コード例 #1
0
def get_document(doc_id):
    resp = service.get("documents/" + doc_id)
    if not resp.ok:
        abort(resp.status_code)
    document = resp.json()
    if get_user_permissions(document).view:
        log.access_flask_view_document(document)
        return service.convert_response(resp)
    else:
        raise exceptions.Unauthorized()
コード例 #2
0
ファイル: errors.py プロジェクト: komodo108/flask-limiter
    def __init__(self, limit):
        self.limit = limit

        # Set defaults
        self.code = 429
        self.body = self.get_body()
        self.headers = self.get_headers()

        # Get the description
        if limit.error_message:
            self.description = limit.error_message if not callable(
                limit.error_message) else limit.error_message()
        else:
            self.description = text_type(limit.limit)

        # If error is given, get body & headers
        if self.limit.error_code:
            self.code = limit.error_code
            exception = exceptions.HTTPException(description=self.description)

            # Some common error codes, can add more here
            if self.code == 400:
                exception = exceptions.BadRequest()
            elif self.code == 401:
                exception = exceptions.Unauthorized()
            elif self.code == 403:
                exception = exceptions.Forbidden()
            elif self.code == 404:
                exception = exceptions.NotFound()
            elif self.code == 405:
                exception = exceptions.MethodNotAllowed()
            elif self.code == 406:
                exception = exceptions.NotAcceptable()
            elif self.code == 418:
                exception = exceptions.ImATeapot()  # <3
            elif self.code == 500:
                exception = exceptions.InternalServerError()
            elif self.code == 501:
                exception = exceptions.NotImplemented()

            # Update body & headers
            self.body = exception.get_body()
            self.headers = exception.get_headers()
        else:
            exception = exceptions.TooManyRequests(
                description=self.description)

            # Update body & headers
            self.body = exception.get_body()
            self.headers = exception.get_headers()
        super(RateLimitExceeded,
              self).__init__(description=self.description,
                             response=Response(self.body, self.code,
                                               self.headers))
コード例 #3
0
ファイル: converters.py プロジェクト: roman4hik/ggrc-core
 def handle_wrapper(*args, **kwargs):
   """Wrapper for handle exceptions during exporting"""
   try:
     return handle_function(*args, **kwargs)
   except query_exceptions.BadQueryException as exception:
     raise wzg_exceptions.BadRequest(exception.message)
   except wzg_exceptions.Unauthorized as ex:
     raise wzg_exceptions.Unauthorized("%s %s" % (ex.message,
                                                  app_errors.RELOAD_PAGE))
   except errors.HttpError as e:
     message = json.loads(e.content).get("error").get("message")
     if e.resp.code == 401:
       raise wzg_exceptions.Unauthorized("%s %s" % (message,
                                                    app_errors.RELOAD_PAGE))
     raise wzg_exceptions.InternalServerError(message)
   except Exception as e:  # pylint: disable=broad-except
     logger.exception(e.message)
     if settings.TESTING:
       raise
     raise wzg_exceptions.InternalServerError(
         app_errors.INTERNAL_SERVER_ERROR.format(job_type="Export"))
コード例 #4
0
 def update_user_password(self):
     body = request.get_json()
     current_password = body["current_password"]
     new_password = body["new_password"]
     valid = password.check_password(
         current_password, session["auth"]["user_data"]["passwdhash"])
     if not valid:
         raise exceptions.Unauthorized(
             description="Current password does not match.")
     users.set_user_password_by_id(self.get_logged_in_user()["id"],
                                   new_password)
     return jsonify(True)
コード例 #5
0
def add_document():
    document = request.get_json()
    if not document or "collection_id" not in document or not document[
            "collection_id"]:
        raise exceptions.BadRequest()
    if not collections.user_can_add_documents_or_images_by_id(
            document["collection_id"]):
        raise exceptions.Unauthorized()
    resp = service.post("documents", json=document)
    if resp.ok:
        log.access_flask_add_document(resp.json())
    return service.convert_response(resp)
コード例 #6
0
def post_collection_image(collection_id, path):
    if not is_cached_last_collection(collection_id):
        if not get_user_permissions_by_id(collection_id).add_images:
            raise exceptions.Unauthorized()
    if "file" not in request.files:
        raise exceptions.BadRequest("Missing file form part.")

    update_cached_last_collection(collection_id)

    return jsonify(
        _upload_collection_image_file(collection_id, path,
                                      request.files["file"]))
コード例 #7
0
    def test_create_comment_401_disables_source(self):
        self.expect_mention().AndRaise(exceptions.Unauthorized('no way'))
        self.mox.ReplayAll()

        self.assert_error('no way', status=401)
        source = self.source.key.get()
        self.assertEqual('disabled', source.status)

        bw = BlogWebmention.get_by_id(
            'http://bar.com/reply http://foo.com/post/1')
        self.assertEqual('failed', bw.status)
        self.assertEqual(self.mention_html, bw.html)
コード例 #8
0
def create_token(email, password):
    """
    If the provided email and password combination is valid, generates a JWT for client-use which expires in 7 days.
    """

    existing_user = User.query.filter_by(email=email).first_or_404()
    if not PasswordManager.context.verify(password,
                                          existing_user.password_hash):
        raise exceptions.Unauthorized(
            description='Email or password were not correct.')

    token = generate_token_for_user(existing_user)
    return jsonify(snake_to_camel_case_dict({'token': token.decode("utf-8")}))
コード例 #9
0
ファイル: api.py プロジェクト: WRWolfe66/flamenco
    def wrapper(manager_id, *args, **kwargs):
        from flamenco import current_flamenco
        from pillar.api.utils import str2id, mongo

        manager_id = str2id(manager_id)
        manager = mongo.find_one_or_404('flamenco_managers', manager_id)
        if not current_flamenco.manager_manager.user_manages(mngr_doc=manager):
            user_id = authentication.current_user_id()
            log.warning(
                'Service account %s sent startup notification for manager %s of another '
                'service account', user_id, manager_id)
            raise wz_exceptions.Unauthorized()

        return wrapped(manager_id, request.json, *args, **kwargs)
コード例 #10
0
ファイル: decorators.py プロジェクト: phoxelua/matcha
    def wrapped(*args, **kwargs):
        authorization_header = flask.request.headers.get('Authorization', None)
        if not authorization_header:
            raise exceptions.Unauthorized('Authorization header is not present.')

        token = authorization_header.replace('Bearer ', '', 1)
        if not token:
            raise exceptions.Unauthorized('Bearer token is not present.')

        try:
            decrypted = decode_token(token)
        except:
            raise exceptions.Unauthorized('Token is malformed.')

        if decrypted['expiration'] < datetime.utcnow().timestamp():
            raise exceptions.Unauthorized('Token has expired.')

        user = '******' in decrypted and User.query.get(decrypted['id'])
        if not user:
            raise exceptions.NotFound('User does not exist.')

        kwargs['user'] = user
        return func(*args, **kwargs)
コード例 #11
0
ファイル: app.py プロジェクト: xin3liang/ironic-python-agent
    def api_run_command(self, request):
        body = request.get_json(force=True)
        if ('name' not in body or 'params' not in body
                or not isinstance(body['params'], dict)):
            raise http_exc.BadRequest('Missing or invalid name or params')

        token = request.args.get('agent_token', None)
        if not self.agent.validate_agent_token(token):
            raise http_exc.Unauthorized('Token invalid.')
        with metrics_utils.get_metrics_logger(__name__).timer('run_command'):
            result = self.agent.execute_command(body['name'], **body['params'])
            wait = request.args.get('wait')
            if wait and wait.lower() == 'true':
                result.join()
            return jsonify(result)
コード例 #12
0
def _check_documents(documents) -> dict:
    collection_ids = set()
    for document in documents:
        if not isinstance(document, dict) or "collection_id" not in document or not document["collection_id"]:
            raise exceptions.BadRequest()
        collection_ids.add(document["collection_id"])
    collections_by_id = {}
    for collection_id in collection_ids:
        collection = service.get_item_by_id("collections", collection_id, params=service.params({
            "projection": collections.user_permissions_projection()
        }))
        if not collections.get_user_permissions(collection).add_documents:
            raise exceptions.Unauthorized()
        collections_by_id[collection_id] = collection
    return collections_by_id
コード例 #13
0
ファイル: bp.py プロジェクト: jhuapl-lglenden/PINE
def _check_collection_and_get_image_dir(collection_id, path):
    # make sure user can view collection
    if not user_can_view_by_id(collection_id):
        raise exceptions.Unauthorized()

    image_dir = current_app.config["DOCUMENT_IMAGE_DIR"]
    if image_dir == None or len(image_dir) == 0:
        raise exceptions.InternalServerError()

    # "static" is a special path that grabs images not associated with a particular collection
    # this is mostly for testing
    if not path.startswith("static/"):
        image_dir = os.path.join(image_dir, "by_collection", collection_id)

    return os.path.realpath(image_dir)
コード例 #14
0
ファイル: bp.py プロジェクト: uw-bionlp/PINE
def get_collection(collection_id):
    """
    Return the collection object for the collection matching the provided collection id. This object has the fields:
    'creator_id', 'annotators', 'viewers', 'labels', 'metadata', 'archived', and 'configuration'.
    :param collection_id: str
    :return: Response
    """
    resp = service.get(["collections", collection_id])
    if not resp.ok:
        abort(resp.status_code)
    collection = resp.json()
    if get_user_permissions(collection).view:
        return service.convert_response(resp)
    else:
        raise exceptions.Unauthorized()
コード例 #15
0
def get_all_documents_in_collection(col_id):
    truncate = json.loads(request.args.get("truncate", "true"))
    truncate_length = json.loads(request.args.get("truncateLength", "50"))
    collection = service.get_item_by_id("collections", col_id)
    if not collections.get_user_permissions(collection).view:
        raise exceptions.Unauthorized()
    params = service.where_params({"collection_id": col_id})
    if truncate:
        if truncate_length == 0:
            params["projection"] = json.dumps({"metadata": 0, "text": 0})
        else:
            params["projection"] = json.dumps({"metadata": 0})
            params["truncate"] = truncate_length

    return jsonify(service.get_all("documents", params=params))
コード例 #16
0
ファイル: permission.py プロジェクト: wencan/crud-flask-demo
            def decorated(*args, **kwargs):
                auth = request.authorization
                if auth is None:
                    raise exceptions.Unauthorized()

                # 获取用户id
                user_id = self._service.basic_authorization(
                    auth.username, auth.password)

                # 获取用户所有权限
                permissions = self._service.get_user_permissions(user_id)
                if not permission in permissions:
                    raise exceptions.Forbidden()

                return f(*args, **kwargs)
コード例 #17
0
ファイル: quart.py プロジェクト: SK-415/nonebot2
    async def _handle_ws_reverse(self, adapter: str):
        websocket: QuartWebSocket = _websocket
        ws = WebSocket(websocket.http_version, websocket.scheme,
                       websocket.path, websocket.query_string,
                       dict(websocket.headers), websocket)

        if adapter not in self._adapters:
            logger.warning(
                f'Unknown adapter {adapter}. Please register the adapter before use.'
            )
            raise exceptions.NotFound()

        BotClass = self._adapters[adapter]
        self_id, response = await BotClass.check_permission(self, ws)

        if not self_id:
            raise exceptions.Unauthorized(
                description=(response and response.body or b"").decode())

        if self_id in self._clients:
            logger.opt(colors=True).warning(
                "There's already a websocket connection, "
                f"<y>{escape_tag(adapter.upper())} Bot {escape_tag(self_id)}</y> ignored."
            )
            raise exceptions.Forbidden(description='Client already exists.')

        bot = BotClass(self_id, ws)
        await ws.accept()
        logger.opt(colors=True).info(
            f"WebSocket Connection from <y>{escape_tag(adapter.upper())} "
            f"Bot {escape_tag(self_id)}</y> Accepted!")
        self._bot_connect(bot)

        try:
            while not ws.closed:
                try:
                    data = await ws.receive()
                except asyncio.CancelledError:
                    logger.warning("WebSocket disconnected by peer.")
                    break
                except Exception as e:
                    logger.opt(exception=e).error(
                        "Error when receiving data from websocket.")
                    break

                asyncio.create_task(bot.handle_message(data.encode()))
        finally:
            self._bot_disconnect(bot)
コード例 #18
0
def authenticate():
    """
        Endpoint for admin authentication. Returns encrypted cookie with login
        time and username.
    """
    username = request.values["username"]
    password = request.values["password"]

    user = models.get_user(username)

    if user is None or not check_password_hash(user.password, password):
        raise excp.Unauthorized("Invalid username or password")

    session["last_login"] = datetime.datetime.now()
    session["username"] = username

    return json.dumps({"success": "OK"}), 200
コード例 #19
0
def user_login():
    """get a token to use for authentication throughout the rest of the site"""
    #NOTE: no permission required for this part because it uses an
    #alternative login method (username & password rather than token)
    #and declares the user object on its own
    #CONSIDER: add a delay for password based login to prevent excessive attempts

    check_args('username', 'password')
    g.user = user.auth(g.args['username'],
                       g.args['password'],
                       ip=request.remote_addr)
    if not g.user:
        raise ex.Unauthorized('Bad username or password.')

    return {
        'message': 'login successful',
        'token': g.user.token,
    }
コード例 #20
0
def index():

    if auth_header not in request.headers:
        raise exceptions.BadRequest("No Auth header exists")

    hdr = request.headers[auth_header].strip()
    if not hdr.startswith("Bearer"):
        raise exceptions.BadRequest("Unexpected auth type")

    spl = hdr.split()
    if len(spl) != 2:
        raise exceptions.BadRequest("Unexpected bearer format")

    token = spl[1]
    claims = jwtverifier.getClaims(token)
    if not claims:
        raise exceptions.Unauthorized("Unable to authenticate JWT token")

    return "JWT Claims: " + str(claims) + "\n"
コード例 #21
0
    def _get_authorization(self, request):
        """
        :type request: werkzeug.wrappers.request.Request
        :rtype: dict[str]
        :raises werkzeug.exceptions.Unauthorized: If authorization information not available in `request`
        """
        auth = request.authorization or {}
        username = auth.get('username', '').strip()
        password = auth.get('password', '').strip()
        if not username:
            raise exceptions.Unauthorized(
                www_authenticate='Basic realm="Simple index"')

        self._auth = {
            'username': username,
            'password': password
        } if username and password else {
            'token': username
        }
コード例 #22
0
def count_documents_in_collection(col_id):
    collection = service.get_item_by_id("collections", col_id)
    if not collections.get_user_permissions(collection).view:
        raise exceptions.Unauthorized()
    params = service.params({
        "where": {
            "collection_id": col_id
        },
        "projection": {
            "_id": 1
        },
        "max_results": 1
    })
    resp = service.get("documents", params=params)
    if not resp.ok:
        abort(resp.status_code)
    resp = resp.json()
    if "_meta" not in resp or resp["_meta"]["max_results"] != 1 or "total" not in resp["_meta"]:
        raise exceptions.InternalServerError("Pagination has not been turned on or correctly configured for documents.")
    return jsonify(resp["_meta"]["total"])
コード例 #23
0
        def decorated_function(*args, **kwargs):
            check_args('token')
            token = g.args['token']

            # store user object in g (thread safe context) users may only
            # authenticate with a token, this is to prevent users from
            # transmitting their username & password with every request

            #the token gets escaped when sent, so decode it first
            g.user = user.token_auth(
                token,
                ip=request.remote_addr,
            )

            if not g.user:
                raise ex.Unauthorized('bad token')
            for permission in permissions:
                if not g.user.has_perm(permission):
                    raise ex.Forbidden()
            return f(*args, **kwargs)
コード例 #24
0
ファイル: bp.py プロジェクト: uw-bionlp/PINE
def add_label_to_collection(collection_id):
    new_label = json.loads(request.form["new_label"])
    resp = service.get(["collections", collection_id])
    if not resp.ok:
        abort(resp.status_code)
    collection = resp.json()
    if not get_user_permissions(collection).modify_labels:
        raise exceptions.Unauthorized()
    if new_label not in collection["labels"]:
        LOGGER.info("new label: adding to collection")
        collection["labels"].append(new_label)
        to_patch = {
            "labels": collection["labels"]
        }
        headers = {'Content-Type': 'application/json', 'If-Match': collection["_etag"]}
        resp = service.patch(["collections", collection["_id"]], json=to_patch, headers=headers)
        if not resp.ok:
            abort(resp.status_code, resp.content)
        return service.convert_response(resp)
    else:
        abort(409, "Label already exists in collection")
コード例 #25
0
    def on_proxy(self, request, user_token, url):
        proxy_tile = self.proxy_url_and_coords(url)
        if not proxy_tile:
            raise exceptions.BadRequest('unknown proxy url')

        if request.method not in ('GET', 'HEAD'):
            raise exceptions.MethodNotAllowed(valid_methods=['GET', 'HEAD'])

        try:
            if not self.tile_coverages.is_permitted(user_token, proxy_tile.layer, proxy_tile.tile_coord):
                raise exceptions.Forbidden()

        except InvalidUserToken:
            raise exceptions.Unauthorized()

        headers = end_to_end_headers(request.headers)

        try:
            resp = requests.request(request.method, proxy_tile.url, headers=headers, stream=True)
        except requests.exceptions.RequestException, ex:
            raise exceptions.BadGateway('source returned: %s' % ex)
コード例 #26
0
ファイル: bp.py プロジェクト: uw-bionlp/PINE
def archive_or_unarchive_collection(collection_id, archive):
    """
    Set the "archived" boolean flag for the collection matching the provided collection_id.
    :param collection_id: str
    :param archive: Bool
    :return: Response
    """
    resp = service.get("collections/" + collection_id)
    if not resp.ok:
        abort(resp.status_code)
    collection = resp.json()
    if not get_user_permissions(collection).archive:
        raise exceptions.Unauthorized()
    if collection["archived"] != archive:
        collection["archived"] = archive
        headers = {"If-Match": collection["_etag"]}
        service.remove_nonupdatable_fields(collection)
        resp = service.put(["collections", collection_id], json = collection, headers = headers)
        if not resp.ok:
            abort(resp.status_code)
    return get_collection(collection_id)
コード例 #27
0
ファイル: search.py プロジェクト: dgreyling/gbi-server
    def search(self, query, user_token):
        from gbi_server.model import User
        user = User.by_authproxy_token(user_token)
        if not user:
            raise exceptions.Unauthorized()

        coverage = self.limiter.coverage(user_token)
        if not coverage:
            current_app.logger.debug("found no coverage user=%s query=%s",
                                     user, request.url)
            return None

        query.intersection(coverage, 3857)

        # query.ids(['072578-040-00042/000'])
        # f.near((7.88475, 49.859677), 4326, dist=500)
        # q = sql.select([parcel_table]).where(parcel_table.c.number == cleanup_id('072578-040-00042/000'))

        features = []
        query.limit(1000)
        sub = query.as_sa()
        q = sql.select([
            sub.c.identifier,
            sql.func.st_astext(sql.func.st_transform(sub.c.geometry,
                                                     '3857')).label('geometry')
        ])

        with self.engine.connect() as conn:
            for r in conn.execute(q):
                features.append({
                    "type":
                    "Feature",
                    "properties": {
                        "id": r.identifier,
                    },
                    "geometry":
                    mapping(shapely.wkt.loads(r.geometry)),
                })

        return features
コード例 #28
0
def get_documents_in_collection(col_id, page):
    truncate = json.loads(request.args.get("truncate", "true"))
    truncate_length = json.loads(request.args.get("truncateLength", "50"))
    collection = service.get_item_by_id("collections", col_id)
    if not collections.user_can_view(collection):
        raise exceptions.Unauthorized()
    params = service.where_params({"collection_id": col_id})
    if truncate:
        params["projection"] = json.dumps({"metadata": 0})
        params["truncate"] = truncate_length

    if page == "all":
        return jsonify(service.get_all_using_pagination("documents", params))

    if page: params["page"] = page
    resp = service.get("documents", params=params)
    if not resp.ok:
        abort(resp.status_code, resp.content)
    data = resp.json()
    if truncate:
        for document in data["_items"]:
            document["text"] = document["text"][0:truncate_length]
    return jsonify(data)
コード例 #29
0
    def on_proxy(self, request, user_token, url):
        proxy_couch = self.proxy_url_and_db(url)
        if not proxy_couch:
            raise exceptions.BadRequest('unknown proxy url')

        headers = end_to_end_headers(request.headers)

        content_length = request.headers.get('content-length')
        if not content_length:
            data = None
        else:
            data = LimitedStream(request.stream)

        dbname = url.split('/', 1)[0]

        try:
            if not self.dblimit.is_permitted(user_token, dbname, request.method):
                raise exceptions.Forbidden()
        except InvalidUserToken:
            raise exceptions.Unauthorized()


        try:
            resp = requests.request(request.method, proxy_couch.url,
                data=data, headers=headers,
                auth=(
                    current_app.config['COUCH_DB_ADMIN_USER'],
                    current_app.config['COUCH_DB_ADMIN_PASSWORD']
                ),
                params=request.args, stream=True)

            chunked_response = resp.headers.get('Transfer-Encoding') == 'chunked'
            line_based = resp.headers.get('Content-type', '').startswith(('text/plain', 'application/json'))

        except requests.exceptions.RequestException, ex:
            raise exceptions.BadGateway('source returned: %s' % ex)
コード例 #30
0
ファイル: bp.py プロジェクト: jhuapl-lglenden/PINE
def archive_or_unarchive_collection(collection_id, archive):
    """
    Set the "archived" boolean flag for the collection matching the provided collection_id.
    :param collection_id: str
    :param archive: Bool
    :return: Response
    """
    user_id = auth.get_logged_in_user()["id"]
    resp = service.get("collections/" + collection_id)
    if not resp.ok:
        abort(resp.status_code)
    collection = resp.json()
    if not auth.is_flat() and collection["creator_id"] != user_id:
        raise exceptions.Unauthorized(
            "Only the creator can archive a collection.")
    collection["archived"] = archive
    headers = {"If-Match": collection["_etag"]}
    service.remove_nonupdatable_fields(collection)
    resp = service.put(["collections", collection_id],
                       json=collection,
                       headers=headers)
    if not resp.ok:
        abort(resp.status_code)
    return get_collection(collection_id)