def get(self):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("page", type=int, help="Current page number.")
parser.add_argument("per_page", type=int, help="Items per page.")
parser.add_argument("id", type=str, help="Unique ID")
args = parser.parse_args()
res = [event.jsonify() for event in get(key, Event)]
res.reverse()
# Pagination is performed here to ensure we
# return the latest entries first.
if args.page:
if args.per_page:
p = args.page
p = p - 1
pp = args.per_page
return (res[p * pp:(p * pp) + pp])
res = [
event.jsonify() for event in get(key, Event, page=args.page)
]
res.reverse()
return (res)
if args.id:
event = get(key, Event, ('uid', args.id))
if not event: abort(404)
return event.jsonify()
# Return the last 50 elements by default
return (res[-50:])
def post(self, username):
key = auth()
user = get(key, User, ('username', username))
parser = reqparse.RequestParser()
parser.add_argument("username", type=str, help="Username of account")
parser.add_argument("name", type=str, help="Name of account")
parser.add_argument("email", type=str, help="Email address of account")
parser.add_argument(
"key",
type=str,
help="Key to introduce the user to (requires systemwide:0)")
parser.add_argument("password", type=str, help="Password of account")
parser.add_argument("systemwide",
type=bool,
help="A global user",
default=None)
args = parser.parse_args()
if user is None:
abort(404, message="User {0} not found.".format(username))
#
# Attaching keyfiles to users. Modify here to do things like stegenography etc.
#
if 'keyfile' in request.files.keys():
f = request.files['keyfile']
print f
print "Nonzero:", f.__nonzero__()
tmp_buffer = cStringIO.StringIO(f.read())
user.keyfile = tmp_buffer.read()
db.session.add(user)
db.session.commit()
tmp_buffer.close()
request.files['keyfile'].close()
return {'message': 'User modified.'}
if args.username:
already = get(key, User, ('username', username))
if already: abort(422, message="This username is already in use.")
user.username = args.username
if args.name: user.name = args.name
if args.email: user.email = args.email
if args.password: user.change_passwd(args.password)
if key.systemwide:
if args.systemwide:
del user.key
if args.systemwide == False:
if key.name == app.config["MASTER_KEY_NAME"] and args.key:
new_key = APIKey.query.filter(
APIKey.name == app.config['MASTER_KEY_NAME']).first()
new_key.users.append(user)
else:
key.users.append(user)
db.session.commit()
return user.jsonify()
def post(self, name):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("name",
type=str,
help="Name of the group to create.",
required=True)
args = parser.parse_args()
group = get(key, Group, ('name', name))
if not group: abort(404, message="Unrecognized group.")
if not group.key and not key.systemwide:
return {"message": "Cannot revoke on global groups."}, 304
privs = []
acls = []
for n in args.name.split(','):
priv = get(key, Priv, ('name', n))
if priv and (key.global_del or group.key):
privs.append(priv)
acl = Acl.query.filter(
and_(Acl.priv == priv, Acl.group == group)).first()
acls.append({acl.priv.name: acl.allowed})
db.session.delete(acl)
if not privs:
return {
'message': "You didn't specify any recognisable privileges."
}, 304
db.session.add(group)
db.session.commit()
return acls
def get(self, name):
key = auth()
group = get(key, Group, ('name', name))
try:
return get(key, Group, ('name', name)).jsonify(with_users=True,
with_privs=True)
except:
abort(404, message="Unrecognized group.")
def get(self, name=None):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("page", type=int, help="Current page number.")
parser.add_argument("per_page", type=int, help="Items per page.")
args = parser.parse_args()
if args.page:
if args.per_page:
return [priv.jsonify() for priv in get(key, Priv, page=args.page, per_page=args.per_page)]
return [priv.jsonify() for priv in get(key, Priv, page=args.page)]
privs = get(key,Priv)
return [priv.jsonify() for priv in privs]
def post(self):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("name", type=str, help="Name of the privilege to create.", required=True)
parser.add_argument("systemwide", type=bool, help="Determines whether the privilege is systemwide.", required=True, default=None)
args = parser.parse_args()
msg="Privilege names may only contain alphanumeric characters, hyphens, underscores and whitespace."
if not re.match("^[\w\-\s,]+$",args.name): abort(422, message=msg)
privs=[]
names = args.name.split(',')
for name in names:
priv = get(key, Priv, ('name',name))
if priv: privs.append(priv)
if not privs: return abort(404)
# Be careful with reparenting global privs to the local scope, as they disappear from
# other applications ACLs.
for priv in privs:
if key.systemwide and key.global_del and args.systemwide == False and not priv.key:
key.privs.append(priv)
elif args.systemwide == True and key.systemwide:
key.privs.remove(priv)
db.session.add(priv)
db.session.commit()
return [priv.jsonify() for priv in privs]
def put(self):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("name", type=str, help="Name of the privilege to create.", required=True)
parser.add_argument("systemwide", type=bool, help="Determines whether the privilege is systemwide.", default=False)
args = parser.parse_args()
msg="Privilege names can only contain any combination of alphanumeric characters, hyphens, underscores and whitespace."
privs=[]
names = args.name.split(',')
for name in names:
if not re.match("^[\w\-\s,]+$",name): abort(422, message=msg)
priv = get(key, Priv, ('name',name))
if priv: continue
priv = Priv(name=name)
if not key.systemwide or not args.systemwide:
key.privs.append(priv)
privs.append(priv)
db.session.add(priv)
if not privs: return [],304
db.session.commit()
return [priv.jsonify() for priv in privs],201
def get(self):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("page", type=int, help="Current page number.")
parser.add_argument("per_page", type=int, help="Items per page.")
args = parser.parse_args()
if args.page:
if args.per_page:
return [
group.jsonify() for group in get(
key, Group, page=args.page, per_page=args.per_page)
]
return [
group.jsonify() for group in get(key, Group, page=args.page)
]
return [group.jsonify() for group in get(key, Group)]
def post(self):
key = auth()
if not key.systemwide: abort(403)
# TODO: Use a comma-separated list of names to modify multiple groups in one request.
parser = reqparse.RequestParser()
parser.add_argument("name",
type=str,
help="Name of groups.",
required=True)
parser.add_argument("systemwide",
type=bool,
help="Systemwide flag",
required=True,
default=None)
args = parser.parse_args()
groups = []
for n in args.name.split(','):
r = get(key, Group, ('name', n))
if r:
if args.systemwide == True:
already = get(key, Group, ('name', n), local=False)
if len(already) > 1:
abort(
409,
message=
"A systemwide group with this name already exists."
)
r.key.groups.remove(r)
elif args.systemwide == False and key.global_del:
r.key = key
groups.append(r)
db.session.add(r)
db.session.commit()
return [group.jsonify() for group in groups]
def post(self, username):
key = auth()
user = get(key, User, ('username', username))
if not user: abort(404)
parser = reqparse.RequestParser()
parser.add_argument("password",
type=str,
help="Password of account",
default=None)
args = parser.parse_args()
if args.password:
if user.verify_password(args.password):
user.last_login = datetime.datetime.now()
ev = Event(user=user, key=key, success=True)
db.session.add(ev)
db.session.commit()
return True
ev = Event(user=user, key=key, success=False)
db.session.add(ev)
db.session.commit()
return False
#
# File-based authentication would be good for card readers
# stegenographically embedded UIDs in cat macros or thumbprints.
# (write output to a file-like object and send it over the wire)
#
if 'keyfile' in request.files.keys():
f = request.files['keyfile']
print f
print "Nonzero:", f.__nonzero__()
tmp_buffer = cStringIO.StringIO(f.read())
request.files['keyfile'].close()
if user.keyfile == tmp_buffer.read():
tmp_buffer.close()
user.last_login = datetime.datetime.now()
ev = Event(user=user, key=key, success=True)
db.session.add(ev)
db.session.commit()
return True
tmp_buffer.close()
ev = Event(user=user, key=key, success=False)
db.session.add(ev)
db.session.commit()
return False
return {}, 400
def get(self):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("page", type=int, help="Current page number.")
parser.add_argument("per_page", type=int, help="Items per page.")
parser.add_argument("id", type=str, help="Unique ID")
args = parser.parse_args()
if args.page:
if args.per_page:
return [
user.jsonify() for user in get(
key, User, page=args.page, per_page=args.per_page)
]
return [user.jsonify() for user in get(key, User, page=args.page)]
if args.id:
user = get(key, User, ('uid', args.id))
if not user: abort(404)
return user.jsonify()
return [user.jsonify() for user in get(key, User)]
def delete(self, username):
key = auth()
user = get(key, User, ('username', username))
if not user.key and not key.global_del:
abort(304, message="Your API key cannot delete systemwide users.")
try:
db.session.delete(user)
db.session.commit()
except exc.UnmappedInstanceError:
pass
return "", 204
def post(self, name):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("name",
type=str,
help="Name of the group to create.",
required=True)
args = parser.parse_args()
group = get(key, Group, ('name', name))
if not group: abort(404, message="Unrecognized group.")
privs = []
acls = []
for n in args.name.split(','):
priv = get(key, Priv, ('name', n))
if priv:
privs.append(priv)
acl = Acl.query.filter(
and_(Acl.priv == priv, Acl.group == group)).first()
if not acl:
acl = Acl()
acl.group = group
acl.priv = priv
acl.allowed = False
acls.append(acl)
if not privs:
return {
'message': "You didn't specify any recognisable privileges."
}, 304
db.session.add(group)
db.session.commit()
return [{acl.priv.name: acl.allowed} for acl in acls]
def get(self, username):
key = auth()
user = get(key, User, ('username', username))
if not user:
return {}, 404
else:
parser = reqparse.RequestParser()
parser.add_argument("can",
type=str,
help="Determine permission",
required=False)
args = parser.parse_args()
if args.can:
return user.can(args.can)
return user.jsonify(with_groups=True)
def put(self):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("name",
type=str,
help="Name of account",
default="")
parser.add_argument("email", type=str, help="Email address of account")
parser.add_argument("username",
type=str,
help="Username of account",
required=True)
parser.add_argument("password",
type=str,
help="Password of account",
required=True)
parser.add_argument(
"systemwide",
type=bool,
help="Determines whether this user has a parent API Key",
default=None)
args = parser.parse_args()
msg = "%s may only contain alphanumeric characters, underscores, spaces and hyphens."
if not re.match("^[\w\-\s]+$", args.username):
abort(422, message=msg % "Usernames")
#if not re.match("^[\w\-\s]+$",args.name):
# abort(423, message=msg % "Names")
if get(key, User, ('username', args.username)):
return {"message": "User already exists."}, 304
try:
user = User(args.username, args.email, args.name, args.password)
if not key.systemwide or not args.systemwide: user.key = key
db.session.add(user)
db.session.commit()
except exc.IntegrityError:
abort(409,
message="Username {0} or email {1} already in use.".format(
args.username, args.email))
return user.jsonify(), 201
def delete(self):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("name",
type=str,
help="Name of the group to delete.",
required=True)
args = parser.parse_args()
groups = []
for n in args.name.split(','):
r = get(key, Group, ('name', n))
if r and ((r.key == key) or key.global_del):
groups.append(r)
db.session.delete(r)
if not groups: return {"message": "Unrecognized group(s)."}, 304
db.session.commit()
return {}, 204
def put(self):
"Create a group on a given API key."
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("name",
type=str,
help="Name of the group to create.",
required=True)
parser.add_argument("systemwide",
type=bool,
help="Determines whether the group is systemwide.",
default=False)
args = parser.parse_args()
groups = []
response = {}
msg = "Group names may only contained alphanumeric characters, underscores, spaces and hyphens."
for n in args.name.split(','):
if not re.match("^[\w\-\s]+$", n) or get(key, Group, ('name', n)):
continue
r = Group(name=n)
if not key.systemwide or not args.systemwide:
r.key = key
groups.append(r)
db.session.add(r)
if not groups:
return {
"message":
"group(s) already present or contain(s) illegal characters."
}, 304
db.session.commit()
return [r.jsonify() for r in groups], 201
def delete(self):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("name", type=str, help="Name of the privilege to delete.", required=True)
args = parser.parse_args()
privs=[]
names = args.name.split(',')
for name in names:
priv = get(key, Priv, ('name',name))
if priv: privs.append(priv)
if not privs: return abort(404)
for priv in privs:
if not priv.key and not key.global_del: continue
for acl in priv.groups:
db.session.delete(acl)
db.session.delete(priv)
db.session.commit()
return {}, 204
def get(self, username):
key = auth()
user = get(key, User, ('username', username))
parser = reqparse.RequestParser()
parser.add_argument("page", type=int, help="Current page number.")
parser.add_argument("per_page", type=int, help="Items per page.")
args = parser.parse_args()
if not user: return {}, 404
res = [event.jsonify() for event in user.events]
res.reverse()
if args.page:
if args.per_page:
p = args.page
p = p - 1
pp = args.per_page
return (res[p * pp:(p * pp) + pp])
return (res[-50:])
def post(self, name):
key = auth()
parser = reqparse.RequestParser()
parser.add_argument("add",
type=str,
help="A list of users to add the group to.")
parser.add_argument("remove",
type=str,
help="A list of users to remove the group from.")
parser.add_argument(
"allow",
type=str,
help="A list of permissions to grant to the group.")
parser.add_argument("deny",
type=str,
help="A list of permissions to deny the group.")
parser.add_argument(
"revoke",
type=str,
help="A list of permissions to revoke from the group.")
args = parser.parse_args()
group = get(key, Group, ('name', name))
if not group: abort(404, message="Unrecognized group.")
db.session.add(group)
response = {}
if args.add:
users = []
for n in args.add.split(','):
user = get(key, User, ('username', n))
if user:
users.append(user)
db.session.add(user)
user.groups.append(group)
if not users:
response['add'] = {
'message': "You didn't specify any recognisable users."
}
else:
response['add'] = [u.username for u in users]
if args.remove:
users = []
for n in args.remove.split(','):
user = get(key, User, ('username', n))
if user:
users.append(user)
db.session.add(user)
user.groups.remove(group)
if not users:
response['remove'] = {
'message': "You didn't specify any recognisable users."
}
else:
response['remove'] = [u.username for u in users]
if args.allow:
allow_privs = []
allow_acls = []
for n in args.allow.split(','):
priv = get(key, Priv, ('name', n))
if priv:
allow_privs.append(priv)
acl = Acl.query.filter(
and_(Acl.priv == priv, Acl.group == group)).first()
if not acl:
acl = Acl()
acl.group = group
acl.priv = priv
acl.allowed = True
allow_acls.append(acl)
if not allow_privs:
response['allow'] = {
'message':
"You didn't specify any recognisable privileges."
}
if allow_acls:
response['allow'] = [{
acl.priv.name: acl.allowed
} for acl in allow_acls]
if args.deny:
deny_privs = []
deny_acls = []
for n in args.deny.split(','):
priv = get(key, Priv, ('name', n))
if priv:
deny_privs.append(priv)
acl = Acl.query.filter(
and_(Acl.priv == priv, Acl.group == group)).first()
if not acl:
acl = Acl()
acl.group = group
acl.priv = priv
acl.allowed = False
deny_acls.append(acl)
if not deny_privs:
response['deny'] = {
'message':
"You didn't specify any recognisable privileges."
}
if deny_acls:
response['deny'] = [{
acl.priv.name: acl.allowed
} for acl in deny_acls]
if args.revoke and (key.global_del or group.key):
revoke_privs = []
revoke_acls = []
for n in args.revoke.split(','):
priv = get(key, Priv, ('name', n))
if priv:
revoke_privs.append(priv)
acl = Acl.query.filter(
and_(Acl.priv == priv, Acl.group == group)).first()
revoke_acls.append({acl.priv.name: acl.allowed})
del acl.group
del acl.priv
db.session.delete(acl)
if not revoke_privs:
response['revoke'] = {
'message':
"You didn't specify any recognisable privileges."
}
else:
response['revoke'] = [acl for acl in revoke_acls]
if db.session.dirty:
db.session.commit()
return response
def get(self, name):
key = auth()
priv = get(key, Priv, ('name',name))
if priv: return priv.jsonify()
abort(404)
def get(self, name):
key = auth()
group = get(key, Group, ('name', name))
if not group: abort(404, message="Unrecognized group.")
return group.jsonify(with_users=True)['users']
