def attach_bitbucket_trigger(namespace_name, repo_name):
permission = AdministerRepositoryPermission(namespace_name, repo_name)
if permission.can():
repo = model.repository.get_repository(namespace_name, repo_name)
if not repo:
msg = "Invalid repository: %s/%s" % (namespace_name, repo_name)
abort(404, message=msg)
elif repo.kind.name != "image":
abort(501)
trigger = model.build.create_build_trigger(
repo, BitbucketBuildTrigger.service_name(), None,
current_user.db_user())
try:
oauth_info = BuildTriggerHandler.get_handler(
trigger).get_oauth_url()
except TriggerProviderException:
trigger.delete_instance()
logger.debug("Could not retrieve Bitbucket OAuth URL")
abort(500)
config = {"access_token": oauth_info["access_token"]}
access_token_secret = oauth_info["access_token_secret"]
model.build.update_build_trigger(trigger,
config,
auth_token=access_token_secret)
return redirect(oauth_info["url"])
abort(403)
def user_subscribe():
def wrapper(listener):
logger.debug("Beginning streaming of user events")
try:
yield "data: %s\n\n" % json.dumps({})
for event_id, data in listener.event_stream():
message = {"event": event_id, "data": data}
json_string = json.dumps(message)
yield "data: %s\n\n" % json_string
finally:
logger.debug("Closing listener due to exception")
listener.stop()
events = request.args.get("events", "").split(",")
if not events:
abort(404)
try:
listener = userevents.get_listener(current_user.db_user().username,
events)
except CannotReadUserEventsException:
abort(504)
def on_close():
logger.debug("Closing listener due to response close")
listener.stop()
r = Response(wrapper(listener), mimetype="text/event-stream")
r.call_on_close(on_close)
return r
def attach_bitbucket_build_trigger(trigger_uuid):
trigger = model.build.get_build_trigger(trigger_uuid)
if not trigger or trigger.service.name != BitbucketBuildTrigger.service_name(
):
abort(404)
if trigger.connected_user != current_user.db_user():
abort(404)
verifier = request.args.get('oauth_verifier')
handler = BuildTriggerHandler.get_handler(trigger)
result = handler.exchange_verifier(verifier)
if not result:
trigger.delete_instance()
return 'Token has expired'
namespace = trigger.repository.namespace_user.username
repository = trigger.repository.name
repo_path = '%s/%s' % (namespace, repository)
full_url = url_for('web.buildtrigger',
path=repo_path,
trigger=trigger.uuid)
logger.debug('Redirecting to full url: %s', full_url)
return redirect(full_url)
def receipt():
if not current_user.is_authenticated:
abort(401)
return
invoice_id = request.args.get('id')
if invoice_id:
invoice = stripe.Invoice.retrieve(invoice_id)
if invoice:
user_or_org = model.user.get_user_or_org_by_customer_id(invoice.customer)
if user_or_org:
if user_or_org.organization:
admin_org = AdministerOrganizationPermission(user_or_org.username)
if not admin_org.can():
abort(404)
return
else:
if not user_or_org.username == current_user.db_user().username:
abort(404)
return
def format_date(timestamp):
return datetime.fromtimestamp(timestamp).strftime('%Y-%m-%d')
file_data = renderInvoiceToPdf(invoice, user_or_org)
receipt_filename = 'quay-receipt-%s.pdf' % (format_date(invoice.date))
return Response(file_data,
mimetype="application/pdf",
headers={"Content-Disposition": "attachment;filename=" + receipt_filename})
abort(404)
def validate_session_cookie(auth_header_unusued=None):
""" Attempts to load a user from a session cookie. """
if current_user.is_anonymous:
return ValidateResult(AuthKind.cookie, missing=True)
try:
# Attempt to parse the user uuid to make sure the cookie has the right value type
UUID(current_user.get_id())
except ValueError:
logger.debug('Got non-UUID for session cookie user: %s',
current_user.get_id())
return ValidateResult(AuthKind.cookie,
error_message='Invalid session cookie format')
logger.debug('Loading user from cookie: %s', current_user.get_id())
db_user = current_user.db_user()
if db_user is None:
return ValidateResult(AuthKind.cookie,
error_message='Could not find matching user')
# Don't allow disabled users to login.
if not db_user.enabled:
logger.debug('User %s in session cookie is disabled', db_user.username)
return ValidateResult(AuthKind.cookie,
error_message='User account is disabled')
# Don't allow organizations to "login".
if db_user.organization:
logger.debug('User %s in session cookie is in-fact organization',
db_user.username)
return ValidateResult(AuthKind.cookie,
error_message='Cannot login to organization')
return ValidateResult(AuthKind.cookie, user=db_user)
def attach_gitlab_build_trigger():
state = request.args.get("state", None)
if not state:
abort(400)
state = state[len("repo:") :]
try:
[namespace, repository] = state.split("/")
except ValueError:
abort(400)
permission = AdministerRepositoryPermission(namespace, repository)
if permission.can():
code = request.args.get("code")
token = gitlab_trigger.exchange_code_for_token(
app.config, client, code, redirect_suffix="/trigger"
)
if not token:
msg = "Could not exchange token. It may have expired."
abort(404, message=msg)
repo = model.repository.get_repository(namespace, repository)
if not repo:
msg = "Invalid repository: %s/%s" % (namespace, repository)
abort(404, message=msg)
elif repo.kind.name != "image":
abort(501)
trigger = model.build.create_build_trigger(repo, "gitlab", token, current_user.db_user())
repo_path = "%s/%s" % (namespace, repository)
full_url = url_for("web.buildtrigger", path=repo_path, trigger=trigger.uuid)
logger.debug("Redirecting to full url: %s", full_url)
return redirect(full_url)
abort(403)
def request_authorization_code():
provider = FlaskAuthorizationProvider()
response_type = request.args.get("response_type", "code")
client_id = request.args.get("client_id", None)
redirect_uri = request.args.get("redirect_uri", None)
scope = request.args.get("scope", None)
if not current_user.is_authenticated or not provider.validate_has_scopes(
client_id, current_user.db_user().username, scope
):
if not provider.validate_redirect_uri(client_id, redirect_uri):
current_app = provider.get_application_for_client_id(client_id)
if not current_app:
abort(404)
return provider._make_redirect_error_response(
current_app.redirect_uri, "redirect_uri_mismatch"
)
# Load the scope information.
scope_info = scopes.get_scope_information(scope)
if not scope_info:
abort(404)
return
# Load the application information.
oauth_app = provider.get_application_for_client_id(client_id)
app_email = oauth_app.avatar_email or oauth_app.organization.email
oauth_app_view = {
"name": oauth_app.name,
"description": oauth_app.description,
"url": oauth_app.application_uri,
"avatar": json.dumps(avatar.get_data(oauth_app.name, app_email, "app")),
"organization": {
"name": oauth_app.organization.username,
"avatar": json.dumps(avatar.get_data_for_org(oauth_app.organization)),
},
}
# Show the authorization page.
has_dangerous_scopes = any([check_scope["dangerous"] for check_scope in scope_info])
return render_page_template_with_routedata(
"oauthorize.html",
scopes=scope_info,
has_dangerous_scopes=has_dangerous_scopes,
application=oauth_app_view,
enumerate=enumerate,
client_id=client_id,
redirect_uri=redirect_uri,
scope=scope,
csrf_token_val=generate_csrf_token(),
)
if response_type == "token":
return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope)
else:
return provider.get_authorization_code(response_type, client_id, redirect_uri, scope=scope)
def request_authorization_code():
provider = FlaskAuthorizationProvider()
response_type = request.args.get('response_type', 'code')
client_id = request.args.get('client_id', None)
redirect_uri = request.args.get('redirect_uri', None)
scope = request.args.get('scope', None)
if (not current_user.is_authenticated or
not provider.validate_has_scopes(client_id, current_user.db_user().username, scope)):
if not provider.validate_redirect_uri(client_id, redirect_uri):
current_app = provider.get_application_for_client_id(client_id)
if not current_app:
abort(404)
return provider._make_redirect_error_response(current_app.redirect_uri,
'redirect_uri_mismatch')
# Load the scope information.
scope_info = scopes.get_scope_information(scope)
if not scope_info:
abort(404)
return
# Load the application information.
oauth_app = provider.get_application_for_client_id(client_id)
app_email = oauth_app.avatar_email or oauth_app.organization.email
oauth_app_view = {
'name': oauth_app.name,
'description': oauth_app.description,
'url': oauth_app.application_uri,
'avatar': json.dumps(avatar.get_data(oauth_app.name, app_email, 'app')),
'organization': {
'name': oauth_app.organization.username,
'avatar': json.dumps(avatar.get_data_for_org(oauth_app.organization))
}
}
# Show the authorization page.
has_dangerous_scopes = any([check_scope['dangerous'] for check_scope in scope_info])
return render_page_template_with_routedata('oauthorize.html', scopes=scope_info,
has_dangerous_scopes=has_dangerous_scopes,
application=oauth_app_view,
enumerate=enumerate, client_id=client_id,
redirect_uri=redirect_uri, scope=scope,
csrf_token_val=generate_csrf_token())
if response_type == 'token':
return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope)
else:
return provider.get_authorization_code(response_type, client_id, redirect_uri, scope=scope)
def attach_custom_build_trigger(namespace_name, repo_name):
permission = AdministerRepositoryPermission(namespace_name, repo_name)
if permission.can():
repo = model.repository.get_repository(namespace_name, repo_name)
if not repo:
msg = 'Invalid repository: %s/%s' % (namespace_name, repo_name)
abort(404, message=msg)
elif repo.kind.name != 'image':
abort(501)
trigger = model.build.create_build_trigger(repo, CustomBuildTrigger.service_name(),
None, current_user.db_user())
repo_path = '%s/%s' % (namespace_name, repo_name)
full_url = url_for('web.buildtrigger', path=repo_path, trigger=trigger.uuid)
logger.debug('Redirecting to full url: %s', full_url)
return redirect(full_url)
abort(403)
def attach_gitlab_build_trigger():
state = request.args.get('state', None)
if not state:
abort(400)
state = state[len('repo:'):]
try:
[namespace, repository] = state.split('/')
except ValueError:
abort(400)
permission = AdministerRepositoryPermission(namespace, repository)
if permission.can():
code = request.args.get('code')
token = gitlab_trigger.exchange_code_for_token(
app.config, client, code, redirect_suffix='/trigger')
if not token:
msg = 'Could not exchange token. It may have expired.'
abort(404, message=msg)
repo = model.repository.get_repository(namespace, repository)
if not repo:
msg = 'Invalid repository: %s/%s' % (namespace, repository)
abort(404, message=msg)
elif repo.kind.name != 'image':
abort(501)
trigger = model.build.create_build_trigger(repo, 'gitlab', token,
current_user.db_user())
repo_path = '%s/%s' % (namespace, repository)
full_url = url_for('web.buildtrigger',
path=repo_path,
trigger=trigger.uuid)
logger.debug('Redirecting to full url: %s', full_url)
return redirect(full_url)
abort(403)
def attach_github_build_trigger(namespace_name, repo_name):
permission = AdministerRepositoryPermission(namespace_name, repo_name)
if permission.can():
code = request.args.get('code')
token = github_trigger.exchange_code_for_token(app.config, client,
code)
repo = model.repository.get_repository(namespace_name, repo_name)
if not repo:
msg = 'Invalid repository: %s/%s' % (namespace_name, repo_name)
abort(404, message=msg)
elif repo.kind.name != 'image':
abort(501)
trigger = model.build.create_build_trigger(repo, 'github', token,
current_user.db_user())
repo_path = '%s/%s' % (namespace_name, repo_name)
full_url = url_for('web.buildtrigger',
path=repo_path,
trigger=trigger.uuid)
logger.debug('Redirecting to full url: %s', full_url)
return redirect(full_url)
abort(403)
def user_test():
evt = userevents.get_event(current_user.db_user().username)
evt.publish_event_data("test", {"foo": 2})
return "OK"
def user_test():
evt = userevents.get_event(current_user.db_user().username)
evt.publish_event_data('test', {'foo': 2})
return 'OK'
