import json
from flask import request
from flask_login import login_required
from redash import models
from redash.handlers import routes
from redash.handlers.base import json_response, org_scoped_rule
from redash.permissions import require_admin
@routes.route(org_scoped_rule('/api/organization/status'), methods=['GET'])
@login_required
def organization_status(org_slug=None):
counters = {
'users':
models.User.query.count(),
'alerts':
models.Alert.query.count(),
'data_sources':
models.DataSource.query.count(),
'queries':
models.Query.query.filter(models.Query.is_archived == False).count(),
'dashboards':
models.Dashboard.query.filter(
models.Dashboard.is_archived == False).count(),
}
return json_response(dict(object_counters=counters))
import logging
from flask import redirect, url_for, Blueprint, request
from redash.authentication import create_and_login_user, logout_and_redirect_to_index, get_next_path
from redash.authentication.org_resolving import current_org
from redash.handlers.base import org_scoped_rule
from redash import settings
logger = logging.getLogger('remote_user_auth')
blueprint = Blueprint('remote_user_auth', __name__)
@blueprint.route(org_scoped_rule("/remote_user/login"))
def login(org_slug=None):
unsafe_next_path = request.args.get('next')
next_path = get_next_path(unsafe_next_path)
if not settings.REMOTE_USER_LOGIN_ENABLED:
logger.error("Cannot use remote user for login without being enabled in settings")
return redirect(url_for('redash.index', next=next_path, org_slug=org_slug))
email = request.headers.get(settings.REMOTE_USER_HEADER)
# Some Apache auth configurations will, stupidly, set (null) instead of a
# falsey value. Special case that here so it Just Works for more installs.
# '(null)' should never really be a value that anyone wants to legitimately
# use as a redash user email.
if email == '(null)':
email = None
if not email:
logger.error("Cannot use remote user for login when it's not provided in the request (looked in headers['" + settings.REMOTE_USER_HEADER + "'])")
def register_static_routes(rules):
# Make sure that / is the first route considered as index.
routes.add_url_rule(org_scoped_rule("/"), "index", index)
for rule in rules:
routes.add_url_rule(org_scoped_rule(rule), None, index)
"schedule": "interval",
"-schedule": "-interval",
"runtime": "query_results-runtime",
"-runtime": "-query_results-runtime",
"executed_at": "query_results-retrieved_at",
"-executed_at": "-query_results-retrieved_at",
"created_by": "users-name",
"-created_by": "-users-name",
}
order_results = partial(
_order_results, default_order="-created_at", allowed_orders=order_map
)
@routes.route(org_scoped_rule("/api/queries/format"), methods=["POST"])
@login_required
def format_sql_query(org_slug=None):
"""
Formats an SQL query using the Python ``sqlparse`` formatter.
:<json string query: The SQL text to format
:>json string query: Formatted SQL text
"""
arguments = request.get_json(force=True)
query = arguments.get("query", "")
return jsonify(
{"query": sqlparse.format(query, **settings.SQLPARSE_FORMAT_OPTIONS)}
)
from flask_restful import abort
from flask_login import login_required
import sqlparse
from funcy import distinct, take
from itertools import chain
from redash.handlers.base import routes, org_scoped_rule
from redash.handlers.query_results import run_query
from redash import models
from redash.permissions import require_permission, require_access, require_admin_or_owner, not_view_only, view_only
from redash.handlers.base import BaseResource, get_object_or_404
from redash.utils import collect_parameters_from_request
@routes.route(org_scoped_rule('/api/queries/format'), methods=['POST'])
@login_required
def format_sql_query(org_slug=None):
arguments = request.get_json(force=True)
query = arguments.get("query", "")
return sqlparse.format(query, reindent=True, keyword_case='upper')
class QuerySearchResource(BaseResource):
@require_permission('view_query')
def get(self):
term = request.args.get('q', '')
return [q.to_dict() for q in models.Query.search(term, self.current_user.groups)]
import os
from flask import current_app, render_template, safe_join, send_file
from werkzeug.exceptions import NotFound
from flask_login import login_required
from redash import settings
from redash.handlers import routes
from redash.handlers.authentication import base_href
from redash.handlers.base import org_scoped_rule
def render_index():
if settings.MULTI_ORG:
response = render_template("multi_org.html", base_href=base_href())
else:
full_path = safe_join(settings.STATIC_ASSETS_PATH, 'index.html')
response = send_file(full_path, **dict(cache_timeout=0, conditional=True))
return response
@routes.route(org_scoped_rule('/<path:path>'))
@routes.route(org_scoped_rule('/'))
@login_required
def index(**kwargs):
return render_index()
def render_index(access_token=None):
access_token = "undefined" if access_token is None else access_token
if settings.MULTI_ORG:
response = render_template("multi_org.html", base_href=base_href(), access_token=access_token)
else:
## TODO: maybe do it gracefully
template_path = safe_join(settings.STATIC_ASSETS_PATH, "index.html")
full_path = safe_join(settings.STATIC_ASSETS_PATH, "index_embed.html")
with open(template_path, "r") as f1, open(full_path, "w") as f2:
content = f1.read()
template = content.replace("{{access_token}}", access_token)
f2.write(template)
response = send_file(full_path, **dict(cache_timeout=0, conditional=True))
return response
@routes.route(org_scoped_rule("/dashboard/<slug>"), methods=["GET"])
@login_required
@csp_allows_embeding
def dashboard(slug, org_slug=None):
return render_index()
@routes.route(org_scoped_rule("/<path:path>"))
@routes.route(org_scoped_rule("/"))
@login_required
def index(**kwargs):
return render_index()
from ldap3 import Server, Connection
except ImportError:
if settings.LDAP_LOGIN_ENABLED:
sys.exit("The ldap3 library was not found. This is required to use LDAP authentication (see requirements.txt).")
from redash.authentication import create_and_login_user, logout_and_redirect_to_index, get_next_path
from redash.authentication.org_resolving import current_org
from redash.handlers.base import org_scoped_rule
logger = logging.getLogger('ldap_auth')
blueprint = Blueprint('ldap_auth', __name__)
@blueprint.route(org_scoped_rule("/ldap/login"), methods=['GET', 'POST'])
def login(org_slug=None):
index_url = url_for("redash.index", org_slug=org_slug)
unsafe_next_path = request.args.get('next', index_url)
next_path = get_next_path(unsafe_next_path)
if not settings.LDAP_LOGIN_ENABLED:
logger.error("Cannot use LDAP for login without being enabled in settings")
return redirect(url_for('redash.index', next=next_path))
if current_user.is_authenticated:
return redirect(next_path)
if request.method == 'POST':
ldap_user = auth_ldap_user(request.form['email'], request.form['password'])
import json
from flask import request
from flask_login import current_user, login_required
from redash import models
from redash.handlers import routes
from redash.handlers.base import json_response, org_scoped_rule
from redash.authentication import current_org
from redash.permissions import require_admin
@routes.route(org_scoped_rule('/api/organization/status'), methods=['GET'])
@login_required
def organization_status(org_slug=None):
counters = {
'users': models.User.all_not_disabled(current_org).count(),
'alerts': models.Alert.all(group_ids=current_user.group_ids).count(),
'data_sources': models.DataSource.all(current_org, group_ids=current_user.group_ids).count(),
'queries': models.Query.all_queries(current_user.group_ids, current_user.id, drafts=True).count(),
'dashboards': models.Dashboard.query.filter(models.Dashboard.org==current_org, models.Dashboard.is_archived==False).count(),
}
return json_response(dict(object_counters=counters))
# >> from flask import Flask, render_template
#
# >>app = Flask(__name__, template_folder='./')
#
#
# >>@app.route('/foo')
# >>@app.route('/')
# >>def foo():
# >> response = render_template("test.py")
# >> return response
#
#
# >>>if __name__ == '__main__':
# app.run(debug=True)
## /foo 和 / 都返回foo的响应
####一个资源多个路由路径没问题!
@routes.route(org_scoped_rule('/<path:path>'))
# /<path:path>
# /<org_slug:org_slug>/<path:path>
@routes.route(org_scoped_rule('/'))
# /
# /<org_slug:org_slug>
@login_required
def index(**kwargs):
return render_index()
import json
from flask import request
from flask_login import current_user, login_required
from redash import models, settings
from redash.handlers import routes, restful
from redash.handlers.base import json_response, org_scoped_rule
from redash.authentication import current_org
from redash.permissions import require_admin
# @routes.route(settings.ROOT_API_URL + org_scoped_rule('/organization/status'), methods=['GET'])
@restful.route(org_scoped_rule('/organization/status'), methods=['GET'])
@login_required
def organization_status(org_slug=None):
counters = {
'users':
models.User.all_not_disabled(current_org).count(),
'alerts':
models.Alert.all(group_ids=current_user.group_ids).count(),
'data_sources':
models.DataSource.all(current_org,
group_ids=current_user.group_ids).count(),
'queries':
models.Query.all_queries(current_user.group_ids,
current_user.id,
drafts=True).count(),
'dashboards':
models.Dashboard.query.filter(
models.Dashboard.org == current_org,
models.Dashboard.is_archived == False).count(),
from flask_login import current_user, login_required
from redash import models
from redash.handlers import routes
from redash.handlers.base import json_response, org_scoped_rule
from redash.authentication import current_org
@routes.route(org_scoped_rule("/api/organization/status"), methods=["GET"])
#@login_required #ZZW
def organization_status(org_slug=None):
counters = {
"users":
models.User.all(current_org).count(),
"alerts":
models.Alert.all(group_ids=current_user.group_ids).count(),
"data_sources":
models.DataSource.all(current_org,
group_ids=current_user.group_ids).count(),
"queries":
models.Query.all_queries(current_user.group_ids,
current_user.id,
include_drafts=True).count(),
"dashboards":
models.Dashboard.query.filter(
models.Dashboard.org == current_org,
models.Dashboard.is_archived == False).count(),
}
return json_response(dict(object_counters=counters))
status_code = 400
else:
# TODO: set active flag
user.hash_password(request.form['password'])
models.db.session.add(user)
login_user(user)
models.db.session.commit()
return redirect(url_for('redash.index', org_slug=org_slug))
if settings.GOOGLE_OAUTH_ENABLED:
google_auth_url = get_google_auth_url(url_for('redash.index', org_slug=org_slug))
else:
google_auth_url = ''
return render_template(template, google_auth_url=google_auth_url, user=user), status_code
@routes.route(org_scoped_rule('/invite/<token>'), methods=['GET', 'POST'])
def invite(token, org_slug=None):
return render_token_login_page("invite.html", org_slug, token)
@routes.route(org_scoped_rule('/reset/<token>'), methods=['GET', 'POST'])
def reset(token, org_slug=None):
return render_token_login_page("reset.html", org_slug, token)
@routes.route(org_scoped_rule('/forgot'), methods=['GET', 'POST'])
def forgot_password(org_slug=None):
if not settings.PASSWORD_LOGIN_ENABLED:
abort(404)
submitted = False
def add_org_resource(self, resource, *urls, **kwargs):
urls = [org_scoped_rule(url) for url in urls]
return self.add_resource(resource, *urls, **kwargs)
from sqlalchemy.orm.exc import StaleDataError
from redash import models, settings
from redash.remote_resource import remote_resource_restriction
from redash.handlers.base import (BaseResource, get_object_or_404,
org_scoped_rule, paginate, routes, restful)
from redash.handlers.query_results import run_query
from redash.permissions import (can_modify, not_view_only, require_access,
require_admin_or_owner,
require_object_modify_permission,
require_permission, view_only)
from redash.utils import collect_parameters_from_request
# @routes.route(settings.ROOT_API_URL + org_scoped_rule('/queries/format'), methods=['POST'])
@restful.route(org_scoped_rule('/queries/format'), methods=['POST'])
@login_required
def format_sql_query(org_slug=None):
"""
Formats an SQL query using the Python ``sqlparse`` formatter.
:<json string query: The SQL text to format
:>json string query: Formatted SQL text
"""
arguments = request.get_json(force=True)
query = arguments.get("query", "")
return jsonify({'query': sqlparse.format(query, reindent=True, keyword_case='upper')})
class QuerySearchResource(BaseResource):
def register_static_routes(rules):
# Make sure that / is the first route considered as index.
routes.add_url_rule(org_scoped_rule("/"), "index", index)
for rule in rules:
routes.add_url_rule(org_scoped_rule(rule), None, index)
except ImportError:
if settings.LDAP_LOGIN_ENABLED:
sys.exit(
"The ldap3 library was not found. This is required to use LDAP authentication (see requirements.txt)."
)
from redash.authentication import create_and_login_user, logout_and_redirect_to_index, get_next_path
from redash.authentication.org_resolving import current_org
from redash.handlers.base import org_scoped_rule
logger = logging.getLogger('ldap_auth')
blueprint = Blueprint('ldap_auth', __name__)
@blueprint.route(org_scoped_rule("/ldap/login"), methods=['GET', 'POST'])
def login(org_slug=None):
index_url = url_for("redash.index", org_slug=org_slug)
unsafe_next_path = request.args.get('next', index_url)
next_path = get_next_path(unsafe_next_path)
if not settings.LDAP_LOGIN_ENABLED:
logger.error(
"Cannot use LDAP for login without being enabled in settings")
return redirect(url_for('redash.index', next=next_path))
if current_user.is_authenticated:
return redirect(next_path)
if request.method == 'POST':
ldap_user = auth_ldap_user(request.form['email'],
data, run_time, utils.utcnow())
return data
except Exception, e:
if max_age > 0:
abort(
404,
message=
"Unable to get result from the database, and no cached query result found."
)
else:
abort(503, message="Unable to get result from the database.")
return None
@routes.route(org_scoped_rule(
'/embed/query/<query_id>/visualization/<visualization_id>'),
methods=['GET'])
@login_required
def embed(query_id, visualization_id, org_slug=None):
query = models.Query.get_by_id_and_org(query_id, current_org)
require_access(query.groups, current_user, view_only)
vis = query.visualizations.where(
models.Visualization.id == visualization_id).first()
qr = {}
parameter_values = collect_parameters_from_request(request.args)
if vis is not None:
vis = vis.to_dict()
qr = query.latest_query_data
if settings.ALLOW_PARAMETERS_IN_EMBEDS == True and len(
},
},
}
if entity_id is not None and entity_id != "":
saml_settings['entityid'] = entity_id
sp_config = Saml2Config()
sp_config.load(saml_settings)
sp_config.allow_unknown_attributes = True
saml_client = Saml2Client(config=sp_config)
return saml_client
@blueprint.route(org_scoped_rule('/saml/callback'), methods=['POST'])
def idp_initiated(org_slug=None):
if not current_org.get_setting("auth_saml_enabled"):
logger.error("SAML Login is not enabled")
return redirect(url_for('redash.index', org_slug=org_slug))
saml_client = get_saml_client(current_org)
authn_response = saml_client.parse_authn_request_response(
request.form['SAMLResponse'],
entity.BINDING_HTTP_POST)
authn_response.get_identity()
user_info = authn_response.get_subject()
email = user_info.text
name = "%s %s" % (authn_response.ava['FirstName'][0], authn_response.ava['LastName'][0])
# This is what as known as "Just In Time (JIT) provisioning".
}
},
}
if entity_id is not None and entity_id != "":
saml_settings["entityid"] = entity_id
sp_config = Saml2Config()
sp_config.load(saml_settings)
sp_config.allow_unknown_attributes = True
saml_client = Saml2Client(config=sp_config)
return saml_client
@blueprint.route(org_scoped_rule("/saml/callback"), methods=["POST"])
def idp_initiated(org_slug=None):
if not current_org.get_setting("auth_saml_enabled"):
logger.error("SAML Login is not enabled")
return redirect(url_for("redash.index", org_slug=org_slug))
saml_client = get_saml_client(current_org)
try:
authn_response = saml_client.parse_authn_request_response(
request.form["SAMLResponse"], entity.BINDING_HTTP_POST
)
except Exception:
logger.error("Failed to parse SAML response", exc_info=True)
flash("SAML login failed. Please try again later.")
return redirect(url_for("redash.login", org_slug=org_slug))
from redash.authentication import (
create_and_login_user,
logout_and_redirect_to_index,
get_next_path,
)
from redash.authentication.org_resolving import current_org
from redash.handlers.base import org_scoped_rule
logger = logging.getLogger("ldap_auth")
blueprint = Blueprint("ldap_auth", __name__)
@blueprint.route(org_scoped_rule("/ldap/login"), methods=["GET", "POST"])
def login(org_slug=None):
index_url = url_for("redash.index", org_slug=org_slug)
unsafe_next_path = request.args.get("next", index_url)
next_path = get_next_path(unsafe_next_path)
if not settings.LDAP_LOGIN_ENABLED:
logger.error("Cannot use LDAP for login without being enabled in settings")
return redirect(url_for("redash.index", next=next_path))
if current_user.is_authenticated:
return redirect(next_path)
if request.method == "POST":
ldap_user = auth_ldap_user(request.form["email"], request.form["password"])
return (
render_template(
template,
show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
google_auth_url=google_auth_url,
show_saml_login=current_org.get_setting("auth_saml_enabled"),
show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
show_ldap_login=settings.LDAP_LOGIN_ENABLED,
org_slug=org_slug,
user=user,
),
status_code,
)
@routes.route(org_scoped_rule("/invite/<token>"), methods=["GET", "POST"])
def invite(token, org_slug=None):
return render_token_login_page("invite.html", org_slug, token, True)
@routes.route(org_scoped_rule("/reset/<token>"), methods=["GET", "POST"])
def reset(token, org_slug=None):
return render_token_login_page("reset.html", org_slug, token, False)
@routes.route(org_scoped_rule("/verify/<token>"), methods=["GET"])
def verify(token, org_slug=None):
try:
user_id = validate_token(token)
org = current_org._get_current_object()
user = models.User.get_by_id_and_org(user_id, org)
import logging
from flask import redirect, url_for, Blueprint, request
from redash.authentication import create_and_login_user, logout_and_redirect_to_index, get_next_path
from redash.authentication.org_resolving import current_org
from redash.handlers.base import org_scoped_rule
from redash import settings
logger = logging.getLogger('remote_user_auth')
blueprint = Blueprint('remote_user_auth', __name__)
@blueprint.route(org_scoped_rule("/remote_user/login"))
def login(org_slug=None):
unsafe_next_path = request.args.get('next')
next_path = get_next_path(unsafe_next_path)
if not settings.REMOTE_USER_LOGIN_ENABLED:
logger.error(
"Cannot use remote user for login without being enabled in settings"
)
return redirect(
url_for('redash.index', next=next_path, org_slug=org_slug))
email = request.headers.get(settings.REMOTE_USER_HEADER)
# Some Apache auth configurations will, stupidly, set (null) instead of a
# falsey value. Special case that here so it Just Works for more installs.
# '(null)' should never really be a value that anyone wants to legitimately
# use as a redash user email.
if email == '(null)':
run_time = time.time() - started_at
query_result, updated_query_ids = models.QueryResult.store_result(data_source.org_id, data_source.id,
query_hash, query_text, data,
run_time, utils.utcnow())
models.db.session.commit()
return data
except Exception:
if max_age > 0:
abort(404, message="Unable to get result from the database, and no cached query result found.")
else:
abort(503, message="Unable to get result from the database.")
return None
@routes.route(org_scoped_rule('/embed/query/<query_id>/visualization/<visualization_id>'), methods=['GET'])
@login_required
def embed(query_id, visualization_id, org_slug=None):
record_event(current_org, current_user._get_current_object(), {
'action': 'view',
'object_id': visualization_id,
'object_type': 'visualization',
'query_id': query_id,
'embed': True,
'referer': request.headers.get('Referer')
})
return render_index()
@routes.route(org_scoped_rule('/public/dashboards/<token>'), methods=['GET'])
from flask import request
from flask_restful import abort
from .authentication import current_org
from flask_login import current_user, login_required
from redash import models
from redash.handlers import routes
from redash.handlers.base import get_object_or_404, org_scoped_rule, record_event
from redash.handlers.static import render_index
from redash.security import csp_allows_embeding
@routes.route(
org_scoped_rule(
"/embed/query/<query_id>/visualization/<visualization_id>"),
methods=["GET"],
)
@login_required
@csp_allows_embeding
def embed(query_id, visualization_id, org_slug=None):
record_event(
current_org,
current_user._get_current_object(),
{
"action": "view",
"object_id": visualization_id,
"object_type": "visualization",
"query_id": query_id,
"embed": True,
"referer": request.headers.get("Referer"),
},
google_auth_url = get_google_auth_url(
url_for('redash.index', org_slug=org_slug))
return render_template(
template,
show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
google_auth_url=google_auth_url,
show_saml_login=current_org.get_setting('auth_saml_enabled'),
show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
show_ldap_login=settings.LDAP_LOGIN_ENABLED,
org_slug=org_slug,
user=user), status_code
@routes.route(org_scoped_rule('/invite/<token>'), methods=['GET', 'POST'])
def invite(token, org_slug=None):
return render_token_login_page("invite.html", org_slug, token)
@routes.route(org_scoped_rule('/reset/<token>'), methods=['GET', 'POST'])
def reset(token, org_slug=None):
return render_token_login_page("reset.html", org_slug, token)
@routes.route(org_scoped_rule('/verify/<token>'), methods=['GET'])
def verify(token, org_slug=None):
try:
user_id = validate_token(token)
org = current_org._get_current_object()
user = models.User.get_by_id_and_org(user_id, org)
from flask_login import login_required
from redash import settings
from redash.handlers import routes
from redash.handlers.authentication import base_href
from redash.handlers.base import org_scoped_rule
def render_index():
if settings.MULTI_ORG:
response = render_template("multi_org.html", base_href=base_href())
else:
full_path = safe_join(settings.STATIC_ASSETS_PATH, 'index.html')
response = send_file(full_path,
**dict(cache_timeout=0, conditional=True))
return response
@routes.route(org_scoped_rule('/static/unsupported'))
def unsupported(**kwargs):
full_path = safe_join(settings.STATIC_ASSETS_PATH, 'unsupported.html')
response = send_file(full_path)
return response
@routes.route(org_scoped_rule('/<path:path>'))
@routes.route(org_scoped_rule('/'))
@login_required
def index(**kwargs):
return render_index()
from redash import models
from redash.handlers import routes
from redash.handlers.base import (json_response, org_scoped_rule)
@routes.route(org_scoped_rule('/dashboards/<dashboard_slug>/share/token'),
methods=['GET'])
def dashboard_share_apiKey(dashboard_slug):
"""
get a dashboard's apikey.
:param dashboard_slug: The slug of the dashboard to share.
:>json api_key: The API key to use when accessing it.
"""
current_org = models.Organization.get_by_slug('default')
dashboard = models.Dashboard.get_by_slug_and_org(dashboard_slug,
current_org)
api_key = models.ApiKey.get_by_object(dashboard)
if api_key:
return json_response({'api_key': api_key.api_key})
else:
return json_response({'api_key': 'None'})
},
},
}
if entity_id is not None and entity_id != "":
saml_settings['entityid'] = entity_id
sp_config = Saml2Config()
sp_config.load(saml_settings)
sp_config.allow_unknown_attributes = True
saml_client = Saml2Client(config=sp_config)
return saml_client
@blueprint.route(org_scoped_rule('/saml/callback'), methods=['POST'])
def idp_initiated(org_slug=None):
if not current_org.get_setting("auth_saml_enabled"):
logger.error("SAML Login is not enabled")
return redirect(url_for('redash.index', org_slug=org_slug))
saml_client = get_saml_client(current_org)
try:
authn_response = saml_client.parse_authn_request_response(
request.form['SAMLResponse'], entity.BINDING_HTTP_POST)
except Exception:
logger.error('Failed to parse SAML response', exc_info=True)
flash('SAML login failed. Please try again later.')
return redirect(url_for('redash.login', org_slug=org_slug))
authn_response.get_identity()
models.db.session.commit()
return redirect(url_for('redash.index', org_slug=org_slug))
google_auth_url = get_google_auth_url(url_for('redash.index', org_slug=org_slug))
return render_template(template,
show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
google_auth_url=google_auth_url,
show_saml_login=current_org.get_setting('auth_saml_enabled'),
show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
show_ldap_login=settings.LDAP_LOGIN_ENABLED,
org_slug=org_slug,
user=user), status_code
@routes.route(org_scoped_rule('/invite/<token>'), methods=['GET', 'POST'])
def invite(token, org_slug=None):
return render_token_login_page("invite.html", org_slug, token)
@routes.route(org_scoped_rule('/reset/<token>'), methods=['GET', 'POST'])
def reset(token, org_slug=None):
return render_token_login_page("reset.html", org_slug, token)
@routes.route(org_scoped_rule('/forgot'), methods=['GET', 'POST'])
def forgot_password(org_slug=None):
if not current_org.get_setting('auth_password_login_enabled'):
abort(404)
submitted = False
def add_org_resource(self, resource, *urls, **kwargs):
urls = [org_scoped_rule(url) for url in urls]
return self.add_resource(resource, *urls, **kwargs)
user.hash_password(request.form['password'])
user.save()
login_user(user)
return redirect(url_for('redash.index', org_slug=org_slug))
if settings.GOOGLE_OAUTH_ENABLED:
google_auth_url = get_google_auth_url(
url_for('redash.index', org_slug=org_slug))
else:
google_auth_url = ''
return render_template(template,
google_auth_url=google_auth_url,
user=user), status_code
@routes.route(org_scoped_rule('/invite/<token>'), methods=['GET', 'POST'])
def invite(token, org_slug=None):
return render_token_login_page("invite.html", org_slug, token)
@routes.route(org_scoped_rule('/reset/<token>'), methods=['GET', 'POST'])
def reset(token, org_slug=None):
return render_token_login_page("reset.html", org_slug, token)
@routes.route(org_scoped_rule('/forgot'), methods=['GET', 'POST'])
def forgot_password(org_slug=None):
submitted = False
if request.method == 'POST' and request.form['email']:
submitted = True
email = request.form['email']
raise Exception('Missing parameter value for: {}'.format(", ".join(missing_params)))
if query_parameters:
query_text = pystache.render(query_text, parameter_values)
try:
data, error = data_source.query_runner.run_query(query_text)
if error:
return None
return data
except Exception, e:
abort(503, message="Unable to get result from the database.")
return None
@routes.route(org_scoped_rule('/embedjon/query/<query_id>'), methods=['GET'])
@login_required
def embedjon(query_id, org_slug=None):
visualizations=1
query = models.Query.get_by_id_and_org(query_id, current_org)
require_access(query.groups, current_user, view_only)
qr = {}
parameter_values = collect_parameters_from_request(request.args)
qr = query.latest_query_data
if settings.ALLOW_PARAMETERS_IN_EMBEDS == True and len(parameter_values) > 0:
# run parameterized query
#
# WARNING: Note that the external query parameters
# are a potential risk of SQL injections.
#
results = run_query_sync(query.data_source, parameter_values, query.query)
def order_results(results, default_order='-created_at'):
"""
Orders the given results with the sort order as requested in the
"order" request query parameter or the given default order.
"""
# See if a particular order has been requested
order = request.args.get('order', '').strip() or default_order
# and if it matches a long-form for related fields, falling
# back to the default order
selected_order = order_map.get(order, default_order)
# The query may already have an ORDER BY statement attached
# so we clear it here and apply the selected order
return sort_query(results.order_by(None), selected_order)
@routes.route(org_scoped_rule('/api/queries/format'), methods=['POST'])
@login_required
def format_sql_query(org_slug=None):
"""
Formats an SQL query using the Python ``sqlparse`` formatter.
:<json string query: The SQL text to format
:>json string query: Formatted SQL text
"""
arguments = request.get_json(force=True)
query = arguments.get("query", "")
return jsonify(
{'query': sqlparse.format(query, reindent=True, keyword_case='upper')})
from redash import settings
from redash.handlers import routes
from redash.handlers.authentication import base_href
from redash.handlers.base import org_scoped_rule
from redash.security import csp_allows_embeding
def render_index():
if settings.MULTI_ORG:
response = render_template("multi_org.html", base_href=base_href())
else:
full_path = safe_join(settings.STATIC_ASSETS_PATH, 'index.html')
response = send_file(full_path,
**dict(cache_timeout=0, conditional=True))
return response
@routes.route(org_scoped_rule('/dashboard/<slug>'), methods=['GET'])
@login_required
@csp_allows_embeding
def dashboard(slug, org_slug=None):
return render_index()
@routes.route(org_scoped_rule('/<path:path>'))
@routes.route(org_scoped_rule('/'))
@login_required
def index(**kwargs):
return render_index()
