def handle(self,*args, **options): if options['username'] is None: raise CommandError("Please provide a username with --username") bot.debug("Username: %s" %options['username']) try: user = User.objects.get(username=options['username']) except User.DoesNotExist: raise CommandError("This username does not exist.") if user.is_staff is False: #and user.manager is False: raise CommandError("This user already can't manage and build.") else: user.is_staff = False bot.debug("%s can no longer manage and build." %(user.username)) user.save()
def handle(self, *args, **options): if options['username'] is None: raise CommandError("Please provide a username with --username") bot.debug("Username: %s" % options['username']) try: user = User.objects.get(username=options['username']) except User.DoesNotExist: raise CommandError("This username does not exist.") if user.admin is True: #and user.manager is True: raise CommandError("This user can already manage and build.") user.admin = True #user.manager = True user.save() bot.debug("%s can now manage and build." % (user.username))
def handle(self,*args, **options): if options['collection'] is None: raise CommandError("Please provide a username with --collection") bot.debug("Collection: %s" %options['collection']) # results = collection_query(options['collection']) results = Collection.objects.filter(Q(name__contains=options['collection'])) for result in results: print(type(result)) print(" uri: "+result.get_uri()) print(" url: "+result.get_absolute_url()) print(" private display:"+result.get_private_display()) # print(" collection star:"+collection.has_collection_star()) # print(" edit permission:"+collection.has_edit_permission()) # print(" view permission:"+collection.has_view_permission()) # print(" owner:"+collection.owner) # print(" owner id:"+collection.owner_id) print(" private:"+str(result.private))
def get_request_user(auth, user=None): """get the user for the request from an authorization object Parameters ========== auth: the authentication object user: will return as None if not able to obtain from auth """ values = _parse_header(auth) if "Credential" not in values: bot.debug("Headers missing, request is invalid.") return user _, username, _ = values["Credential"].split("/") username = base64.b64decode(username).decode("utf-8") try: user = User.objects.get(username=username) except: bot.debug("%s is not a valid user, request invalid." % username) return user
def get_request_user(auth, user=None): '''get the user for the request from an authorization object Parameters ========== auth: the authentication object user: will return as None if not able to obtain from auth ''' values = _parse_header(auth) if "Credential" not in values: bot.debug('Headers missing, request is invalid.') return user kind,username,ts = values['Credential'].split('/') username = base64.b64decode(username) try: user = User.objects.get(username=username) except: bot.debug('%s is not a valid user, request invalid.' %username) return user
def delete_container(request, container): '''delete a container only given authentication to do so''' auth = request.META.get('HTTP_AUTHORIZATION', None) if auth is None: bot.debug("authentication is invalid.") return False timestamp = generate_timestamp() payload = "delete|%s|%s|%s|%s|" % (container.collection.name, timestamp, container.name, container.tag) bot.debug("Request payload %s" % payload) if not validate_request(auth, payload, "delete", timestamp): bot.debug("request is invalid.") return False return True
def receive_build(collection, recipes, branch): '''receive_build will receive a build from GitHub, and then trigger the same Google Cloud Build but using a GitHub repository (recommended). Parameters ========== collection: the collection recipes: a dictionary of modified recipe files to build branch: the repository branch (kept as metadata) ''' from .github import get_auth_token context = get_build_context() # Instantiate client with context (connects to buckets) client = get_client(debug=True, **context) print("RECIPES: %s" % recipes) # Derive tag from the recipe, or default to latest for recipe, metadata in recipes.items(): # First preference to command line, then recipe tag tag = get_recipe_tag(recipe) or "latest" # Get a container, if it exists, we've already written file here try: container = collection.containers.get(tag=tag) except: # DoesNotExist container = Container.objects.create(collection=collection, tag=tag, name=collection.name) # If the container is frozen, no go if container.frozen: bot.debug('%s is frozen, will not trigger build.' % container) continue # Recipe path on Github reponame = container.collection.metadata['github']['repo_name'] # If we don't have a commit, just send to recipe if metadata['commit'] is None: deffile = "https://www.github.com/%s/tree/%s/%s" %(reponame, branch, recipe) else: deffile = "https://www.github.com/%s/blob/%s/%s" %(reponame, metadata['commit'], recipe) # Webhook response webhook = "%s%s" % (settings.DOMAIN_NAME, reverse('receive_build', kwargs={"cid": container.id})) # Generate a one time use secret for jwt web token container.metadata['builder'] = {"name":"google_build", "deffile": deffile} payload = create_container_payload(container) # does not save # Generate the jwt token jwt_token = generate_jwt_token(secret=container.metadata['builder']['secret'], payload=payload) # If the repo is private, we need to account for that token = None if collection.metadata['github'].get('private', False) is True: token = get_auth_token(collection.owners.first()) # Submit the build with the GitHub repo and commit response = client.build_repo("github.com/%s" % metadata['name'], recipe=recipe, headless=True, token=token, commit=metadata['commit'], webhook=webhook, extra_data={"token": jwt_token}) # Add the metadata container.metadata['build_metadata'] = response['metadata'] container.save()
def validate_request(auth, payload, sender="push", timestamp=None, superuser=True): '''validate header and payload for a request Parameters ========== auth: the Authorization header content payload: the payload to assess timestamp: the timestamp associated with the request superuser: if the user must be superuser for validity Returns ======= True if the request is valid, False if not ''' header, content = auth.split(' ') content = content.split(',') values = dict() for entry in content: key, val = re.split('=', entry, 1) values[key] = val if header != 'SREGISTRY-HMAC-SHA256': bot.debug('Invalid SREGISTRY Authentication scheme, request invalid.') return False if "Credential" not in values or "Signature" not in values: bot.debug('Headers missing, request is invalid.') return False bot.debug(values['Credential']) kind, username, ts = values['Credential'].split('/') username = base64.b64decode(username) if kind != sender: bot.debug( 'Mismatch between request kind (%s) and sender (%s), request invalid.' % (kind, sender)) return False if timestamp is not None: if ts != timestamp: bot.debug('%s is expired, must be %s.' % (ts, timestamp)) return False try: user = User.objects.get(username=username) except: bot.debug('%s is not a valid user, request invalid.' % username) return False if superuser is True: if user.admin is False: bot.debug('User %s is not a superuser, request invalid.' % user.username) return False request_signature = values['Signature'] secret = user.token() return validate_secret(secret, payload, request_signature)
def user_data(self, access_token, *args, **kwargs): """Loads user data from service""" url = urljoin(settings.FIWARE_IDM_ENDPOINT, '/user?' + urlencode({'access_token': access_token})) bot.debug(self.get_json(url)) return self.get_json(url)