def post(self, password_reset_code):
form = PasswordResetForm(request.form)
if form.validate():
with backend.transaction():
try:
user = backend.get(
User,
{'password_reset_code': password_reset_code}
)
except User.DoesNotExist:
return {'message': 'Unknown user'}, 404
user.set_password(form.password.data)
backend.update(user, ['password', 'password_set'], unset_fields=['password_reset_code'])
access_token = user.get_access_token()
backend.save(access_token)
send_mail(
email_to=user.email,
template="password_reset_successful",
template_context={
"user_name": user.name
}
)
return {'message': 'success'}, 200
return ({'message': 'Invalid data',
'errors': form.errors},
403)
def auto_tag(project):
""" First step of the analysis for Git projects. Determines if automatic tags have already been added and, if not
adds them from the requirements.txt file, if one exists in the repository.
:param project: project to auto tag
:return:
"""
logger.debug("Adding automatic tags to {}".format(project.pk))
repository = project.git.eager.repository
# auto tag the project (but only once)
if project.get('automatic_tags_added'):
return
default_branch = project.git.get_default_branch()
if default_branch is None:
return
tags = extract_tags_from_requirements_txt(repository, default_branch)
with backend.transaction():
for tag_name in tags:
try:
tag = backend.get(Tag, {'name': tag_name})
except Tag.DoesNotExist:
tag = Tag({'name': tag_name})
backend.save(tag)
project.tags.append(tag)
project.automatic_tags_added = True
with backend.transaction():
backend.update(project, ['automatic_tags_added'])
def add_relevant_issue_classes(project):
""" Adds relevant issue classes to the given project. Only adds issue classes that were created after the last time
this function was ran, avoiding re-adding issue classes that the user may have removed from the project.
:param project: project to add the issue classes to
:return:
"""
issue_classes = get_relevant_issue_classes(project)
logger.info("Adding %d issue_classes to project %s" %
(len(issue_classes), project.pk))
with backend.transaction():
for issue_class in issue_classes:
project_issue_class_query = {
'project': project,
'issue_class': issue_class
}
try:
backend.get(ProjectIssueClass, project_issue_class_query)
continue
except ProjectIssueClass.DoesNotExist:
project_issue_class = ProjectIssueClass(
project_issue_class_query)
project_issue_class.enabled = True
backend.save(project_issue_class)
# re-sync the issue classes associated with the project with the database
project.revert()
def post(self):
form = LoginForm(request.form)
if form.validate():
with backend.transaction():
try:
# TODO manually specifying includes is not ideal
user = backend.get(User, {'email': form.email.data.lower()},
include=UserProfile.includes)
if user.delete is True:
return {'message': "Your account is scheduled for deletion. "
"You can sign-up again in a few minutes."}, 403
if not user.check_password(form.password.data):
return ({'message': 'Invalid password'},
403)
access_token = user.get_access_token()
backend.save(access_token)
user_profile = UserProfile.export(user)
response = self.make_response({
'access_token': access_token.token,
'message': 'Success!',
'user': user_profile,
})
expires = (datetime.datetime.now() + datetime.timedelta(days=7)) if form.remember_me.data else None
response.set_cookie('access_token', value=access_token.token, expires=expires)
return response
except User.DoesNotExist:
return {'message': 'Unknown user'}, 404
return {'message': 'Invalid data', 'errors': form.errors}, 403
def project(test, fixtures, name):
project = Project({
'name': name,
'permalink': 'test:{}'.format(name),
'source': 'test'
})
with backend.transaction():
backend.save(project)
return project
def post(self, project_id, issue_class_id):
"""
Add a new issue class to a project
"""
with backend.transaction():
project_issue_class = self._get_project_issue_class()
if project_issue_class.pk:
backend.update(project_issue_class, {'enabled': True})
else:
project_issue_class.enabled = True
backend.save(project_issue_class)
return {'message': 'success'}, 201
def _import_issue_classes():
issue_update_keys = ('severity', 'description', 'title')
analyzer_update_keys = ('language', )
logger.info("Importing issue classes from checkmate...")
analyzers = settings.checkmate_settings.analyzers
for analyzer, params in analyzers.items():
logger.info("Importing issue classes for analyzer {}".format(analyzer))
if not all([key in params for key in analyzer_update_keys]):
logger.warning(
"Skipping analyzer {} as it does not contain a '{}' field".
format(key))
continue
for code, issue_params in params.get('issues_data', {}).items():
if not all([key in issue_params for key in issue_update_keys]):
logger.warning(
"Skipping issue class for code {}, as it does not contain a '{}' field"
.format(code, key))
continue
logger.info("Importing issue class for code {}".format(code))
try:
issue_class = backend.get(IssueClass, {
'analyzer': analyzer,
'code': code
})
except IssueClass.DoesNotExist:
issue_class = IssueClass({
'analyzer': analyzer,
'code': code,
})
for key in issue_update_keys:
issue_class[key] = issue_params[key]
for key in analyzer_update_keys:
issue_class[key] = params[key]
with backend.transaction():
backend.save(issue_class)
issue_class.categories.delete()
for category in issue_params.get('categories', []):
try:
issue_category = backend.get(IssueCategory,
{'name': category})
except IssueCategory.DoesNotExist:
issue_category = IssueCategory({'name': category})
with backend.transaction():
backend.save(issue_category)
issue_class.categories.append(issue_category)
for tag_name in issue_params.get('tags', ['generic']):
try:
tag = backend.get(Tag, {'name': tag_name})
except Tag.DoesNotExist:
tag = Tag({'name': tag_name})
with backend.transaction():
backend.save(tag)
issue_class.tags.append(tag)
with backend.transaction():
backend.save(issue_class)
def user(
test,
fixtures,
name,
email,
password,
superuser=False,
):
user = User({'name': name, 'email': email})
user.set_password(password)
user.unencrypted_password = password
with backend.transaction():
backend.save(user)
access_token = AccessToken({'user': user, 'token': uuid.uuid4().hex})
with backend.transaction():
backend.save(access_token)
return user
def create_project(project_data, git_data, user):
"""
Creates a new project with the given data and performs the necessary initialization steps.
:param data: data to use to create the project
:return: object representing the newly created project
"""
project = Project(project_data)
project.pk = uuid.uuid4().hex
settings.hooks.call("project.create.before", project)
if not project.get('permalink'):
project.permalink = project.pk
git = GitRepository(git_data)
git.project = project
project.git = git
#we make the user owner of the project
user_role = UserRole({'project': project, 'user': user, 'role': 'owner'})
with backend.transaction():
backend.save(project)
backend.save(git)
backend.save(user_role)
#we run git-specific initialization tasks
generate_key_pair(project)
initialize_repository(project)
update_remote(project)
settings.hooks.call("project.create.after", project)
return project
def post(self, project_id, role, user_id):
with backend.transaction():
try:
user = self._get_user(user_id)
except AttributeError:
return ({'message': 'invalid user'},
404)
if role not in ('admin', 'collaborator', 'owner'):
return ({'message': 'invalid role: %s' % role},
403)
try:
user_role = backend.get(UserRole, {'project': request.project,
'user': user})
if user_role.role == 'owner' and user_role.user == request.user and role != 'owner':
if len(backend.filter(UserRole, {'project': request.project,'role' : 'owner'})) == 1:
return {'message' : 'You are the last owner of this project, cannot remove you.'}, 400
except UserRole.DoesNotExist:
user_role = UserRole({'project': request.project, 'user': user})
user_role.role = role
backend.save(user_role)
return ProjectRoles.get(self, project_id=project_id)
def post(self):
form = SignupForm(request.form)
if form.validate():
with backend.transaction():
email_matches = backend.filter(User, {'email': form.email.data})
if len(email_matches) > 0:
for user in email_matches:
if user.delete is True:
return ({'message': 'Your account is scheduled for deletion. Try again in a few minutes".'},
403)
return {'message': "A user with this e-mail address already exists. "
"Please try resetting your password.",
'resetPasswordLink': True}, 403
try:
user = backend.get(User, {'name': form.name.data.lower()})
return {'errors': {'name': {'message': 'This login has already been chosen by another user'}},
'message': 'Login already in use.'}, 403
except User.DoesNotExist:
pass
except User.MultipleDocumentsReturned:
return {'errors': {'name': {'message': 'This login has already been chosen by another user'}},
'message': 'Login already in use.'}, 403
user = User({
'email': form.email.data.lower(),
'name': form.name.data.lower(),
'email_validated': False,
'email_validation_code': uuid.uuid4().hex,
'terms_accepted': form.terms.data,
'terms_accepted_at': datetime.datetime.utcnow(),
'terms_accepted_from_ip': request.remote_addr,
'email_settings': {
'newsletter': True,
'notifications': True,
},
})
user.set_password(form.password.data)
backend.save(user)
access_token = AccessToken({'user': user,
'token': uuid.uuid4().hex})
backend.save(access_token)
user_profile = UserProfile.export(user)
response = self.make_response({
'access_token': access_token.token,
'message': 'Success!',
'user': user_profile,
})
response.set_cookie(
'access_token',
value=access_token.token,
expires=(datetime.datetime.utcnow() + datetime.timedelta(days=7)),
)
activation_url = u"{}{}/user/validate/{}".format(
settings.get('url'),
settings.get('frontend.url'),
user.email_validation_code,
)
# Activate email
send_mail(
email_to=user.email,
template="verify_email",
template_context={
"user_name": user.name,
"activation_url": activation_url,
})
logger.warning("Hooray, a new user has just signed up: %s" % user.name)
return response
return {'message': 'Invalid data', 'errors': form.errors}, 403
