class TempToken(): def __init__(self, request, context=None): self.request: Request = request self.secret = request.registry.settings['secret_key'] @view(require_csrf=False) def post(self): return self._post(self.request) @staticmethod @validate(valid_api_token, has_keywords_in_json_path(('token', str))) def _post(request): token = request.json_body['token'] if check_jwt(request, token): payload = request.validated['token-payload'] if 'sub' in payload: del payload['sub'] del payload['exp'] del payload['iat'] response = request.response response.content_type = "text/plain" response.text = encode_payload(request, payload) return response
def test_has_multiple_keywords(self): request = construct_dummy_request({'string': 'foo', 'bool': True}) response = has_keywords_in_json_path(('string', str), ('bool', bool))(request) self.assertTrue(response) self.assertIn('string', request.validated) self.assertIn('bool', request.validated)
def test_has_number_keywords(self): request = construct_dummy_request(json_body={'int': 4, 'float': 4.0}) response = has_keywords_in_json_path(('int', int), ('float', float))(request) self.assertTrue(response) self.assertIn('int', request.validated) self.assertIn('float', request.validated)
def valid_new_issue(request): """ Verifies given data for a new issue :param request: :return: """ fn_validator = has_keywords_in_json_path(('title', str), ('info', str), ('long_info', str)) if not fn_validator(request): return False title = escape_if_string(request.validated, 'title') info = escape_if_string(request.validated, 'info') long_info = escape_if_string(request.validated, 'long_info') new_issue = __check_for_empty_fields(title=title, info=info, long_info=long_info, request=request) if new_issue.get('contains_empty_field'): add_error(request, 'There is an empty field', new_issue.get('error')) return False new_issue = __check_for_duplicated_field(title=title, info=info, long_info=long_info, request=request) if new_issue.get('contains_duplicated_field'): add_error(request, 'Issue data is a duplicate', new_issue.get('error')) return False return True
def test_has_keywords(): request = construct_dummy_request() fn = core.has_keywords_in_json_path(('foo', int)) response = fn(request) assert type(response) == bool assert response is False request = construct_dummy_request({'foo': 'bar'}) fn = core.has_keywords_in_json_path(('foo', int)) response = fn(request) assert type(response) == bool assert response is False request = construct_dummy_request({'foo': 2}) fn = core.has_keywords_in_json_path(('foo', int)) response = fn(request) assert type(response) == bool assert response is True
class ApiUser(object): def __init__(self, request, context=None): self.request = request @staticmethod def external_view(db_user: User): return { 'id': db_user.uid, 'nickname': db_user.public_nickname } def get(self): db_user: User = DBDiscussionSession.query(User).get(int(self.request.matchdict['id'])) if db_user: return ApiUser.external_view(db_user) else: self.request.response.status = 404 return "This user-id does not exist." @staticmethod def collection_get(): db_users: List[User] = DBDiscussionSession.query(User).all() return [ApiUser.external_view(db_user) for db_user in db_users] @view(require_csrf=False) def collection_post(self): return self._collection_post(self.request) @staticmethod @validate(valid_api_token, has_keywords_in_json_path(('firstname', str), ('lastname', str), ('nickname', str), ('email', str), ('gender', str), ('id', int), ('locale', str), ('service', str))) def _collection_post(request): result = set_new_oauth_user(request.json_body, request.json_body['id'], request.json_body['service'], Translator(request.json_body['locale'])) if result["success"]: request.response.status = 201 return {"id": result["user"].uid} else: request.response.status = 400 return result["error"]
def valid_user_as_author_of_statement(request): """ :param request: :return: """ if not has_keywords_in_json_path(('statement_id', int))(request): return False statement_id = request.validated['statement_id'] if valid_user(request): db_user = request.validated['user'] db_textversion = DBDiscussionSession.query(TextVersion) \ .filter_by(statement_uid=statement_id) \ .order_by(TextVersion.uid.asc()).first() if db_textversion and db_textversion.author_uid == db_user.uid: request.validated['statement'] = DBDiscussionSession.query(Statement).get(statement_id) return True else: _tn = Translator(get_language_from_cookie(request)) add_error(request, _tn.get(_.userIsNotAuthorOfStatement)) return False
ref_uid = request.validated["ref_uid"] LOG.debug("Retrieving reference usages for ref_uid {}".format(ref_uid)) db_ref: StatementReference = DBDiscussionSession.query( StatementReference).get(ref_uid) if db_ref: return get_all_references_by_reference_text(db_ref.text) return error("Reference could not be found") # ============================================================================= # USER MANAGEMENT # ============================================================================= @login.post(require_csrf=False) @validate(has_keywords_in_json_path(('nickname', str), ('password', str)), validate_credentials) def user_login(request): """ Check provided credentials and return a token, if it is a valid user. The function body is only executed, if the validator added a request.validated field. :param request: :return: token and nickname """ user: User = request.validated['user'] LOG.debug('User authenticated: {}'.format(user.public_nickname)) return { 'nickname': user.public_nickname, 'uid': user.uid, 'token': request.validated['token']
def test_has_keywords_with_wrong_type(self): request = construct_dummy_request(json_body={'int': 4}) response = has_keywords_in_json_path(('int', float))(request) self.assertFalse(response) self.assertNotIn('int', request.validated)
def test_has_keywords_without_keyword(self): request = construct_dummy_request(json_body={'foo': 42}) response = has_keywords_in_json_path(('bar', int))(request) self.assertFalse(response) self.assertNotIn('bar', request.validated)
def test_empty_dummy_request(self): request = construct_dummy_request(json_body={}) fn = core.has_keywords_in_json_path(('foo', int)) response = fn(request) self.assertIsInstance(response, bool) self.assertFalse(response)
def test_has_list_keywords(self): request = construct_dummy_request(json_body={'list': ['<:)']}) response = has_keywords_in_json_path(('list', list))(request) self.assertTrue(response) self.assertIn('list', request.validated)
@validate(valid_user) def delete_statistics(request): """ Request to delete votes/clicks of the user. :param request: request of the web server :return: json-dict() """ LOG.debug("Delete votes and clicks of a user") db_user = request.validated['user'] return clear_vote_and_seen_values_of_user(db_user) @view_config(route_name='set_discussion_properties', renderer='json') @validate(valid_user, valid_any_issue_by_id, has_keywords_in_json_path(('property', bool), ('value', str))) def set_discussion_properties(request): """ Set availability, read-only, ... flags in the admin panel. :param request: current request of the server :return: json-dict() """ LOG.debug("Request.params: %s", request.json_body) _tn = Translator(get_language_from_cookie(request)) prop = request.validated['property'] db_user = request.validated['user'] issue = request.validated['issue'] value = request.validated['value'] return set_discussions_properties(db_user, issue, prop, value, _tn)
def test_has_one_keyword(self): request = construct_dummy_request(json_body={'string': 'foo'}) response = has_keywords_in_json_path(('string', str))(request) self.assertTrue(response) self.assertIn('string', request.validated)
# ajax - set users opinion # ################################### # ADDTIONAL AJAX STUFF # GET THINGS # # ################################### # ajax - getting changelog of a statement # ajax - for shorten url @view_config(route_name='get_shortened_url', renderer='json') @validate(has_keywords_in_json_path(('url', str))) def get_shortened_url(request): """ Shortens url with the help of a python lib :param request: current request of the server :return: dictionary with shortend url """ LOG.debug("Shorten URL") return generate_short_url(request.validated['url']) # ajax - for getting all news @view_config(route_name='get_news', renderer='json') def get_news(request): """
:rtype: list """ ref_uid = request.validated["ref_uid"] LOG.debug(f"Retrieving reference usages for ref_uid {ref_uid}") db_ref: StatementReference = DBDiscussionSession.query(StatementReference).get(ref_uid) if db_ref: return get_all_references_by_reference(db_ref) return HTTPNotFound("Reference could not be found") # ============================================================================= # USER MANAGEMENT # ============================================================================= @login.post(require_csrf=False) @validate(has_keywords_in_json_path(('nickname', str), ('password', str)), validate_credentials) def user_login(request): """ Check provided credentials and return a token, if it is a valid user. The function body is only executed, if the validator added a request.validated field. :param request: :return: token and nickname """ user: User = request.validated['user'] LOG.debug('User authenticated: {}'.format(user.public_nickname)) return { 'nickname': user.public_nickname, 'uid': user.uid, 'token': request.validated['token'] }
def test_provided_int_expected_int_should_succeed(self): request = construct_dummy_request(json_body={'foo': 2}) fn = core.has_keywords_in_json_path(('foo', int)) response = fn(request) self.assertIsInstance(response, bool) self.assertTrue(response)
from dbas.review.queue.split import SplitQueue from dbas.strings.translator import Translator from dbas.validators.core import validate, has_keywords_in_json_path, has_maybe_keywords from dbas.validators.database import valid_database_model from dbas.validators.discussion import valid_premisegroup, valid_text_values, valid_statement, valid_argument from dbas.validators.reviews import valid_review_reason, valid_not_executed_review, valid_uid_as_row_in_review_queue from dbas.validators.user import valid_user, valid_user_as_author, valid_user_as_author_of_statement, \ valid_user_as_author_of_argument from websocket.lib import send_request_for_recent_reviewer_socketio LOG = logging.getLogger(__name__) @view_config(route_name='flag_argument_or_statement', renderer='json') @validate(valid_user, valid_review_reason, has_keywords_in_json_path(('uid', int), ('is_argument', bool)), has_maybe_keywords(('extra_uid', int, None))) def flag_argument_or_statement(request): """ Flags an argument or statement for a specific reason :param request: current request of the server :return: json-dict() """ LOG.debug("Flag an argument or statement. %s", request.json_body) ui_locales = get_discussion_language(request.matchdict, request.params, request.session) uid = request.validated['uid'] reason = request.validated['reason'] extra_uid = request.validated['extra_uid'] is_argument = request.validated['is_argument']
return { 'language': str(ui_locales), 'title': 'Admin - ' + table_name, 'project': project_name, 'extras': extras_dict, 'table': table_dict, 'discussion': { 'broke_limit': False } } @update_row.post() @validate(valid_user_as_admin, valid_table_name, has_keywords_in_json_path(('keys', list), ('uids', list), ('values', list))) def main_update(request): """ View configuration for updating any row :param request: current webservers request :return: dict() """ LOG.debug("def %s", request.params) table = request.validated['table'] uids = request.validated['uids'] keys = request.validated['keys'] values = request.validated['values'] return lib.update_row(table, uids, keys, values)
:param request: current request of the server :return: dict() with success and message """ LOG.debug("Register new user via AJAX. %s", request.json_body) mailer = request.mailer lang = request.validated['lang'] success, info, new_user = register_user_with_json_data( request.validated, lang, mailer) return {'success': str(success), 'error': '', 'info': str(info)} @view_config(route_name='user_password_request', renderer='json') @validate(valid_lang_cookie_fallback, has_keywords_in_json_path( ('email', str))) def user_password_request(request): """ Sends an email, when the user requests his password :param request: current request of the server :return: dict() with success and message """ LOG.debug("Send a password request E-Mail. %s", request.json_body) _tn = Translator(request.validated['lang']) return request_password(request.validated['email'], request.mailer, _tn) @view_config(route_name='set_user_setting', renderer='json') @validate(valid_user, has_keywords_in_json_path(('settings_value', bool),
from dbas.handler.settings import set_settings from dbas.helper.query import set_user_language from dbas.strings.keywords import Keywords as _ from dbas.strings.translator import Translator from dbas.validators.common import valid_lang_cookie_fallback from dbas.validators.core import has_keywords_in_json_path, has_maybe_keywords, validate from dbas.validators.notifications import valid_notification_title, valid_notification_text, \ valid_notification_recipient from dbas.validators.user import valid_user LOG = logging.getLogger(__name__) @view_config(request_method='POST', route_name='user_login', renderer='json') @validate( has_keywords_in_json_path(('user', str), ('password', str), ('keep_login', bool)), has_maybe_keywords(('redirect_url', str, ''))) def user_login(request): """ Will login the user by his nickname and password :param request: request of the web server :return: dict() with error """ LOG.debug("Login user with Nickname and Password") lang = get_language_from_cookie(request) nickname = request.validated['user'] password = request.validated['password'] keep_login = request.validated['keep_login'] redirect_url = request.validated['redirect_url']
return_dict = graph return_dict.update({'type': 'complete'}) if not error: return_dict.update({'path': get_path_of_user(request.application_url, path, db_issue)}) return_dict.update({'error': ''}) else: # gets called if the data itself is malicious ui_locales = get_language_from_cookie(request) _t = Translator(ui_locales) error = _t.get(_.internalKeyError) return_dict = {'error': error} return return_dict @partial_graph.post() @validate(valid_issue_by_id, has_keywords_in_json_path(('uid', int), ('is_argument', bool), ('path', str))) def get_d3_partial_dump(request): LOG.debug("Create partial d3 dump. %s", request.json_body) path = request.validated['path'] uid = request.validated['uid'] is_argument = request.validated['is_argument'] db_issue = request.validated['issue'] return_dict = { 'type': 'partial' } if is_argument: graph, error = get_partial_graph_for_argument(uid, db_issue) else: graph, error = get_partial_graph_for_statement(uid, db_issue, path)
def test_provided_string_expected_int_should_fail(self): request = construct_dummy_request(json_body={'foo': 'bar'}) fn = core.has_keywords_in_json_path(('foo', int)) response = fn(request) self.assertIsInstance(response, bool) self.assertFalse(response)