async def authenticate(self, request: Request):
if request['method'] == 'GET' and \
any((x.match(request.url.path) for x in self.allowed_patterns)):
return AuthCredentials(['unauthenticated']), UnauthenticatedUser()
elif self.id is None:
# local dev
username = '******'
eid = await employees.check_employee(username)
return AuthCredentials(['authenticated']), SimpleUser(username=eid)
elif request.url.path == '/oauth_callback/google':
# handle redirect
# print('sess', request.session)
query = request.query_params
state = query.get('state')
code = query.get('code')
gc = GoogleClient(client_id=self.id,
client_secret=self.secret)
host = get_hostname(request)
if request.url.port:
host += f':{request.url.port}'
otoken, other = await gc.get_access_token(
code,
redirect_uri=f'{host}/oauth_callback/google')
idt = other['id_token']
id_token = jwt.decode(idt, verify=False)
email = id_token.get('email')
if not (id_token.get('hd') == self.org == email.split('@')[1]):
return AuthenticationError('Bad user')
timestamp = time.time()
eid = await employees.check_employee(email)
request.session['ts'] = timestamp
request.session['user'] = eid
request.state.redirect_url = state
raise RedirectAuthError('need to redirect')
elif request.session and request.session.get('user'):
# make sure cookie is still valid
timestamp = request.session.get('ts')
now = time.time()
if now - timestamp > 86520:
raise StartAuthError
user = request.session.get('user')
return AuthCredentials(['authenticated']), SimpleUser(username=user)
else:
raise StartAuthError('Not logged in')
async def get(self, request: Request):
self.try_very_fast_response(request)
frmt = request.path_params["frmt"].lower().strip()
gametype = request.path_params["gametype"]
if frmt == "csv":
return RedirectResponse(
request.url_for("ExportRatingCsv", gametype=gametype)
)
if frmt == "json":
return RedirectResponse(
request.url_for("ExportRatingJson", gametype=gametype)
)
else:
raise HTTPException(404, "Invalid format: {}".format(frmt))
async def get(self, request: Request) -> Response:
# check for valid gametype
if request.path_params and "gametype" in request.path_params:
gametype = request.path_params["gametype"] = request.path_params[
"gametype"
].lower()
if gametype not in cache.GAMETYPE_IDS:
raise HTTPException(404, "invalid gametype: {}".format(gametype))
else:
request.path_params["gametype_id"] = cache.GAMETYPE_IDS[gametype]
self.last_req_time = parsedate(request.headers.get("if-modified-since"))
if self.last_req_time:
self.last_req_time = self.last_req_time[0:6]
try:
resp = self.try_very_fast_response(request)
if resp:
return resp
dbpool = await get_db_pool()
con = await dbpool.acquire()
tr = con.transaction()
await tr.start()
try:
await self.try_fast_response(request, con)
return await self.get_common_response(request, con)
finally:
await tr.rollback()
await dbpool.release(con)
except NotModified:
return Response(None, 304)
def setUp(self):
"""setup for test"""
self.mock_scope = {
"headers": "",
"path": "",
"query_string": "",
"root_path": "",
"type": "http",
}
self.mock_request = Request(scope=self.mock_scope)
pass
async def __call__(self, scope: Scope, receive: Receive, send: Send):
req = Request(scope, receive, send)
path = self._route_tree.get(req.url.path)
if not path:
await _not_found(scope, receive, send)
return
handler = path.get(req.method)
if not handler:
await _not_allowed(scope, receive, send)
return
await handler(scope, receive, send)
async def logout(request: Request):
"""Clear session and redirect to index page."""
request.session.pop("token", None)
request.session.pop("user", None)
return RedirectResponse(
# referrer when set
"Referer" in request.headers
and request.headers["Referer"]
# otherwise index
or request.url_for("index")
)
async def test_getter_for_headers(mocked_request: Request,
plugin: plugins.Plugin):
key_title = "X-Test-Header"
key_lower = key_title.lower()
value = "test_value"
mocked_request.headers[key_title] = value
plugin.key = key_title
assert value == await plugin.extract_value_from_header_by_key(
mocked_request)
mocked_request.headers[key_lower] = value
plugin.key = key_title
assert value == await plugin.extract_value_from_header_by_key(
mocked_request)
mocked_request.headers[key_lower] = value
plugin.key = key_lower
assert value == await plugin.extract_value_from_header_by_key(
mocked_request)
def starlette_request() -> Request:
scope = dict(
method="GET",
type="http",
path="test/v1/test",
headers=[(b"test_header", b"test_val"),
(b"test_header_1", b"test_val_2")],
query_string=b"?b=1&a=2",
)
request = Request(scope)
yield request
async def test_get_from_cache_vary(cache: Cache) -> None:
scope: Scope = {
"type": "http",
"method": "GET",
"path": "/path",
"headers": [[b"accept-encoding", b"gzip, deflate"]],
}
request = Request(scope)
# Response indicates that contents of the response at this URL may *vary*
# depending on the "Accept-Encoding" header sent in the request.
response = PlainTextResponse("Hello, world!",
headers={"Vary": "Accept-Encoding"})
await store_in_cache(response, request=request, cache=cache)
# Let's use a different "Accept-Encoding" header,
# and check that no cached response is found.
other_scope = {**scope, "headers": [[b"accept-encoding", b"identity"]]}
other_request = Request(other_scope)
cached_response = await get_from_cache(other_request, cache=cache)
assert cached_response is None
async def __call__(self, scope: Scope, receive: Receive,
send: Send) -> None:
if scope["type"] != "http":
await self.app(scope, receive, send)
return
async def call_next(request: Request) -> Response:
app_exc: typing.Optional[Exception] = None
send_stream, recv_stream = anyio.create_memory_object_stream()
async def coro() -> None:
nonlocal app_exc
async with send_stream:
try:
await self.app(scope, request.receive,
send_stream.send)
except Exception as exc:
app_exc = exc
task_group.start_soon(coro)
try:
message = await recv_stream.receive()
except anyio.EndOfStream:
if app_exc is not None:
raise app_exc
raise RuntimeError("No response returned.")
assert message["type"] == "http.response.start"
async def body_stream() -> typing.AsyncGenerator[bytes, None]:
async with recv_stream:
async for message in recv_stream:
assert message["type"] == "http.response.body"
body = message.get("body", b"")
if body:
yield body
if not message.get("more_body", False):
break
if app_exc is not None:
raise app_exc
response = StreamingResponse(status_code=message["status"],
content=body_stream())
response.raw_headers = message["headers"]
return response
async with anyio.create_task_group() as task_group:
request = Request(scope, receive=receive)
response = await self.dispatch_func(request, call_next)
await response(scope, receive, send)
task_group.cancel_scope.cancel()
async def get(self, request: Request):
token = await TwitchOauthClient.fetch_token(request=request)
user = await TwitchOauthClient.user_info(token=token)
b_token = json.dumps(token)
b_user = json.dumps(user.json()['data'][0])
response = RedirectResponse(request.url_for('home'))
utils.set_cookie(response, "token", b_token)
utils.set_cookie(response, "user", b_user)
return response
async def __call__(self, request: Request, token: HTTPAuthorizationCredentials = Depends(auth_schema)):
credentials_exception = HTTPException(HTTP_401_UNAUTHORIZED, '无效授权')
try:
payload = jwt.decode(token.credentials, self.secret)
user_token = payload.get('user_token')
if user_token is None:
raise credentials_exception
except jwt.PyJWTError:
raise credentials_exception
request.scope['user_token'] = user_token
return user_token
async def login(request: Request):
hostedServer = False
if 'localhost:' not in request.headers.get('Host', ''):
hostedServer = True
# the redirect URI, as a complete URI (not relative path)
redirect_uri = request.url_for('globus_login')
if hostedServer:
redirect_uri = redirect_uri.replace('http:', 'https:')
globus.client.oauth2_start_flow(redirect_uri)
# If there's no "code" query string parameter, we're in this route
# starting a Globus Auth login flow.
# Redirect out to Globus Auth
if 'code' not in request.query_params:
auth_uri = globus.client.oauth2_get_authorize_url()
return RedirectResponse(auth_uri)
# If we do have a "code" param, we're coming back from Globus Auth
# and can start the process of exchanging an auth code for a token.
else:
jsonResponse = {'Process': 'Globus_Auth'}
code = request.query_params['code']
try:
tokens = globus.client.oauth2_exchange_code_for_tokens(code)
# store the resulting tokens in the session
request.session.update(tokens=tokens.by_resource_server,
is_authenticated=True)
except GlobusAPIError as e:
# Error response from the REST service, check the code and message for
# details.
logging.error(("Got a Globus API Error\n"
"Error Code: {}\n"
"Error Message: {}").format(e.code, e.message))
jsonResponse = {'Globus_code': e.code}
jsonResponse['Globus_error'] = e.message
jsonResponse['status'] = e.http_status
return jsonResponse
except NetworkError:
logging.error(("Network Failure. "
"Possibly a firewall or connectivity issue"))
raise
except GlobusError:
logging.exception("Totally unexpected GlobusError!")
raise
jsonResponse['login_success'] = True
jsonResponse['status'] = 200
jsonResponse_json = jsonable_encoder(jsonResponse)
return JSONResponse(content=jsonResponse_json,
status_code=jsonResponse['status'])
async def set_body(request: Request, body: bytes):
"""Overwrites body in Starlette.
Args:
request (Request)
body (bytes)
"""
async def receive() -> Message:
return {"type": "http.request", "body": body}
request._receive = receive
async def my_app(scope: Scope, receive: Receive, send: Send):
request: Request = Request(scope, receive=receive)
user: UserModel = await get_current_user(await oauth2_scheme(request))
if user and has_one_permission(user, permissions):
return await _app(scope, receive, send)
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
async def dispatch(self):
request = Request(self.scope, self.receive)
graphiql = get_graphql_config(request).graphiql
if "text/html" in request.headers.get("Accept", ""):
if graphiql and graphiql.path is None:
app = GraphiQLEndpoint
else:
app = PlainTextResponse("Not Found", 404)
await app(self.scope, self.receive, self.send)
else:
await super().dispatch()
def try_very_fast_response(self, request: Request) -> Optional[Response]:
ids = request.path_params["ids"]
gametype = request.headers.get("X-QuakeLive-Gametype")
mapname = request.headers.get("X-QuakeLive-Map")
if gametype is not None and mapname is not None:
return RedirectResponse(
request.url_for(
"BalanceMapBased", gametype=gametype, mapname=mapname, ids=ids
)
)
async def app_read_body(scope, receive, send):
request = Request(scope, receive)
# Read bytes, to force request.stream() to return the already parsed body
await request.body()
data = await request.form()
output = {}
for key, value in data.items():
output[key] = value
await request.close()
response = JSONResponse(output)
await response(scope, receive, send)
async def __call__(self, receive, send):
self.raw_send = send
try:
asgi = self.app(self.scope)
await asgi(receive, self.send)
except Exception as exc:
if not self.response_started:
request = Request(self.scope)
response = get_debug_response(request, exc)
await response(receive, send)
raise exc from None
async def change_password_action(
request: Request,
username: str,
current_user: schema.UserPayload = Depends(deps.get_current_user)
) -> Any:
if current_user.name == username:
form = await request.form()
if form.get('password_new') != form.get('password_new_check'):
return templates.TemplateResponse(
'user/change-password.jinja2', {
'request': request,
'current_user': current_user,
'message': '两个密码不同,请重新输入'
}
)
await userfunc.change_password(current_user.uid, form.get('password_new'))
rr = RedirectResponse(request.url_for('login'))
rr.set_cookie('jwt', value='deleted', expires=0)
return rr
return RedirectResponse(request.url_for('homepage'))
async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
if scope["type"] != "http":
await self.app(scope, receive, send)
return
request = Request(scope, receive=receive)
send = functools.partial(self.send, send=send, request=request)
response = await self.before_request(request) or self.app
await response(request.scope, request.receive, send)
await self.after_request(request)
async def get_jwt_user(request: Request, token: HTTPAuthorizationCredentials = Security(security)):
credentials_exception = HTTPException(HTTP_401_UNAUTHORIZED)
try:
payload = jwt.decode(token.credentials, SECERT)
user_id = payload.get('user_id')
if user_id is None:
raise credentials_exception
except jwt.PyJWTError:
raise credentials_exception
request.scope['user_id'] = user_id
return user_id
async def get(self, request: Request):
fansub_id = request.path_params["id"]
try:
fansub = Fansub.get(id=fansub_id)
except Fansub.DoesNotExist:
return RedirectResponse(request.url_for("fansub"))
context = {"name": fansub.name}
return self.__response(request, context)
async def jwt_required(request: Request, token: HTTPAuthorizationCredentials = Depends(auth_schema)):
credentials_exception = HTTPException(HTTP_401_UNAUTHORIZED)
try:
payload = jwt.decode(token.credentials, app.admin_secret)
user_id = payload.get('user_id')
if user_id is None:
raise credentials_exception
except jwt.PyJWTError:
raise credentials_exception
request.scope['user_id'] = user_id
return user_id
async def test_oauth2_authorize_code_challenge():
app = AsyncPathMapDispatch({'/token': {'body': get_bearer_token()}})
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'code_challenge_method': 'S256',
'app': app,
},
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.authorize_redirect(req,
redirect_uri='https://b.com/bar')
assert resp.status_code == 302
url = resp.headers.get('Location')
assert 'code_challenge=' in url
assert 'code_challenge_method=S256' in url
state = req.session['_dev_authlib_state_']
assert state is not None
verifier = req.session['_dev_authlib_code_verifier_']
assert verifier is not None
req_scope.update({
'path': '/',
'query_string': 'code=a&state={}'.format(state).encode(),
'session': req.session,
})
req = Request(req_scope)
token = await client.authorize_access_token(req)
assert token['access_token'] == 'a'
async def broadcast_message(request: Request, user_id: str):
"""
广播消息
"""
room: Optional[Room] = request.get('room')
if room is None:
raise HTTPException(500, detail='Global `Room` instance unavailable!')
try:
await room.broadcast_message(user_id, msg='我是消息')
except ValueError as e:
log.logger.error(e)
raise HTTPException(404, detail='消息发送失败')
async def test_non_cachable_status_codes(cache: Cache,
status_code: int) -> None:
scope: Scope = {
"type": "http",
"method": "GET",
"path": "/path",
"headers": [],
}
request = Request(scope)
response = PlainTextResponse("Hello, world!", status_code=status_code)
with pytest.raises(ResponseNotCachable):
await store_in_cache(response, request=request, cache=cache)
def viewer(request: Request):
"""Handle /index.html."""
if self.reader_type == "cog":
name = "index.html"
elif self.reader_type == "bands":
name = "bands.html"
elif self.reader_type == "assets":
name = "assets.html"
return templates.TemplateResponse(
name=name,
context={
"request": request,
"tilejson_endpoint": request.url_for("tilejson"),
"stats_endpoint": request.url_for("statistics"),
"info_endpoint": request.url_for("info"),
"point_endpoint": request.url_for("point"),
"allow_3d": has_mvt,
},
media_type="text/html",
)
async def asgi(self, receive: Receive, send: Send, scope: Scope) -> None:
global context
# TODO: Temporary fix for https://github.com/encode/starlette/issues/472
# --------------------------8<--------------------------
self._orig_send = send
# -------------------------->8--------------------------
with context.enter():
request = Request(scope, receive=receive)
response = await self.call_next(request)
await response(receive, send)
async def __call__(self, scope, receive, send):
request = Request(scope, receive=receive)
if self.assert_func:
await self.assert_func(request)
response = Response(
status_code=self.status_code,
content=self.body,
headers=self.headers,
)
await response(scope, receive, send)
async def room_whisper(request: Request, send_data: SendData):
"""私聊"""
room: Optional[Room] = request.get('room')
if room is None:
raise HTTPException(404, detail='Global `Room` instance unavailable!')
try:
await room.whisper(send_data.from_user, send_data.to_user,
send_data.msg)
return {'err_no:': 0, 'err_msg': '', 'data': 'success'}
except Exception as e:
log.logger.error(e)
raise HTTPException(500, detail='消息发送失败')
async def app(scope, receive, send):
# the server is push-enabled
scope["extensions"]["http.response.push"] = {}
data = "OK"
request = Request(scope)
try:
await request.send_push_promise("/style.css")
except RuntimeError:
data = "Send channel not available"
response = JSONResponse({"json": data})
await response(scope, receive, send)
async def jwt_optional(request: Request):
authorization: str = request.headers.get("Authorization")
scheme, credentials = get_authorization_scheme_param(authorization)
if credentials:
try:
payload = jwt.decode(credentials, app.admin_secret)
user_id = payload.get("user_id")
request.scope["user_id"] = user_id
return user_id
except jwt.PyJWTError:
pass
return
async def get(self, request: Request) -> Response:
logger.debug("authorization")
client_wrap = await async_(get_client_at_authorization_endpoint)(
request)
if client_wrap is None:
raise HTTPException(status_code=HTTP_404_NOT_FOUND)
user: typing.Optional[User] = await async_(user_for_session)(
request.session, client_wrap.obj.pool)
logger.debug(f"user={user}")
prompt = request.query_params.get("prompt")
if prompt is None or prompt != "none":
if user is None:
return RedirectResponse(
request.url_for("pools:signin",
pool=client_wrap.obj.pool.key) + "?" +
urlencode({"back_to": str(request.url)}))
request.scope[EVENT_KEY] = (await async_(new_event)(
request, client_wrap.obj.pool, "authorization")
if client_wrap is not None else None)
id_provider = await async_(get_id_provider)(request, client_wrap)
return await id_provider.create_authorization_response(request, user)
def http_root(request: Request):
return RedirectResponse(request.url_for("MatchesHtml"))
