def login(self, foreign_id='tester', name=None, email=None,
is_admin=False):
role = self.create_user(foreign_id=foreign_id, name=name, email=email,
is_admin=is_admin)
with self.client.session_transaction() as sess:
sess['roles'] = [Role.system(Role.SYSTEM_GUEST),
Role.system(Role.SYSTEM_USER), role.id]
sess['user'] = role.id
return role
def check_alerts():
for role_id, in Role.notifiable():
with current_app.test_request_context('/'):
role = Role.by_id(role_id)
request.auth_role = role
request.logged_in = True
# FIXME: can't re-gain access to implicit oauth rules.
# -> https://github.com/pudo/aleph/issues/14
request.auth_roles = [Role.system(Role.SYSTEM_USER),
Role.system(Role.SYSTEM_GUEST),
role.id]
check_role_alerts(role)
def login(self,
foreign_id='tester',
name=None,
email=None,
is_admin=False):
role = self.create_user(foreign_id=foreign_id,
name=name,
email=email,
is_admin=is_admin)
with self.client.session_transaction() as sess:
sess['roles'] = [
Role.system(Role.SYSTEM_GUEST),
Role.system(Role.SYSTEM_USER), role.id
]
sess['user'] = role.id
return role
def callback():
resp = oauth_provider.authorized_response()
if resp is None or isinstance(resp, OAuthException):
log.warning("Failed OAuth: %r", resp)
# FIXME: notify the user, somehow.
return redirect(url_for('base_api.ui'))
session['oauth'] = resp
session['roles'] = [Role.system(Role.SYSTEM_USER)]
if 'googleapis.com' in oauth_provider.base_url:
me = oauth_provider.get('userinfo')
user_id = 'google:%s' % me.data.get('id')
role = Role.load_or_create(user_id, Role.USER, me.data.get('name'),
email=me.data.get('email'))
elif 'occrp.org' in oauth_provider.base_url or \
'investigativedashboard.org' in oauth_provider.base_url:
me = oauth_provider.get('api/2/accounts/profile/')
user_id = 'idashboard:user:%s' % me.data.get('id')
role = Role.load_or_create(user_id, Role.USER,
me.data.get('display_name'),
email=me.data.get('email'),
is_admin=me.data.get('is_admin'))
for group in me.data.get('groups', []):
group_id = 'idashboard:%s' % group.get('id')
group_role = Role.load_or_create(group_id, Role.GROUP,
group.get('name'))
session['roles'].append(group_role.id)
else:
raise RuntimeError("Unknown OAuth URL: %r" % oauth_provider.base_url)
session['roles'].append(role.id)
session['user'] = role.id
db.session.commit()
log.info("Logged in: %r", role)
return redirect(url_for('base_api.ui'))
def load_role():
request.auth_roles = set([Role.system(Role.SYSTEM_GUEST)])
request.auth_role = None
request.logged_in = False
auth_header = request.headers.get('Authorization')
if session.get('user'):
request.auth_roles.update(session.get('roles', []))
request.auth_role = Role.by_id(session.get('user'))
request.logged_in = True
elif auth_header is not None:
if not auth_header.lower().startswith('apikey'):
return
api_key = auth_header.split(' ', 1).pop()
role = Role.by_api_key(api_key)
if role is None:
return
request.auth_role = role
request.auth_roles.update([Role.system(Role.SYSTEM_USER), role.id])
request.logged_in = True
def load_role():
request.auth_roles = set([Role.system(Role.SYSTEM_GUEST)])
request.auth_role = None
request.logged_in = False
if session.get('user'):
request.auth_roles.update(session.get('roles', []))
request.auth_role = Role.by_id(session.get('user'))
request.logged_in = True
else:
api_key = request.args.get('api_key')
if api_key is None:
auth_header = request.headers.get('Authorization') or ''
if auth_header.lower().startswith('apikey'):
api_key = auth_header.split(' ', 1).pop()
role = Role.by_api_key(api_key)
if role is None:
return
request.auth_role = role
request.auth_roles.update([Role.system(Role.SYSTEM_USER), role.id])
request.logged_in = True
def callback():
resp = oauth_provider.authorized_response()
if resp is None or isinstance(resp, OAuthException):
log.warning("Failed OAuth: %r", resp)
# FIXME: notify the user, somehow.
return redirect('/')
session['oauth'] = resp
session['roles'] = [Role.system(Role.SYSTEM_USER)]
signals.handle_oauth_session.send(provider=oauth_provider, session=session)
db.session.commit()
log.info("Logged in: %r", session['user'])
return redirect('/')
def setUp(self):
super(SourcesApiTestCase, self).setUp()
self.source = Source()
self.source.foreign_id = "test"
self.source.label = "Test Collection"
self.source.category = "news"
db.session.add(self.source)
db.session.flush()
permission = Permission()
permission.role_id = Role.system(Role.SYSTEM_USER)
permission.read = True
permission.write = True
permission.resource_id = self.source.id
permission.resource_type = Permission.SOURCE
db.session.add(permission)
db.session.commit()
def setUp(self):
super(SourcesApiTestCase, self).setUp()
self.source = Source()
self.source.foreign_id = "test"
self.source.label = "Test Collection"
self.source.category = "news"
db.session.add(self.source)
db.session.flush()
permission = Permission()
permission.role_id = Role.system(Role.SYSTEM_USER)
permission.read = True
permission.write = True
permission.resource_id = self.source.id
permission.resource_type = Permission.SOURCE
db.session.add(permission)
db.session.commit()
def callback():
resp = oauth_provider.authorized_response()
if resp is None or isinstance(resp, OAuthException):
log.warning("Failed OAuth: %r", resp)
# FIXME: notify the user, somehow.
return redirect(url_for('base_api.ui'))
session['oauth'] = resp
session['roles'] = [Role.system(Role.SYSTEM_USER)]
if 'googleapis.com' in oauth_provider.base_url:
me = oauth_provider.get('userinfo')
user_id = 'google:%s' % me.data.get('id')
role = Role.load_or_create(user_id,
Role.USER,
me.data.get('name'),
email=me.data.get('email'))
elif 'occrp.org' in oauth_provider.base_url or \
'investigativedashboard.org' in oauth_provider.base_url:
me = oauth_provider.get('api/2/accounts/profile/')
user_id = 'idashboard:user:%s' % me.data.get('id')
role = Role.load_or_create(user_id,
Role.USER,
me.data.get('display_name'),
email=me.data.get('email'),
is_admin=me.data.get('is_admin'))
for group in me.data.get('groups', []):
group_id = 'idashboard:%s' % group.get('id')
group_role = Role.load_or_create(group_id, Role.GROUP,
group.get('name'))
session['roles'].append(group_role.id)
else:
raise RuntimeError("Unknown OAuth URL: %r" % oauth_provider.base_url)
session['roles'].append(role.id)
session['user'] = role.id
db.session.commit()
log.info("Logged in: %r", role)
return redirect(url_for('base_api.ui'))
