def assertScopeMatch(self, assumed, required_scope_sets, expected): try: result = subject.scope_match(assumed, required_scope_sets) self.assertEqual(result, expected) except: if expected != 'exception': raise
def has_permissions(self, required_permissions): """ Check user has some required permissions Using Taskcluster comparison algorithm """ if len(required_permissions) > 0 \ and not isinstance(required_permissions[0], (tuple, list)): required_permissions = [required_permissions] return scope_match(self.get_permissions(), required_permissions)
def _require_scopes(self, scopes): response = self._require_login() if response is not None: return response with current_app.app_context(): user_scopes = current_user.get_permissions() if not scope_match(user_scopes, scopes): diffs = [', '.join(set(s).difference(user_scopes)) for s in scopes] # noqa logger.error('User {} misses some scopes: {}'.format(current_user.get_id(), ' OR '.join(diffs))) # noqa return abort(401)
def _find_user_by_email(self, email, username, scopes): """ Try to find an existing user that matches the email. """ if scope_match(scopes, [["assume:mozilla-user:{}".format(email)]]): # Find the user by their email. # Since there is a unique index on username, but not on email, # it is POSSIBLE there could be two users with the same email and # different usernames. Not very likely, but this is safer. users = User.objects.filter(email=email) # update the username if users: user = users.first() user.username = username user.save() return user # if we didn't find any, or the user doesn't have the proper scope, # then raise an exception so we create a new user raise ObjectDoesNotExist