def post(self):
"""Handle a post request from the create/update/edit form"""
# Handle a form submission from list page
if self.request.get("edit_form"):
authorization = db.get(self.request.get("authorization_key"))
if not authorization:
return self.error(404, _("No such Authorization entity."))
return self.render_form(authorization)
# Handle authorization form submission
if not (self.params.contact_name and self.params.contact_email and self.params.organization_name):
return self.error(400, _("Please fill in all the required fields."))
original_key = self.request.get("key")
if original_key:
# just override the existing one
existing_authorization = db.get(original_key)
if not existing_authorization:
return self.error(404, _("No such Authorization entity."))
key_str = existing_authorization.api_key
action = ApiKeyManagementLog.UPDATE
else:
key_str = utils.generate_random_key(API_KEY_LENGTH)
action = ApiKeyManagementLog.CREATE
authorization = Authorization.create(self.repo, key_str, **to_authorization_params(self.params))
authorization.put()
management_log = ApiKeyManagementLog(repo=self.repo, api_key=authorization.api_key, action=action)
management_log.put()
self.redirect("/admin/api_keys?repo=%s&log_key=%s" % (self.repo, management_log.key()))
def set_content_security_policy(self):
"""Sets the CSP in the headers. Returns the nonce to use for scripts."""
csp_nonce = utils.generate_random_key(20)
csp_value = ('object-src \'none\'; '
'script-src \'nonce-%s\' \'unsafe-inline\' '
'\'strict-dynamic\' https: http:; '
'base-uri \'none\';') % csp_nonce
self.response.headers['Content-Security-Policy'] = csp_value
return csp_nonce
def found_face_object(found):
with FoundsSession() as manager:
key = generate_random_key()
manager.create(key, {
'face_id': found[0],
'place': place,
'camera': camera,
'date': datetime.now()
})
add_to_history(key, found)
def post(self, request, *args, **kwargs):
self.enforce_xsrf('admin_api_keys')
# Navigation to an individual key's management page is handled by making
# a POST request to this view. When it's such a request, the edit_form
# param will be set.
if self.params.edit_form:
authorization = db.get(self.params.authorization_key)
if not authorization:
return self.error(404,
t.ugettext('No such Authorization entity.'))
return self._render_form(authorization)
if not (self.params.contact_name and self.params.contact_email
and self.params.organization_name):
return self.error(
400, t.ugettext('Please fill in all the required fields.'))
repo = self.env.repo
if repo == 'global':
repo = '*'
if self.params.key:
# Just override the existing one.
existing_authorization = db.get(self.params.key)
if not existing_authorization:
return self.error(404,
t.ugettext('No such Authorization entity.'))
# This shouldn't happen unless an admin does something funny with
# URLs, but check just to be safe.
if existing_authorization.repo != repo:
return self.error(
400,
t.ugettext(
'Authorization already exists for another repo! '
'That\'s not expected.'))
key_str = existing_authorization.api_key
action = model.ApiKeyManagementLog.UPDATE
else:
key_str = utils.generate_random_key(_API_KEY_LENGTH)
action = model.ApiKeyManagementLog.CREATE
authorization = self._make_authorization(repo, key_str)
management_log = model.ApiKeyManagementLog(
repo=repo,
api_key=authorization.api_key,
action=action,
ip_address=request.META.get('REMOTE_ADDR'),
key_state=authorization.summary_str())
management_log.put()
return django.shortcuts.redirect(
self.build_absolute_uri('/%s/admin/api_keys?repo=%s&log_key=%s' %
(self.env.repo or 'global', self.env.repo
or 'global', management_log.key())))
def set_content_security_policy(self):
"""Sets the CSP in the headers. Returns the nonce to use for scripts."""
csp_nonce = utils.generate_random_key(20)
csp_value = (
'object-src \'none\'; '
'script-src \'nonce-%s\' \'unsafe-inline\' '
'\'strict-dynamic\' https: http:; '
'base-uri \'none\';'
) % csp_nonce
self.response.headers['Content-Security-Policy'] = csp_value
return csp_nonce
def create_note(self, title):
# need to get a key unique to this database. not really important
# what it is, as long as it's unique.
new_key = utils.generate_random_key()
while new_key in self.notes:
new_key = utils.generate_random_key()
timestamp = time.time()
# note has no internal key yet.
new_note = {
'content' : title,
'modifydate' : timestamp,
'createdate' : timestamp,
'savedate' : 0, # never been written to disc
'syncdate' : 0 # never been synced with server
}
self.notes[new_key] = new_note
return new_key
def create_note(self, title):
# need to get a key unique to this database. not really important
# what it is, as long as it's unique.
new_key = utils.generate_random_key()
while new_key in self.notes:
new_key = utils.generate_random_key()
timestamp = time.time()
# note has no internal key yet.
new_note = {
'content': title,
'modifydate': timestamp,
'createdate': timestamp,
'savedate': 0, # never been written to disc
'syncdate': 0 # never been synced with server
}
self.notes[new_key] = new_note
return new_key
def post(self):
"""Handle a post request from the create/update/edit form"""
user = users.get_current_user()
xsrf_tool = utils.XsrfTool()
if not (self.params.xsrf_token and xsrf_tool.verify_token(
self.params.xsrf_token, user.user_id(), 'admin_api_keys')):
return self.error(403)
# Handle a form submission from list page
if self.request.get('edit_form'):
authorization = db.get(self.request.get('authorization_key'))
if not authorization:
return self.error(404, _('No such Authorization entity.'))
return self.render_form(authorization)
# Handle authorization form submission
if not (self.params.contact_name and self.params.contact_email
and self.params.organization_name):
return self.error(400,
_('Please fill in all the required fields.'))
original_key = self.request.get('key')
if original_key:
# just override the existing one
existing_authorization = db.get(original_key)
if not existing_authorization:
return self.error(404, _('No such Authorization entity.'))
key_str = existing_authorization.api_key
action = ApiKeyManagementLog.UPDATE
else:
key_str = utils.generate_random_key(API_KEY_LENGTH)
action = ApiKeyManagementLog.CREATE
repo = self.repo or '*'
authorization = Authorization.create(
repo, key_str, **to_authorization_params(self.params))
authorization.put()
management_log = ApiKeyManagementLog(repo=repo,
api_key=authorization.api_key,
action=action)
management_log.put()
self.redirect('/admin/api_keys?repo=%s&log_key=%s' %
(self.repo, management_log.key()))
