def wrap(self, *args, **kwargs): query = kwargs.get('query') data = yield dbapi.db_find_one(self.table, query) if not data: raises.NotFound(message.not_found(self.table, query)) ret = yield gen.coroutine(xstep)(self, data, *args, **kwargs) raise gen.Return(ret)
def wrapper(self, *args, **kwargs): if CONF.api_authenticate and self.table in [ 'pods', 'projects', 'testcases', 'scenarios' ]: testapi_id = self.get_secure_cookie(constants.TESTAPI_ID) if not testapi_id: raises.Unauthorized(message.not_login()) user_info = yield dbapi.db_find_one('users', {'user': testapi_id}) if not user_info: raises.Unauthorized(message.not_lfid()) if method.__name__ == "_create": kwargs['owner'] = testapi_id if self.table in ['projects']: query = kwargs.get('query') if type(query) is not dict: query_data = query() else: if self.json_args is None: query_data = query else: query_data = self.json_args group = "opnfv-gerrit-" + query_data['name'] + "-submitters" if group not in user_info['groups']: raises.Unauthorized(message.no_permission()) ret = yield gen.coroutine(method)(self, *args, **kwargs) raise gen.Return(ret)
def get(self): openid = self.get_secure_cookie('openid') if openid: try: user = yield dbapi.db_find_one(self.table, {'openid': openid}) self.finish_request({ "openid": user.get('openid'), "email": user.get('email'), "fullname": user.get('fullname'), "role": user.get('role', 'user'), "type": self.get_secure_cookie('signin_type'), "companyName": user.get('companyName'), "companyWebsite": user.get('companyWebsite'), "primaryContactName": user.get('primaryContactName'), "primaryBusinessEmail": user.get('primaryBusinessEmail'), "primaryPostalAddress": user.get('primaryPostalAddress'), "primaryPhoneNumber": user.get('primaryPhoneNumber') }) except Exception: pass raises.Unauthorized('Unauthorized')
def get(self): logging.warning("cas return") ticket = self.get_query_argument('ticket') logging.warning("ticket:%s", ticket) client = CASClient(version='2', renew=False, extra_login_params=False, server_url=CONF.lfid_url, service_url=CONF.lfid_return_url) user, attrs, _ = client.verify_ticket(ticket) logging.debug("user:%s", user) logging.debug("attr:%s", attrs) openid = user role = const.DEFAULT_ROLE new_user_info = { 'openid': openid, 'email': attrs['mail'], 'fullname': attrs['profile_name_full'], const.ROLE: role } user = yield dbapi.db_find_one(self.table, {'openid': openid}) if not user: dbapi.db_save(self.table, new_user_info) else: role = user.get(const.ROLE) self.clear_cookie(const.OPENID) self.clear_cookie(const.ROLE) self.clear_cookie('ticket') self.set_secure_cookie(const.OPENID, openid) self.set_secure_cookie(const.ROLE, role) self.set_secure_cookie('ticket', ticket) self.redirect("/")
def wrap(self, *args, **kwargs): query = kwargs.get('query') if query: to_data = yield dbapi.db_find_one(self.table, query()) if to_data: raises.Forbidden(message.exist(self.table, query())) ret = yield gen.coroutine(xstep)(self, *args, **kwargs) raise gen.Return(ret)
def _check_if_exists(self, *args, **kwargs): query = kwargs['query'] table = kwargs['table'] if query and table: data = yield dbapi.db_find_one(table, query) if data: raise gen.Return((True, 'Data alreay exists. %s' % (query))) raise gen.Return((False, 'Data does not exist. %s' % (query)))
def _convert_to_id(self, email): query = {"email": email} table = "users" if query and table: data = yield dbapi.db_find_one(table, query) if data: raise gen.Return((True, 'Data already exists. %s' % (query), data.get("openid"))) raise gen.Return((False, 'Data does not exist. %s' % (query), None))
def wrap(self, *args, **kwargs): carriers = kwargs.pop('carriers', {}) if carriers: for table, query in carriers: exist = yield dbapi.db_find_one(table, query()) if not exist: raises.Forbidden(message.not_found(table, query())) ret = yield gen.coroutine(xstep)(self, *args, **kwargs) raise gen.Return(ret)
def wrap(self, data, *args, **kwargs): db_keys = kwargs.pop('db_keys', []) query = self._update_query(db_keys, data) if query: to_data = yield dbapi.db_find_one(self.table, query) if to_data: raises.Forbidden(message.exist(self.table, query)) ret = yield gen.coroutine(xstep)(self, data, *args, **kwargs) raise gen.Return(ret)
def check_review(self, data, *args): current_user = self.get_secure_cookie(auth_const.OPENID) for test in data: query = {'reviewer_openid': current_user, 'test_id': test['id']} ret = yield dbapi.db_find_one('reviews', query) if ret: test['voted'] = 'true' else: test['voted'] = 'false' raise gen.Return({self.table: data})
def delete(self, id): query = {'_id': objectid.ObjectId(id)} application = yield dbapi.db_find_one(self.table, query) test_id = application['test_id'] t_query = {'id': test_id} yield dbapi.db_delete('reviews', {'test_id': test_id}) yield dbapi.db_update('tests', t_query, {'$set': { 'status': 'private' }}) self._delete(query=query)
def wrapper(self, *args, **kwargs): if self.table in ['pods']: testapi_id = self.get_secure_cookie(constants.TESTAPI_ID) if not testapi_id: raises.Unauthorized(message.not_login()) user_info = yield dbapi.db_find_one('users', {'user': testapi_id}) if not user_info: raises.Unauthorized(message.not_lfid()) kwargs['owner'] = testapi_id ret = yield gen.coroutine(method)(self, *args, **kwargs) raise gen.Return(ret)
def _del(self): query = {'openid': self.json_args['reviewer_openid']} user = yield dbapi.db_find_one('users', query) if not user: raises.Forbidden(message.unauthorized()) role = self.get_secure_cookie(auth_const.ROLE) if 'reviewer' not in role.split(','): raises.Unauthorized(message.no_auth()) test = yield dbapi.db_find_one( 'tests', {'id': self.json_args['test_id']}) if test['owner'] == self.json_args['reviewer_openid']: self.finish_request({'code': 403, 'msg': 'No permision to review own results'}) return query = { 'reviewer_openid': self.json_args['reviewer_openid'], 'test_id': self.json_args['test_id'] } yield dbapi.db_delete(self.table, query) self.finish_request()
def wrapper(self, *args, **kwargs): if self.auth: try: token = self.request.headers['X-Auth-Token'] except KeyError: raises.Unauthorized(message.unauthorized()) query = {'access_token': token} check = yield dbapi.db_find_one('tokens', query) if not check: raises.Forbidden(message.invalid_token()) ret = yield gen.coroutine(method)(self, *args, **kwargs) raise gen.Return(ret)
def check_auth(self, item, value): logging.debug('check_auth') user = self.get_secure_cookie(auth_const.OPENID) query = {} if item == "status": if value == "private" or value == "review": logging.debug('check review') query['user_id'] = user data = yield dbapi.db_find_one('applications', query) if data: logging.debug('results are bound to an application') raise gen.Return((False, message.no_auth())) if value == "verified": logging.debug('check verify') query['role'] = {"$regex": ".*administrator.*"} query['openid'] = user data = yield dbapi.db_find_one('users', query) if not data: logging.debug('not found') raise gen.Return((False, message.no_auth())) raise gen.Return((True, {}))
def put(self): db_keys = [] openid = self.get_secure_cookie(auth_const.OPENID) if openid: query = {'openid': openid} user = yield dbapi.db_find_one(self.table, query) if not user: raises.NotFound(message.not_found(self.table, query)) self._update(query=query, db_keys=db_keys) else: raises.Unauthorized(message.no_auth())
def get(self, test_id): query = dict() query["_id"] = objectid.ObjectId(test_id) data = yield dbapi.db_find_one(self.table, query) if not data: raises.NotFound(message.not_found(self.table, query)) validation = yield self._check_api_response_validation(data['id']) data.update({'validation': validation}) self.finish_request(self.format_data(data))
def wrap(self, *args, **kwargs): query = kwargs.get('query') if query: query_data = query() if self.table == 'pods': if query_data.get('name') is not None: query_data['name'] = re.compile( '\\b' + query_data.get('name') + '\\b', re.IGNORECASE) to_data = yield dbapi.db_find_one(self.table, query_data) if to_data: raises.Forbidden(message.exist(self.table, query())) ret = yield gen.coroutine(xstep)(self, *args, **kwargs) raise gen.Return(ret)
def get(self, test_id): query = dict() query["_id"] = objectid.ObjectId(test_id) data = yield dbapi.db_find_one(self.table, query) if not data: raises.NotFound(message.not_found(self.table, query)) # only do this when it's nfvi not vnf if 'is_onap' not in data.keys() or data['is_onap'] != 'true': validation = yield self._check_api_response_validation(data['id']) data.update({'validation': validation}) self.finish_request(self.format_data(data))
def get(self): logging.warning("jira return") # Step 1. Use the request token in the session to build a new client. consumer = oauth.Consumer(CONF.jira_oauth_consumer_key, CONF.jira_oauth_consumer_secret) token = oauth.Token(self.get_secure_cookie('oauth_token'), self.get_secure_cookie('oauth_token_secret')) client = oauth.Client(consumer, token) client.set_signature_method(SignatureMethod_RSA_SHA1()) # Step 2. Request the authorized access token from Jira. try: resp, content = client.request(CONF.jira_oauth_access_token_url, "POST") except Exception as e: logging.error("Connect jira exception:%s", e) self._auth_failure('Error: Connection to Jira failed. \ Please contact an Administrator') if resp['status'] != '200': logging.error("Connect jira error:%s", resp) self._auth_failure('Error: Connection to Jira failed. \ Please contact an Administrator') access_token = dict(parse.parse_qsl(content.decode())) logging.warning("access_token: %s", access_token) # jira = JIRA(server=CONF.jira_jira_url, oauth=oauth_dict) jira = get_jira(access_token) lf_id = jira.current_user() logging.warning("lf_id: %s", lf_id) user = jira.myself() logging.warning("user: %s", user) # Step 3. Lookup the user or create them if they don't exist. role = const.DEFAULT_ROLE new_user_info = { 'openid': lf_id, 'email': user['emailAddress'], 'fullname': user['displayName'], const.ROLE: role } user = yield dbapi.db_find_one(self.table, {'openid': lf_id}) if not user: dbapi.db_save(self.table, new_user_info) else: role = user.get(const.ROLE) self.clear_cookie(const.OPENID) self.clear_cookie(const.ROLE) self.set_secure_cookie(const.OPENID, lf_id) self.set_secure_cookie(const.ROLE, role) self.redirect(url=CONF.ui_url)
def set_query(self): query = dict() date_range = dict() for k in self.request.query_arguments.keys(): v = self.get_query_argument(k) if k == 'period': v = self.get_int(k, v) if v > 0: period = datetime.now() - timedelta(days=v) obj = {"$gte": str(period)} query['start_date'] = obj elif k == 'from': date_range.update({'$gte': str(v)}) elif k == 'to': date_range.update({'$lt': str(v)}) elif k == 'signed': openid = self.get_secure_cookie(auth_const.OPENID) user = yield dbapi.db_find_one("users", {'openid': openid}) role = self.get_secure_cookie(auth_const.ROLE) logging.info('role:%s', role) if role: query['$or'] = [ { "shared": { "$elemMatch": {"$eq": openid} } }, {"owner": openid}, { "shared": { "$elemMatch": {"$eq": user.get("email")} } } ] if role.find("reviewer") != -1: query['$or'].append({"status": {"$ne": "private"}}) elif k not in ['last', 'page', 'descend', 'per_page']: query[k] = v if date_range: query['start_date'] = date_range # if $lt is not provided, # empty/None/null/'' start_date will also be returned if 'start_date' in query and '$lt' not in query['start_date']: query['start_date'].update({'$lt': str(datetime.now())}) logging.debug("query:%s", query) raise gen.Return((query))
def delete(self, result_id): curr_user = self.get_secure_cookie(auth_const.OPENID) curr_user_role = self.get_secure_cookie(auth_const.ROLE) if curr_user is not None: query = {'_id': objectid.ObjectId(result_id)} test_data = yield dbapi.db_find_one(self.table, query) if not test_data: raises.NotFound(message.not_found(self.table, query)) if curr_user == test_data['owner'] or \ curr_user_role.find('administrator') != -1: self._delete(query=query) else: raises.Forbidden(message.no_auth()) else: raises.Unauthorized(message.no_auth())
def get(self): openid = self.get_secure_cookie('openid') if openid: try: user = yield dbapi.db_find_one(self.table, {'openid': openid}) self.finish_request({ "openid": user.get('openid'), "email": user.get('email'), "fullname": user.get('fullname'), "role": user.get('role', 'user'), "type": self.get_secure_cookie('signin_type') }) except Exception: pass raises.Unauthorized('Unauthorized')
def update(self, application_id, item, value, owner): self.json_args = {} self.json_args[item] = value query = {'_id': objectid.ObjectId(application_id), 'owner': owner} db_keys = ['_id', 'owner'] if item == 'approved': if value == 'true': status = 'verified' self.json_args['approve_date'] = str(datetime.now()) else: status = 'review' self.json_args['approve_date'] = '' application = yield dbapi.db_find_one(self.table, query) test_id = application['test_id'] t_query = {'id': test_id} yield dbapi.db_update('tests', t_query, {'$set': { 'status': status }}) self._update(query=query, db_keys=db_keys)
def get(self): ticket = self.get_query_argument('ticket', default=None) if ticket: (user, attrs, _) = self.cas_client.verify_ticket(ticket=ticket) login_user = { 'user': user, 'email': attrs.get('mail'), 'fullname': attrs.get('field_lf_full_name'), 'groups': constants.TESTAPI_USERS + attrs.get('group', []) } q_user = {'user': user} db_user = yield dbapi.db_find_one(self.table, q_user) if not db_user: dbapi.db_save(self.table, login_user) else: dbapi.db_update(self.table, q_user, login_user) self.clear_cookie(constants.TESTAPI_ID) self.set_secure_cookie(constants.TESTAPI_ID, user) self.redirect(url=CONF.ui_url)
def get(self): if self.get_query_argument(const.OPENID_MODE) == 'cancel': self._auth_failure('Authentication canceled.') openid = self.get_query_argument(const.OPENID_CLAIMED_ID) role = const.DEFAULT_ROLE new_user_info = { 'openid': openid, 'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL), 'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME), const.ROLE: role } user = yield dbapi.db_find_one(self.table, {'openid': openid}) if not user: dbapi.db_save(self.table, new_user_info) else: role = user.get(const.ROLE) self.clear_cookie(const.OPENID) self.clear_cookie(const.ROLE) self.set_secure_cookie(const.OPENID, openid) self.set_secure_cookie(const.ROLE, role) self.redirect(url=CONF.ui_url)
def update(self, _id, item, value): logging.debug("update") if item == "shared": new_list = [] for user in value: ret, msg, user_id = yield self._convert_to_id(user) if ret: user = user_id new_list.append(user) query = {"$or": [{"openid": user}, {"email": user}]} table = "users" ret, msg = yield self._check_if_exists(table=table, query=query) logging.debug('ret:%s', ret) if not ret: self.finish_request({'code': '403', 'msg': msg}) return if len(new_list) != len(set(new_list)): msg = "Already shared with this user" self.finish_request({'code': '403', 'msg': msg}) return logging.debug("before _update") self.json_args = {} self.json_args[item] = value ret, msg = yield self.check_auth(item, value) if not ret: self.finish_request({'code': '404', 'msg': msg}) return query = {'_id': objectid.ObjectId(_id)} db_keys = [ '_id', ] test = yield dbapi.db_find_one("tests", query) if not test: msg = 'Record does not exist' self.finish_request({'code': 404, 'msg': msg}) return curr_user = self.get_secure_cookie(auth_const.OPENID) if item in {"shared", "label", "sut_label"}: query['owner'] = curr_user db_keys.append('owner') if item == 'sut_label': if test['status'] != 'private' and not value: msg = 'SUT version cannot be changed to None after submitting.' self.finish_request({'code': 403, 'msg': msg}) return if item == "status": if value == 'verified': if test['status'] == 'private': msg = 'Not allowed to verify' self.finish_request({'code': 403, 'msg': msg}) return user = yield dbapi.db_find_one("users", {'openid': curr_user}) if 'administrator' not in user['role']: msg = 'No permission to operate' self.finish_request({'code': 403, 'msg': msg}) return elif value == 'review': if test['status'] != 'private': msg = 'Not allowed to submit to review' self.finish_request({'code': 403, 'msg': msg}) return query['owner'] = curr_user db_keys.append('owner') test_query = { 'id': test['id'], '$or': [{ 'status': 'review' }, { 'status': 'verified' }] } record = yield dbapi.db_find_one("tests", test_query) if record: msg = ('{} has already submitted one record with the same ' 'Test ID: {}'.format(record['owner'], test['id'])) self.finish_request({'code': 403, 'msg': msg}) return else: query['owner'] = curr_user db_keys.append('owner') logging.debug("before _update 2") self._update(query=query, db_keys=db_keys)