Esempio n. 1
0
def system_versions_force_update_below_endpoint():
    if not config.DEBUG:
        limit_to_acl()
        limit_to_password()

    payload = request.get_json(silent=True)
    os_type = payload.get('os_type', None)
    app_version = payload.get('version', None)
    set_force_update_below(os_type, app_version)
    return jsonify(status='ok')
Esempio n. 2
0
def user_set_captcha_endpoint():
    if not config.DEBUG:
        limit_to_acl()
        limit_to_password()
    try:
        payload = request.get_json(silent=True)
        user_ids = payload.get('user_ids')
        should_show = payload.get('set_captcha', 0)
    except Exception as e:
        log.error('failed to process user-set-captcha')
    else:
        for user_id in user_ids:
            print('user_set_captcha_endpoint: setting user_id %s to %s' %
                  (user_id, should_show))
            set_should_solve_captcha(user_id, should_show)

    return jsonify(status='ok')
Esempio n. 3
0
def user_tx_report_endpoint():
    """returns a summary of the user's txs data"""
    limit_to_acl()
    limit_to_password()

    try:
        payload = request.get_json(silent=True)
        user_id = payload.get('user_id', None)
        user_phone = payload.get('phone', None)
        if (user_id is None
                and user_phone is None) or (user_id is not None
                                            and user_phone is not None):
            print('user_tx_report_endpoint: userid %s, user_phone %s' %
                  (user_id, user_phone))
            raise InvalidUsage('bad-request')
    except Exception as e:
        print(e)
        raise InvalidUsage('bad-request')

    try:  # sanitize user_id:
        if user_id:
            UUID(user_id)
    except Exception as e:
        log.error('cant generate tx report for user_id: %s ' % user_id)
        return jsonify(error='invalid_userid')

    if user_id:
        if not user_exists(user_id):
            print(
                'user_tx_report_endpoint: user_id %s does not exist. aborting'
                % user_id)
            return jsonify(erorr='no_such_user')
        else:
            return jsonify(report=[get_user_tx_report(user_id)])

    else:  # user_phone
        user_ids = get_all_user_id_by_phone(
            user_phone)  # there may be a few users with this phone
        if not user_ids:
            print(
                'user_tx_report_endpoint: user_phone %s does not exist. aborting'
                % user_phone)
            return jsonify(erorr='no_such_phone')
        else:
            return jsonify(
                report=[get_user_tx_report(user_id) for user_id in user_ids])
Esempio n. 4
0
def blacklist_user_endpoint():
    """"""
    if not config.DEBUG:
        limit_to_acl()
        limit_to_password()

    try:
        payload = request.get_json(silent=True)
        user_id = payload.get('user_id', None)
        if user_id is None:
            raise InvalidUsage('bad-request')
    except Exception as e:
        print(e)
        raise InvalidUsage('bad-request')
    else:
        if blacklist_phone_by_user_id(user_id):
            return jsonify(status='ok')
        else:
            return jsonify(status='error')
Esempio n. 5
0
def add_pictures_endpoint():
    """used to add pictures to the db"""
    if not config.DEBUG:
        limit_to_acl()
        limit_to_password()

    payload = request.get_json(silent=True)
    try:
        pictures = payload.get('pictures', None)

    except Exception as e:
        print('exception: %s' % e)
        raise InvalidUsage('bad-request')

    for picture in pictures:
        status = add_picture(picture)
        if status is not True:
            raise InvalidUsage(message='error',
                               payload={
                                   'error field': str(status),
                                   'picture': picture
                               })
    return jsonify(status='ok')
Esempio n. 6
0
def nuke_user_api():
    """internal endpoint used to nuke a user's task and tx data. use with care"""
    if not config.DEBUG:
        limit_to_acl()
        limit_to_password()

    try:
        payload = request.get_json(silent=True)
        phone_number = payload.get('phone_number', None)
        nuke_all = payload.get('nuke_all', False) == True
        if None in (phone_number, ):
            raise InvalidUsage('bad-request')
    except Exception as e:
        print(e)
        raise InvalidUsage('bad-request')

    user_ids = nuke_user_data(phone_number, nuke_all)
    if user_ids is None:
        print('could not find any user with this number: %s' % phone_number)
        return jsonify(status='error', reason='no_user')
    else:
        print('nuked users with phone number: %s and user_ids %s' %
              (phone_number, user_ids))
        return jsonify(status='ok', user_id=user_ids)
Esempio n. 7
0
def set_user_phone_number_endpoint():
    """get the firebase id token and extract the phone number from it"""
    payload = request.get_json(silent=True)
    try:
        user_id, auth_token = extract_headers(request)
        token = payload.get('token', None)
        unverified_phone_number = payload.get('phone_number',
                                              None)  # only used in tests
        if None in (user_id, token):
            raise InvalidUsage('bad-request')

    except Exception as e:
        print(e)
        raise InvalidUsage('bad-request')
    if not config.DEBUG:
        print('extracting verified phone number fom firebase id token...')
        verified_number = extract_phone_number_from_firebase_id_token(token)

        if verified_number is None:
            print('bad id-token: %s' % token)
            return jsonify(status='error',
                           reason='bad_token'), status.HTTP_404_NOT_FOUND

        # reject blacklisted phone prefixes
        for prefix in app.blocked_phone_prefixes:
            if verified_number.find(prefix) == 0:
                os_type = get_user_os_type(user_id)
                print(
                    'found blocked phone prefix (%s) in verified phone number (%s), userid (%s), OS (%s): aborting'
                    % (prefix, verified_number, user_id, os_type))
                abort(403)

        phone = verified_number
    else:  #DEBUG
        # for tests, you can use the unverified number if no token was given
        if token:
            phone = extract_phone_number_from_firebase_id_token(token)

        if not phone:
            print('using un-verified phone number in debug')
            phone = unverified_phone_number.strip().replace('-', '')

        if not phone:
            print('could not extract phone in debug')
            return jsonify(status='error', reason='no_phone_number')

    # limit the number of registrations a single phone number can do, unless they come from the ACL
    if not limit_to_acl(
            return_bool=True) and count_registrations_for_phone_number(
                phone) > int(config.MAX_NUM_REGISTRATIONS_PER_NUMBER) - 1:
        print(
            'rejecting registration from user_id %s and phone number %s - too many re-registrations'
            % (user_id, phone))
        increment_metric("reject-too-many_registrations")
        abort(403)

    print('updating phone number for user %s' % user_id)
    set_user_phone_number(user_id, phone)
    increment_metric('user-phone-verified')

    # return success and the backup hint, if they exist
    hints = get_backup_hints(user_id)
    if config.DEBUG:
        print('restore hints for user_id, phone: %s: %s: %s' %
              (user_id, phone, hints))
    return jsonify(status='ok', hints=hints)