def set_message_sent(id_message, svc_port):
log.info('Set {} sent'.format(id_message))
import json
import datetime
from base_svc.comm import BaseAPIRequestHandler
n = str(datetime.datetime.now())[:19]
rh = BaseAPIRequestHandler()
data = {'id_message': id_message, 'sent_time': n}
rh.set_argument('data', json.dumps(data, ensure_ascii=False))
kwargs = {}
kwargs['request_handler'] = rh
from base_svc.comm import call
import base_api.mail_api.sent_mail
try:
res, status = call(
'localhost',
# base_config.settings.APP_PORT,
svc_port,
base_api.mail_api.sent_mail.location,
data,
base_api.mail_api.sent_mail.set_mail_sent.__api_method_type__)
except ConnectionRefusedError as e:
log.critical('Servis not working: {}'.format(e))
return False
if status != 204:
log.error('Error set message {} sent: {}'.format(id_message, res))
return True
def change_username_hook(hash2param, newusername, dbuser, **kwargs):
# jedan hook za oba mail-a
message = _get_email_message(hash2param)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument("sender", support_mail)
rh1.set_argument("receiver", newusername)
rh1.set_argument("subject", "Username change request")
rh1.set_argument("message", message)
kwargs["request_handler"] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs)
if "http_status" not in res or res["http_status"] != 204:
log.critical("Error save redirection email")
return False
message2 = _get_email_warning(dbuser.username, newusername)
rh2 = BaseAPIRequestHandler()
rh2.set_argument("sender", support_mail)
rh2.set_argument("receiver", dbuser.username)
rh2.set_argument("subject", "Username change request saved")
rh2.set_argument("message", message2)
kwargs["request_handler"] = rh2
res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username, message2, **kwargs)
if "http_status" not in res or res["http_status"] != 204:
log.critical("Error save warning email")
return False
return True
def f_wrapper(*args, **kwargs):
request_handler = kwargs['request_handler']
if not hasattr(request_handler, 'auth_token'):
return base_common.msg.error(amsgs.UNAUTHORIZED_REQUEST)
from base_config import settings as base_settings
if not base_settings.APP_DB:
return base_common.msg.error(amsgs.UNAUTHORIZED_REQUEST)
tk = request_handler.auth_token
_db = get_db()
from base_common.dbatokens import authorized_by_token
if not authorized_by_token(_db, tk):
log.critical("Unauthorized access attempt")
return base_common.msg.error(amsgs.UNAUTHORIZED_REQUEST)
from base_common.dbatokens import get_user_by_token
dbuser = get_user_by_token(_db, tk)
_access = (len(arguments) == 0)
for a in arguments:
if bool(dbuser.role & a):
_access = True
_access = _access if dbuser.active else False
if not _access:
log.critical("Unauthorized user access attempt")
return base_common.msg.error(amsgs.UNAUTHORIZED_REQUEST)
return original_f(*args, **kwargs)
def change_username_hook(hash2param, newusername, dbuser, **kwargs):
# jedan hook za oba mail-a
message = _get_email_message(hash2param)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('subject', 'Username change request')
rh1.set_argument('message', message)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, newusername,
message, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
log.critical('Error save redirection email')
return False
message2 = _get_email_warning(dbuser.username, newusername)
rh2 = BaseAPIRequestHandler()
rh2.set_argument('sender', support_mail)
rh2.set_argument('receiver', dbuser.username)
rh2.set_argument('subject', 'Username change request saved')
rh2.set_argument('message', message2)
kwargs['request_handler'] = rh2
res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username,
message2, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
log.critical('Error save warning email')
return False
return True
def check_args(installed_apps):
a = argparse.ArgumentParser()
if not installed_apps:
log.critical('There is no one application installed in DigitalBaseAPI')
a.exit(1, w_arning)
if len(installed_apps.keys()) > 1:
a.add_argument("app",
help="Application to run with DigitalBaseAPI",
choices=[a for (a, b) in installed_apps.items()])
else:
a.add_argument("app",
help="Application to run with DigitalBaseAPI",
choices=[a for (a, b) in installed_apps.items()],
default=list(installed_apps.keys())[0],
nargs='?')
a.add_argument("-p", "--port", help="Application port")
a.add_argument("-t",
"--test",
help="TEST Application",
action='store_true')
return a.parse_args()
def do_post(**kwargs):
"""
Check if user is logged
"""
_db = get_db()
tk = kwargs['auth_token']
from base_common.dbatokens import get_user_by_token
dbuser = get_user_by_token(_db, tk)
d = dbuser.dump_user()
d['token'] = tk
if hasattr(apphooks, 'extend_user_check'):
_extend_res = apphooks.extend_user_check(dbuser)
if _extend_res == False:
log.critical('Error user check extending')
return base_common.msg.error(msgs.ERROR_POST_CHECK)
if isinstance(_extend_res, dict):
d.update(_extend_res)
apphooks.action_log_hook(dbuser.id_user, kwargs['r_ip'], 'check', 'user {} successfuly checked status'.format(dbuser.username))
return base_common.msg.post_ok(d)
def f_wrapper(*args, **kwargs):
request_handler = kwargs['request_handler']
if not hasattr(request_handler, 'auth_token'):
return base_common.msg.error(amsgs.UNAUTHORIZED_REQUEST)
from base_config import settings as base_settings
if not base_settings.APP_DB:
return base_common.msg.error(amsgs.UNAUTHORIZED_REQUEST)
tk = request_handler.auth_token
_db = get_db()
from base_common.dbatokens import authorized_by_token
if not authorized_by_token(_db, tk):
log.critical("Unauthorized access attempt")
return base_common.msg.error(amsgs.UNAUTHORIZED_REQUEST)
from base_common.dbatokens import get_user_by_token
dbuser = get_user_by_token(_db, tk)
_access = (len(arguments) == 0)
for a in arguments:
if bool(dbuser.role&a):
_access = True
if not _access:
log.critical("Unauthorized user access attempt")
return base_common.msg.error(amsgs.UNAUTHORIZED_REQUEST)
return original_f(*args, **kwargs)
def set_option(option_name, option_value, **kwargs):
"""
Set option in database
"""
_db = get_db()
dbc = _db.cursor()
q = '''INSERT into options (o_key, o_value) VALUES ('{}', '{}')'''.format(option_name, option_value)
_update = False
if _key_exists(_db, option_name):
q = '''UPDATE options set o_value = '{}' where o_key = '{}' '''.format(option_value, option_name)
_update = True
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error {} option {} with {}: {}'.format(
'update' if _update else 'insert', option_name, option_value, e))
return base_common.msg.error(msgs.ERROR_SET_OPTION)
_db.commit()
return base_common.msg.put_ok()
def save_email(sender,
sender_name,
receiver,
receiver_name,
subject,
emessage,
_get_id,
data,
db=None,
**kwargs):
if not db:
_db = get_db()
else:
_db = db
dbc = _db.cursor()
rdb = get_redis_db()
if sender_name is None:
sender_name = sender
if receiver_name is None:
receiver_name = receiver
from MySQLdb import IntegrityError
try:
dbc.execute(
'insert into mail_queue (id, sender, sender_name, receiver, receiver_name, time_created, subject, message, data) values (%s,%s,%s,%s,%s,now(),%s,%s,%s)',
(None, sender, sender_name, receiver, receiver_name, subject,
emessage, data))
# print (dbc._last_executed)
except IntegrityError as e:
log.critical('Inserting mail queue: {}'.format(e))
return False, msgs.CANNOT_SAVE_MESSAGE, None
_db.commit()
m_id = dbc.lastrowid
r_data = {
'id': m_id,
'sender': sender,
'sender_name': sender_name,
'receiver': receiver,
'receiver_name': receiver_name,
'subject': subject,
'message': emessage
}
r_data = json.dumps(r_data, ensure_ascii=False)
from config import send_mail_config
__SVC_PORT = send_mail_config.SVC_PORT
rdb.lpush("{} {}".format(MAIL_CHANNEL, __SVC_PORT), r_data)
if _get_id:
return True, None, m_id
return True, None, None
def get_current_datetime():
_db = get_db()
dbc = _db.cursor()
_t = 'test_datetime'
if base_config.settings.TEST_MODE:
q = '''SELECT o_value FROM options where o_key = '{}' '''.format(_t)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error reading {} from database: {}'.format(_t, e))
return False
if dbc.rowcount != 1:
log.warning('Found {} current date occurrences'.format(
dbc.rowcount))
return datetime.datetime.now()
_td = dbc.fetchone()
try:
_td_datetime = datetime.datetime.strptime(_td['o_value'],
'%Y-%m-%d %H:%M:%S.%f')
except ValueError as e:
log.critical('Error creating datetime from {}: {}'.format(
_td['o_value'], e))
return False
return _td_datetime
else:
return datetime.datetime.now()
def get_current_datetime():
_db = get_db()
dbc = _db.cursor()
_t = 'test_datetime'
if base_config.settings.TEST_MODE:
q = '''SELECT o_value FROM options where o_key = '{}' '''.format(_t)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error reading {} from database: {}'.format(_t, e))
return False
if dbc.rowcount != 1:
log.warning('Found {} current date occurrences'.format(dbc.rowcount))
return datetime.datetime.now()
_td = dbc.fetchone()
try:
_td_datetime = datetime.datetime.strptime(_td['o_value'], '%Y-%m-%d %H:%M:%S.%f')
except ValueError as e:
log.critical('Error creating datetime from {}: {}'.format(_td['o_value'], e))
return False
return _td_datetime
else:
return datetime.datetime.now()
def set_message_sent(id_message, svc_port):
log.info('Set {} sent'.format(id_message))
import json
import datetime
from base_svc.comm import BaseAPIRequestHandler
n = str(datetime.datetime.now())[:19]
rh = BaseAPIRequestHandler()
data = {'id_message': id_message, 'sent_time': n}
rh.set_argument('data', json.dumps(data))
kwargs = {}
kwargs['request_handler'] = rh
from base_svc.comm import call
import base_api.mail_api.sent_mail
try:
res, status = call(
'localhost',
# base_config.settings.APP_PORT,
svc_port,
base_api.mail_api.sent_mail.location,
data,
base_api.mail_api.sent_mail.set_mail_sent.__api_method_type__)
except ConnectionRefusedError as e:
log.critical('Servis not working: {}'.format(e))
return False
if status != 204:
log.error('Error set message {} sent: {}'.format(id_message, res))
return True
def f_wrapper(*args, **kwargs):
try:
return origin_f(*args, **kwargs)
except Exception as e:
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
_list = '{}({})'.format(fname, exc_tb.tb_lineno)
_n = exc_tb.tb_next
_c = None
while _n:
_fname = os.path.split(_n.tb_frame.f_code.co_filename)[1]
_list += ' -> {}({})'.format(_fname, _n.tb_lineno)
_c = '{}({})'.format(_n.tb_frame.f_code.co_name,
_n.tb_lineno)
_n = _n.tb_next
import inspect
parent_module = inspect.getmodule(origin_f)
log.critical('{} -> {} -> {} -> {} -> {}'.format(
parent_module.__name__, str(e), _list, origin_f.__name__,
_c))
return base_common.msg.error(amsgs.API_CALL_EXCEPTION)
def log_hash_access(db, did, ip):
dbc = db.cursor()
n = datetime.datetime.now()
q = "insert into hash_2_params_historylog (id, id_hash_2_params, ip, log_time ) VALUES (null, {}, '{}', '{}')". \
format(
did, ip, str(n)
)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Save hash access log: {}'.format(e))
return False
qh = "update hash_2_params set last_access = '{}' where id = {}".format(
n, did)
try:
dbc.execute(qh)
except IntegrityError as e:
log.critical('Change access hash time: {}'.format(e))
return False
db.commit()
return True
def get_option(option_name, **kwargs):
"""
Get option from database
"""
_db = get_db()
dbc = _db.cursor()
q = '''SELECT o_value FROM options where o_key = '{}' '''.format(option_name)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error getting option {}: {}'.format(option_name, e))
return base_common.msg.error(msgs.ERROR_GET_OPTION)
if dbc.rowcount != 1:
log.warning('Found {} options {}'.format(dbc.rowcount, option_name))
return base_common.msg.error(msgs.OPTION_NOT_EXIST)
_dbr = dbc.fetchone()
_dbrk = _dbr['o_value']
res = {}
res[option_name] = _dbrk
return base_common.msg.get_ok(res)
def __close_session_by_token_in_sql(dbc, tk):
q = "update session_token set closed = true where id = '{}'".format(tk)
try:
dbc.execute(q)
except Exception as e:
log.critical("Close session: {}".format(e))
return False
return True
def _get_user_by_token_from_sql(db, tk, is_active):
dbc = db.cursor()
if not __get_user_by_token_from_sql(dbc, tk, is_active):
log.critical("Cannot find users token {} in sql".format(tk))
return False
db_tk = dbc.fetchone()
u_id = db_tk["id_user"]
return base_common.app_hooks.pack_user_by_id(db, u_id)
def _get_user_by_token_from_sql(db, tk, is_active):
dbc = db.cursor()
if not __get_user_by_token_from_sql(dbc, tk, is_active):
log.critical('Cannot find users token {} in sql'.format(tk))
return False
db_tk = dbc.fetchone()
u_id = db_tk['id_user']
return base_common.app_hooks.pack_user_by_id(db, u_id)
def __close_session_by_token_in_sql(dbc, tk):
q = "update session_token set closed = true where id = '{}'".format(tk)
try:
dbc.execute(q)
except Exception as e:
log.critical('Close session: {}'.format(e))
return False
return True
def _key_exists(db, _key):
dbc = db.cursor()
q = '''SELECT * FROM options WHERE o_key = '{}' '''.format(_key)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error getting option {} from database: {}'.format(_key, e))
return False # consider this
return dbc.rowcount != 0
def get_params(**kwargs):
res = {}
if hasattr(apphooks, 'get_params'):
get_params_res = apphooks.get_params()
if get_params_res == False:
log.critical('Error getting params')
return base_common.msg.error('ERROR')
if isinstance(get_params_res, dict):
res.update(get_params_res)
return base_common.msg.ok(res)
def do_post(newusername, password, **kwargs):
"""
Change password
"""
_db = get_db()
tk = kwargs['auth_token']
dbuser = get_user_by_token(_db, tk)
if not check_password(dbuser.password, dbuser.username, password):
log.critical('Wrong users password: {}'.format(password))
return base_common.msg.error(msgs.WRONG_PASSWORD)
# SAVE HASH FOR USERNAME CHANGE
rh = BaseAPIRequestHandler()
data = {'cmd': 'change_username', 'newusername': newusername, 'id_user': dbuser.id_user, 'password': password}
rh.set_argument('data', json.dumps(data))
kwargs['request_handler'] = rh
res = base_api.hash2params.save_hash.do_put(json.dumps(data), **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
h = res['h']
message = _get_email_message(h)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('message', message)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
message2 = _get_email_warning(dbuser.username, newusername)
rh2 = BaseAPIRequestHandler()
rh2.set_argument('sender', support_mail)
rh2.set_argument('receiver', dbuser.username)
rh2.set_argument('message', message2)
kwargs['request_handler'] = rh2
res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username, message2, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def get_params(**kwargs):
res = {}
if hasattr(apphooks, 'get_params'):
get_params_res = apphooks.get_params()
if get_params_res == False:
log.critical('Error getting params')
return base_common.msg.error('ERROR')
if isinstance(get_params_res, dict):
res.update(get_params_res)
return base_common.msg.ok(res)
def wrapper(*args, **kwargs):
ags = []
request = kwargs['request_handler']
for a in arguments:
default_arg_value = a['default'] if 'default' in a else None
argmnt = a['arg'].strip()
atr = request.get_argument(argmnt, default=default_arg_value)
required = a['required'] if 'required' in a else True
if atr is None:
if not required:
converted = None
else:
log.critical(
'Missing request argument: {}'.format(argmnt))
return base_common.msg.error(
amsgs.MISSING_REQUEST_ARGUMENT)
else:
tip = a['type'] if 'type' in a else str
esc = a['escaped'] if 'escaped' in a else (
tip in [str, 'e-mail'])
converted = _convert_args(atr, tip, esc)
if tip != bool and converted is None:
if not (tip == int
and converted == 0): # count 0 as int
c_type = "|type get error|"
try:
c_type = type(atr)
except Exception as e:
log.warning(
'Get argument type error: {}'.format(e))
log.critical(
'Invalid request argument {} type {}, expected {}'
.format(atr, c_type, tip))
return base_common.msg.error(
amsgs.INVALID_REQUEST_ARGUMENT)
ags.append(converted)
return original(*ags, **kwargs)
def save_email(sender, sender_name, receiver, receiver_name, subject, emessage, _get_id, data, db=None, **kwargs):
if not db:
_db = get_db()
else:
_db = db
dbc = _db.cursor()
rdb = get_redis_db()
if sender_name is None:
sender_name = sender
if receiver_name is None:
receiver_name = receiver
from MySQLdb import IntegrityError
try:
dbc.execute('insert into mail_queue (id, sender, sender_name, receiver, receiver_name, time_created, subject, message, data) values (%s,%s,%s,%s,%s,now(),%s,%s,%s)',
(None, sender, sender_name, receiver, receiver_name, subject, emessage, data))
# print (dbc._last_executed)
except IntegrityError as e:
log.critical('Inserting mail queue: {}'.format(e))
return False, msgs.CANNOT_SAVE_MESSAGE, None
_db.commit()
m_id = dbc.lastrowid
r_data = {
'id': m_id,
'sender': sender,
'sender_name': sender_name,
'receiver': receiver,
'receiver_name': receiver_name,
'subject': subject,
'message': emessage
}
r_data = json.dumps(r_data, ensure_ascii=False)
from config import send_mail_config
__SVC_PORT = send_mail_config.SVC_PORT
rdb.lpush("{} {}".format(MAIL_CHANNEL, __SVC_PORT), r_data)
if _get_id:
return True, None, m_id
return True, None, None
def change_username_success_hook(receiver, **kwargs):
message = "Dear,<br/> Your username has been updated!<br/>Thank You!"
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument("sender", support_mail)
rh1.set_argument("receiver", receiver)
rh1.set_argument("subject", "Username successfully changed")
rh1.set_argument("message", message)
kwargs["request_handler"] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message, **kwargs)
if "http_status" not in res or res["http_status"] != 204:
log.critical("Error save info message")
return False
return True
def forgot_password_hook(request, receiver, tk, **kwargs):
message = get_email_message(request, receiver, tk)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument("sender", support_mail)
rh1.set_argument("receiver", receiver)
rh1.set_argument("subject", "Forgot password query")
rh1.set_argument("message", message)
kwargs["request_handler"] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message, **kwargs)
if "http_status" not in res or res["http_status"] != 204:
log.critical("Error save info message")
return False
return True
def get_lookups(**kwargs):
"""
Get lookups
"""
res = {}
if hasattr(apphooks, 'pack_lookups'):
_pck_lkp_res = apphooks.pack_lookups()
if _pck_lkp_res == False:
log.critical('Error pack lookups')
return base_common.msg.error(msgs.ERROR_POST_CHECK)
if isinstance(_pck_lkp_res, dict):
res.update(_pck_lkp_res)
return base_common.msg.get_ok(res)
def get_lookups(**kwargs):
"""
Get lookups
"""
res = {}
if hasattr(apphooks, 'pack_lookups'):
_pck_lkp_res = apphooks.pack_lookups()
if _pck_lkp_res == False:
log.critical('Error pack lookups')
return base_common.msg.error(msgs.ERROR_POST_CHECK)
if isinstance(_pck_lkp_res, dict):
res.update(_pck_lkp_res)
return base_common.msg.get_ok(res)
def do_put(username, *args, **kwargs):
"""
Forgot password
"""
_db = get_db()
request = kwargs['request_handler']
username = username.lower()
if not check_user_exists(username, _db):
log.critical('User check fail')
return base_common.msg.error(msgs.USER_NOT_FOUND)
# GET HASH FOR FORGOTTEN PASSWORD
rh = BaseAPIRequestHandler()
data = {'cmd': 'forgot_password', 'username': username}
rh.set_argument('data', json.dumps(data, ensure_ascii=False))
kwargs['request_handler'] = rh
res = base_api.hash2params.save_hash.do_put(
json.dumps(data, ensure_ascii=False), *args, **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
tk = res['h']
if not forgot_password_hook(request, username, tk, **kwargs):
log.critical('Error finishing username change process')
return base_common.msg.error(msgs.ERROR_PASSWORD_RESTORE)
#
# message = get_email_message(request, username, tk)
#
# # SAVE EMAIL FOR SENDING
# rh1 = BaseAPIRequestHandler()
# rh1.set_argument('sender', support_mail)
# rh1.set_argument('receiver', username)
# rh1.set_argument('message', message)
# kwargs['request_handler'] = rh1
# res = base_api.mail_api.save_mail.do_put(support_mail, username, message, *args, **kwargs)
# if 'http_status' not in res or res['http_status'] != 204:
# return base_common.msg.error('Error finishing change password request')
return base_common.msg.post_ok(msgs.OK)
def del_option(option_name, **kwargs):
"""
Delete option from database
"""
_db = get_db()
dbc = _db.cursor()
q = '''DELETE FROM options where o_key = '{}' '''.format(option_name)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error deleting option {}: {}'.format(option_name, e))
return base_common.msg.error(msgs.ERROR_GET_OPTION)
_db.commit()
return base_common.msg.delete_ok()
def _get_user_by_token_from_redis(db, tk, is_active):
r = get_redis_db()
_rd = r.get(tk)
if not _rd:
log.critical('Cannot find users token {} in redis'.format(tk))
return False
import json.decoder
try:
_rd = json.loads(_rd.decode('utf-8'))
except json.decoder.JSONDecodeError as e:
log.critical('Error loading token {} string {}: {}'.format(tk, _rd, e))
return False
u_id = _rd['id_user']
return base_common.app_hooks.pack_user_by_id(db, u_id)
def _get_user_by_token_from_redis(db, tk, is_active):
r = get_redis_db()
_rd = r.get(tk)
if not _rd:
log.critical('Cannot find users token {} in redis'.format(tk))
return False
import json.decoder
try:
_rd = json.loads(_rd.decode('utf-8'))
except json.decoder.JSONDecodeError as e:
log.critical('Error loading token {} string {}: {}'.format(tk, _rd, e))
return False
u_id = _rd['id_user']
return base_common.app_hooks.pack_user_by_id(db, u_id)
def check_user_exists(username, db, userid=None):
dbc = db.cursor()
if userid:
q = "select id from users where id = '{}'".format(userid)
else:
q = "select id from users where username = '******'".format(username)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Check user: {}'.format(e))
return False
if dbc.rowcount != 1:
log.warning('Fund {} users with {} username'.format(dbc.rowcount, username))
return False
return True
def forgot_password_hook(request, receiver, tk, **kwargs):
message = get_email_message(request, receiver, tk)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', receiver)
rh1.set_argument('subject', 'Forgot password query')
rh1.set_argument('message', message)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message,
**kwargs)
if 'http_status' not in res or res['http_status'] != 204:
log.critical('Error save info message')
return False
return True
def change_username_success_hook(receiver, **kwargs):
message = 'Dear,<br/> Your username has been updated!<br/>Thank You!'
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', receiver)
rh1.set_argument('subject', 'Username successfully changed')
rh1.set_argument('message', message)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message,
**kwargs)
if 'http_status' not in res or res['http_status'] != 204:
log.critical('Error save info message')
return False
return True
def pack_user_by_id(db, id_user, get_dict=False):
"""
Pack users information in DBUser class instance
:param db: database
:param id_user: users id
:param get_dict: export user like DBUser or dict
:return: DBUser instance or user dict
"""
dbc = db.cursor()
q = "select id, username, password, role_flags, active from users where id = '{}'".format(
id_user)
import MySQLdb
try:
dbc.execute(q)
except MySQLdb.IntegrityError as e:
log.critical('Error find user by token: {}'.format(e))
return False
if dbc.rowcount != 1:
log.critical('Fount {} users with id {}'.format(dbc.rowcount, id_user))
return False
#DUMMY CLASS INSTANCE USER JUST FOR EASIER MANIPULATION OF DATA
class DBUser:
def dump_user(self):
ret = {}
for k in self.__dict__:
if self.__dict__[k]:
ret[k] = self.__dict__[k]
return ret
db_user = DBUser()
user = dbc.fetchone()
db_user.id_user = user['id']
db_user.username = user['username']
db_user.password = user['password']
db_user.role = user['role_flags']
db_user.active = user['active']
return db_user.dump_user() if get_dict else db_user
def pack_user_by_id(db, id_user, get_dict=False):
"""
Pack users information in DBUser class instance
:param db: database
:param id_user: users id
:param get_dict: export user like DBUser or dict
:return: DBUser instance or user dict
"""
dbc = db.cursor()
q = "select id, username, password, role_flags, active from users where id = '{}'".format(id_user)
import MySQLdb
try:
dbc.execute(q)
except MySQLdb.IntegrityError as e:
log.critical('Error find user by token: {}'.format(e))
return False
if dbc.rowcount != 1:
log.critical('Fount {} users with id {}'.format(dbc.rowcount, id_user))
return False
#DUMMY CLASS INSTANCE USER JUST FOR EASIER MANIPULATION OF DATA
class DBUser:
def dump_user(self):
ret = {}
for k in self.__dict__:
if self.__dict__[k]:
ret[k] = self.__dict__[k]
return ret
db_user = DBUser()
user = dbc.fetchone()
db_user.id_user = user['id']
db_user.username = user['username']
db_user.password = user['password']
db_user.role = user['role_flags']
db_user.active = user['active']
return db_user.dump_user() if get_dict else db_user
def do_get(h, grant_access, **kwargs):
"""
Get data for given hash
"""
_db = get_db()
dbc = _db.cursor()
get_data_q = prepare_get_query(h)
try:
dbc.execute(get_data_q)
except IntegrityError as e:
log.critical('Retrieve data for hash: {}'.format(e))
return base_common.msg.error('Retrieve hash data')
if dbc.rowcount != 1:
log.warning('Found {} hashes'.format(dbc.rowcount))
return base_common.msg.error('No data found for given hash')
dbd = dbc.fetchone()
d = dbd['data']
did = dbd['id']
d_last_accessed = dbd['last_access']
if d_last_accessed:
log.warning('New access to {}'.format(h))
if not log_hash_access(_db, did, kwargs['r_ip']):
log.warning("Error save hash access log")
if not grant_access:
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
try:
d = json.loads(d)
except Exception as e:
log.warning('Load hash data: {}'.format(e))
if not log_hash_access(_db, did, kwargs['r_ip']):
log.warning("Error save hash access log")
return base_common.msg.get_ok(d)
def set_mail_sent(id_message, message_sent_time, **kwargs):
"""
Set e-mail sent
"""
_db = get_db()
dbc = _db.cursor()
q = get_mail_query(id_message, message_sent_time)
from MySQLdb import IntegrityError
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Update mail queue: {}'.format(e))
return base_common.msg.error(msgs.ERROR_UPDATE_MESSAGE)
_db.commit()
return base_common.msg.patch_ok()
def check_user_exists(username, db, userid=None):
dbc = db.cursor()
if userid:
q = "select id from users where id = '{}'".format(userid)
else:
q = "select id from users where username = '******'".format(username)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Check user: {}'.format(e))
return False
if dbc.rowcount != 1:
log.warning('Fund {} users with {} username'.format(
dbc.rowcount, username))
return False
return True
def set_mail_sent(id_message, message_sent_time, **kwargs):
"""
Set e-mail sent
"""
_db = get_db()
dbc = _db.cursor()
q = get_mail_query(id_message, message_sent_time)
from MySQLdb import IntegrityError
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Update mail queue: {}'.format(e))
return base_common.msg.error(msgs.ERROR_UPDATE_MESSAGE)
_db.commit()
return base_common.msg.patch_ok()
def do_get(h, grant_access, **kwargs):
"""
Get data for given hash
"""
_db = get_db()
dbc = _db.cursor()
get_data_q = prepare_get_query(h)
try:
dbc.execute(get_data_q)
except IntegrityError as e:
log.critical('Retrieve data for hash: {}'.format(e))
return base_common.msg.error('Retrieve hash data')
if dbc.rowcount != 1:
log.warning('Found {} hashes'.format(dbc.rowcount))
return base_common.msg.error('No data found for given hash')
dbd = dbc.fetchone()
d = dbd['data']
did = dbd['id']
d_last_accessed = dbd['last_access']
if d_last_accessed:
log.warning('New access to {}'.format(h))
if not log_hash_access(_db, did, kwargs['r_ip']):
log.warning("Error save hash access log")
if not grant_access:
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
try:
d = json.loads(d)
except Exception as e:
log.warning('Load hash data: {}'.format(e))
if not log_hash_access(_db, did, kwargs['r_ip']):
log.warning("Error save hash access log")
return base_common.msg.get_ok(d)
def do_put(hdata, **kwargs):
"""
Save hash for give parameters
"""
_db = get_db()
dbc = _db.cursor()
h_id = sequencer().new('h')
h2p = prepare_hash2params_query(h_id, hdata)
try:
dbc.execute(h2p)
except IntegrityError as e:
log.critical('Insert hash for data: {}'.format(e))
return base_common.msg.error(msgs.ERROR_SAVE_HASH)
_db.commit()
return base_common.msg.post_ok({'h': h_id})
def check_args(installed_apps):
a = argparse.ArgumentParser()
if not installed_apps:
log.critical('There is no one application installed in DigitalBaseAPI')
a.exit(1, w_arning)
if len(installed_apps.keys()) > 1:
a.add_argument("app", help="Application to run with DigitalBaseAPI",
choices=[a for (a, b) in installed_apps.items()])
else:
a.add_argument("app", help="Application to run with DigitalBaseAPI",
choices=[a for (a, b) in installed_apps.items()],
default=list(installed_apps.keys())[0], nargs='?')
a.add_argument("-p", "--port", help="Application port")
a.add_argument("-t", "--test", help="TEST Application")
a.add_argument("-k", "--keep", help="TEST comma separated tables to keep in tests")
return a.parse_args()
def do_put(hdata, **kwargs):
"""
Save hash for give parameters
"""
_db = get_db()
dbc = _db.cursor()
h_id = sequencer().new('h')
h2p = prepare_hash2params_query(h_id, hdata)
try:
dbc.execute(h2p)
except IntegrityError as e:
log.critical('Insert hash for data: {}'.format(e))
return base_common.msg.error(msgs.ERROR_SAVE_HASH)
_db.commit()
return base_common.msg.post_ok({'h': h_id})
def wrapper(*args, **kwargs):
ags = []
request = kwargs['request_handler']
for a in arguments:
default_arg_value = a['default'] if 'default' in a else None
argmnt = a['arg'].strip()
atr = request.get_argument(argmnt, default=default_arg_value)
required = a['required'] if 'required' in a else True
if not atr:
if not required:
converted = None
else:
log.critical('Missing request argument: {}'.format(argmnt))
return base_common.msg.error(amsgs.MISSING_REQUEST_ARGUMENT)
else:
tip = a['type'] if 'type' in a else str
esc = a['escaped'] if 'escaped' in a else (tip in [str, 'e-mail'])
converted = _convert_args(atr, tip, esc)
if not converted:
if not (tip == int and converted == 0): # count 0 as int
c_type = "|type get error|"
try:
c_type = type(atr)
except Exception as e:
log.warning('Get argument type error: {}'.format(e))
log.critical('Invalid request argument {} type {}, expected {}'.format(atr, c_type, tip))
return base_common.msg.error(amsgs.INVALID_REQUEST_ARGUMENT)
ags.append(converted)
return original(*ags, **kwargs)
def __get_user_by_token_from_sql(dbc, tk, is_active):
q = '''SELECT
s.id id, s.id_user id_user, s.created created, s.closed closed
FROM
session_token s JOIN users u ON s.id_user = u.id
WHERE
s.id = '{}' {} AND NOT s.closed'''.format(
tk, ' AND u.active ' if is_active else '')
try:
dbc.execute(q)
except Exception as e:
log.critical('Get session: {}'.format(e))
return False
if dbc.rowcount != 1:
log.critical('Found {} sessions'.format(dbc.rowcount))
return False
return True
def do_post(newusername, password, redirect_url, **kwargs):
"""
Change username
"""
_db = get_db()
dbc = _db.cursor()
if check_user_registered(dbc, newusername):
return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN)
tk = kwargs['auth_token']
dbuser = get_user_by_token(_db, tk)
if not check_password(dbuser.password, dbuser.username, password):
log.critical('Wrong users password: {}'.format(password))
return base_common.msg.error(msgs.WRONG_PASSWORD)
passwd = format_password(newusername, password)
# SAVE HASH FOR USERNAME CHANGE
rh = BaseAPIRequestHandler()
# encryptuj pass, successfully landing page
data = {'cmd': 'change_username', 'newusername': newusername, 'id_user': dbuser.id_user,
'password': passwd, 'redirect_url': redirect_url}
rh.set_argument('data', json.dumps(data, ensure_ascii=False))
kwargs['request_handler'] = rh
res = base_api.hash2params.save_hash.do_put(json.dumps(data, ensure_ascii=False), **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
h = res['h']
if not change_username_hook(h, newusername, dbuser, **kwargs):
log.critical('Error finishing username change process')
return base_common.msg.error(msgs.ERROR_CHANGE_USERNAME)
return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def __get_user_by_token_from_sql(dbc, tk, is_active):
q = """SELECT
s.id id, s.id_user id_user, s.created created, s.closed closed
FROM
session_token s JOIN users u ON s.id_user = u.id
WHERE
s.id = '{}' {} AND NOT s.closed""".format(
tk, " AND u.active " if is_active else ""
)
try:
dbc.execute(q)
except Exception as e:
log.critical("Get session: {}".format(e))
return False
if dbc.rowcount != 1:
log.critical("Found {} sessions".format(dbc.rowcount))
return False
return True
def f_wrapper(*args, **kwargs):
try:
return origin_f(*args, **kwargs)
except Exception as e:
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
_list = '{}({})'.format(fname, exc_tb.tb_lineno)
_n = exc_tb.tb_next
_c = None
while _n:
_fname = os.path.split(_n.tb_frame.f_code.co_filename)[1]
_list += ' -> {}({})'.format(_fname, _n.tb_lineno)
_c = '{}({})'.format(_n.tb_frame.f_code.co_name, _n.tb_lineno)
_n = _n.tb_next
import inspect
parent_module = inspect.getmodule(origin_f)
log.critical('{} -> {} -> {} -> {} -> {}'.format(
parent_module.__name__, str(e), _list, origin_f.__name__, _c))
return base_common.msg.error(amsgs.API_CALL_EXCEPTION)
def do_put(sender, receiver, emessage, _get_id, **kwargs):
"""
Save e-mail message
"""
_db = get_db()
dbc = _db.cursor()
rdb = get_redis_db()
q = get_mail_query(sender, receiver, emessage)
from MySQLdb import IntegrityError
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Inserting mail queue: {}'.format(e))
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
_db.commit()
m_id = dbc.lastrowid
subject = 'General mail subject'
r_data = {
'id': m_id,
'sender': sender,
'receiver': receiver,
'subject': subject,
'message': emessage
}
r_data = json.dumps(r_data)
rdb.lpush(MAIL_CHANNEL, r_data)
if _get_id:
return base_common.msg.post_ok({'message_id': m_id})
return base_common.msg.post_ok()
def send_message(sender, _to, subject, message):
receiver = [{'email': _to, 'name': _to, 'type': 'to'}]
msg = {
'from_email': sender,
'from_name': sender,
'html': message,
'subject': subject,
'to': receiver,
# 'auto_html': None, # automatic html generating if html not provided
# 'auto_text': None, # automatic text generating if text not provided
# 'bcc_address': '*****@*****.**', # bcc address
# 'headers': {'Reply-To': '*****@*****.**'}, # additional headers
# 'inline_css': None, # if css has to be inline (only for <=256 line messages)
# 'preserve_recipients': None, # if every receiver has to see other receivers in header
# 'text': 'Example text content', # message plain text
# 'view_content_link': None # False for disable content logging for sensitive mails
}
# if _site:
# msg['metadata'] = {'website': _site}
# if tags:
# msg['tags'] = tags
m = get_mail_api()
try:
res = m.messages.send(message=msg, async=False)
except mandrill.Error as e:
log.critical('MANDRILL send message error: {}'.format(e))
return False
if 'status' not in res or res['status'] != 'sent':
log.warning('MANDRILL send mail error status: {}'.format(res))
return False
log.info('Receiver: {}, status: {}'.format(_to, res))
return True
def send_message(sender, _to, subject, message):
receiver = [{'email': _to, 'name': _to, 'type': 'to'}]
msg = {
'from_email': sender,
'from_name': sender,
'html': message,
'subject': subject,
'to': receiver,
# 'auto_html': None, # automatic html generating if html not provided
# 'auto_text': None, # automatic text generating if text not provided
# 'bcc_address': '*****@*****.**', # bcc address
# 'headers': {'Reply-To': '*****@*****.**'}, # additional headers
# 'inline_css': None, # if css has to be inline (only for <=256 line messages)
# 'preserve_recipients': None, # if every receiver has to see other receivers in header
# 'text': 'Example text content', # message plain text
# 'view_content_link': None # False for disable content logging for sensitive mails
}
# if _site:
# msg['metadata'] = {'website': _site}
# if tags:
# msg['tags'] = tags
m = get_mail_api()
try:
res = m.messages.send(message=msg, async=False)
except mandrill.Error as e:
log.critical('MANDRILL send message error: {}'.format(e))
return False
if 'status' not in res or res['status'] != 'sent':
log.warning('MANDRILL send mail error status: {}'.format(res))
return False
log.info('Receiver: {}, status: {}'.format(_to, res))
return True
