]) user1 = getUser(u'user1') oauthConsumerAPI = OAuthConsumerAPI() consumer = oauthConsumerAPI.register(user1, secret='abyOTsAfo9MVN0qz') oauthEchoSecret = getConfig().get('oauth', 'access-secret') token = dataToToken(oauthEchoSecret + consumer.secret, {'username': '******'}) credentials = OAuth2Credentials(u'user1', u'secret1', token) self.assertRaises(UnknownUserError, oauthConsumerAPI.authenticate, credentials)
def renewToken(self, renewalToken): """Use an L{OAuthRenewalToken} to generate a new L{OAuthAccessToken}. @param renewalToken: The L{OAuthRenewalToken} to use to generate a new L{OAuthAccessToken}. @raise ExpiredOAuthTokenError: Raised if C{renewalToken} is expired. @raise UnknownConsumerError: Raised if C{consumerUser} doesn't have a matching L{OAuthConsumer} in the system. @return: An C{(OAuthRenewalToken, OAuthAccessToken)} 2-tuple. """ duration = getConfig().getint('oauth', 'renewal-token-duration') duration = timedelta(hours=duration) if renewalToken.creationTime < datetime.utcnow() - duration: raise ExpiredOAuthTokenError('Renewal token is expired.') newRenewalToken = self.getRenewalToken(renewalToken.consumer, renewalToken.user) accessToken = self.getAccessToken(renewalToken.consumer, renewalToken.user) return newRenewalToken, accessToken
def __init__(self): self._client = getCacheClient() config = getConfig() self.expireTimeout = config.getint('cache', 'expire-timeout')
def requestAvatarId(self, credentials): allowAnonymousAccess = getConfig().getboolean('service', 'allow-anonymous-access') if not allowAnonymousAccess: return error.UnauthorizedLogin('Invalid credentials') return self.facadeClient.createAnonymousSession()
def requestAvatarId(self, credentials): allowAnonymousAccess = getConfig().getboolean( 'service', 'allow-anonymous-access') if not allowAnonymousAccess: return error.UnauthorizedLogin('Invalid credentials') return self.facadeClient.createAnonymousSession()