def _dev_auth_login(uid, password):
if app.config['DEVELOPER_AUTH_ENABLED']:
logger = app.logger
if password != app.config['DEVELOPER_AUTH_PASSWORD']:
logger.error('Dev-auth: Wrong password')
return tolerant_jsonify({'message': 'Invalid credentials'}, 401)
user_id = AuthorizedUser.get_id_per_uid(uid)
user = user_id and app.login_manager.user_callback(user_id=user_id,
flush_cached=True)
if user is None:
logger.error(
f'Dev-auth: User with UID {uid} is not registered in BOA.')
return tolerant_jsonify(
{
'message':
f'Sorry, user with UID {uid} is not registered to use BOA.'
}, 403)
if not user.is_active:
logger.error(
f'Dev-auth: UID {uid} is registered with BOA but not active.')
return tolerant_jsonify(
{
'message':
f'Sorry, user with UID {uid} is not authorized to use BOA.'
}, 403)
logger.info(f'Dev-auth used to log in as UID {uid}')
login_user(user, force=True, remember=True)
return tolerant_jsonify(current_user.to_api_json())
else:
raise ResourceNotFoundError('Unknown path')
def _login_user(user_id, redirect_path=None, tool_id=None):
app.logger.info(f'_login_user: user_id={user_id}, redirect_path={redirect_path}, tool_id={tool_id}')
authenticated = login_user(LoginSession(user_id), remember=True) and current_user.is_authenticated
if authenticated:
if redirect_path:
response = redirect(location=f"{app.config['VUE_LOCALHOST_BASE_URL'] or ''}{redirect_path}")
else:
response = tolerant_jsonify(current_user.to_api_json())
canvas_api_domain = current_user.course.canvas_api_domain
canvas = Canvas.find_by_domain(canvas_api_domain)
canvas_course_id = current_user.course.canvas_course_id
# Yummy cookies!
key = f'{canvas_api_domain}|{canvas_course_id}'
value = str(current_user.user_id)
response.set_cookie(
key=key,
value=value,
samesite='None',
secure=True,
)
app.logger.info(f'_login_user cookie: key={key} value={str(current_user.user_id)}')
response.set_cookie(
key=f'{canvas_api_domain}_supports_custom_messaging',
value=str(canvas.supports_custom_messaging),
samesite='None',
secure=True,
)
return response
elif tool_id:
raise UnauthorizedRequestError(f'Unauthorized user during {tool_id} LTI launch (user_id = {user_id})')
else:
return tolerant_jsonify({'message': f'User {user_id} failed to authenticate.'}, 403)
def batch_create_notes():
params = request.form
sids = _get_sids_for_note_creation()
subject = params.get('subject', None)
body = params.get('body', None)
topics = get_note_topics_from_http_post()
if not sids or not subject:
raise BadRequestError('Note creation requires \'subject\' and \'sid\'')
user_dept_codes = dept_codes_where_advising(current_user)
if current_user.is_admin or not len(user_dept_codes):
raise ForbiddenRequestError(
'Sorry, only advisors can create advising notes')
author_profile = _get_author_profile()
attachments = get_note_attachments_from_http_post(tolerate_none=True)
note_ids_per_sid = Note.create_batch(
author_id=current_user.to_api_json()['id'],
**author_profile,
subject=subject,
body=process_input_from_rich_text_editor(body),
topics=topics,
sids=sids,
attachments=attachments,
template_attachment_ids=get_template_attachment_ids_from_http_post(),
)
return tolerant_jsonify(note_ids_per_sid)
def logout():
logout_user()
redirect_url = app.config['VUE_LOCALHOST_BASE_URL'] or request.url_root
cas_logout_url = _cas_client().get_logout_url(redirect_url=redirect_url)
return tolerant_jsonify({
'casLogoutUrl': cas_logout_url,
**current_user.to_api_json(),
})
def create_notes():
benchmark = get_benchmarker('create_notes')
params = request.form
sids = _get_sids_for_note_creation()
benchmark(f'SID count: {len(sids)}')
body = params.get('body', None)
is_private = to_bool_or_none(params.get('isPrivate', False))
subject = params.get('subject', None)
topics = get_note_topics_from_http_post()
if not sids or not subject:
benchmark('end (BadRequest)')
raise BadRequestError(
'Note creation requires \'subject\' and \'sids\'')
dept_codes = dept_codes_where_advising(current_user)
if current_user.is_admin or not len(dept_codes):
benchmark('end (Forbidden)')
raise ForbiddenRequestError(
'Sorry, only advisors can create advising notes')
if is_private and not current_user.can_access_private_notes:
benchmark('end (Forbidden)')
raise ForbiddenRequestError(
'Sorry, you are not authorized to manage note privacy.')
attachments = get_note_attachments_from_http_post(tolerate_none=True)
benchmark(f'Attachment count: {len(attachments)}')
body = process_input_from_rich_text_editor(body)
template_attachment_ids = get_template_attachment_ids_from_http_post()
if len(sids) == 1:
note = Note.create(
**_get_author_profile(),
attachments=attachments,
body=body,
is_private=is_private,
sid=sids[0],
subject=subject,
template_attachment_ids=template_attachment_ids,
topics=topics,
)
response = tolerant_jsonify(
_boa_note_to_compatible_json(note, note_read=True))
else:
response = tolerant_jsonify(
Note.create_batch(
**_get_author_profile(),
attachments=attachments,
author_id=current_user.to_api_json()['id'],
body=body,
is_private=is_private,
sids=sids,
subject=subject,
template_attachment_ids=template_attachment_ids,
topics=topics,
), )
benchmark('end')
return response
def set_demo_mode():
if app.config['DEMO_MODE_AVAILABLE']:
in_demo_mode = request.get_json().get('demoMode', None)
if in_demo_mode is None:
raise errors.BadRequestError('Parameter \'demoMode\' not found')
user = AuthorizedUser.find_by_id(current_user.get_id())
user.in_demo_mode = bool(in_demo_mode)
current_user.flush_cached()
app.login_manager.reload_user()
return tolerant_jsonify(current_user.to_api_json())
else:
raise errors.ResourceNotFoundError('Unknown path')
def logout():
response = tolerant_jsonify(current_user.to_api_json())
# Delete our custom cookies
canvas_api_domain = current_user.course.canvas_api_domain
keys = [
f'{canvas_api_domain}|{current_user.course.canvas_course_id}',
f'{canvas_api_domain}_supports_custom_messaging',
]
for key in keys:
response.set_cookie(key, '', samesite='None', secure=True, expires=0)
logout_user()
return response
def _get_author_profile():
author = current_user.to_api_json()
role = current_user.departments[0]['role'] if current_user.departments else None
calnet_profile = get_calnet_user_for_uid(app, author['uid'])
if calnet_profile and calnet_profile.get('departments'):
dept_codes = [dept.get('code') for dept in calnet_profile.get('departments')]
else:
dept_codes = current_user.dept_codes
return {
'author_uid': author['uid'],
'author_name': author['name'],
'author_role': role,
'author_dept_codes': dept_codes,
}
def get_current_user_profile():
cohorts = []
for cohort in CohortFilter.get_cohorts(current_user.get_id()):
cohort['isOwnedByCurrentUser'] = True
cohorts.append(cohort)
return {
**current_user.to_api_json(),
'myCohorts': cohorts,
'myCuratedGroups': get_my_curated_groups(),
'preferences': {
'admitSortBy': 'last_name',
'sortBy': 'last_name',
'termId': current_term_id(),
},
}
def dev_auth_login():
if app.config['DEV_AUTH_ENABLED']:
params = request.get_json() or {}
uid = params.get('uid')
password = params.get('password')
if password != app.config['DEV_AUTH_PASSWORD']:
return tolerant_jsonify({'message': 'Invalid credentials'}, 401)
user = User(uid)
if not user.is_active:
msg = f'UID {uid} is neither an Admin user nor active in CalNet.'
app.logger.error(msg)
return tolerant_jsonify({'message': msg}, 403)
if not login_user(user, force=True, remember=True):
msg = f'The system failed to log in user with UID {uid}.'
app.logger.error(msg)
return tolerant_jsonify({'message': msg}, 403)
return tolerant_jsonify(current_user.to_api_json(include_courses=True))
else:
raise ResourceNotFoundError('Unknown path')
def _get_author_profile():
author = current_user.to_api_json()
calnet_profile = get_calnet_user_for_uid(app, author['uid'])
if calnet_profile and calnet_profile.get('departments'):
dept_codes = [dept.get('code') for dept in calnet_profile.get('departments')]
else:
dept_codes = dept_codes_where_advising(current_user)
if calnet_profile and calnet_profile.get('title'):
role = calnet_profile['title']
elif current_user.departments:
role = current_user.departments[0]['role']
else:
role = None
return {
'author_uid': author['uid'],
'author_name': author['name'],
'author_role': role,
'author_dept_codes': dept_codes,
}
def my_profile():
return tolerant_jsonify(current_user.to_api_json(include_courses=True))
def my_profile():
return tolerant_jsonify(current_user.to_api_json())
def session_keep_alive():
return tolerant_jsonify(current_user.to_api_json())
def logout():
_logout_user()
return tolerant_jsonify(current_user.to_api_json())
