def run(args):
"""Call this function to initiate the two-step file-upload process.
Step 1: upload - tells the service that a file of specific
size and checksum will be uploaded. This gives the service
the chance to decide whether this will be allowed. If the
file is small, and was thus included in the FileHandle,
then it is uploaded immediately and the operation completes.
If the file is large, then we now returns a OSPar
that can be used for this upload (Step 2)
Step 2: after the user has used the OSPar to upload
the file, they should call OSPar.close() to notify
the service that the file has been successfully uploaded.
This will verify that the file has been uploaded correctly,
will receipt the storage cost and will delete the OSPar
"""
filehandle = FileHandle.from_data(args["filehandle"])
try:
authorisation = Authorisation.from_data(args["authorisation"])
except:
authorisation = None
try:
par_uid = args["par_uid"]
except:
par_uid = None
try:
secret = args["secret"]
except:
secret = None
try:
public_key = PublicKey.from_data(args["encryption_key"])
except:
public_key = None
if par_uid is not None:
registry = PARRegistry()
(par, identifiers) = registry.load(par_uid=par_uid, secret=secret)
else:
par = None
identifiers = None
drive_uid = filehandle.drive_uid()
drive = DriveInfo(drive_uid=drive_uid)
return_value = {}
(filemeta, par) = drive.upload(filehandle=filehandle,
authorisation=authorisation,
encrypt_key=public_key,
par=par,
identifiers=identifiers)
if filemeta is not None:
return_value["filemeta"] = filemeta.to_data()
if par is not None:
return_value["upload_par"] = par.to_data()
return return_value
def read(self, spend, resource, receipt_by):
"""Read the cheque - this will read the cheque to return the
decrypted contents. This will only work if this function
is called on the accounting service that will cash the
cheque, if the signature on the cheque matches the
service that is authorised to cash the cheque, and
if the passed resource matches the resource
encoded in the cheque. If this is all correct, then the
returned dictionary will contain;
{"recipient_url": The URL of the service which was sent the cheque,
"recipient_key_fingerprint": Verified fingerprint of the service
key that signed this cheque
"spend": The amount authorised by this cheque,
"uid": The unique ID for this cheque,
"resource": String that identifies the resource this cheque will
be used to pay for,
"account_uid": UID of the account from which funds will be drawn
"authorisation" : Verified authorisation from the user who
says they own the account for the spend
"receipt_by" : Time when we must receipt the cheque, or
we will lose the money
}
You must pass in the spend you want to draw from the cheque,
a string representing the resource this cheque will
be used to pay for, and the time by which you promise to receipt
the cheque after cashing
Args:
spend (Decimal): Amount authorised by cheque
resource (str): Resource to pay for
receipt_by (datetime): Time cheque must be receipted
by
Returns:
dict: Dictionary described above
"""
if self._cheque is None:
raise PaymentError("You cannot read a null cheque")
from Acquire.ObjectStore import string_to_decimal \
as _string_to_decimal
from Acquire.ObjectStore import string_to_datetime \
as _string_to_datetime
from Acquire.ObjectStore import datetime_to_string \
as _datetime_to_string
from Acquire.Service import get_this_service as _get_this_service
spend = _string_to_decimal(spend)
resource = str(resource)
receipt_by = _string_to_datetime(receipt_by)
service = _get_this_service(need_private_access=True)
# get the cheque data - this may have been signed
try:
cheque_data = _json.loads(self._cheque["signed_data"])
except:
cheque_data = self._cheque
# decrypt the cheque's data - only possible on the accounting service
cheque_data = service.decrypt_data(cheque_data)
# the date comprises the user-authorisation that acts as a
# signature that the user wrote this cheque, and the info
# for the cheque to say how it is valid
from Acquire.Identity import Authorisation as _Authorisation
auth = _Authorisation.from_data(cheque_data["authorisation"])
info = cheque_data["info"]
# the json.dumps version is the resource used to verify
# the above authorisation
auth_resource = info
# validate that the user authorised this cheque
try:
auth.verify(resource=info)
except Exception as e:
raise PaymentError(
"The user's signature/authorisation for this cheque "
"is not valid! ERROR: %s" % str(e))
info = _json.loads(info)
# the user signed this cheque :-)
info["authorisation"] = auth
# check the signature if one was needed
try:
recipient_url = info["recipient_url"]
except:
recipient_url = None
if recipient_url:
# the recipient was specified - verify that we trust
# the recipient, and that they have signed the cheque
recipient_service = service.get_trusted_service(
service_url=recipient_url)
recipient_service.verify_data(self._cheque)
info["recipient_key_fingerprint"] = self._cheque["fingerprint"]
# validate that the item signature is correct
try:
cheque_resource = info["resource"]
except:
cheque_resource = None
if cheque_resource is not None:
if resource != resource:
raise PaymentError(
"Disagreement over the resource for which "
"this cheque has been signed")
info["resource"] = resource
info["auth_resource"] = auth_resource
try:
max_spend = info["max_spend"]
del info["max_spend"]
except:
max_spend = None
if max_spend is not None:
max_spend = _string_to_decimal(max_spend)
if max_spend < spend:
raise PaymentError(
"The requested spend (%s) exceeds the authorised "
"maximum value of the cheque" % (spend))
info["spend"] = spend
try:
expiry_date = info["expiry_date"]
del expiry_date["expiry_date"]
except:
expiry_date = None
if expiry_date is not None:
expiry_date = _string_to_datetime(expiry_date)
# validate that the cheque will not have expired
# when we receipt it
from Acquire.ObjectStore import get_datetime_now \
as _get_datetime_now
now = _get_datetime_now()
if now > receipt_by:
raise PaymentError(
"The time when you promised to receipt the cheque "
"has already passed!")
if receipt_by > expiry_date:
raise PaymentError(
"The cheque will have expired after you plan to "
"receipt it!: %s versus %s" %
(_datetime_to_string(receipt_by),
_datetime_to_string(expiry_date)))
info["receipt_by"] = receipt_by
return info
def run(args):
"""This function is called to handle requests from a user to deposit
more funds into their account. This will add this deposit as a
debt for the user. Once the debt exceeds a certain value, then the
backend-payment system will charge the user's real account to
recover the funds
Args:
args (dict): data for deposit of funds into the account
Returns:
dict: contains status, status message and details regarding
the deposit into the account and invoice data
"""
transaction_records = None
invoice_value = None
invoice_user = None
try:
authorisation = Authorisation.from_data(args["authorisation"])
except:
authorisation = None
transaction = Transaction.from_data(args["transaction"])
if authorisation is None:
raise PermissionError("You must supply a valid authorisation "
"to deposit funds into your account")
if transaction is None or transaction.is_null():
raise ValueError("You must supply a valid transaction that "
"represents the deposit")
try:
account_name = str(args["account_name"])
except:
account_name = "deposits"
if transaction.value() > 0:
user_guid = authorisation.user_guid()
# load the account from which the transaction will be performed
bucket = get_service_account_bucket()
accounts = Accounts(user_guid=user_guid)
# deposits are made by transferring funds from the user's
# 'billing' account to their named account (or 'deposits' account)
deposit_account = accounts.create_account(account_name,
"Deposit account",
bucket=bucket)
billing_account = accounts.create_account("billing",
"Billing account",
overdraft_limit=150,
bucket=bucket)
billing_balance = billing_account.balance() - transaction.value()
if billing_balance.balance() < -50.0:
# there are sufficient funds that need to be transferred that
# it is worth really charging the user
invoice_user = user_guid
invoice_value = billing_balance
# we have enough information to perform the transaction
transaction_records = Ledger.perform(transactions=transaction,
debit_account=billing_account,
credit_account=deposit_account,
authorisation=authorisation,
is_provisional=False,
bucket=bucket)
return_value = {}
if transaction_records:
try:
transaction_records[0]
except:
transaction_records = [transaction_records]
for i in range(0, len(transaction_records)):
transaction_records[i] = transaction_records[i].to_data()
return_value["transaction_records"] = transaction_records
if invoice_user:
return_value["invoice_user"] = invoice_user
return_value["invoice_value"] = str(invoice_value)
return return_value
def run(args):
"""Call this function to initiate the two-step file-download process.
Step 1: download - tells the service to download the file. If the
file is small then the file will be in the response.
Otherwise a OSPar will be returned that will let you
download the file. If this is the case, then you must
call step 2...
Step 2: downloaded - after you have downloaded the file from the OSPar
call OSPar.close() so that the service knows that the OSPar
is no longer needed and can be deleted
"""
drive_uid = args["drive_uid"]
filename = args["filename"]
try:
authorisation = Authorisation.from_data(args["authorisation"])
except:
authorisation = None
try:
par_uid = args["par_uid"]
except:
par_uid = None
try:
secret = args["secret"]
except:
secret = None
public_key = PublicKey.from_data(args["encryption_key"])
if "version" in args:
version = str(args["version"])
else:
version = None
if "force_par" in args:
force_par = args["force_par"]
else:
force_par = None
if "must_chunk" in args:
must_chunk = args["must_chunk"]
else:
must_chunk = False
if must_chunk:
must_chunk = True
if force_par:
force_par = True
if par_uid is not None:
registry = PARRegistry()
(par, identifiers) = registry.load(par_uid=par_uid, secret=secret)
else:
par = None
identifiers = None
drive = DriveInfo(drive_uid=drive_uid)
return_value = {}
(filemeta, filedata, par,
downloader) = drive.download(filename=filename,
version=version,
authorisation=authorisation,
encrypt_key=public_key,
force_par=force_par,
must_chunk=must_chunk,
par=par,
identifiers=identifiers)
if filemeta is not None:
return_value["filemeta"] = filemeta.to_data()
if filedata is not None:
from Acquire.ObjectStore import bytes_to_string as _bytes_to_string
return_value["filedata"] = _bytes_to_string(filedata)
if par is not None:
return_value["download_par"] = par.to_data()
if downloader is not None:
return_value["downloader"] = downloader.to_data(pubkey=public_key)
return return_value
def run(args):
"""This function is called to handle requests for the UIDs of accounts
Args:
args (dict): data regarding account to be queried
Returns:
dict: contains status, status message and account UIDs
"""
status = 0
message = None
account_uids = None
try:
account_name = str(args["account_name"])
except:
account_name = None
try:
authorisation = Authorisation.from_data(args["authorisation"])
except:
authorisation = None
try:
user_guid = str(args["user_guid"])
except:
user_guid = None
is_authorised = False
if authorisation is not None:
if not isinstance(authorisation, Authorisation):
raise TypeError("All authorisations must be of type "
"Authorisation")
if user_guid:
if user_guid == authorisation.user_guid():
authorisation.verify(resource="get_account_uids")
is_authorised = True
else:
authorisation.verify(resource="get_account_uids")
user_guid = authorisation.user_guid()
is_authorised = True
if user_guid is None:
raise ValueError("You must supply either an Authorisation or the "
"user_guid")
# try to create a 'main' account for this user
account_uids = {}
accounts = Accounts(user_guid=user_guid)
if account_name is None:
if not is_authorised:
raise PermissionError(
"You cannot list general information about a user's "
"accounts unless you have authenticated as the user!")
bucket = get_service_account_bucket()
account_names = accounts.list_accounts(bucket=bucket)
for account_name in account_names:
account = accounts.get_account(account_name, bucket=bucket)
account_uids[account.uid()] = account.name()
else:
if not is_authorised:
try:
account = accounts.get_account(account_name)
except:
# don't leak any information
raise ListAccountsError(
"No account called '%s' for user '%s'" %
(account_name, user_guid))
else:
# allow the user to see the real exception if this
# account doesn't exist
account = accounts.get_account(account_name)
account_uids[account.uid()] = account.name()
return_value = {}
if account_uids:
return_value["account_uids"] = account_uids
return return_value
def run(args):
"""This function is called to handle requests to perform transactions
between accounts
Args:
args (dict): data for account transfers
Returns:
dict: contains status, status message and transaction
records if any are available
"""
transaction_records = None
try:
debit_account_uid = str(args["debit_account_uid"])
except:
debit_account_uid = None
try:
credit_account_uid = str(args["credit_account_uid"])
except:
credit_account_uid = None
try:
authorisation = Authorisation.from_data(args["authorisation"])
except:
authorisation = None
try:
transaction = Transaction.from_data(args["transaction"])
except:
transaction = None
try:
is_provisional = bool(args["is_provisional"])
except:
is_provisional = None
if debit_account_uid is None:
raise TransactionError("You must supply the account UID "
"for the debit account")
if credit_account_uid is None:
raise TransactionError("You must supply the account UID "
"for the credit account")
if debit_account_uid == credit_account_uid:
raise TransactionError(
"You cannot perform a transaction where the debit and credit "
"accounts are the same!")
if transaction is None or transaction.is_null():
raise TransactionError("You must supply a valid transaction to "
"perform!")
if is_provisional is None:
raise TransactionError("You must say whether or not the "
"transaction is provisional using "
"is_provisional")
if authorisation is None:
raise PermissionError("You must supply a valid authorisation "
"to perform transactions between accounts")
authorisation.assert_once()
user_guid = authorisation.user_guid()
# load the account from which the transaction will be performed
bucket = get_service_account_bucket()
debit_account = Account(uid=debit_account_uid, bucket=bucket)
# validate that this account is in a group that can be authorised
# by the user - This should eventually go as this is all
# handled by the ACLs
if not Accounts(user_guid).contains(account=debit_account,
bucket=bucket):
raise PermissionError(
"The user with GUID '%s' cannot authorise transactions from "
"the account '%s' as they do not own this account." %
(user_guid, str(debit_account)))
# now load the two accounts involved in the transaction
credit_account = Account(uid=credit_account_uid, bucket=bucket)
# we have enough information to perform the transaction
transaction_records = Ledger.perform(transactions=transaction,
debit_account=debit_account,
credit_account=credit_account,
authorisation=authorisation,
is_provisional=is_provisional,
bucket=bucket)
return_value = {}
if transaction_records:
try:
transaction_records[0]
except:
transaction_records = [transaction_records]
for i in range(0, len(transaction_records)):
transaction_records[i] = transaction_records[i].to_data()
return_value["transaction_records"] = transaction_records
return return_value