def handle_request(self, auth, path, get_vars, post_vars):
if path == "login":
# WIP
client_id = request.get("client_id")
info = {} # retrieve the user info upon login
code = jwt.encode(info, self.secret + client_id, algorithm="HS256")
elif path == "callback":
db = self.auth.db
code = (get_vars.get("code"),)
client_id = (get_vars.get("client_id"),)
client_secret = (get_vars.get("client_secret"),)
redirect_uri = (get_vars.get("callback_url"),)
grant_type = get_vars.get("grant_type")
if (
not grant_type == "authorization_code"
or not hashlib.sha1(client_secret).hexdigest() == client_id
or not db(db.oauth2.client_secret == client_secret).count()
):
raise HTTP(404)
info = jwt.decode(code, self.secret + client_id, algorithms=["HS256"])
access_token = jwt.encode(info, self.secret, algorithm="HS256")
return dict(access_token=access_token)
elif path == "profile":
access_token = request.environ.get("HTTP_AUTHORIZATION", "")[7:]
info = jwt.decode(access_token, self.secret, algorithms=self.algorithms)
return info
else:
raise HTTP(404)
def on_request(self, context):
print(request.environ["REMOTE_ADDR"])
if self.protocol and not request.url.startswith(self.protocol + "://"):
raise HTTP(400)
if self.blocked_networks is not None:
if match_ip(request.environ["REMOTE_ADDR"], self.blocked_networks):
raise HTTP(400)
if self.allowed_networks is not None:
if not match_ip(request.environ["REMOTE_ADDR"], self.allowed_networks):
raise HTTP(400)
referer = request.environ.get("HTTP_REFERER")
if referer and not self.split(referer) == self.split(request.url):
raise HTTP(400)
def get_comments(self, id=None):
if not id.isnumeric():
raise HTTP(500)
user_id = self.auth.current_user.get('id')
# TODO: figure out if i want to attach image urls or have them load in a different call
comments = self.db(self.db.comment.ticket_id == id).select(
self.db.comment.ALL,
self.db.auth_user.first_name,
self.db.auth_user.last_name,
left=self.db.auth_user.on(
self.db.comment.user_id == self.db.auth_user.id)).as_list()
comments = list(
map(lambda x: {
**x["comment"],
**x["auth_user"]
}, comments))
# fetch the full user
user = self.db(self.db.users.user == user_id).select().first()
for comment in comments:
comment['editable'] = comment.get(
'user_id') == self.auth.current_user.get(
'id') or user.role == "admin"
comment_creator = self.db(
self.db.users.user == comment.get('user_id')).select().first()
comment['img_url'] = Helper.get_user_icon(comment_creator["icon"])
return dict(comments=comments)
def delete_comment(self):
comment_id = request.json.get('comment_id')
auth_user_id = self.auth.current_user.get(
'id') if self.auth.current_user else None
if not comment_id or not auth_user_id:
raise HTTP(500)
comment = self.db.comment[comment_id]
user = self.db(self.db.users.user == auth_user_id).select().first()
if comment.user_id != auth_user_id and user.role != "admin":
raise HTTP(403)
comment.delete_record()
return "ok boomer"
def get_ticket_completion(ticket_id=None):
if not ticket_id:
raise HTTP(500)
completed, discovered = _get_ticket_completion(ticket_id)
return dict(percentage=completed / discovered if discovered != 0 else 0)
def on_request(self):
response.headers["Access-Control-Allow-Origin"] = self.origin
response.headers["Access-Control-Max-Age"] = self.age
response.headers["Access-Control-Allow-Headers"] = self.headers
response.headers["Access-Control-Allow-Methods"] = self.methods
response.headers["Access-Control-Allow-Credentials"] = "true"
if request.method == "OPTIONS":
raise HTTP(200)
def on_request(self):
print(request.environ['REMOTE_ADDR'])
if self.protocol and not request.url.startswith(self.protocol + '://'):
raise HTTP(400)
if self.blocked_networks is not None:
if match_ip(request.environ['REMOTE_ADDR'], self.blocked_networks):
raise HTTP(400)
if self.allowed_networks is not None:
if not match_ip(request.environ['REMOTE_ADDR'],
self.allowed_networks):
raise HTTP(400)
referer = request.environ.get('HTTP_REFERER')
if referer and not self.split(referer) == self.split(request.url):
raise HTTP(400)
def handle_request(self, auth, path, get_vars, post_vars):
if path == "login":
auth.session["_next"] = request.query.get("next") or URL("index")
redirect(self.get_login_url())
elif path == "callback":
self._handle_callback(auth, get_vars)
else:
raise HTTP(404)
def add_subticket():
parent_id = request.json.get('parent_id')
child_id = request.json.get('child_id')
if not parent_id or not child_id:
raise HTTP(500)
db.sub_tickets.update_or_insert(parent_id=parent_id, child_id=child_id)
ticket = db(db.tickets.id == child_id).select().as_list()[0]
return dict(ticket=ticket)
def _handle_callback(self, auth, get_vars):
data = self.callback(get_vars)
if not data:
raise HTTP(401)
error = data.get("error")
if error:
if isinstance(error, str):
code, msg = 401, error
else:
code = error.get("code", 401)
msg = error.get("message", "Unknown error")
raise HTTP(code, msg)
if auth.db:
# map returned fields into auth_user fields
user = {}
for key, value in self.maps.items():
value, parts = data, value.split(".")
for part in parts:
value = value[int(part) if part.isdigit() else part]
user[key] = value
user["sso_id"] = "%s:%s" % (self.name, user["sso_id"])
if not "username" in user:
user["username"] = user["sso_id"]
# store or retrieve the user
data = auth.get_or_register_user(user)
else:
# WIP Allow login without DB
if not "id" in data:
data["id"] = data.get("username") or data.get("email")
user_id = data.get("id")
auth.store_user_in_session(user_id)
if "_next" in auth.session:
next = auth.session.get("_next")
del auth.session["_next"]
else:
next = URL("index")
redirect(next)
def get_possible_subtickets(ticket_id=None):
if not ticket_id:
raise HTTP(500)
tickets = db(db.tickets).select().as_list()
ancestors = []
_get_ancestor_list(ticket_id, ancestors)
descendants = []
_get_descendants_list(ticket_id, descendants)
invalid_list = ancestors + descendants + [int(ticket_id)]
print(invalid_list)
valid_tickets = []
for ticket in tickets:
if ticket.get("id") not in invalid_list:
valid_tickets.append(ticket)
return dict(tickets=valid_tickets)
def add_comment(self):
content = request.json.get('content')
ticket_id = request.json.get('ticket_id')
if not content or not ticket_id:
raise HTTP(500)
# inserting it manually because the default does not seem to work
user_id = self.auth.current_user.get(
'id') if self.auth.current_user else None
first_name = self.auth.current_user.get(
'first_name') if self.auth.current_user else None
last_name = self.auth.current_user.get(
'last_name') if self.auth.current_user else None
user = self.db(self.db.users.user == user_id).select().first()
EventLogger.log_comment(content, ticket_id, user_id)
return dict(id=self.db.comment.insert(ticket_id=ticket_id,
content=content,
user_id=user_id),
first_name=first_name,
last_name=last_name,
img_url=Helper.get_user_icon(user["icon"]))
def on_request(self):
if not request.urlparts.netloc.startswith('localhost'):
raise HTTP(403)
