def _check_api_response_validation(self, test_id):
results_path = DOVETAIL_RESULTS_PATH.format(test_id)
log_path = DOVETAIL_LOG_PATH.format(test_id)
res = None
# For release after 2018.09
# Dovetail adds 'validation' directly into results.json
if os.path.exists(results_path):
with open(results_path) as f:
try:
data = json.load(f)
if data['validation'] == 'enabled':
res = 'API response validation enabled'
else:
res = 'API response validation disabled'
except Exception:
pass
if res:
raise gen.Return(res)
# For 2018.01 and 2018.09
# Need to check dovetail.log for this info
if os.path.exists(log_path):
with open(log_path) as f:
log_content = f.read()
warning_keyword = 'Strict API response validation DISABLED'
if warning_keyword in log_content:
raise gen.Return('API response validation disabled')
else:
raise gen.Return('API response validation enabled')
raises.Forbidden('neither results.json nor dovetail.log are found')
def _post(self):
query = {'openid': self.json_args['reviewer_openid']}
user = yield dbapi.db_find_one('users', query)
if not user:
raises.Forbidden(message.unauthorized())
role = self.get_secure_cookie(auth_const.ROLE)
if 'reviewer' not in role.split(','):
self.finish_request({'code': 403,
'msg': 'You do not have the reviewer '
'permision / role!'})
return
test = yield dbapi.db_find_one(
'tests', {'id': self.json_args['test_id']})
if test['owner'] == self.json_args['reviewer_openid']:
self.finish_request({'code': 403,
'msg': 'No permision to review own results'})
return
query = {
'reviewer_openid': self.json_args['reviewer_openid'],
'test_id': self.json_args['test_id']
}
review = yield dbapi.db_find_one(self.table, query)
if review:
if review['outcome'] != self.json_args['outcome']:
yield dbapi.db_update(self.table, query,
{'$set': {
'outcome': self.json_args['outcome'],
'creation_date': datetime.now()}})
self.finish_request()
else:
self.json_args['reviewer_name'] = user['fullname']
self.json_args['reviewer_email'] = user['email']
self._create(miss_fields=[], carriers=[])
def _update(self, query, db_keys):
if self.json_args is None:
raises.BadRequest(message.no_body())
# check old data exist
from_data = yield self._eval_db_find_one(query)
if from_data is None:
raises.NotFound(message.not_found(self.table, query))
data = self.table_cls.from_dict(from_data)
# check new data exist
equal, new_query = self._update_query(db_keys, data)
if not equal:
to_data = yield self._eval_db_find_one(new_query)
if to_data is not None:
raises.Forbidden(message.exist(self.table, new_query))
# we merge the whole document """
edit_request = self._update_requests(data)
""" Updating the DB """
yield self._eval_db(self.table,
'update',
query,
edit_request,
check_keys=False)
edit_request['_id'] = str(data._id)
self.finish_request(edit_request)
def wrap(self, *args, **kwargs):
query = kwargs.get('query')
if query:
to_data = yield dbapi.db_find_one(self.table, query())
if to_data:
raises.Forbidden(message.exist(self.table, query()))
ret = yield gen.coroutine(xstep)(self, *args, **kwargs)
raise gen.Return(ret)
def wrap(self, *args, **kwargs):
carriers = kwargs.pop('carriers', {})
if carriers:
for table, query in carriers:
exist = yield dbapi.db_find_one(table, query())
if not exist:
raises.Forbidden(message.not_found(table, query()))
ret = yield gen.coroutine(xstep)(self, *args, **kwargs)
raise gen.Return(ret)
def wrap(self, data, *args, **kwargs):
db_keys = kwargs.pop('db_keys', [])
query = self._update_query(db_keys, data)
if query:
to_data = yield dbapi.db_find_one(self.table, query)
if to_data:
raises.Forbidden(message.exist(self.table, query))
ret = yield gen.coroutine(xstep)(self, data, *args, **kwargs)
raise gen.Return(ret)
def wrap(self, *args, **kwargs):
carriers = kwargs.get('carriers')
if carriers:
for table, query in carriers:
exist = yield self._eval_db_find_one(query(), table)
if not exist:
raises.Forbidden(message.not_found(table, query()))
ret = yield gen.coroutine(xstep)(self, *args, **kwargs)
raise gen.Return(ret)
def _update_requests(self, data):
request = dict()
for k, v in self.json_args.iteritems():
request = self._update_request(request, k, v,
data.__getattribute__(k))
if not request:
raises.Forbidden(message.no_update())
edit_request = data.format()
edit_request.update(request)
return edit_request
def wrapper(self, *args, **kwargs):
if self.auth:
try:
token = self.request.headers['X-Auth-Token']
except KeyError:
raises.Unauthorized(message.unauthorized())
query = {'access_token': token}
check = yield self._eval_db_find_one(query, 'tokens')
if not check:
raises.Forbidden(message.invalid_token())
ret = yield gen.coroutine(method)(self, *args, **kwargs)
raise gen.Return(ret)
def _check_api_response_validation(self, test_id):
log_path = DOVETAIL_LOG_PATH.format(test_id)
if not os.path.exists(log_path):
raises.Forbidden('dovetail.log not found, please check')
with open(log_path) as f:
log_content = f.read()
warning_keyword = 'Strict API response validation DISABLED'
if warning_keyword in log_content:
raise gen.Return('API response validation disabled')
else:
raise gen.Return('API response validation enabled')
def wrap(self, *args, **kwargs):
query = kwargs.get('query')
if query:
query_data = query()
if self.table == 'pods':
if query_data.get('name') is not None:
query_data['name'] = re.compile(
'\\b' + query_data.get('name') + '\\b', re.IGNORECASE)
to_data = yield dbapi.db_find_one(self.table, query_data)
if to_data:
raises.Forbidden(message.exist(self.table, query()))
ret = yield gen.coroutine(xstep)(self, *args, **kwargs)
raise gen.Return(ret)
def delete(self, result_id):
curr_user = self.get_secure_cookie(auth_const.OPENID)
curr_user_role = self.get_secure_cookie(auth_const.ROLE)
if curr_user is not None:
query = {'_id': objectid.ObjectId(result_id)}
test_data = yield dbapi.db_find_one(self.table, query)
if not test_data:
raises.NotFound(message.not_found(self.table, query))
if curr_user == test_data['owner'] or \
curr_user_role.find('administrator') != -1:
self._delete(query=query)
else:
raises.Forbidden(message.no_auth())
else:
raises.Unauthorized(message.no_auth())
def _update_requests_update_projects(self, version):
exists = list()
malformat = list()
projects = list()
for n in self.body:
try:
f_n = models.ScenarioProject.from_dict_with_raise(n)
if not any(o.project == f_n.project for o in projects):
projects.append(models.ScenarioProject.from_dict(n))
else:
exists.append(n['project'])
except:
malformat.append(n)
if malformat:
raises.BadRequest(message.bad_format(malformat))
elif exists:
raises.Forbidden(message.exist('projects', exists))
version.projects = projects
def _del(self):
query = {'openid': self.json_args['reviewer_openid']}
user = yield dbapi.db_find_one('users', query)
if not user:
raises.Forbidden(message.unauthorized())
role = self.get_secure_cookie(auth_const.ROLE)
if 'reviewer' not in role.split(','):
raises.Unauthorized(message.no_auth())
test = yield dbapi.db_find_one(
'tests', {'id': self.json_args['test_id']})
if test['owner'] == self.json_args['reviewer_openid']:
self.finish_request({'code': 403,
'msg': 'No permision to review own results'})
return
query = {
'reviewer_openid': self.json_args['reviewer_openid'],
'test_id': self.json_args['test_id']
}
yield dbapi.db_delete(self.table, query)
self.finish_request()
