def login():
add_json_header(response)
username = request.params.get("username")
password = request.params.get("password")
user = PYLOAD.checkAuth(username, password,
request.environ.get('REMOTE_ADDR', None))
if not user:
return json_response(False)
s = set_session(request, user)
# get the session id by dirty way, documentations seems wrong
try:
sid = s._headers["cookie_out"].split("=")[1].split(";")[0]
# reuse old session id
except:
sid = request.get_header(session.options['key'])
result = BaseEncoder().default(user)
result["session"] = sid
# Return full user information if needed
if request.params.get('user', None):
return dumps(result)
return json_response(sid)
def logout():
add_json_header(response)
s = request.environ.get('beaker.session')
s.delete()
return json_response(True)
def logout():
add_json_header(response)
s = request.environ.get('beaker.session')
s.delete()
return json_response(True)
def setup():
add_json_header(response)
return json_dumps({
"system": SETUP.check_system(),
"deps": SETUP.check_deps()
})
def login():
add_json_header(response)
username = request.params.get("username")
password = request.params.get("password")
user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None))
if not user:
return json_response(False)
s = set_session(request, user)
# get the session id by dirty way, documentations seems wrong
try:
sid = s._headers["cookie_out"].split("=")[1].split(";")[0]
# reuse old session id
except:
sid = request.get_header(session.options['key'])
result = BaseEncoder().default(user)
result["session"] = sid
# Return full user information if needed
if request.params.get('user', None):
return dumps(result)
return json_response(sid)
def setup():
add_json_header(response)
return json_dumps({
"system": SETUP.check_system(),
"deps": SETUP.check_deps()
})
def call_api(func, args=""):
add_json_header(response)
s = request.environ.get('beaker.session')
# Accepts standard http auth
auth = parse_auth(request.get_header('Authorization', ''))
if 'session' in request.POST or 'session' in request.GET:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.params.get('session'), "'\""))
elif auth:
user = PYLOAD.checkAuth(auth[0], auth[1],
request.environ.get('REMOTE_ADDR', None))
# if auth is correct create a pseudo session
if user: s = {'uid': user.uid}
api = get_user_api(s)
if not api:
return error(401, "Unauthorized")
if not PYLOAD.isAuthorized(func, api.user):
return error(403, "Forbidden")
if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
print "Invalid API call", func
return error(404, "Not Found")
# TODO: possible encoding
# TODO Better error codes on invalid input
args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
kwargs = {}
# accepts body as json dict
if request.json:
kwargs = request.json
# file upload, reads whole file into memory
for name, f in request.files.iteritems():
kwargs["filename"] = f.filename
content = StringIO()
f.save(content)
kwargs[name] = content.getvalue()
content.close()
# convert arguments from json to obj separately
for x, y in request.params.iteritems():
try:
if not x or not y or x == "session": continue
kwargs[x] = loads(unquote(y))
except Exception, e:
# Unsupported input
msg = "Invalid Input %s, %s : %s" % (x, y, e.message)
print_exc()
print msg
return error(415, msg)
def call_api(func, args=""):
add_json_header(response)
s = request.environ.get('beaker.session')
# Accepts standard http auth
auth = parse_auth(request.get_header('Authorization', ''))
if 'session' in request.POST or 'session' in request.GET:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.params.get('session'), "'\""))
elif auth:
user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None))
# if auth is correct create a pseudo session
if user: s = {'uid': user.uid}
api = get_user_api(s)
if not api:
return error(401, "Unauthorized")
if not PYLOAD.isAuthorized(func, api.user):
return error(403, "Forbidden")
if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
print "Invalid API call", func
return error(404, "Not Found")
# TODO: possible encoding
# TODO Better error codes on invalid input
args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
kwargs = {}
# accepts body as json dict
if request.json:
kwargs = request.json
# file upload, reads whole file into memory
for name, f in request.files.iteritems():
kwargs["filename"] = f.filename
content = StringIO()
f.save(content)
kwargs[name] = content.getvalue()
content.close()
# convert arguments from json to obj separately
for x, y in request.params.iteritems():
try:
if not x or not y or x == "session": continue
kwargs[x] = loads(unquote(y))
except Exception, e:
# Unsupported input
msg = "Invalid Input %s, %s : %s" % (x, y, e.message)
print_exc()
print msg
return error(415, msg)
def i18n(lang=None):
add_json_header(response)
if lang is None:
pass
# TODO use lang from PYLOAD.config or setup
else:
# TODO auto choose language
lang = select_language(["en"])
return json_dumps({})
def i18n(lang=None):
add_json_header(response)
if lang is None:
pass
# TODO use lang from PYLOAD.config or setup
else:
# TODO auto choose language
lang = select_language(["en"])
return json_dumps({})
def setup_done():
global timestamp
add_json_header(response)
SETUP.addUser(request.params['user'], request.params['password'])
SETUP.save()
# mark setup as finished
timestamp = 0
return error(409, "Done")
def setup_done():
global timestamp
add_json_header(response)
SETUP.addUser(
request.params['user'],
request.params['password']
)
# mark setup as finished
timestamp = 0
return error(409, "Done")
