コード例 #1
0
ファイル: util.py プロジェクト: mkeilman/sirepo 
def create_token(value):
    if pkconfig.channel_in_internal_test() and cfg.create_token_secret:
        v = base64.b32encode(
            hashlib.sha256(
                pkcompat.to_bytes(value + cfg.create_token_secret)).digest())
        return pkcompat.from_bytes(v[:TOKEN_SIZE])
    return random_base62(TOKEN_SIZE)
コード例 #2
0
ファイル: job_cmd.py プロジェクト: cchall/sirepo 
def _do_download_data_file(msg, template):
    try:
        r = template.get_data_file(
            msg.runDir,
            msg.analysisModel,
            msg.frame,
            options=PKDict(suffix=msg.suffix),
        )
        if not isinstance(r, PKDict):
            if isinstance(r, str):
                r = msg.runDir.join(r, abs=1)
            r = PKDict(filename=r)
        u = r.get('uri')
        if u is None:
            u = r.filename.basename
        c = r.get('content')
        if c is None:
            c = pkcompat.to_bytes(pkio.read_text(r.filename)) \
                if u.endswith(('py', 'txt', 'csv')) \
                else r.filename.read_binary()
        requests.put(
            msg.dataFileUri + u,
            data=c,
            verify=job.cfg.verify_tls,
        ).raise_for_status()
        return PKDict()
    except Exception as e:
        return PKDict(state=job.ERROR, error=e, stack=pkdexc())
コード例 #3
0
ファイル: docker_registry.py プロジェクト: radiasoft/rsconf 
def install_crt_and_login(compt, j2_ctx):
    from rsconf.pkcli import tls

    if not update_j2_ctx(j2_ctx):
        return
    jf = db.secret_path(j2_ctx,
                        _PASSWD_SECRET_JSON_F,
                        visibility=_PASSWD_VISIBILITY)
    with jf.open() as f:
        y = pkjson.load_any(jf)
    u = j2_ctx.rsconf_db.host
    p = y.get(u, None)
    if not p:
        return
    j2_ctx.docker.auths[j2_ctx.docker_registry.http_addr] = dict(
        auth=pkcompat.from_bytes(
            base64.b64encode(
                pkcompat.to_bytes(u + ':' + pkcompat.from_bytes(p))), ), )
    compt.install_access(mode='700', owner=j2_ctx.docker_registry.run_u)
    crt = component.tls_key_and_crt(j2_ctx, j2_ctx.docker_registry.host).crt
    if not tls.is_self_signed_crt(crt):
        return
    compt.install_directory(_CERTS_D)
    d = _CERTS_D.join(j2_ctx.docker_registry.http_addr)
    compt.install_directory(d)
    compt.install_access(mode='400', owner=j2_ctx.docker_registry.run_u)
    compt.install_abspath(crt, d.join('ca.crt'))
    # need in /etc/pki as well (now)
    # https://success.docker.com/article/i-get-x509-certificate-signed-by-unknown-authority-error-when-i-try-to-login-to-my-dtr-with-default-certificates
    compt.install_abspath(
        crt, _CA_TRUST_D.join(j2_ctx.docker_registry.host + '.crt'))
    compt.append_root_bash('update-ca-trust')
コード例 #4
0
def test_from_bytes():
    from pykern import pkcompat
    from pykern.pkunit import pkeq
    b = pkcompat.to_bytes('你好')
    s = pkcompat.from_bytes(b)
    pkeq(s, '你好')
    pkeq(b, b'\xe4\xbd\xa0\xe5\xa5\xbd')
    if six.PY2:
        pkeq(b, s)
    else:
        pkeq(False, b == s)
コード例 #5
0
def _passwd_entry(j2_ctx, host):
    from rsconf import db
    import subprocess

    pw = db.random_string()
    pf = passwd_secret_f(j2_ctx)
    p = subprocess.Popen(
        ['openssl', 'passwd', '-stdin', '-apr1'],
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
        stdin=subprocess.PIPE,
    )
    out, err = p.communicate(input=pkcompat.to_bytes(pw))
    with pf.open(mode='at') as f:
        f.write('{}:{}\n'.format(host, pkcompat.from_bytes(out).rstrip()))
    return pw
コード例 #6
0
ファイル: exporter_test.py プロジェクト: ahebnl/Sirepo 
def test_create_zip(fc):
    from pykern import pkio
    from pykern import pkunit
    from pykern import pkcompat
    from pykern.pkcollections import PKDict
    from pykern.pkdebug import pkdp, pkdpretty
    from pykern.pkunit import pkeq
    from sirepo import srunit
    import base64
    import re
    import zipfile

    imported = _import(fc)
    for sim_type, sim_name, expect in imported + [
        ('elegant', 'bunchComp - fourDipoleCSR',
         ['WAKE-inputfile.knsl45.liwake.sdds', 'run.py', 'sirepo-data.json']),
        ('srw', 'Tabulated Undulator Example',
         ['magnetic_measurements.zip', 'run.py', 'sirepo-data.json']),
        ('warppba', 'Laser Pulse', ['run.py', 'sirepo-data.json']),
    ]:
        sim_id = fc.sr_sim_data(
            sim_name, sim_type)['models']['simulation']['simulationId']
        with pkio.save_chdir(pkunit.work_dir()) as d:
            for t in 'zip', 'html':
                r = fc.sr_get(
                    'exportArchive',
                    PKDict(
                        simulation_type=sim_type,
                        simulation_id=sim_id,
                        filename='anything.' + t,
                    ))
                p = d.join(sim_name + '.' + t)
                x = r.data
                if t == 'html':
                    x = pkcompat.from_bytes(x)
                    m = re.search(r'name="zip" \S+ value="([^"]+)"',
                                  x,
                                  flags=re.DOTALL)
                    x = base64.b64decode(pkcompat.to_bytes(m.group(1)))
                p.write_binary(x)
                e = expect
                if t == 'html':
                    e.remove('run.py')
                pkeq(
                    e,
                    sorted(zipfile.ZipFile(str(p)).namelist()),
                )
コード例 #7
0
ファイル: importer.py プロジェクト: mkeilman/sirepo 
def do_form(form):
    """Self-extracting archive post

    Args:
        form (flask.request.Form): what to import

    Returns:
        dict: data
    """
    from sirepo import simulation_db

    if not 'zip' in form:
        sirepo.util.raise_not_found('missing zip in form')
    data = read_zip(base64.decodebytes(pkcompat.to_bytes(form['zip'])))
    data.models.simulation.folder = '/Import'
    data.models.simulation.isExample = False
    return simulation_db.save_new_simulation(data)
コード例 #8
0
def auth_hash(req, verify=False):
    now = int(time.time())
    if not 'authNonce' in req:
        if verify:
            util.raise_unauthorized('authNonce: missing field in request')
        req.authNonce = str(now) + _AUTH_NONCE_SEPARATOR + util.random_base62()
    h = hashlib.sha256()
    h.update(
        pkcompat.to_bytes(
            _AUTH_HASH_SEPARATOR.join([
                req.authNonce,
                req.simulationType,
                req.simulationId,
                cfg.secret,
            ])), )
    res = 'v1:' + pkcompat.from_bytes(base64.urlsafe_b64encode(h.digest()), )
    if not verify:
        req.authHash = res
        return
    if res != req.authHash:
        util.raise_unauthorized(
            '{}: hash mismatch expected={} nonce={}',
            req.authHash,
            res,
            req.authNonce,
        )
    t = req.authNonce.split(_AUTH_NONCE_SEPARATOR)[0]
    try:
        t = int(t)
    except ValueError as e:
        util.raise_unauthorized(
            '{}: auth_nonce prefix not an int: nonce={}',
            t,
            req.authNonce,
        )
    delta = now - t
    if abs(delta) > _AUTH_NONCE_REPLAY_SECS:
        util.raise_unauthorized(
            '{}: auth_nonce time outside replay window={} now={} nonce={}',
            t,
            _AUTH_NONCE_REPLAY_SECS,
            now,
            req.authNonce,
        )
コード例 #9
0
ファイル: bluesky1_test.py プロジェクト: ahebnl/Sirepo 
def test_srw_auth_hash_copy():
    from pykern import pkconfig

    pkconfig.reset_state_for_testing({
        'SIREPO_AUTH_BLUESKY_SECRET': 'anything',
        'SIREPO_AUTH_METHODS': 'bluesky',
        'SIREPO_FEATURE_CONFIG_SIM_TYPES': 'srw:myapp',
    })
    from pykern import pkcollections
    from pykern import pkcompat
    from pykern.pkdebug import pkdp
    from pykern.pkunit import pkeq
    from sirepo.auth import bluesky
    import base64
    import hashlib
    import numconv
    import random
    import time
    bluesky.init_apis()

    req = dict(
        simulationType='xyz',
        simulationId='1234',
    )
    r = random.SystemRandom()
    req['authNonce'] = str(int(time.time())) + '-' + ''.join(
        r.choice(numconv.BASE62) for x in range(32)
    )
    h = hashlib.sha256()
    h.update(
        pkcompat.to_bytes(
            ':'.join([
                req['authNonce'],
                req['simulationType'],
                req['simulationId'],
                bluesky.cfg.secret,
            ]),
        ),
    )
    req['authHash'] = 'v1:' + pkcompat.from_bytes(
        base64.urlsafe_b64encode(h.digest()),
    )
    bluesky.auth_hash(pkcollections.Dict(req), verify=True)
コード例 #10
0
ファイル: status_test.py プロジェクト: ahebnl/Sirepo 
def test_basic(auth_fc, monkeypatch):
    from pykern import pkconfig, pkcompat
    from pykern.pkunit import pkeq
    from sirepo import srunit
    import base64
    import sirepo.auth.basic

    u = auth_fc.sr_login_as_guest()
    sirepo.auth.basic.cfg.uid = u
    import sirepo.status

    auth_fc.cookie_jar.clear()
    # monkeypatch so status doesn't take so long
    sirepo.status._SIM_TYPE = 'myapp'
    sirepo.status._SIM_NAME = 'Scooby Doo'
    sirepo.status._SIM_REPORT = 'heightWeightReport'
    pkeq(401, auth_fc.sr_get('serverStatus').status_code)
    r = auth_fc.sr_get_json(
        'serverStatus',
        headers=PKDict(Authorization='Basic ' + pkcompat.from_bytes(
            base64.b64encode(pkcompat.to_bytes(u + ':' + 'pass')), ), ),
    )
    pkeq('ok', r.state)
コード例 #11
0
ファイル: docker_registry.py プロジェクト: radiasoft/rsconf 
def host_init(hdb, host):
    jf = db.secret_path(hdb,
                        _PASSWD_SECRET_JSON_F,
                        visibility=_PASSWD_VISIBILITY)
    if jf.check():
        with jf.open() as f:
            y = pkjson.load_any(f)
    else:
        y = PKDict()
    assert not host in y, \
        '{}: host already exists'.format(host)
    y[host] = db.random_string()
    pkjson.dump_pretty(y, filename=jf)
    pf = db.secret_path(hdb, _PASSWD_SECRET_F, visibility=_PASSWD_VISIBILITY)
    with pf.open(mode='at') as f:
        f.write(
            '{}:{}\n'.format(
                host,
                pkcompat.from_bytes(
                    bcrypt.hashpw(
                        pkcompat.to_bytes(y[host]),
                        bcrypt.gensalt(5),
                    ), ),
            ), )
コード例 #12
0
def avatar_uri(model, size):
    return 'https://www.gravatar.com/avatar/{}?d=mp&s={}'.format(
        hashlib.md5(pkcompat.to_bytes(model.user_name)).hexdigest(),
        size,
    )
コード例 #13
0
ファイル: cookie.py プロジェクト: ahebnl/Sirepo 
 def _encrypt(self, text):
     return base64.urlsafe_b64encode(
         self._crypto().encrypt(pkcompat.to_bytes(text)), )
コード例 #14
0
ファイル: cookie.py プロジェクト: ahebnl/Sirepo 
 def _decrypt(self, value):
     d = self._crypto().decrypt(
         base64.urlsafe_b64decode(pkcompat.to_bytes(value)), )
     pkdc('{}', d)
     return pkcompat.from_bytes(d)
コード例 #15
0
ファイル: util.py プロジェクト: mkeilman/sirepo 
def url_safe_hash(value):
    return hashlib.md5(pkcompat.to_bytes(value)).hexdigest()