コード例 #1
0
    def internal_request(self, path, params=None, callback=None):
        if path.startswith('/'):
            path = path[1:]
        if isinstance(params, dict):
            params = list(params.items())
        if params:
            path += '?' + '&'.join('%s=%s' % item
                                   for item in params)

        def response_callback(resp):
            if resp.code == 200:
                data = json.loads(resp.body)
                if callback is None:
                    print(data)
                else:
                    callback(data)
            else:
                log.error("Error requesting %s from internal API: (%s) %s",
                          path, resp.code, resp.body)

        headers = {'Authorization': 'internal %s %s' % (
            Portal.get_singleton().internal_api_key, self.cookie_session_id)}

        tornado.httpclient.AsyncHTTPClient().fetch(
            '%s/%s' % (config.INTERNAL_API_URL, path),
            headers=headers,
            callback=response_callback,
        )
コード例 #2
0
def suppressed_emails(request):

    params = dict(params_from_request(request).copy())

    try:
        mac_verify(params)
    except Exception as exc:
        raise BadRequestError(str(exc))

    try:
        decrypted_str = decrypt(params['token'])
        decrypted_json = json.loads(decrypted_str)
    except Exception as exc:
        log.exception(repr(exc))
        raise BadRequestError()

    if decrypted_json.get('key') != Portal.get_singleton().external_api_key:
        raise NotFoundError()

    action = decrypted_json.get('action')
    if not action:
        raise RequiredParameterMissingError('action')

    if action == 'delete':
        Notification.objects(suppressed=True).delete()
    elif action == 'unsuppress':
        Notification.objects.update(suppressed=False)
    else:
        raise BadRequestError('Action "%s" not supported' % action)

    return Response("OK", 200)
コード例 #3
0
def usage_survey(url="https://mist.io/api/v1/usage-survey"):
    portal = Portal.get_singleton()
    params = get_usage_params(portal)

    log.info("Will send usage info. Url %s - Params %s", url, params)
    resp = requests.get(url, params)
    if not resp.ok:
        log.error("Bad response while sending usage info: %s: %s",
                  resp.status_code, resp.text)
        raise Exception("%s: %s" % (resp.status_code, resp.text))
コード例 #4
0
ファイル: tasks.py プロジェクト: hb407033/mist.api
def get_version_params(portal=None):
    if portal is None:
        portal = Portal.get_singleton()
    params = {
        'portal_id': portal.id,
        'created_at': str(portal.created_at),
    }
    for key, value in config.VERSION.iteritems():
        params['version_%s' % key] = value
    return params
コード例 #5
0
ファイル: methods.py プロジェクト: lovelife100/mist.api
def session_from_request(request):
    """Get SessionToken or ApiToken instance from request"""
    if 'session' in request.environ:
        return request.environ['session']
    session = migrate_old_api_token(request)
    if session is None:
        auth_value = request.headers.get('Authorization', '').lower()
        if auth_value.startswith('internal'):
            parts = auth_value.split(' ')
            if len(parts) == 3:
                internal_api_key, session_id = parts[1:]
                if internal_api_key == Portal.get_singleton().internal_api_key:
                    try:
                        session_token = SessionToken.objects.get(
                            token=session_id)
                    except SessionToken.DoesNotExist:
                        pass
                    else:
                        if session_token.is_valid():
                            session_token.internal = True
                            session = session_token
        elif auth_value:
            token_from_request = auth_value
            try:
                api_token = ApiToken.objects.get(token=token_from_request)
            except DoesNotExist:
                api_token = None
            try:
                if not api_token and config.HAS_RBAC:
                    api_token = SuperToken.objects.get(
                        token=token_from_request)
            except DoesNotExist:
                pass
            if api_token and api_token.is_valid():
                session = api_token
            else:
                session = ApiToken()
                session.name = 'dummy_token'
    if session is None:
        try:
            session_token = SessionToken.objects.get(
                token=request.cookies.get('session.id'))
            if session_token.is_valid():
                session = session_token
        except DoesNotExist:
            pass
    if session is None:
        session = SessionToken(
            user_agent=request.user_agent,
            ip_address=mist.api.helpers.ip_from_request(request))
        session.save()
    request.environ['session'] = session
    return session
コード例 #6
0
def get_user_data(auth_context):
    """
    This function sends user's data to socket
    :param auth_context:
    :return: dict
    """
    user = auth_context.user

    orgs = []
    for org in Organization.objects(members=user):
        o_dict = {
            'id': org.id,
            'name': org.name,
            'avatar': org.avatar,
            'members': len(org.members),
            'isOwner': user in org.get_team('Owners').members,
            'super_org': org.super_org
        }

        if org.super_org and Organization.objects(parent=org.id):
            sub_orgs = Organization.objects(parent=org.id)
            for sub_org in sub_orgs:
                sub = {
                    'id': sub_org.id,
                    'parent_id': sub_org.parent.id,
                    'name': sub_org.name,
                    'members': len(sub_org.members),
                    'isOwner': user in org.get_team('Owners').members,
                }
                orgs.append(sub)

        orgs.append(o_dict)

    ret = {
        'id': user.id,
        'email': user.email,
        'first_name': user.first_name,
        'last_name': user.last_name,
        'username': user.username,
        'ips': [ip.as_dict() for ip in user.ips],
        'current_ip': auth_context.token.ip_address,
        'has_pass': user.password is not None and user.password != '',
        'orgs': orgs,
        'csrf_token': auth_context.token.csrf_token,
    }
    if user.role == 'Admin':
        upgrades = Portal.get_singleton().get_available_upgrades()
        ret['available_upgrades'] = upgrades
    if config.HAS_BILLING:
        ret.update({
            'stripe_public_apikey': config.STRIPE_PUBLIC_APIKEY,
        })
    return ret
コード例 #7
0
def get_version_params(portal=None):
    if portal is None:
        portal = Portal.get_singleton()
    params = {
        'portal_id': portal.id,
        'created_at': str(portal.created_at),
        'license_key': config.LICENSE_KEY,
    }
    for key, value in config.VERSION.items():
        params['version_%s' % key] = value
    for key, value in list(get_current_portal_usage().items()):
        params['usage_%s' % key] = value
    return params
コード例 #8
0
 def get_unsuppress_link(action):
     assert action in (
         'unsuppress',
         'delete',
     )
     params = {
         'action': action,
         'key': Portal.get_singleton().external_api_key
     }
     token = {'token': encrypt(json.dumps(params))}
     mac_sign(token)
     return '%s/suppressed-alerts?%s' % (config.CORE_URI,
                                         urllib.parse.urlencode(token))
コード例 #9
0
def check_new_versions(url="https://mist.io/api/v1/version-check"):
    portal = Portal.get_singleton()
    params = get_version_params(portal)

    log.info("Will check for new versions. Url %s - Params %s", url, params)
    resp = requests.get(url, params)
    if not resp.ok:
        log.error("Bad response while checking for new versions: %s: %s",
                  resp.status_code, resp.text)
        raise Exception("%s: %s" % (resp.status_code, resp.text))
    portal.available_upgrades = []
    for version in resp.json():
        available_upgrade = AvailableUpgrade()
        for key in ('name', 'sha'):
            if key not in version:
                log.warning("Missing required field '%s' from version.", key)
                break
            available_upgrade[key] = version[key]
        else:
            portal.available_upgrades.append(available_upgrade)
    portal.save()
コード例 #10
0
def get_usage_params(portal=None):
    if portal is None:
        portal = Portal.get_singleton()
    params = get_version_params(portal=portal)
    # Inject more info into params
    return params
コード例 #11
0
def info_from_ApiKeyAuth(api_key, required_scopes):
    """
    Check and retrieve authentication information from api_key.
    Returned value will be passed in 'token_info' parameter of your operation
    function, if there is one. 'sub' or 'uid' will be set in 'user' parameter
    of your operation function, if there is one.

    :param api_key API key provided by Authorization header
    :type api_key: str
    :param required_scopes Always None. Used for other authentication method
    :type required_scopes: None
    :return: Information attached to provided api_key or None if api_key is
        invalid or does not allow access to called API
    :rtype: dict | None
    """
    from mist.api.auth.models import ApiToken, SessionToken
    from mist.api.portal.models import Portal
    from mist.api import config
    if config.HAS_RBAC:
        from mist.rbac.tokens import SuperToken
        from mist.rbac.methods import AuthContext
    else:
        from mist.api.dummy.rbac import AuthContext

    auth_value = api_key.lower()
    auth_context = session = None
    if auth_value.startswith('internal'):
        parts = auth_value.split(' ')
        if len(parts) == 3:
            internal_api_key, session_id = parts[1:]
            if internal_api_key == Portal.get_singleton().internal_api_key:
                try:
                    session_token = SessionToken.objects.get(token=session_id)
                except SessionToken.DoesNotExist:
                    pass
                else:
                    if session_token.is_valid():
                        session_token.internal = True
                        session = session_token
    elif auth_value:
        token_from_request = auth_value
        try:
            api_token = ApiToken.objects.get(token=token_from_request)
        except DoesNotExist:
            api_token = None
        try:
            if not api_token and config.HAS_RBAC:
                api_token = SuperToken.objects.get(token=token_from_request)
        except DoesNotExist:
            pass
        if api_token and api_token.is_valid():
            session = api_token
        else:
            session = ApiToken()
            session.name = 'dummy_token'
    if session:
        user = session.get_user()
        if user:
            auth_context = AuthContext(user, session)
            return {'uid': user.id, 'user': user, 'auth_context': auth_context}
    return None