def attach_bitbucket_trigger(namespace_name, repo_name): permission = AdministerRepositoryPermission(namespace_name, repo_name) if permission.can(): repo = model.repository.get_repository(namespace_name, repo_name) if not repo: msg = "Invalid repository: %s/%s" % (namespace_name, repo_name) abort(404, message=msg) elif repo.kind.name != "image": abort(501) trigger = model.build.create_build_trigger( repo, BitbucketBuildTrigger.service_name(), None, current_user.db_user()) try: oauth_info = BuildTriggerHandler.get_handler( trigger).get_oauth_url() except TriggerProviderException: trigger.delete_instance() logger.debug("Could not retrieve Bitbucket OAuth URL") abort(500) config = {"access_token": oauth_info["access_token"]} access_token_secret = oauth_info["access_token_secret"] model.build.update_build_trigger(trigger, config, auth_token=access_token_secret) return redirect(oauth_info["url"]) abort(403)
def user_subscribe(): def wrapper(listener): logger.debug("Beginning streaming of user events") try: yield "data: %s\n\n" % json.dumps({}) for event_id, data in listener.event_stream(): message = {"event": event_id, "data": data} json_string = json.dumps(message) yield "data: %s\n\n" % json_string finally: logger.debug("Closing listener due to exception") listener.stop() events = request.args.get("events", "").split(",") if not events: abort(404) try: listener = userevents.get_listener(current_user.db_user().username, events) except CannotReadUserEventsException: abort(504) def on_close(): logger.debug("Closing listener due to response close") listener.stop() r = Response(wrapper(listener), mimetype="text/event-stream") r.call_on_close(on_close) return r
def attach_bitbucket_build_trigger(trigger_uuid): trigger = model.build.get_build_trigger(trigger_uuid) if not trigger or trigger.service.name != BitbucketBuildTrigger.service_name( ): abort(404) if trigger.connected_user != current_user.db_user(): abort(404) verifier = request.args.get('oauth_verifier') handler = BuildTriggerHandler.get_handler(trigger) result = handler.exchange_verifier(verifier) if not result: trigger.delete_instance() return 'Token has expired' namespace = trigger.repository.namespace_user.username repository = trigger.repository.name repo_path = '%s/%s' % (namespace, repository) full_url = url_for('web.buildtrigger', path=repo_path, trigger=trigger.uuid) logger.debug('Redirecting to full url: %s', full_url) return redirect(full_url)
def receipt(): if not current_user.is_authenticated: abort(401) return invoice_id = request.args.get('id') if invoice_id: invoice = stripe.Invoice.retrieve(invoice_id) if invoice: user_or_org = model.user.get_user_or_org_by_customer_id(invoice.customer) if user_or_org: if user_or_org.organization: admin_org = AdministerOrganizationPermission(user_or_org.username) if not admin_org.can(): abort(404) return else: if not user_or_org.username == current_user.db_user().username: abort(404) return def format_date(timestamp): return datetime.fromtimestamp(timestamp).strftime('%Y-%m-%d') file_data = renderInvoiceToPdf(invoice, user_or_org) receipt_filename = 'quay-receipt-%s.pdf' % (format_date(invoice.date)) return Response(file_data, mimetype="application/pdf", headers={"Content-Disposition": "attachment;filename=" + receipt_filename}) abort(404)
def validate_session_cookie(auth_header_unusued=None): """ Attempts to load a user from a session cookie. """ if current_user.is_anonymous: return ValidateResult(AuthKind.cookie, missing=True) try: # Attempt to parse the user uuid to make sure the cookie has the right value type UUID(current_user.get_id()) except ValueError: logger.debug('Got non-UUID for session cookie user: %s', current_user.get_id()) return ValidateResult(AuthKind.cookie, error_message='Invalid session cookie format') logger.debug('Loading user from cookie: %s', current_user.get_id()) db_user = current_user.db_user() if db_user is None: return ValidateResult(AuthKind.cookie, error_message='Could not find matching user') # Don't allow disabled users to login. if not db_user.enabled: logger.debug('User %s in session cookie is disabled', db_user.username) return ValidateResult(AuthKind.cookie, error_message='User account is disabled') # Don't allow organizations to "login". if db_user.organization: logger.debug('User %s in session cookie is in-fact organization', db_user.username) return ValidateResult(AuthKind.cookie, error_message='Cannot login to organization') return ValidateResult(AuthKind.cookie, user=db_user)
def attach_gitlab_build_trigger(): state = request.args.get("state", None) if not state: abort(400) state = state[len("repo:") :] try: [namespace, repository] = state.split("/") except ValueError: abort(400) permission = AdministerRepositoryPermission(namespace, repository) if permission.can(): code = request.args.get("code") token = gitlab_trigger.exchange_code_for_token( app.config, client, code, redirect_suffix="/trigger" ) if not token: msg = "Could not exchange token. It may have expired." abort(404, message=msg) repo = model.repository.get_repository(namespace, repository) if not repo: msg = "Invalid repository: %s/%s" % (namespace, repository) abort(404, message=msg) elif repo.kind.name != "image": abort(501) trigger = model.build.create_build_trigger(repo, "gitlab", token, current_user.db_user()) repo_path = "%s/%s" % (namespace, repository) full_url = url_for("web.buildtrigger", path=repo_path, trigger=trigger.uuid) logger.debug("Redirecting to full url: %s", full_url) return redirect(full_url) abort(403)
def request_authorization_code(): provider = FlaskAuthorizationProvider() response_type = request.args.get("response_type", "code") client_id = request.args.get("client_id", None) redirect_uri = request.args.get("redirect_uri", None) scope = request.args.get("scope", None) if not current_user.is_authenticated or not provider.validate_has_scopes( client_id, current_user.db_user().username, scope ): if not provider.validate_redirect_uri(client_id, redirect_uri): current_app = provider.get_application_for_client_id(client_id) if not current_app: abort(404) return provider._make_redirect_error_response( current_app.redirect_uri, "redirect_uri_mismatch" ) # Load the scope information. scope_info = scopes.get_scope_information(scope) if not scope_info: abort(404) return # Load the application information. oauth_app = provider.get_application_for_client_id(client_id) app_email = oauth_app.avatar_email or oauth_app.organization.email oauth_app_view = { "name": oauth_app.name, "description": oauth_app.description, "url": oauth_app.application_uri, "avatar": json.dumps(avatar.get_data(oauth_app.name, app_email, "app")), "organization": { "name": oauth_app.organization.username, "avatar": json.dumps(avatar.get_data_for_org(oauth_app.organization)), }, } # Show the authorization page. has_dangerous_scopes = any([check_scope["dangerous"] for check_scope in scope_info]) return render_page_template_with_routedata( "oauthorize.html", scopes=scope_info, has_dangerous_scopes=has_dangerous_scopes, application=oauth_app_view, enumerate=enumerate, client_id=client_id, redirect_uri=redirect_uri, scope=scope, csrf_token_val=generate_csrf_token(), ) if response_type == "token": return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope) else: return provider.get_authorization_code(response_type, client_id, redirect_uri, scope=scope)
def request_authorization_code(): provider = FlaskAuthorizationProvider() response_type = request.args.get('response_type', 'code') client_id = request.args.get('client_id', None) redirect_uri = request.args.get('redirect_uri', None) scope = request.args.get('scope', None) if (not current_user.is_authenticated or not provider.validate_has_scopes(client_id, current_user.db_user().username, scope)): if not provider.validate_redirect_uri(client_id, redirect_uri): current_app = provider.get_application_for_client_id(client_id) if not current_app: abort(404) return provider._make_redirect_error_response(current_app.redirect_uri, 'redirect_uri_mismatch') # Load the scope information. scope_info = scopes.get_scope_information(scope) if not scope_info: abort(404) return # Load the application information. oauth_app = provider.get_application_for_client_id(client_id) app_email = oauth_app.avatar_email or oauth_app.organization.email oauth_app_view = { 'name': oauth_app.name, 'description': oauth_app.description, 'url': oauth_app.application_uri, 'avatar': json.dumps(avatar.get_data(oauth_app.name, app_email, 'app')), 'organization': { 'name': oauth_app.organization.username, 'avatar': json.dumps(avatar.get_data_for_org(oauth_app.organization)) } } # Show the authorization page. has_dangerous_scopes = any([check_scope['dangerous'] for check_scope in scope_info]) return render_page_template_with_routedata('oauthorize.html', scopes=scope_info, has_dangerous_scopes=has_dangerous_scopes, application=oauth_app_view, enumerate=enumerate, client_id=client_id, redirect_uri=redirect_uri, scope=scope, csrf_token_val=generate_csrf_token()) if response_type == 'token': return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope) else: return provider.get_authorization_code(response_type, client_id, redirect_uri, scope=scope)
def attach_custom_build_trigger(namespace_name, repo_name): permission = AdministerRepositoryPermission(namespace_name, repo_name) if permission.can(): repo = model.repository.get_repository(namespace_name, repo_name) if not repo: msg = 'Invalid repository: %s/%s' % (namespace_name, repo_name) abort(404, message=msg) elif repo.kind.name != 'image': abort(501) trigger = model.build.create_build_trigger(repo, CustomBuildTrigger.service_name(), None, current_user.db_user()) repo_path = '%s/%s' % (namespace_name, repo_name) full_url = url_for('web.buildtrigger', path=repo_path, trigger=trigger.uuid) logger.debug('Redirecting to full url: %s', full_url) return redirect(full_url) abort(403)
def attach_gitlab_build_trigger(): state = request.args.get('state', None) if not state: abort(400) state = state[len('repo:'):] try: [namespace, repository] = state.split('/') except ValueError: abort(400) permission = AdministerRepositoryPermission(namespace, repository) if permission.can(): code = request.args.get('code') token = gitlab_trigger.exchange_code_for_token( app.config, client, code, redirect_suffix='/trigger') if not token: msg = 'Could not exchange token. It may have expired.' abort(404, message=msg) repo = model.repository.get_repository(namespace, repository) if not repo: msg = 'Invalid repository: %s/%s' % (namespace, repository) abort(404, message=msg) elif repo.kind.name != 'image': abort(501) trigger = model.build.create_build_trigger(repo, 'gitlab', token, current_user.db_user()) repo_path = '%s/%s' % (namespace, repository) full_url = url_for('web.buildtrigger', path=repo_path, trigger=trigger.uuid) logger.debug('Redirecting to full url: %s', full_url) return redirect(full_url) abort(403)
def attach_github_build_trigger(namespace_name, repo_name): permission = AdministerRepositoryPermission(namespace_name, repo_name) if permission.can(): code = request.args.get('code') token = github_trigger.exchange_code_for_token(app.config, client, code) repo = model.repository.get_repository(namespace_name, repo_name) if not repo: msg = 'Invalid repository: %s/%s' % (namespace_name, repo_name) abort(404, message=msg) elif repo.kind.name != 'image': abort(501) trigger = model.build.create_build_trigger(repo, 'github', token, current_user.db_user()) repo_path = '%s/%s' % (namespace_name, repo_name) full_url = url_for('web.buildtrigger', path=repo_path, trigger=trigger.uuid) logger.debug('Redirecting to full url: %s', full_url) return redirect(full_url) abort(403)
def user_test(): evt = userevents.get_event(current_user.db_user().username) evt.publish_event_data("test", {"foo": 2}) return "OK"
def user_test(): evt = userevents.get_event(current_user.db_user().username) evt.publish_event_data('test', {'foo': 2}) return 'OK'