def _process(self, url): if editing_settings.get(self.event, 'service_url'): raise BadRequest('Service URL already set') url = url.rstrip('/') info = check_service_url(url) if info['error'] is not None: abort(422, messages={'url': [info['error']]}) if not editing_settings.get(self.event, 'service_event_identifier'): editing_settings.set(self.event, 'service_event_identifier', make_event_identifier(self.event)) editing_settings.set_multi(self.event, { 'service_url': url, 'service_token': unicode(uuid4()), }) # we need to commit the token so the service can already use it when processing # the enabled event in case it wants to set up tags etc db.session.commit() try: service_handle_enabled(self.event) except ServiceRequestFailed as exc: editing_settings.delete(self.event, 'service_url', 'service_token') db.session.commit() raise ServiceUnavailable( _('Could not register event with service: {}').format(exc)) except Exception: editing_settings.delete(self.event, 'service_url', 'service_token') db.session.commit() raise return '', 204
def _clone_review_conditions(self, new_event): review_conditions = editing_settings.get(self.old_event, 'review_conditions') new_conditions = OrderedDict( self._build_review_conditions(new_event, cond) for cond in review_conditions.viewvalues()) editing_settings.set(new_event, 'review_conditions', new_conditions)
def _clone_review_conditions(self, new_event): for type_ in EditableType: review_conditions = editing_settings.get( self.old_event, type_.name + '_review_conditions') new_conditions = OrderedDict( self._build_review_conditions(new_event, cond) for cond in review_conditions.viewvalues()) editing_settings.set(new_event, type_.name + '_review_conditions', new_conditions)
def test_token_access_mixin(dummy_event, app, test_client): class RHTest(TokenAccessMixin, RH): def _process(self): return f'{self._token_can_access()}|{self.is_service_call}'.lower() class RHTestServiceAllowed(TokenAccessMixin, RH): SERVICE_ALLOWED = True def can_access(self): # must be called here for CSRF self._token_can_access() def _process(self): return f'{self._token_can_access()}|{self.is_service_call}'.lower() app.add_url_rule('/test/<int:event_id>/no-service', 'test_no_service', make_view_func(RHTest)) app.add_url_rule('/test/<int:event_id>/service', 'test_service', make_view_func(RHTestServiceAllowed), methods=('GET', 'POST')) token = f'{TOKEN_PREFIX_SERVICE}{uuid4()}' editing_settings.set(dummy_event, 'service_token', token) # no auth assert test_client.get( f'/test/{dummy_event.id}/no-service').data == b'false|false' assert test_client.get( f'/test/{dummy_event.id}/service').data == b'false|false' # service token service_auth = {'headers': {'Authorization': f'Bearer {token}'}} assert test_client.get(f'/test/{dummy_event.id}/no-service', **service_auth).data == b'false|false' assert test_client.get(f'/test/{dummy_event.id}/service', **service_auth).data == b'true|true' # csrf resp = test_client.post(f'/test/{dummy_event.id}/service') assert resp.status_code == 400 assert b'problem with your current session' in resp.data assert test_client.post(f'/test/{dummy_event.id}/service', **service_auth).data == b'true|true'
def _process_POST(self, editable_types): editable_types_names = [t.name for t in editable_types] editing_settings.set(self.event, 'editable_types', editable_types_names) return '', 204
def _process_PATCH(self, file_types): new_conditions = editing_settings.get(self.event, 'review_conditions') new_conditions[self.uuid] = file_types editing_settings.set(self.event, 'review_conditions', new_conditions) return '', 204
def _process_DELETE(self): new_conditions = editing_settings.get(self.event, 'review_conditions') del new_conditions[self.uuid] editing_settings.set(self.event, 'review_conditions', new_conditions) return '', 204
def _process_POST(self, file_types): new_conditions = editing_settings.get(self.event, 'review_conditions') new_conditions[unicode(uuid4())] = file_types editing_settings.set(self.event, 'review_conditions', new_conditions) return '', 204