def login(self, email, password): """Account login handler. Returns: User account instance if successful otherwise None. """ from corrdb.common.models import UserModel account = None if self.type == 'stormpath': try: _account = self.manager.application.authenticate_account(email, password).account if _account is not None: account = UserModel.objects(email=email).first() except Error as re: print('Message: %s' %re.message) print('HTTP Status: %s' %str(re.status)) print('Developer Message: %s' %re.developer_message) print('More Information: %s' %re.more_info) print('Error Code: %s' %str(re.code)) elif self.type == 'api-token': # No login for api-token. pass elif self.type == 'mongodb': hash_pwd = hashlib.sha256(('CoRRPassword_%s'%password).encode("ascii")).hexdigest() account_1 = UserModel.objects(email=email).first() if account_1 != None: if account_1.password == None: account_1.password = hash_pwd account_1.save() account = account_1 else: account = UserModel.objects(email=email, password=hash_pwd).first() if account and account.group == "unknown": account.group = "user" account.save() return account
def login(self, email, password): """Account login handler. Returns: User account instance if successful otherwise None. """ from corrdb.common.models import UserModel account = None if self.type == 'stormpath': try: _account = self.manager.application.authenticate_account( email, password).account if _account is not None: account = UserModel.objects(email=email).first() except Error as re: print('Message: %s' % re.message) print('HTTP Status: %s' % str(re.status)) print('Developer Message: %s' % re.developer_message) print('More Information: %s' % re.more_info) print('Error Code: %s' % str(re.code)) elif self.type == 'api-token': # No login for api-token. pass elif self.type == 'mongodb': hash_pwd = hashlib.sha256( ('CoRRPassword_%s' % password).encode("ascii")).hexdigest() account_1 = UserModel.objects(email=email).first() if account_1 != None: if account_1.password == None: account_1.password = hash_pwd account_1.save() account = account_1 else: account = UserModel.objects(email=email, password=hash_pwd).first() return account
def register(self, email, password, fname, lname, mname): """Registration handler. Returns: User account registered. """ from corrdb.common.models import UserModel account = None hash_pwd = hashlib.sha256( ('CoRRPassword_%s' % password).encode("ascii")).hexdigest() if self.type == 'api-token': pass else: if self.type == 'mongodb': account = UserModel.objects(email=email).first() elif self.type == 'stormpath': try: _account = application.authenticate_account( email, password, ).account except: _account = None if _account != None: account = UserModel.objects(email=email).first() if account is None: if self.type == 'stormpath': failure = self.create_account(email, password, fname, lname, mname)[0] is None account = UserModel.objects(email=email).first() if account is None: (account, created) = UserModel.objects.get_or_create( created_at=str(datetime.datetime.utcnow()), email=email, group='user', api_token=hashlib.sha256( ('CoRRToken_%s_%s' % (email, str(datetime.datetime.utcnow())) ).encode("ascii")).hexdigest()) if failure: account.password = hash_pwd account.save() if self.type == 'mongodb': account = UserModel.objects(email=email).first() if account is None: (account, created) = UserModel.objects.get_or_create( created_at=str(datetime.datetime.utcnow()), email=email, group='user', api_token=hashlib.sha256( ('CoRRToken_%s_%s' % (email, str(datetime.datetime.utcnow())) ).encode("ascii")).hexdigest()) account.password = hash_pwd account.save() account.save() return True, account else: return False, account return False, account
def check_api(self, token): from corrdb.common.models import UserModel """Get the user object instance from its api token. Returns: The user object instance. """ print([user.extended() for user in UserModel.objects()]) return UserModel.objects(api_token=token).first()
def register(self, email, password, fname, lname, mname): """Registration handler. Returns: User account registered. """ from corrdb.common.models import UserModel account = None _account = None check_password = self.password_check(password) if not check_password['password_ok']: message = ["Password rules vialation:"] if check_password['length_error']: message.append("Must be at least 8 characters.") if check_password['digit_error']: message.append("Must contain at least one digit.") if check_password['uppercase_error']: message.append("Must contain at least one upper case character.") if check_password['lowercase_error']: message.append("Must contain at least one lower case character.") if check_password['symbol_error']: message.append("Must contain at least one special character.") return False, message hash_pwd = hashlib.sha256(('CoRRPassword_%s'%password).encode("ascii")).hexdigest() if self.type == 'api-token': pass else: if self.type == 'mongodb': account = UserModel.objects(email=email).first() elif self.type == 'stormpath': try: _account = self.manager.application.search(email).first() except: _account = None if _account != None: account = UserModel.objects(email=email).first() if account is None: if self.type == 'stormpath': account = UserModel.objects(email=email).first() if account is None: (account, created) = get_or_create(document=UserModel, created_at=str(datetime.datetime.utcnow()), email=email, group='user', api_token=hashlib.sha256(('CoRRToken_%s_%s'%(email, str(datetime.datetime.utcnow()))).encode("ascii")).hexdigest()) if _account is None: failure = self.create_account(email, password, fname, lname, mname)[0] is None if failure: account.password = hash_pwd account.save() if self.type == 'mongodb': account = UserModel.objects(email=email).first() if account is None: (account, created) = get_or_create(document=UserModel, created_at=str(datetime.datetime.utcnow()), email=email, group='user', api_token=hashlib.sha256(('CoRRToken_%s_%s'%(email, str(datetime.datetime.utcnow()))).encode("ascii")).hexdigest()) account.password = hash_pwd account.save() account.save() return True, account else: return False, account return False, account
def login(self, email, password): """Account login handler. Returns: User account instance if successful otherwise None. """ from corrdb.common.models import UserModel account = None if self.type == 'stormpath': try: _account = self.manager.application.authenticate_account(email, password).account if _account: account = UserModel.objects(email=email).first() else: _account = self.manager.application.search(email).first() if _account is None: failure = self.create_account(email, password, "FirstName", "LastName", "")[0] is None if failure: hash_pwd = hashlib.sha256(('CoRRPassword_%s'%password).encode("ascii")).hexdigest() account = UserModel.objects(email=email, password=hash_pwd).first() else: account = UserModel.objects(email=email).first() else: account = None except Error as re: print('Message: %s' %re.message) print('HTTP Status: %s' %str(re.status)) print('Developer Message: %s' %re.developer_message) print('More Information: %s' %re.more_info) print('Error Code: %s' %str(re.code)) elif self.type == 'api-token': # No login for api-token. pass elif self.type == 'mongodb': hash_pwd = hashlib.sha256(('CoRRPassword_%s'%password).encode("ascii")).hexdigest() account_1 = UserModel.objects(email=email).first() if account_1: if account_1.password is None: account_1.password = hash_pwd account_1.save() account = account_1 else: account = UserModel.objects(email=email, password=hash_pwd).first() else: # (account, created) = get_or_create(document=UserModel, created_at=str(datetime.datetime.utcnow()), email=email, group='user', api_token=hashlib.sha256(('CoRRToken_%s_%s'%(email, str(datetime.datetime.utcnow()))).encode("ascii")).hexdigest()) # account.password = hash_pwd # account.save() account = None if account and account.group == "unknown": account.group = "user" account.save() if account: account.connected_at = str(datetime.datetime.utcnow()) if account.auth in ["wrong1", "wrong2", "wrong3"]: account.auth = "approved" account.save() return account
def check_api(self, token, acc_sec=False, cnt_sec=False): from corrdb.common.models import UserModel """Get the user object instance from its api token. Returns: The user object instance. """ print([user.extended() for user in UserModel.objects()]) account = UserModel.objects(api_token=token).first() if account.extend.get('access', 'verified') != 'verified': return None else: return account
def check_api(self, token, acc_sec=False, cnt_sec=False): from corrdb.common.models import UserModel """Get the user object instance from its api token. Returns: The user object instance. """ print([user.extended() for user in UserModel.objects()]) account = UserModel.objects(api_token=token).first() if account.extend.get('access', 'verified') != 'verified': return None else: return account
def tearDown(self): # Delete all documents # Stop mongodb instance. for traffic in TrafficModel.objects(): traffic.delete() for stat in StatModel.objects(): stat.delete() for bundle in BundleModel.objects(): bundle.delete() for version in VersionModel.objects(): version.delete() for user in UserModel.objects(): user.delete() for file in FileModel.objects(): file.delete() for profile in ProfileModel.objects(): profile.delete() for message in MessageModel.objects(): message.delete() for project in ProjectModel.objects(): project.delete() for comment in CommentModel.objects(): comment.delete() for application in ApplicationModel.objects(): application.delete() for access in AccessModel.objects(): access.delete() for environment in EnvironmentModel.objects(): environment.delete() for record in RecordModel.objects(): record.delete() for record in RecordBodyModel.objects(): record.delete() for diff in DiffModel.objects(): diff.delete()
def diff_remove(hash_session, diff_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/diff/remove/<diff_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'DELETE': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: try: diff = DiffModel.objects.with_id(diff_id) except: print str(traceback.print_exc()) if diff is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: if diff.sender == current_user or diff.targeted == current_user: diff.delete() return fk.Response('Diff request removed', status.HTTP_200_OK) else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=remove_failed') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=remove_denied') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def diff_view(hash_session, diff_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/diff/view/<diff_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: try: diff = DiffModel.objects.with_id(diff_id) except: print str(traceback.print_exc()) if diff is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: # Let's allow anybody to be able to see a diff from a search or other. # if diff.creator == current_user or diff.target == current_user: return fk.Response(diff.to_json(), mimetype='application/json') # else: # return fk.redirect('http://0.0.0.0:5000/error-401/?action=view_failed') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=view_denied') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def project_remove(hash_session, project_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/project/remove/<project_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'DELETE': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: # if project_name is not None: project = ProjectModel.objects.with_id(project_id) # project = ProjectModel.objects(name=project_name, owner=current_user).first_or_404() if project == None or (project != None and project.owner != current_user): return fk.redirect('http://0.0.0.0:5000/?action=remove_failed') else: delete_project_files(project) project.delete() return fk.Response('Project deleted', status.HTTP_200_OK) # else: # projects = ProjectModel.objects(owner=current_user) # for project in projects: # delete_project_files(project) # project.delete() # return fk.Response('All projects deleted', status.HTTP_200_OK) else: return fk.redirect('http://0.0.0.0:5000/?action=remove_failed') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def project_view(hash_session, project_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/project/view/<project_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is None: return fk.redirect('http://0.0.0.0:5000/?action=sync_denied') else: allowance = current_user.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance if allowance == hash_session: p = ProjectModel.objects.with_id(project_id) if p == None or (p != None and p.owner != current_user and p.access != 'public'): return fk.redirect('http://0.0.0.0:5000/?action=sync_failed') else: project = {"project":json.loads(p.to_json())} records = RecordModel.objects(project=p) project["activity"] = {"number":len(records), "records":[{"id":str(record.id), "created":str(record.created_at), "updated":str(record.updated_at), "status":str(record.status)} for record in records]} return fk.Response(json.dumps(project, sort_keys=True, indent=4, separators=(',', ': ')), mimetype='application/json') else: return fk.redirect('http://0.0.0.0:5000/?action=sync_failed') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def project_records(hash_session, project_name): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/project/record/<project_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is None: return fk.redirect('http://0.0.0.0:5000/?action=records_denied') else: allowance = current_user.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance if allowance == hash_session: project = ProjectModel.objects(name=project_name).first() # project = ProjectModel.objects(name=project_name, owner=current_user).first_or_404() if project == None or (project != None and project.owner != current_user and project.access != 'public'): return fk.redirect('http://0.0.0.0:5000/?action=records_failed') else: return fk.Response(project.activity_json(), mimetype='application/json') else: return fk.redirect('http://0.0.0.0:5000/?action=records_failed') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def record_comment(hash_session, record_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/record/comment/<record_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'POST': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: try: record = RecordModel.objects.with_id(record_id) except: print str(traceback.print_exc()) if record is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: if record.project.owner == current_user: if fk.request.data: data = json.loads(fk.request.data) comment = data.get("comment", {}) #{"user":str(user_id), "created":str(datetime.datetime.utc()), "title":"", "content":""} if len(comment) != 0: record.comments.append(comment) record.save() return fk.Response('Projject comment posted', status.HTTP_200_OK) else: return fk.redirect('http://0.0.0.0:5000/error-400/') else: return fk.redirect('http://0.0.0.0:5000/error-415/') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=remove_failed') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=remove_denied') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def project_comment(hash_session, project_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/project/comment/<project_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'POST': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: # if project_name is not None: project = ProjectModel.objects.with_id(project_id) # project = ProjectModel.objects(name=project_name, owner=current_user).first_or_404() if project == None or (project != None and project.access != 'public'): return fk.redirect('http://0.0.0.0:5000/?action=comment_failed') else: if fk.request.data: data = json.loads(fk.request.data) comment = data.get("comment", {}) #{"user":str(user_id), "created":str(datetime.datetime.utc()), "title":"", "content":""} if len(comment) != 0: project.comments.append(comment) project.save() return fk.Response('Projject comment posted', status.HTTP_200_OK) else: return fk.redirect('http://0.0.0.0:5000/error-400/') else: return fk.redirect('http://0.0.0.0:5000/error-415/') else: return fk.redirect('http://0.0.0.0:5000/?action=comment_failed') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def project_dashboard(hash_session): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/dashboard/projects") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is None: return fk.redirect('http://0.0.0.0:5000/error-401/?action=dashboard_denied') else: allowance = current_user.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance if allowance == hash_session: projects = ProjectModel.objects(owner=current_user).order_by('+created_at') summaries = [] for p in projects: project = {"project":json.loads(p.summary_json())} records = RecordModel.objects(project=p) project["activity"] = {"number":len(records), "records":[{"id":str(record.id), "created":str(record.created_at), "updated":str(record.updated_at), "status":str(record.status)} for record in records]} summaries.append(project) return fk.Response(json.dumps({'number':len(summaries), 'projects':summaries}, sort_keys=True, indent=4, separators=(',', ': ')), mimetype='application/json') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=dashboard_failed') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def check_admin(token): user_model = UserModel.objects(api_token=token).first() if user_model == None: return None else: print user_model.group return user_model if user_model.group == "admin" else None
def query_basic(words, page, filtr, current_user): filtrs = filter2filters(filtr) raw = [] if "user" not in filtrs: raw.extend([u for u in UserModel.objects().order_by('+created_at') if all(w in str(u.extended()).lower() for w in words)]) # _users = UserModel.objects(Q(email__in=words)|Q(email__in=words)|) # _users_P = ProfileModel.objects() pagination_logs.append("{0} -- query_basic: {1}".format(datetime.datetime.utcnow(), raw)) if "tool" not in filtrs: raw.extend([u for u in ApplicationModel.objects().order_by('+created_at') if all(w in str(u.extended()).lower() for w in words)]) pagination_logs.append("{0} -- query_basic: {1}".format(datetime.datetime.utcnow(), raw)) if "project" not in filtrs: raw.extend([u for u in ProjectModel.objects().order_by('+created_at') if all(w in str(u.extended()).lower() for w in words) and (u.access == 'public' or current_user and (current_user == u.owner or current_user.group == "admin"))]) pagination_logs.append("{0} -- query_basic: {1}".format(datetime.datetime.utcnow(), raw)) if "record" not in filtrs: raw.extend([u for u in RecordModel.objects().order_by('+created_at') if all(w in str(u.extended()).lower() for w in words) and (u.access == 'public' or (current_user and u.project) and (current_user == u.project.owner or current_user.group == "admin"))]) pagination_logs.append("{0} -- query_basic: {1}".format(datetime.datetime.utcnow(), raw)) if "diff" not in filtrs: raw.extend([u for u in DiffModel.objects().order_by('+created_at') if all(w in str(u.extended()).lower() for w in words) and ((u.record_from.access == 'public' and u.record_to.access == 'public') or (current_user and (current_user.group == "admin" or current_user == u.record_from.project.owner or current_user == u.record_to.project.owner)))]) pagination_logs.append("{0} -- query_basic: {1}".format(datetime.datetime.utcnow(), raw)) if "env" not in filtrs: raw.extend([u for u in EnvironmentModel.objects().order_by('+created_at') if all(w in str(u.extended()).lower() for w in words) and (len(ProjectModel.objects(history=str(u.id))) > 0 and (ProjectModel.objects(history=str(u.id))[0].access == 'public' or current_user and (current_user == ProjectModel.objects(history=str(u.id))[0].owner or current_user.group == "admin")))]) pagination_logs.append("{0} -- query_basic: {1}".format(datetime.datetime.utcnow(), raw)) return raw2dict(raw, page)
def check_admin(token): user_model = UserModel.objects(api_token=token).first() if user_model == None: return None else: print user_model.group return user_model if user_model.group == "admin" else None
def user_logout(hash_session): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/user/logout/<hash_session>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': user_model = UserModel.objects(session=hash_session).first() print fk.request.path if user_model is None: return fk.redirect('http://0.0.0.0:5000/?action=logout_denied') else: # print "Connected_at: %s"%str(user_model.connected_at) allowance = user_model.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance # print "Connected_at: %s"%str(user_model.connected_at) if allowance == hash_session: # user_model.connected_at = datetime.datetime.utcnow() # user_model.save() user_model.renew("%sLogout"%(fk.request.headers.get('User-Agent'))) # return fk.redirect('http://0.0.0.0:5000/?action=logout_success') return fk.Response('Logout succeed', status.HTTP_200_OK) else: return fk.redirect('http://0.0.0.0:5000/?action=logout_failed') else: return fk.make_response('Method not allowed.', status.HTTP_405_METHOD_NOT_ALLOWED)
def file_add(hash_session, record_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/record/file/upload/<record_id>") if not created: traffic.interactions += 1 traffic.save() user_model = UserModel.objects(session=hash_session).first() if user_model is None: return fk.redirect('http://0.0.0.0:5000/?action=update_denied') else: if fk.request.method == 'POST': infos = {} try: record = RecordModel.objects.with_id(record_id) except: print str(traceback.print_exc()) if record is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: if fk.request.data: file_model = FileModel.objects.get_or_create(created_at=datetime.datetime.utcnow()) infos = json.loads(fk.request.data) relative_path = infos.get("relative_path", "./") group = infos.get("group", "undefined") description = infos.get("description", "") file_model.group = group file_model.description = description if fk.request.files: if fk.request.files['file']: file_obj = fk.request.files['file'] if current_user.quota+file_obj.tell() > 5000000000: return fk.make_response("You have exceeded your 5Gb of quota. You will have to make some space.", status.HTTP_403_FORBIDDEN) else: relative_path = "%s%s"%(relative_path, file_obj.filename) location = str(user_model.id)+"-"+str(record.id)+"_%s"%file_obj.filename try: uploaded = upload_file(user_model, file_obj) if uploaded: file_model.relative_path = relative_path file_model.location = location today = datetime.date.today() (stat, created) = StatModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), interval="%s_%s_%s_0_0_0-%s_%s_%s_23_59_59"%(today.year, today.month, today.day, today.year, today.month, today.day), category="storage", periode="daily") if not created: stat.traffic += file_obj.tell() stat.save() file_model.save() return fk.make_response("File uploaded with success.", status.HTTP_200_OK) else: return fk.make_response("Could not create storage states.", status.HTTP_500_INTERNAL_SERVER_ERROR) else: file_model.delete() return fk.make_response("Could not upload the file.", status.HTTP_500_INTERNAL_SERVER_ERROR) except Exception, e: return fk.make_response(str(traceback.print_exc()), status.HTTP_400_BAD_REQUEST) else: return fk.make_response("Missing mandatory fields.", status.HTTP_400_BAD_REQUEST) else:
def check_cloud(self, hash_session, acc_sec=False, cnt_sec=False): """Check that a session is valid. Returns: Tuple of Validation Boolean and the account instance. """ from corrdb.common.models import UserModel account = UserModel.objects(session=hash_session).first() print(fk.request.path) if account is None: return False, None else: # print "Connected_at: %s"%str(user_model.connected_at) allowance = account.allowed( "%s%s" % (fk.request.headers.get('User-Agent'), fk.request.remote_addr)) print("Allowance: {0}".format(allowance)) # print "Connected_at: %s"%str(user_model.connected_at) if allowance == hash_session: if acc_sec and account.extend.get('access', 'verified') != 'verified': return False, account else: return True, account else: return False, account
def record_view(hash_session, record_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/record/view/<record_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: try: record = RecordModel.objects.with_id(record_id) except: print str(traceback.print_exc()) if record is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: if record.project.owner == current_user: return fk.Response(record.to_json(), mimetype='application/json') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=view_failed') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=view_denied') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def record_remove(hash_session, record_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/record/remove/<record_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'DELETE': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: try: record = RecordModel.objects.with_id(record_id) except: print str(traceback.print_exc()) if record is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: if record.project.owner == current_user: delete_record_files(record) record.delete() return fk.Response('Record removed', status.HTTP_200_OK) else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=remove_failed') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=remove_denied') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def register(self, email, password, fname, lname, mname): """Registration handler. Returns: User account registered. """ from corrdb.common.models import UserModel account = None hash_pwd = hashlib.sha256(('CoRRPassword_%s'%password).encode("ascii")).hexdigest() if self.type == 'api-token': pass else: if self.type == 'mongodb': account = UserModel.objects(email=email).first() elif self.type == 'stormpath': try: _account = application.authenticate_account( email, password, ).account except: _account = None if _account != None: account = UserModel.objects(email=email).first() if account is None: if self.type == 'stormpath': failure = self.create_account(email, password, fname, lname, mname)[0] is None account = UserModel.objects(email=email).first() if account is None: (account, created) = UserModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), email=email, group='user', api_token=hashlib.sha256(('CoRRToken_%s_%s'%(email, str(datetime.datetime.utcnow()))).encode("ascii")).hexdigest()) if failure: account.password = hash_pwd account.save() if self.type == 'mongodb': account = UserModel.objects(email=email).first() if account is None: (account, created) = UserModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), email=email, group='user', api_token=hashlib.sha256(('CoRRToken_%s_%s'%(email, str(datetime.datetime.utcnow()))).encode("ascii")).hexdigest()) account.password = hash_pwd account.save() account.save() return True, account else: return False, account return False, account
def public_users(): logTraffic(endpoint='/public/users') if fk.request.method == 'GET': users = UserModel.objects() users_dict = {'total_users':len(users), 'users':[]} for user in users: users_dict['users'].append(user.extended()) return api_response(200, 'Users list', users_dict) else: return api_response(405, 'Method not allowed', 'This endpoint supports only a GET method.')
def diff_edit(hash_session, diff_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/diff/edit/<diff_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'POST': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is None: return fk.redirect('http://0.0.0.0:5000/error-401/?action=edit_denied') else: allowance = current_user.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance if allowance == hash_session: try: diff = DiffModel.objects.with_id(diff_id) except: print str(traceback.print_exc()) if diff is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: if fk.request.data: data = json.loads(fk.request.data) if diff.sender == current_user: try: diffentiation = data.get("diff", diff.diff) proposition = data.get("proposition", diff.proposition) diff.diff = diffentiation diff.proposition = proposition if diff.status == "agreed" or diff.status == "denied": diff.status = "altered" diff.save() return fk.Response('Diff edited', status.HTTP_200_OK) except: print str(traceback.print_exc()) return fk.redirect('http://0.0.0.0:5000/error-400/') elif diff.target == current_user: try: status = data.get("status", diff.status) diff.status = status diff.save() return fk.Response('Diff edited', status.HTTP_200_OK) except: print str(traceback.print_exc()) return fk.redirect('http://0.0.0.0:5000/error-400/') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=edit_failed') else: return fk.redirect('http://0.0.0.0:5000/error-415/') else: return fk.redirect('http://0.0.0.0:5000/error-404/') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def accounts(self): """Retrieve the registered accounts. Returns: List of registered users accounts. """ from corrdb.common.models import UserModel users = None if self.type == 'stormpath': users = self.manager.application.accounts elif self.type == 'api-token' or self.type == 'mongodb': users = UserModel.objects() return users
def diff_create(hash_session, diff_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/diff/create") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'POST': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is None: return fk.redirect('http://0.0.0.0:5000/error-401/?action=edit_denied') else: allowance = current_user.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance if allowance == hash_session: if fk.request.data: data = json.loads(fk.request.data) targeted_id = data.get("targeted", "") record_from_id = data.get("record_from", "") record_to_id = data.get("record_to", "") diffentiation = data.get("diff", {}) proposition = data.get("proposition", "undefined") status = data.get("status", "undefined") comments = data.get("comments", []) if targeted_id == "" or record_from_id == "" or record_to_id == "": return fk.redirect('http://0.0.0.0:5000/error-400/') else: try: targeted = UserModel.objects.with_id(targeted_id) record_from = RecordModel.objects.with_id(record_from_id) record_to = RecordModel.objects.with_id(record_to_id) if targeted != None and record_to != None and record_from != None: (diff, created) = DiffModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), sender=current_user, targeted=targeted, record_from=record_from, record_to=record_to) if created: diff.proposition = proposition diff.status = status diff.comments = comments diff.save() return fk.Response('Diff created', status.HTTP_200_OK) else: return fk.redirect('http://0.0.0.0:5000/error-409/') else: return fk.redirect('http://0.0.0.0:5000/error-400/') except: return fk.redirect('http://0.0.0.0:5000/error-400/') else: return fk.redirect('http://0.0.0.0:5000/error-415/') else: return fk.redirect('http://0.0.0.0:5000/error-404/') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def accounts(self): """Retrieve the registered accounts. Returns: List of registered users accounts. """ from corrdb.common.models import UserModel users = None if self.type == 'stormpath': users = self.manager.application.accounts elif self.type == 'api-token' or self.type == 'mongodb': users = UserModel.objects() return users
def project_edit(hash_session, project_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/project/edit/<project_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'POST': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: project = ProjectModel.objects.with_id(project_id) # project = ProjectModel.objects(name=project_name, owner=current_user).first_or_404() if project == None or (project != None and project.owner != current_user): return fk.redirect('http://0.0.0.0:5000/?action=edit_failed') else: if fk.request.data: data = json.loads(fk.request.data) try: description = data.get("description", project.description) goals = data.get("goals", project.goals) group = data.get("group", project.group) environment = data.get("environment", {}) project.description = description project.goals = goals project.group = group if len(environment) != 0: environment_model = EnvironmentModel.objects.with_id(environment['id']) if environment_model is not None: system = environment.get('system', environment_model.system) version = environment.get('version', environment_model.version) specifics = environment.get('specifics', environment_model.specifics) group = environment.get('group', environment_model.group) remote_bundle = environment.get('bundle', '') environment_model.system = system environment_model.version = version environment_model.specifics = specifics environment_model.group = group if remote_bundle != '' and environment_model.bundle['scope'] != 'local': environment_model.bundle['location'] = remote_bundle environment_model.save() project.save() return fk.Response('Project updated', status.HTTP_200_OK) except: print str(traceback.print_exc()) return fk.make_response("Could not edit the project.", status.HTTP_503_SERVICE_UNAVAILABLE) else: return fk.Response('Nothing to update', status.HTTP_200_OK) else: return fk.redirect('http://0.0.0.0:5000/?action=edit_failed') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def check_admin(email=None): """ Check that admin account does not already exist Returns boolean to indicate if it is true or false """ if email: account = UserModel.objects(email=email).first() if account and account.group == "admin": return True else: admin = UserModel.objects(group="admin").first() if admin: # We only want to allow the creation of one admin # Only the original admin can add new admins. # Once created another admin cannot be added this way # for security purposes. print("Admins already exist!") return True else: return False else: # Fake admin existence to avoid attempt to create admin with void email. return True
def pull_record(hash_session, record_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/record/pull/<record_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is None: return fk.redirect('http://0.0.0.0:5000/error-401/?action=pull_denied') else: allowance = current_user.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance if allowance == hash_session: try: record = RecordModel.objects.with_id(record_id) except: print str(traceback.print_exc()) if record is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: if record.project.owner == current_user: record_user = record.project.owner if record.environment: environment = record.environment if environment.bundle['location']: bundle = load_bundle(record) # print image[1] return fk.send_file( bundle[0], mimetypes.guess_type(bundle[1])[0], as_attachment=True, attachment_filename=str(record_user.id)+"-"+str(record.project.id)+"-"+str(record_id)+"-record.zip", ) else: print "Failed because of environment bundle location not found." return fk.redirect('http://0.0.0.0:5000/error-204/') else: print "No environment bundle." return fk.redirect('http://0.0.0.0:5000/error-204/') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=pull_failed') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=pull_denied') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def user_sync(hash_session): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/user/sync/<hash_session>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': user_model = UserModel.objects(session=hash_session).first() print fk.request.path if user_model is None: return fk.make_response('Login failed.', status.HTTP_401_UNAUTHORIZED) else: user_model.sess_sync("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) return fk.Response(json.dumps({'session':user_model.session}, sort_keys=True, indent=4, separators=(',', ': ')), mimetype='application/json') else: return fk.make_response('Method not allowed.', status.HTTP_405_METHOD_NOT_ALLOWED)
def check_cloud(self, hash_session, acc_sec=False, cnt_sec=False): """Check that a session is valid. Returns: Tuple of Validation Boolean and the account instance. """ from corrdb.common.models import UserModel if hash_session == "logout": account = None else: account = UserModel.objects(session=hash_session).first() if account is None: return False, None else: # We want multiple browser logins without being thrown out. return True, account
def user_login(): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/public/user/login") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'POST': print "Request: %s"%str(fk.request.data) if fk.request.data: data = json.loads(fk.request.data) application = stormpath_manager.application email = data.get('email', '').lower() password = data.get('password', '') if email == '' or '@' not in email: return fk.make_response("The email field cannot be empty.", status.HTTP_400_BAD_REQUEST) else: try: _user = application.authenticate_account( email, password, ).account account = UserModel.objects(email=email).first() if account == None and _user != None: # Sync with stormpath here... :-) account, created = UserModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), email=email, api_token=hashlib.sha256(b'DDSMSession_%s_%s'%(email, str(datetime.datetime.utcnow()))).hexdigest()) if created: (profile_model, created) = ProfileModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), user=account, fname="None", lname="None", organisation="None", about="None") print "Token %s"%account.api_token print fk.request.headers.get('User-Agent') print fk.request.remote_addr # print "Connected at %s"%str(account.connected_at) # account.connected_at = datetime.datetime.utcnow() # account.save() account.renew("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) # print "Session: %s"%account.session return fk.Response(json.dumps({'session':account.session}, sort_keys=True, indent=4, separators=(',', ': ')), mimetype='application/json') # return fk.redirect('http://0.0.0.0:5000/?session=%s'%account.session) # return fk.redirect('http://0.0.0.0:5200%s/%s/user/sync'%(CLOUD_URL, account.session)) except: print str(traceback.print_exc()) return fk.make_response('Login failed.', status.HTTP_401_UNAUTHORIZED) else: return fk.make_response("Missing mandatory fields.", status.HTTP_400_BAD_REQUEST) else: return fk.make_response('Method not allowed.', status.HTTP_405_METHOD_NOT_ALLOWED)
def user_truested(hash_session): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/user/trusted") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': user_model = UserModel.objects(session=hash_session).first() print fk.request.path if user_model is None: return fk.make_response('Trusting failed.', status.HTTP_401_UNAUTHORIZED) else: allowance = user_model.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) if allowance == hash_session: return fk.Response('Trusting succeed', status.HTTP_200_OK) else: return fk.make_response('Trusting failed.', status.HTTP_401_UNAUTHORIZED) else: return fk.make_response('Method not allowed.', status.HTTP_405_METHOD_NOT_ALLOWED)
def record_edit(hash_session, record_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/record/edit/<record_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'POST': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is None: return fk.redirect('http://0.0.0.0:5000/error-401/?action=edit_denied') else: allowance = current_user.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance if allowance == hash_session: try: record = RecordModel.objects.with_id(record_id) except: print str(traceback.print_exc()) if record is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: if record.project.owner == current_user: if fk.request.data: data = json.loads(fk.request.data) try: head = data.get("head", {}) content = data.get("content", {}) #process the updaye to be made. record.save() return fk.Response('Record edited', status.HTTP_200_OK) except: print str(traceback.print_exc()) return fk.redirect('http://0.0.0.0:5000/error-400/') else: return fk.redirect('http://0.0.0.0:5000/error-415/') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=edit_failed') else: return fk.redirect('http://0.0.0.0:5000/error-404/') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def record_diff(hash_session, record_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/dashboard/record/diff/<record_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: allowance = current_user.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance if allowance == hash_session: try: record = RecordModel.objects.with_id(record_id) except: print str(traceback.print_exc()) if record is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: if (record.project.owner == current_user) or record.access == 'public': diffs = [] founds = DiffModel.objects(record_from=record) if founds != None: for diff in founds: diffs.append(diff.info()) founds = DiffModel.objects(record_to=record) if founds != None: for diff in founds: diffs.append(diff.info()) record_info = record.info() record_info['diffs'] = diffs return fk.Response(json.dumps(record_info, sort_keys=True, indent=4, separators=(',', ': ')), mimetype='application/json') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=dashboard_failed') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=dashboard_failed') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=dashboard_denied') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def user_unregister(hash_session): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/user/unregister/<hash_session>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': user_model = UserModel.objects(session=hash_session).first() if user_model is None: return fk.redirect('http://0.0.0.0:5000/?action=unregister_denied') else: # print "Connected_at: %s"%str(user_model.connected_at) allowance = user_model.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance # print "Connected_at: %s"%str(user_model.connected_at) if allowance == hash_session: return fk.make_response('Currently not implemented. Try later.', status.HTTP_501_NOT_IMPLEMENTED) else: return fk.redirect('http://0.0.0.0:5000/?action=unregister_failed') else: return fk.make_response('Method not allowed.', status.HTTP_405_METHOD_NOT_ALLOWED)
def dashboard_records(hash_session, project_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/dashboard/records/<project_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is None: return fk.redirect('http://0.0.0.0:5000/error-401/?action=dashboard_denied') else: allowance = current_user.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance if allowance == hash_session: p = ProjectModel.objects.with_id(project_id) project = {"project":json.loads(p.summary_json())} records = RecordModel.objects(project=p) records_object = [] for record in records: record_object = {"id":str(record.id), "created":str(record.created_at), "updated":str(record.updated_at), "status":str(record.status)} diffs = [] founds = DiffModel.objects(record_from=record) if founds != None: for diff in founds: diffs.append(diff.info()) founds = DiffModel.objects(record_to=record) if founds != None: for diff in founds: diffs.append(diff.info()) record_object['diffs'] = len(diffs) records_object.append(record_object) project["activity"] = {"number":len(records), "records":records_object} return fk.Response(json.dumps(project, sort_keys=True, indent=4, separators=(',', ': ')), mimetype='application/json') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=dashboard_failed') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def record_comments(hash_session, record_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/record/comments/<record_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: try: record = RecordModel.objects.with_id(record_id) except: print str(traceback.print_exc()) if record is None or (record != None and record.access != 'public'): return fk.redirect('http://0.0.0.0:5000/?action=comments_failed') else: return fk.Response(json.dumps(record.comments, sort_keys=True, indent=4, separators=(',', ': ')), mimetype='application/json') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=comments_denied') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def user_password_change(): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/user/password/change") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'POST': user_model = UserModel.objects(session=hash_session).first() print fk.request.path if user_model is None: return fk.redirect('http://0.0.0.0:5000/?action=change_denied') else: # print "Connected_at: %s"%str(user_model.connected_at) allowance = user_model.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance # print "Connected_at: %s"%str(user_model.connected_at) if allowance == hash_session: application = stormpath_manager.application accounts = application.accounts account = None for acc in accounts: if acc.email == user_model.email: account = acc break if account != None: if fk.request.data: data = json.loads(fk.request.data) password = data.get('password', '') account.password = password account.save() return fk.Response('Passoword changed', status.HTTP_200_OK) else: return fk.make_response("Missing mandatory fields.", status.HTTP_400_BAD_REQUEST) else: return fk.make_response('Password change failed.', status.HTTP_401_UNAUTHORIZED) else: return fk.redirect('http://0.0.0.0:5000/?action=change_failed') else: return fk.make_response('Method not allowed.', status.HTTP_405_METHOD_NOT_ALLOWED)
def user_picture(hash_session): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/user/picture") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': user_model = UserModel.objects(session=hash_session).first() print fk.request.path if user_model is None: return fk.make_response('Picture get failed.', status.HTTP_401_UNAUTHORIZED) else: # print "Connected_at: %s"%str(user_model.connected_at) allowance = user_model.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance # print "Connected_at: %s"%str(user_model.connected_at) if allowance == hash_session: profile_model = ProfileModel.object(user=user_model).first_or_404() if profile_model.picture['scope'] == 'remote': return fk.redirect(profile_model.picture['location']) elif profile_model.picture['scope'] == 'local': if profile_model.picture['location']: #Refuse images that are more than 5Mb picture = load_picture(profile_model) print picture[1] return fk.send_file( picture[0], mimetypes.guess_type(picture[1])[0], as_attachment=True, attachment_filename=profile_model.picture['location'], ) else: print "Failed because of picture location not found." return fk.make_response('Empty location. Nothing to pull from here!', status.HTTP_204_NO_CONTENT) else: return fk.make_response('Picture get failed.', status.HTTP_401_UNAUTHORIZED) else: return fk.make_response('Method not allowed.', status.HTTP_405_METHOD_NOT_ALLOWED)
def diff_comment(hash_session, diff_id): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/diff/comment/<diff_id>") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'POST': current_user = UserModel.objects(session=hash_session).first() print fk.request.path if current_user is not None: try: diff = DiffModel.objects.with_id(diff_id) except: print str(traceback.print_exc()) if diff is None: return fk.redirect('http://0.0.0.0:5000/error-204/') else: # if diff.project.owner == current_user: # Allow any user to be able to comment on a diff. # Because based on a discussion a user that can't see the two records can ask # the scientists involved to make one or both public so that he can access them. if fk.request.data: data = json.loads(fk.request.data) comment = data.get("comment", {}) #{"user":str(user_id), "created":str(datetime.datetime.utc()), "title":"", "content":""} if len(comment) != 0: diff.comments.append(comment) diff.save() return fk.Response('Diff comment posted', status.HTTP_200_OK) else: return fk.redirect('http://0.0.0.0:5000/error-400/') else: return fk.redirect('http://0.0.0.0:5000/error-415/') # else: # return fk.redirect('http://0.0.0.0:5000/error-401/?action=comment_failed') else: return fk.redirect('http://0.0.0.0:5000/error-401/?action=comment_denied') else: return fk.redirect('http://0.0.0.0:5000/error-405/')
def user_home(): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/public/user/home") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': users = UserModel.objects() projects = ProjectModel.objects() records = RecordModel.objects() environments = EnvironmentModel.objects() print fk.request.path users_stat = {"number":len(users)} users_stat["history"] = [json.loads(stat.to_json()) for stat in StatModel.objects(category="user")] projects_stat = {"number":len(projects)} projects_stat["history"] = [json.loads(stat.to_json()) for stat in StatModel.objects(category="project")] storage_stat = {} storage_stat["history"] = [json.loads(stat.to_json()) for stat in StatModel.objects(category="storage")] amount = 0 for user in users: try: amount += user.quota except: amount += 0 storage_stat["size"] = size(amount) records_stat = {"number":len(records)} records_stat["history"] = [json.loads(stat.to_json()) for stat in StatModel.objects(category="record")] return fk.Response(json.dumps({'users':users_stat, 'projects':projects_stat, 'records':records_stat, 'storage':storage_stat}, sort_keys=True, indent=4, separators=(',', ': ')), mimetype='application/json') else: return fk.make_response('Method not allowed.', status.HTTP_405_METHOD_NOT_ALLOWED)
def user_profile(hash_session): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/user/profile") if not created: traffic.interactions += 1 traffic.save() if fk.request.method == 'GET': user_model = UserModel.objects(session=hash_session).first() profile_model, created = ProfileModel.objects.get_or_create(user=user_model, fname="None", lname="None", organisation="None", about="None") if created: profile_model.created_at=datetime.datetime.utcnow() profile_model.save() print fk.request.path if user_model is None: return fk.make_response('profile get failed.', status.HTTP_401_UNAUTHORIZED) else: # print "Connected_at: %s"%str(user_model.connected_at) allowance = user_model.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) if allowance == hash_session: return fk.Response(json.dumps({'fname':profile_model.fname, 'lname':profile_model.lname, 'organisation':profile_model.organisation, 'about':profile_model.about, 'picture':profile_model.picture, 'email':user_model.email, 'session':user_model.session, 'api':user_model.api_token}, sort_keys=True, indent=4, separators=(',', ': ')), mimetype='application/json') else: return fk.make_response('profile get failed.', status.HTTP_401_UNAUTHORIZED) else: return fk.make_response('Method not allowed.', status.HTTP_405_METHOD_NOT_ALLOWED)
def user_update(hash_session): (traffic, created) = TrafficModel.objects.get_or_create(created_at=str(datetime.datetime.utcnow()), service="cloud", endpoint="/private/user/update/<hash_session>") if not created: traffic.interactions += 1 traffic.save() user_model = UserModel.objects(session=hash_session).first() if user_model is None: return fk.redirect('http://0.0.0.0:5000/?action=update_denied') else: if fk.request.method == 'POST': if fk.request.data: data = json.loads(fk.request.data) application = stormpath_manager.application() # user_model = UserModel.objects(session=hash_session).first() print fk.request.path # if user_model is None: # return fk.redirect('http://0.0.0.0:5000/?action=update_denied') # else: # print "Connected_at: %s"%str(user_model.connected_at) allowance = user_model.allowed("%s%s"%(fk.request.headers.get('User-Agent'),fk.request.remote_addr)) print "Allowance: "+allowance # print "Connected_at: %s"%str(user_model.connected_at) if allowance == hash_session: #Update stormpath user if password is affected #Update local profile data and picture if other data are affected. # return fk.redirect('http://0.0.0.0:5000/?action=update_success') profile_model = ProfileModel.object(user=user_model).first_or_404() fname = data.get("fname", profile_model.fname) lname = data.get("fname", profile_model.lname) password = data.get("password", "") organisation = data.get("organisation", profile_model.organisation) about = data.get("about", profile_model.about) picture_link = data.get("picture", "") picture = profile_model.picture if picture_link != "": picture['location'] = picture_link profile_model.fname = fname profile_model.lname = lname profile_model.organisation = organisation profile_model.about = about profile_model.picture = picture profile_model.save() if password != "": application = stormpath_manager.application accounts = application.accounts account = None for acc in accounts: if acc.email == user_model.email: account = acc break if account != None: account.password = password account.save() return fk.Response('Account update succeed', status.HTTP_200_OK) else: return fk.make_response('Account update failed.', status.HTTP_401_UNAUTHORIZED) # return fk.redirect('http://0.0.0.0:5000/?action=update_failed') if fk.request.files: if fk.request.files['picture']: picture_obj = fk.request.files['picture'] try: picture_link = str(user_model.id)+"."+picture_obj.filename.split('.')[-1] profile_model = ProfileModel.object(user=user_model).first_or_404() uploaded = upload_picture(user_model, picture_obj) if uploaded: profile_model.picture['scope'] = 'local' profile_model.picture['location'] = picture_link profile_model.save() except Exception, e: return fk.make_response(str(traceback.print_exc()), status.HTTP_400_BAD_REQUEST) else: return fk.make_response("Missing mandatory fields.", status.HTTP_400_BAD_REQUEST) else: