def get_user(request):
"""
Return a user given by username.
Args:
request (pyramid.request): The current request.
Returns:
dict: A dictionary with two keys. "user" maps to a dictionary representation of the User
object. "urls" maps to various URLs that describe various other objects related to the
user.
"""
id = request.matchdict.get('name')
user = User.get(id)
if not user:
request.errors.add('body', 'name', 'No such user')
request.errors.status = HTTPNotFound.code
return
user = user.__json__(request)
# Throw some extra information in there
rurl = request.route_url # Just shorthand
urls = {
'comments_by': rurl('comments') + '?user=%s' % id,
'comments_on': rurl('comments') + '?update_owner=%s' % id,
'recent_updates': rurl('updates') + '?user=%s' % id,
'recent_overrides': rurl('overrides') + '?user=%s' % id,
'comments_by_rss': rurl('comments_rss') + '?user=%s' % id,
'comments_on_rss': rurl('comments_rss') + '?update_owner=%s' % id,
'recent_updates_rss': rurl('updates_rss') + '?user=%s' % id,
'recent_overrides_rss': rurl('overrides_rss') + '?user=%s' % id,
}
return dict(user=user, urls=urls)
def test_remember_me_with_bad_endpoint(self):
"""Test the post-login hook with a bad openid endpoint"""
req = DummyRequest(params={
'openid.op_endpoint': 'bad_endpoint',
})
req.db = self.db
def flash(msg):
pass
req.session.flash = flash
info = {
'identity_url': 'http://lmacken.id.fedoraproject.org',
'groups': [u'releng'],
}
req.registry.settings = self.app_settings
try:
remember_me(None, req, info)
assert False, 'remember_me should have thrown an exception'
except Exception:
# A ComponentLookupError is thrown because we're doing this outside
# of the webapp
pass
# The user should not exist
self.assertIsNone(User.get(u'lmacken', self.db))
def test_remember_me(self):
"""Test the post-login hook"""
req = DummyRequest(
params={
'openid.op_endpoint': self.app_settings['openid.provider'],
})
req.db = self.db
req.session = {'came_from': '/'}
info = {
'identity_url': 'http://lmacken.id.fedoraproject.org',
'groups': [u'releng'],
'sreg': {
'email': u'[email protected]'
},
}
req.registry.settings = self.app_settings
# Ensure the user doesn't exist yet
self.assertIsNone(User.get(u'lmacken', self.db))
self.assertIsNone(Group.get(u'releng', self.db))
remember_me(None, req, info)
# The user should now exist, and be a member of the releng group
user = User.get(u'lmacken', self.db)
self.assertEquals(user.name, u'lmacken')
self.assertEquals(user.email, u'[email protected]')
self.assertEquals(len(user.groups), 1)
self.assertEquals(user.groups[0].name, u'releng')
# Pretend the user has been removed from the releng group
info['groups'] = []
req.session = {'came_from': '/'}
remember_me(None, req, info)
user = User.get(u'lmacken', self.db)
self.assertEquals(len(user.groups), 0)
self.assertEquals(len(Group.get(u'releng', self.db).users), 0)
def groupfinder(userid, request):
"""
Return a list of strings describing the groups the request's user is a member of.
The strings are of the format group:<group_name>, so this might return something like this as
an example:
['group:packager', 'group:bodhiadmin']
Args:
userid (str): The user's id.
request (pyramid.request.Request): The current web request.
Returns:
list or None: A list of the user's groups, or None if the user is not authenticated.
"""
from bodhi.server.models import User
if request.user:
user = User.get(request.user.name)
return ['group:' + group.name for group in user.groups]
def save_stack(request):
"""
Save a stack.
Args:
request (pyramid.request): The current web request.
Returns:
dict: A dictionary with key "stack" that indexes the newly created Stack.
"""
data = request.validated
db = request.db
user = User.get(request.user.name)
# Fetch or create the stack
stack = Stack.get(data['name'])
if not stack:
stack = Stack(name=data['name'], users=[user])
db.add(stack)
db.flush()
if stack.users or stack.groups:
if user in stack.users:
log.info('%s is an owner of the %s', user.name, stack.name)
else:
for group in user.groups:
if group in stack.groups:
log.info('%s is a member of the %s group', user.name, stack.name)
break
else:
log.warning('%s is not an owner of the %s stack',
user.name, stack.name)
log.debug('owners = %s; groups = %s', stack.users, stack.groups)
request.errors.add('body', 'name', '%s does not have privileges'
' to modify the %s stack' % (user.name, stack.name))
request.errors.status = HTTPForbidden.code
return
# Update the stack description
desc = data['description']
if desc:
stack.description = desc
# Update the stack requirements
# If the user passed in no value at all for requirements, then use
# the site defaults. If, however, the user passed in the empty string, we
# assume they mean *really*, no requirements so we leave the value null.
reqs = data['requirements']
if reqs is None:
stack.requirements = config.get('site_requirements')
elif reqs:
stack.requirements = reqs
stack.update_relationship('users', User, data, db)
stack.update_relationship('groups', Group, data, db)
# We make a special case out of packages here, since when a package is
# added to a stack, we want to give it the same requirements as the stack
# has. See https://github.com/fedora-infra/bodhi/issues/101
new, same, rem = stack.update_relationship('packages', Package, data, db)
if stack.requirements:
additional = list(tokenize(stack.requirements))
for name in new:
package = Package.get(name)
original = package.requirements
original = [] if not original else list(tokenize(original))
package.requirements = " ".join(list(set(original + additional)))
log.info('Saved %s stack', data['name'])
notifications.publish(topic='stack.save', msg=dict(
stack=stack, agent=user.name))
return dict(stack=stack)
def save_override(request):
"""
Create or edit a buildroot override.
This entails either creating a new buildroot override, or editing an
existing one. To edit an existing buildroot override, the buildroot
override's original id needs to be specified in the ``edited`` parameter.
Args:
request (pyramid.request): The current web request.
Returns:
dict: The new or edited override.
"""
data = request.validated
edited = data.pop("edited")
caveats = []
try:
submitter = User.get(request.user.name)
if edited is None:
builds = data['builds']
overrides = []
if len(builds) > 1:
caveats.append({
'name':
'nvrs',
'description':
'Your override submission was '
'split into %i.' % len(builds)
})
for build in builds:
log.info("Creating a new buildroot override: %s" % build.nvr)
existing_override = BuildrootOverride.get(build.id)
if existing_override:
if not existing_override.expired_date:
data['expiration_date'] = max(
existing_override.expiration_date,
data['expiration_date'])
new_notes = f"""{data['notes']}
_____________
_@{existing_override.submitter.name} ({existing_override.submission_date.strftime('%b %d, %Y')})_
{existing_override.notes}"""
# Truncate notes at 2000 chars
if len(new_notes) > 2000:
new_notes = new_notes[:1972] + '(...)\n___Notes truncated___'
overrides.append(
BuildrootOverride.edit(
request,
edited=build,
submitter=submitter,
submission_date=datetime.now(),
notes=new_notes,
expiration_date=data['expiration_date'],
expired=None,
))
else:
overrides.append(
BuildrootOverride.new(
request,
build=build,
submitter=submitter,
notes=data['notes'],
expiration_date=data['expiration_date'],
))
if len(builds) > 1:
result = dict(overrides=overrides)
else:
result = overrides[0]
else:
log.info("Editing buildroot override: %s" % edited)
edited = Build.get(edited)
if edited is None:
request.errors.add('body', 'edited', 'No such build')
return
result = BuildrootOverride.edit(
request,
edited=edited,
submitter=submitter,
notes=data["notes"],
expired=data["expired"],
expiration_date=data["expiration_date"])
if not result:
# Some error inside .edit(...)
return
except Exception as e:
log.exception(e)
request.errors.add('body', 'override',
'Unable to save buildroot override: %s' % e)
return
if not isinstance(result, dict):
result = result.__json__()
result['caveats'] = caveats
return result
def __call__(self, message: fedora_messaging.api.Message) -> None:
"""Create updates from appropriately tagged builds.
Args:
message: The message we are processing.
"""
body = message.body
missing = []
for mandatory in ('tag', 'build_id', 'name', 'version', 'release'):
if mandatory not in body:
missing.append(mandatory)
if missing:
log.debug(
f"Received incomplete tag message. Missing: {', '.join(missing)}"
)
return
btag = body['tag']
bnvr = '{name}-{version}-{release}'.format(**body)
koji = buildsys.get_session()
kbuildinfo = koji.getBuild(bnvr)
if not kbuildinfo:
log.debug(f"Can't find Koji build for {bnvr}.")
return
if 'nvr' not in kbuildinfo:
log.debug(f"Koji build info for {bnvr} doesn't contain 'nvr'.")
return
if 'owner_name' not in kbuildinfo:
log.debug(
f"Koji build info for {bnvr} doesn't contain 'owner_name'.")
return
if kbuildinfo['owner_name'] in config.get(
'automatic_updates_blacklist'):
log.debug(
f"{bnvr} owned by {kbuildinfo['owner_name']} who is listed in "
"automatic_updates_blacklist, skipping.")
return
# some APIs want the Koji build info, some others want the same
# wrapped in a larger (request?) structure
rbuildinfo = {
'info': kbuildinfo,
'nvr': kbuildinfo['nvr'].rsplit('-', 2),
}
with self.db_factory() as dbsession:
rel = dbsession.query(Release).filter_by(
create_automatic_updates=True, candidate_tag=btag).first()
if not rel:
log.debug(
f"Ignoring build being tagged into {btag!r}, no release configured for "
"automatic updates for it found.")
return
bcls = ContentType.infer_content_class(Build, kbuildinfo)
build = bcls.get(bnvr)
if build and build.update:
log.info(
f"Build, active update for {bnvr} exists already, skipping."
)
return
if not build:
log.debug(f"Build for {bnvr} doesn't exist yet, creating.")
# Package.get_or_create() infers content type already
log.debug("Getting/creating related package object.")
pkg = Package.get_or_create(dbsession, rbuildinfo)
log.debug("Creating build object, adding it to the DB.")
build = bcls(nvr=bnvr, package=pkg, release=rel)
dbsession.add(build)
owner_name = kbuildinfo['owner_name']
user = User.get(owner_name)
if not user:
log.debug(f"Creating bodhi user for '{owner_name}'.")
# Leave email, groups blank, these will be filled
# in or updated when they log into Bodhi next time, see
# bodhi.server.security:remember_me().
user = User(name=owner_name)
dbsession.add(user)
log.debug(f"Creating new update for {bnvr}.")
try:
changelog = build.get_changelog(lastupdate=True)
except ValueError:
# Often due to bot-generated builds
# https://github.com/fedora-infra/bodhi/issues/4146
changelog = None
except Exception:
# Re-raise exception, so that the message can be re-queued
raise
closing_bugs = []
if changelog:
log.debug("Adding changelog to update notes.")
notes = f"""Automatic update for {bnvr}.
##### **Changelog**
```
{changelog}
```"""
if rel.name not in config.get('bz_exclude_rels'):
for b in re.finditer(config.get('bz_regex'), changelog,
re.IGNORECASE):
idx = int(b.group(1))
log.debug(f'Adding bug #{idx} to the update.')
bug = Bug.get(idx)
if bug is None:
bug = Bug(bug_id=idx)
dbsession.add(bug)
dbsession.flush()
if bug not in closing_bugs:
closing_bugs.append(bug)
else:
notes = f"Automatic update for {bnvr}."
update = Update(
release=rel,
builds=[build],
bugs=closing_bugs,
notes=notes,
type=UpdateType.unspecified,
stable_karma=3,
unstable_karma=-3,
autokarma=False,
user=user,
status=UpdateStatus.pending,
critpath=Update.contains_critpath_component([build],
rel.branch),
)
# Comment on the update that it was automatically created.
update.comment(
dbsession,
str("This update was automatically created"),
author="bodhi",
)
update.add_tag(update.release.pending_signing_tag)
log.debug("Adding new update to the database.")
dbsession.add(update)
log.debug("Flushing changes to the database.")
dbsession.flush()
# Obsolete older updates which may be stuck in testing due to failed gating
try:
update.obsolete_older_updates(dbsession)
except Exception as e:
log.error(f'Problem obsoleting older updates: {e}')
alias = update.alias
buglist = [b.bug_id for b in update.bugs]
# This must be run after dbsession is closed so changes are committed to db
work_on_bugs_task.delay(alias, buglist)
def __call__(self, message: fedora_messaging.api.Message) -> None:
"""Create updates from appropriately tagged builds.
Args:
message: The message we are processing.
"""
body = message.body
missing = []
for mandatory in ('tag', 'build_id', 'name', 'version', 'release'):
if mandatory not in body:
missing.append(mandatory)
if missing:
log.debug(
f"Received incomplete tag message. Missing: {', '.join(missing)}"
)
return
btag = body['tag']
bnvr = '{name}-{version}-{release}'.format(**body)
koji = buildsys.get_session()
kbuildinfo = koji.getBuild(bnvr)
if not kbuildinfo:
log.debug(f"Can't find Koji build for {bnvr}.")
return
if 'nvr' not in kbuildinfo:
log.debug(f"Koji build info for {bnvr} doesn't contain 'nvr'.")
return
if 'owner_name' not in kbuildinfo:
log.debug(
f"Koji build info for {bnvr} doesn't contain 'owner_name'.")
return
if kbuildinfo['owner_name'] in config.get(
'automatic_updates_blacklist'):
log.debug(
f"{bnvr} owned by {kbuildinfo['owner_name']} who is listed in "
"automatic_updates_blacklist, skipping.")
return
# some APIs want the Koji build info, some others want the same
# wrapped in a larger (request?) structure
rbuildinfo = {
'info': kbuildinfo,
'nvr': kbuildinfo['nvr'].rsplit('-', 2),
}
with self.db_factory() as dbsession:
rel = dbsession.query(Release).filter_by(
create_automatic_updates=True, candidate_tag=btag).first()
if not rel:
log.debug(
f"Ignoring build being tagged into {btag!r}, no release configured for "
"automatic updates for it found.")
return
bcls = ContentType.infer_content_class(Build, kbuildinfo)
build = bcls.get(bnvr)
if build and build.update:
log.info(
f"Build, active update for {bnvr} exists already, skipping."
)
return
if not build:
log.debug(f"Build for {bnvr} doesn't exist yet, creating.")
# Package.get_or_create() infers content type already
log.debug("Getting/creating related package object.")
pkg = Package.get_or_create(dbsession, rbuildinfo)
log.debug("Creating build object, adding it to the DB.")
build = bcls(nvr=bnvr, package=pkg, release=rel)
dbsession.add(build)
owner_name = kbuildinfo['owner_name']
user = User.get(owner_name)
if not user:
log.debug(f"Creating bodhi user for '{owner_name}'.")
# Leave email, groups blank, these will be filled
# in or updated when they log into Bodhi next time, see
# bodhi.server.security:remember_me().
user = User(name=owner_name)
dbsession.add(user)
log.debug(f"Creating new update for {bnvr}.")
changelog = build.get_changelog(lastupdate=True)
if changelog:
notes = f"""Automatic update for {bnvr}.
##### **Changelog**
```
{changelog}
```"""
else:
notes = f"Automatic update for {bnvr}."
update = Update(
release=rel,
builds=[build],
notes=notes,
type=UpdateType.unspecified,
stable_karma=3,
unstable_karma=-3,
autokarma=False,
user=user,
status=UpdateStatus.pending,
)
# Comment on the update that it was automatically created.
update.comment(
dbsession,
str("This update was automatically created"),
author="bodhi",
)
update.add_tag(update.release.pending_signing_tag)
log.debug("Adding new update to the database.")
dbsession.add(update)
log.debug("Committing changes to the database.")
dbsession.commit()
def query_comments(request):
"""
Search for comments matching given search parameters.
Args:
request (pyramid.request): The current request.
Return:
dict: A dictionary with the following key-value pairs:
comments: An iterable with the current page of matched comments.
page: The current page number.
pages: The total number of pages.
rows_per_page: The number of rows per page.
total: The number of items matching the search terms.
chrome: A boolean indicating whether to paginate or not.
"""
db = request.db
data = request.validated
query = db.query(Comment)
like = data.get('like')
if like is not None:
query = query.filter(or_(*[Comment.text.like('%%%s%%' % like)]))
packages = data.get('packages')
if packages is not None:
query = query\
.join(Comment.update)\
.join(Update.builds)\
.join(Build.package)
query = query.filter(or_(*[Build.package == pkg for pkg in packages]))
since = data.get('since')
if since is not None:
query = query.filter(Comment.timestamp >= since)
updates = data.get('updates')
if updates is not None:
query = query.filter(or_(*[Comment.update == u for u in updates]))
update_owner = data.get('update_owner')
if update_owner is not None:
query = query.join(Comment.update)
query = query.filter(or_(*[Update.user == u for u in update_owner]))
ignore_user = data.get('ignore_user')
if ignore_user is not None:
query = query.filter(and_(*[Comment.user != u for u in ignore_user]))
# don't show bodhi user comments in the web interface
if data.get("chrome"):
query = query.filter(and_(*[Comment.user != User.get('bodhi')]))
user = data.get('user')
if user is not None:
query = query.filter(or_(*[Comment.user == u for u in user]))
query = query.order_by(Comment.timestamp.desc())
# We can't use ``query.count()`` here because it is naive with respect to
# all the joins that we're doing above.
count_query = query.with_labels().statement\
.with_only_columns([func.count(distinct(Comment.id))])\
.order_by(None)
total = db.execute(count_query).scalar()
page = data.get('page')
rows_per_page = data.get('rows_per_page')
pages = int(math.ceil(total / float(rows_per_page)))
query = query.offset(rows_per_page * (page - 1)).limit(rows_per_page)
return dict(
comments=query.all(),
page=page,
pages=pages,
rows_per_page=rows_per_page,
total=total,
chrome=data.get('chrome'),
)
def save_override(request):
"""
Create or edit a buildroot override.
This entails either creating a new buildroot override, or editing an
existing one. To edit an existing buildroot override, the buildroot
override's original id needs to be specified in the ``edited`` parameter.
Args:
request (pyramid.request): The current web request.
Returns:
dict: The new or edited override.
"""
data = request.validated
edited = data.pop("edited")
caveats = []
try:
submitter = User.get(request.user.name)
if edited is None:
builds = data['builds']
overrides = []
if len(builds) > 1:
caveats.append({
'name': 'nvrs',
'description': 'Your override submission was '
'split into %i.' % len(builds)
})
for build in builds:
log.info("Creating a new buildroot override: %s" % build.nvr)
if BuildrootOverride.get(build.id):
request.errors.add('body', 'builds',
'Buildroot override for %s already exists' % build.nvr)
return
else:
overrides.append(BuildrootOverride.new(
request,
build=build,
submitter=submitter,
notes=data['notes'],
expiration_date=data['expiration_date'],
))
if len(builds) > 1:
result = dict(overrides=overrides)
else:
result = overrides[0]
else:
log.info("Editing buildroot override: %s" % edited)
edited = Build.get(edited)
if edited is None:
request.errors.add('body', 'edited', 'No such build')
return
result = BuildrootOverride.edit(
request, edited=edited, submitter=submitter,
notes=data["notes"], expired=data["expired"],
expiration_date=data["expiration_date"])
if not result:
# Some error inside .edit(...)
return
except Exception as e:
log.exception(e)
request.errors.add('body', 'override',
'Unable to save buildroot override: %s' % e)
return
if not isinstance(result, dict):
result = result.__json__()
result['caveats'] = caveats
return result