def _process(self, url):
if editing_settings.get(self.event, 'service_url'):
raise BadRequest('Service URL already set')
url = url.rstrip('/')
info = check_service_url(url)
if info['error'] is not None:
abort(422, messages={'url': [info['error']]})
if not editing_settings.get(self.event, 'service_event_identifier'):
editing_settings.set(self.event, 'service_event_identifier',
make_event_identifier(self.event))
editing_settings.set_multi(self.event, {
'service_url': url,
'service_token': unicode(uuid4()),
})
# we need to commit the token so the service can already use it when processing
# the enabled event in case it wants to set up tags etc
db.session.commit()
try:
service_handle_enabled(self.event)
except ServiceRequestFailed as exc:
editing_settings.delete(self.event, 'service_url', 'service_token')
db.session.commit()
raise ServiceUnavailable(
_('Could not register event with service: {}').format(exc))
except Exception:
editing_settings.delete(self.event, 'service_url', 'service_token')
db.session.commit()
raise
return '', 204
def _clone_review_conditions(self, new_event):
review_conditions = editing_settings.get(self.old_event,
'review_conditions')
new_conditions = OrderedDict(
self._build_review_conditions(new_event, cond)
for cond in review_conditions.viewvalues())
editing_settings.set(new_event, 'review_conditions', new_conditions)
def _clone_review_conditions(self, new_event):
for type_ in EditableType:
review_conditions = editing_settings.get(
self.old_event, type_.name + '_review_conditions')
new_conditions = OrderedDict(
self._build_review_conditions(new_event, cond)
for cond in review_conditions.viewvalues())
editing_settings.set(new_event, type_.name + '_review_conditions',
new_conditions)
def test_token_access_mixin(dummy_event, app, test_client):
class RHTest(TokenAccessMixin, RH):
def _process(self):
return f'{self._token_can_access()}|{self.is_service_call}'.lower()
class RHTestServiceAllowed(TokenAccessMixin, RH):
SERVICE_ALLOWED = True
def can_access(self):
# must be called here for CSRF
self._token_can_access()
def _process(self):
return f'{self._token_can_access()}|{self.is_service_call}'.lower()
app.add_url_rule('/test/<int:event_id>/no-service', 'test_no_service',
make_view_func(RHTest))
app.add_url_rule('/test/<int:event_id>/service',
'test_service',
make_view_func(RHTestServiceAllowed),
methods=('GET', 'POST'))
token = f'{TOKEN_PREFIX_SERVICE}{uuid4()}'
editing_settings.set(dummy_event, 'service_token', token)
# no auth
assert test_client.get(
f'/test/{dummy_event.id}/no-service').data == b'false|false'
assert test_client.get(
f'/test/{dummy_event.id}/service').data == b'false|false'
# service token
service_auth = {'headers': {'Authorization': f'Bearer {token}'}}
assert test_client.get(f'/test/{dummy_event.id}/no-service',
**service_auth).data == b'false|false'
assert test_client.get(f'/test/{dummy_event.id}/service',
**service_auth).data == b'true|true'
# csrf
resp = test_client.post(f'/test/{dummy_event.id}/service')
assert resp.status_code == 400
assert b'problem with your current session' in resp.data
assert test_client.post(f'/test/{dummy_event.id}/service',
**service_auth).data == b'true|true'
def _process_POST(self, editable_types):
editable_types_names = [t.name for t in editable_types]
editing_settings.set(self.event, 'editable_types',
editable_types_names)
return '', 204
def _process_PATCH(self, file_types):
new_conditions = editing_settings.get(self.event, 'review_conditions')
new_conditions[self.uuid] = file_types
editing_settings.set(self.event, 'review_conditions', new_conditions)
return '', 204
def _process_DELETE(self):
new_conditions = editing_settings.get(self.event, 'review_conditions')
del new_conditions[self.uuid]
editing_settings.set(self.event, 'review_conditions', new_conditions)
return '', 204
def _process_POST(self, file_types):
new_conditions = editing_settings.get(self.event, 'review_conditions')
new_conditions[unicode(uuid4())] = file_types
editing_settings.set(self.event, 'review_conditions', new_conditions)
return '', 204
