def assertScopeMatch(self, assumed, required_scope_sets, expected):
try:
result = subject.scope_match(assumed, required_scope_sets)
self.assertEqual(result, expected)
except:
if expected != 'exception':
raise
def assertScopeMatch(self, assumed, required_scope_sets, expected):
try:
result = subject.scope_match(assumed, required_scope_sets)
self.assertEqual(result, expected)
except:
if expected != 'exception':
raise
def has_permissions(self, required_permissions):
"""
Check user has some required permissions
Using Taskcluster comparison algorithm
"""
if len(required_permissions) > 0 \
and not isinstance(required_permissions[0], (tuple, list)):
required_permissions = [required_permissions]
return scope_match(self.get_permissions(), required_permissions)
def _require_scopes(self, scopes):
response = self._require_login()
if response is not None:
return response
with current_app.app_context():
user_scopes = current_user.get_permissions()
if not scope_match(user_scopes, scopes):
diffs = [', '.join(set(s).difference(user_scopes)) for s in scopes] # noqa
logger.error('User {} misses some scopes: {}'.format(current_user.get_id(), ' OR '.join(diffs))) # noqa
return abort(401)
def _find_user_by_email(self, email, username, scopes):
"""
Try to find an existing user that matches the email.
"""
if scope_match(scopes, [["assume:mozilla-user:{}".format(email)]]):
# Find the user by their email.
# Since there is a unique index on username, but not on email,
# it is POSSIBLE there could be two users with the same email and
# different usernames. Not very likely, but this is safer.
users = User.objects.filter(email=email)
# update the username
if users:
user = users.first()
user.username = username
user.save()
return user
# if we didn't find any, or the user doesn't have the proper scope,
# then raise an exception so we create a new user
raise ObjectDoesNotExist
