def __init__(self,
app=None,
route=None,
blueprint=None,
stream_cache=None,
path='templates.yaml'):
self.app = app
self._route = route
self._intent_view_funcs = {}
self._intent_converts = {}
self._intent_defaults = {}
self._intent_mappings = {}
self._launch_view_func = None
self._session_ended_view_func = None
self._on_session_started_callback = None
self._default_intent_view_func = None
self._player_request_view_funcs = {}
self._player_mappings = {}
self._player_converts = {}
if app is not None:
self.init_app(app, path)
elif blueprint is not None:
self.init_blueprint(blueprint, path)
if stream_cache is None:
self.stream_cache = SimpleCache()
else:
self.stream_cache = stream_cache
def _simple(self, **kwargs):
"""Returns a :class:`SimpleCache` instance
.. warning::
This cache system might not be thread safe. Use with caution.
"""
kwargs.update(dict(threshold=self._config('threshold', 500)))
return SimpleCache(**kwargs)
def test_dynamic_permission_needs_cache_invalidation(app, dynamic_permission):
"""Testing DynamicPermission refreshes needs.
This is important when protecting a view with
@permission.require(http_exception=403)
If cache does not get invalidated, the needs will only be refreshed when
the Python process restarts.
"""
cache = SimpleCache()
InvenioAccess(app, cache=cache)
with app.test_request_context():
user_can_all = User(email='*****@*****.**')
user_can_open = User(email='*****@*****.**')
db.session.add(user_can_all)
db.session.add(user_can_open)
db.session.add(ActionUsers(action='open', user=user_can_all))
db.session.flush()
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.needs == set([Need(method='id', value=1)])
db.session.add(ActionUsers(action='open', user=user_can_open))
db.session.flush()
assert permission_open.needs == set(
[Need(method='id', value=1), Need(method='id', value=2)]
)
def test_invenio_access_permission_cache(app, dynamic_permission):
"""Caching the user using memory caching."""
cache = SimpleCache()
InvenioAccess(app, cache=cache)
with app.test_request_context():
user_can_all = User(email='*****@*****.**')
user_can_open = User(email='*****@*****.**')
user_can_open_1 = User(email='*****@*****.**')
db.session.add(user_can_all)
db.session.add(user_can_open)
db.session.add(user_can_open_1)
db.session.add(ActionUsers(action='open', user=user_can_all))
db.session.flush()
permission_open = dynamic_permission(ActionNeed('open'))
identity_open = FakeIdentity(UserNeed(user_can_open.id))
assert not permission_open.allows(identity_open)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1)]),
set([])
)
db.session.add(ActionUsers(action='open', user=user_can_open))
db.session.flush()
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.allows(identity_open)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1),
Need(method='id', value=2)]),
set([])
)
db.session.add(ActionUsers(action='open', argument=1,
user=user_can_open_1))
db.session.flush()
identity_open_1 = FakeIdentity(UserNeed(user_can_open_1.id))
permission_open_1 = dynamic_permission(
ParameterizedActionNeed('open', '1'))
assert not permission_open.allows(identity_open_1)
assert permission_open_1.allows(identity_open_1)
assert current_access.get_action_cache('open::1') == (
set([Need(method='id', value=1),
Need(method='id', value=2),
Need(method='id', value=3)]),
set([])
)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1),
Need(method='id', value=2)]),
set([])
)
def __init__(self,
app=None,
*,
base_url=None,
client_id=None,
client_secret=None,
cache=None,
scope='openid',
url_prefix='/oauth2',
session_key='flask-auth0-cookie'):
# :param app: Flask app
# :param base_url: your identity provider's base url
# :param client_id: CLIENT_ID
# :param client_secret: CLIENT_SECRET
# :param cache: a cache object that implements `werkzeug.contrib.cache.BaseCache` to store the tokens in
# :param scope: oauth2 scopes
# :param url_prefix: what should be the prefix of all the routes needed for oauth2. default = /oauth2
# :param session_key: name of the key used in the session to store the uid
self.app = app
self.user_agent = f"{__name__}/{__version__} python-requests/{requests.__version__}"
self.base_url = base_url
self.client_id = client_id
self.client_secret = client_secret
self.scope = scope
self.url_prefix = url_prefix
self.session_key = session_key
# User actions
self._after_login_handler = None
self._after_logout_handler = None
self._after_refresh_handler = None
self._logger = None
# Setup backend cache
if cache is None:
self.cache = SimpleCache()
elif isinstance(cache, BaseCache):
self.cache = cache
else:
raise ValueError(
f'your backend cache must implement `cachelib.BaseCache`. {cache} is {type(cache)}'
)
# Utilities
self.signer = None
self.hasher = None
self.openid_config = None
if app is not None:
self.init_app(app)
def init_app (self, app):
app.config.from_object (Config)
for layer in app.config['TILE_LAYERS']:
if 'map_style' in layer:
renderers[layer['id']] = Render (app, layer)
app.tile_cache = SimpleCache (
threshold = TILE_CACHE_SIZE,
default_timeout = TILE_CACHE_TIMEOUT
)
def decorator(func):
@wraps(func)
def decorated(*args, **kwargs):
cache_id = key(*args, **kwargs)
return_value = decorated.cache.get(cache_id)
if return_value is None:
return_value = func(*args, **kwargs)
decorated.cache.set(
cache_id,
return_value if return_value is not None else NO_DATA,
timeout=timeout)
elif return_value == NO_DATA:
return_value = None
return return_value
decorated.cache = SimpleCache()
return decorated
from . import filters
from .db import db, db_reload
BACKCOMPAT_SERIES_ALIASES = {
'brno': 'brno-pyvo',
'praha': 'praha-pyvo',
'ostrava': 'ostrava-pyvo',
'olomouc': 'olomouc-pyvo',
'plzen': 'plzen-pyvo',
'liberec': 'liberec-pyvo',
}
# Be careful when using SimpleCache!
# See: http://werkzeug.pocoo.org/docs/contrib/cache/
# #werkzeug.contrib.cache.SimpleCache
cache = SimpleCache(threshold=500, default_timeout=300)
routes = []
def route(url, methods=['GET'], translate=True, **kwargs):
def decorator(func):
assert url.startswith('/')
options = dict(kwargs, methods=methods)
if translate:
routes.append((
url,
func,
dict(options, defaults={'lang_code': 'cs'}),
))
routes.append((
def test_intenio_access_cache_performance(app, dynamic_permission):
"""Performance test simulating 1000 users."""
InvenioAccess(app, cache=None)
with app.test_request_context():
# CDS has (2015-11-19) 74 actions with 414 possible arguments with
# 49259 users and 307 roles. In this test we are going to divide
# into 50 and use the next prime number.
users_number = 991
actions_users_number = 11
actions_roles_number = 7
roles = []
actions = []
for i in range(actions_roles_number):
role = Role(name='role{0}'.format(i))
roles.append(role)
db.session.add(role)
db.session.flush()
action_role = ActionRoles(
action='action{0}'.format(
str(i % actions_roles_number)),
role=role)
actions.append(action_role)
db.session.add(action_role)
db.session.flush()
users = []
for i in range(users_number):
user = User(
email='invenio{0}@inveniosoftware.org'.format(str(i)),
roles=[roles[i % actions_roles_number]])
users.append(user)
db.session.add(user)
db.session.flush()
action_user = ActionUsers(action='action{0}'.format(
str((i % actions_users_number) + actions_roles_number)),
user=user)
actions.append(action_user)
db.session.add(action_user)
db.session.flush()
def test_permissions():
"""Iterates over all users checking its permissions."""
for i in range(users_number):
identity = FakeIdentity(UserNeed(users[i].id))
# Allowed permission
permission_allowed_both = dynamic_permission(
ActionNeed('action{0}'.format(
(i % actions_users_number) +
actions_roles_number)),
ActionNeed('action{0}'.format(i % actions_roles_number))
)
assert permission_allowed_both.allows(identity)
# Not allowed action user
permission_not_allowed_user = dynamic_permission(
ActionNeed('action{0}'.format(
(i + 1) % actions_users_number +
actions_roles_number))
)
assert not permission_not_allowed_user.allows(identity)
# Not allowed action role
permission_not_allowed_role = dynamic_permission(
ActionNeed('action{0}'.format(
(i + 1) % actions_roles_number))
)
assert not permission_not_allowed_role.allows(identity)
app.extensions['invenio-access'].cache = None
start_time_wo_cache = time.time()
test_permissions()
end_time_wo_cache = time.time()
time_wo_cache = end_time_wo_cache - start_time_wo_cache
app.extensions['invenio-access'].cache = SimpleCache()
start_time_w_cache = time.time()
test_permissions()
end_time_w_cache = time.time()
time_w_cache = end_time_w_cache - start_time_w_cache
assert time_wo_cache / time_w_cache > 10
import datetime
from cachelib import SimpleCache
from app.clients.sms import PollableSMSClient
from app.clients.sms.utils import timed
from saplivelink365 import Configuration, ApiClient, AuthorizationApi, SMSV20Api
# See https://livelink.sapmobileservices.com/documentation/guides/sms-channel/delivery_statuses/#body-description
sap_response_map = {
'SENT': 'sending',
'DELIVERED': 'delivered',
'RECEIVED': 'delivered',
'ERROR': 'failed',
}
auth_cache = SimpleCache()
def get_sap_responses(status):
return sap_response_map[status]
class SAPSMSClient(PollableSMSClient):
def __init__(self, client_id=None, client_secret=None, *args, **kwargs):
super(SAPSMSClient, self).__init__(*args, **kwargs)
self._client_id = client_id
self._client_secret = client_secret
def init_app(self, logger, notify_host, *args, **kwargs):
self.logger = logger
self.notify_host = notify_host
if "WEBFAF_ENVIRON_PRODUCTION" in os.environ:
app.config.from_object("webfaf.config.ProductionConfig")
elif "WEBFAF_ENVIRON_TEST" in os.environ:
app.config.from_object("webfaf.config.TestingConfig")
else:
app.config.from_object("webfaf.config.DevelopmentConfig")
db = SQLAlchemy(app)
if app.config["CACHE_TYPE"].lower() == "memcached":
flask_cache = MemcachedCache(['{0}:{1}'.format(
app.config["MEMCACHED_HOST"],
app.config["MEMCACHED_PORT"])],
key_prefix=app.config["MEMCACHED_KEY_PREFIX"])
elif app.config["CACHE_TYPE"].lower() == "simple":
flask_cache = SimpleCache()
else:
flask_cache = NullCache()
if app.config["PROXY_SETUP"]:
app.wsgi_app = ProxyFix(app.wsgi_app)
if app.config["OPENID_ENABLED"]:
from flask_openid import OpenID
from openid_teams import teams
oid = OpenID(app, safe_roots=[], extension_responses=[teams.TeamsResponse])
from webfaf.login import login # pylint: disable=cyclic-import
app.register_blueprint(login)
from webfaf.user import user # pylint: disable=cyclic-import
app.register_blueprint(user)
def werkzeug_subscriber():
subscriber = Subscriber(SQLite3SubscriberStorage('subscriber.db'),
WerkzeugCacheTempSubscriberStorage(SimpleCache()))
yield from subscriber_app(subscriber)
def test_invenio_access_permission_cache_users_updates(
app,
dynamic_permission
):
"""Testing ActionUsers cache with inserts/updates/deletes."""
cache = SimpleCache()
InvenioAccess(app, cache=cache)
with app.test_request_context():
# Creation of some data to test.
user_1 = User(email='*****@*****.**')
user_2 = User(email='*****@*****.**')
user_3 = User(email='*****@*****.**')
user_4 = User(email='*****@*****.**')
user_5 = User(email='*****@*****.**')
user_6 = User(email='*****@*****.**')
db.session.add(user_1)
db.session.add(user_2)
db.session.add(user_3)
db.session.add(user_4)
db.session.add(user_5)
db.session.add(user_6)
db.session.add(ActionUsers(action='open', user=user_1))
db.session.add(ActionUsers(action='write', user=user_4))
db.session.flush()
# Creation identities to test.
identity_user_1 = FakeIdentity(UserNeed(user_1.id))
identity_user_2 = FakeIdentity(UserNeed(user_2.id))
identity_user_3 = FakeIdentity(UserNeed(user_3.id))
identity_user_4 = FakeIdentity(UserNeed(user_4.id))
identity_user_5 = FakeIdentity(UserNeed(user_5.id))
identity_user_6 = FakeIdentity(UserNeed(user_6.id))
# Test if user 1 can open. In this case, the cache should store only
# this object.
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.allows(identity_user_1)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1)]),
set([])
)
# Test if user 4 can write. In this case, the cache should have this
# new object and the previous one (Open is allowed to user_1)
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_user_4)
assert current_access.get_action_cache('write') == (
set([Need(method='id', value=4)]),
set([])
)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1)]),
set([])
)
# If we add a new user to the action open, the open action in cache
# should be removed but it should still containing the write entry.
db.session.add(ActionUsers(action='open', user=user_2))
db.session.flush()
assert current_access.get_action_cache('open') is None
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.allows(identity_user_2)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1),
Need(method='id', value=2)]),
set([])
)
assert current_access.get_action_cache('write') == (
set([Need(method='id', value=4)]),
set([])
)
# Test if the new user is added to the action 'open'
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_user_4)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1),
Need(method='id', value=2)]),
set([])
)
assert current_access.get_action_cache('write') == (
set([Need(method='id', value=4)]),
set([])
)
# If we update an action swapping a user, the cache containing the
# action, should be removed.
user_4_action_write = ActionUsers.query.filter(
ActionUsers.action == 'write' and
ActionUsers.user == user_4).first()
user_4_action_write.user = user_3
db.session.flush()
assert current_access.get_action_cache('write') is None
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1),
Need(method='id', value=2)]),
set([])
)
# Test if the user_3 can now write.
permission_write = dynamic_permission(ActionNeed('write'))
assert not permission_write.allows(identity_user_4)
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_user_3)
assert current_access.get_action_cache('write') == (
set([Need(method='id', value=3)]),
set([])
)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1),
Need(method='id', value=2)]),
set([])
)
# If we remove a user from an action, the cache should clear the
# action item.
user_3_action_write = ActionUsers.query.filter(
ActionUsers.action == 'write' and
ActionUsers.user == user_3).first()
db.session.delete(user_3_action_write)
db.session.flush()
assert current_access.get_action_cache('write') is None
# If no one is allowed to perform an action then everybody is allowed.
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_user_3)
assert current_access.get_action_cache('write') == (
set([]),
set([])
)
db.session.add(ActionUsers(action='write', user=user_5))
db.session.flush()
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_user_5)
permission_write = dynamic_permission(ActionNeed('write'))
assert not permission_write.allows(identity_user_3)
assert current_access.get_action_cache('write') == (
set([Need(method='id', value=5)]),
set([])
)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1),
Need(method='id', value=2)]),
set([])
)
# If you update the name of an existing action, the previous action
# and the new action should be remove from cache.
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_user_5)
assert current_access.get_action_cache('write') == (
set([Need(method='id', value=5)]),
set([])
)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1),
Need(method='id', value=2)]),
set([])
)
user_5_action_write = ActionUsers.query.filter(
ActionUsers.action == 'write' and
ActionUsers.user == user_5).first()
user_5_action_write.action = 'open'
db.session.flush()
assert current_access.get_action_cache('write') is None
assert current_access.get_action_cache('open') is None
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.allows(identity_user_1)
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1),
Need(method='id', value=2),
Need(method='id', value=5)]),
set([])
)
db.session.add(ActionUsers(action='write', user=user_4))
permission_write = dynamic_permission(ActionNeed('write'))
assert not permission_write.allows(identity_user_5)
assert current_access.get_action_cache('write') == (
set([Need(method='id', value=4)]),
set([])
)
db.session.add(ActionUsers(action='open', argument='1', user=user_6))
db.session.flush()
permission_open_1 = dynamic_permission(
ParameterizedActionNeed('open', '1'))
assert not permission_open.allows(identity_user_6)
assert permission_open_1.allows(identity_user_6)
assert current_access.get_action_cache('open::1') == (
set([Need(method='id', value=1),
Need(method='id', value=2),
Need(method='id', value=5),
Need(method='id', value=6)]),
set([])
)
user_6_action_open_1 = ActionUsers.query.filter_by(
action='open', argument='1', user_id=user_6.id).first()
user_6_action_open_1.argument = '2'
db.session.flush()
assert current_access.get_action_cache('open::1') is None
assert current_access.get_action_cache('open::2') is None
permission_open_2 = dynamic_permission(
ParameterizedActionNeed('open', '2'))
assert permission_open_2.allows(identity_user_6)
assert current_access.get_action_cache('open::2') == (
set([Need(method='id', value=1),
Need(method='id', value=2),
Need(method='id', value=5),
Need(method='id', value=6)]),
set([])
)
# open action cache should remain as before
assert current_access.get_action_cache('open') == (
set([Need(method='id', value=1),
Need(method='id', value=2),
Need(method='id', value=5)]),
set([])
)
def simple(config, *args, **kwargs):
defaults = dict(gen_defaults('threshold', **config))
defaults.update(kwargs)
return SimpleCache(*args, **defaults)
"postgresql": "postgresql+psycopg2",
"mysql": "mysql",
"sqllite": "sqllite"
}
METADATA_DB_DEFAULT_PORTS = {"postgresql": 5432, "mysql": 3306}
BROKER_PREFIXES = {"redis": "redis", "rabbitmq": "pyamqp"}
BROKER_DEFAULT_PORTS = {"redis": 6379, "rabbitmq": 5672}
SUPERSET_RESULTS_BACKENDS = {
"simple":
lambda: SimpleCache(threshold=get_env(
"SUPERSET_SIMPLE_RESULTS_BACKEND_THRESHOLD", default=10, cast=int),
default_timeout=get_env(
"SUPERSET_SIMPLE_RESULTS_BACKEND_DEFAULT_TIMEOUT",
default=300,
cast=float)),
"redis":
lambda: RedisCache(
host=get_env("SUPERSET_REDIS_RESULTS_BACKEND_HOST"),
port=get_env(
"SUPERSET_REDIS_RESULTS_BACKEND_PORT", default=6379, cast=int),
password=get_env("SUPERSET_REDIS_RESULTS_BACKEND_PASSWORD"),
key_prefix=get_env("SUPERSET_REDIS_RESULTS_BACKEND_KEY_PREFIX",
default="superset_results"),
db=get_env("SUPERSET_REDIS_RESULTS_BACKEND_DB", default=0, cast=int),
default_timeout=get_env(
"SUPERSET_REDIS_RESULTS_BACKEND_DEFAULT_TIMEOUT",
default=300,
cast=float)),
def _factory(self, *args, **kwargs):
return SimpleCache(*args, **kwargs)
def simple(app, config, args, kwargs):
kwargs.update(dict(threshold=config['CACHE_THRESHOLD']))
return SimpleCache(*args, **kwargs)
# (c) 2009 Haoyu Bai (http://gaedav.google.com/).
"""
Implement cache mechanism.
"""
import logging
import threading
from builtins import object
from cachelib import MemcachedCache, RedisCache, SimpleCache
try:
memcache3 = MemcachedCache()
# memcache3 = RedisCache()
except Exception as e:
logging.info(e)
memcache3 = SimpleCache()
memcache3._stats = {
"byte_hits": 0,
"bytes": 0,
"hits": 0,
"items": 0,
"misses": 0,
"oldest_item_age": 0,
# keep track of operations other than get (= hits + misses)
"set": 0,
"set_multi": 0,
"delete": 0,
"get_list": 0,
"set_list": 0,
"del_list": 0,
def test_invenio_access_permission_cache_roles_updates(
app,
dynamic_permission
):
"""Testing ActionRoles cache with inserts/updates/deletes."""
# This test case is doing the same of user test case but using roles.
cache = SimpleCache()
InvenioAccess(app, cache=cache)
with app.test_request_context():
# Creation of some data to test.
role_1 = Role(name='role_1')
role_2 = Role(name='role_2')
role_3 = Role(name='role_3')
role_4 = Role(name='role_4')
role_5 = Role(name='role_5')
role_6 = Role(name='role_6')
db.session.add(role_1)
db.session.add(role_2)
db.session.add(role_3)
db.session.add(role_4)
db.session.add(role_5)
db.session.add(role_6)
db.session.add(ActionRoles(action='open', role=role_1))
db.session.add(ActionRoles(action='write', role=role_4))
db.session.flush()
# Creation of identities to test.
identity_fake_role_1 = FakeIdentity(RoleNeed(role_1.name))
identity_fake_role_2 = FakeIdentity(RoleNeed(role_2.name))
identity_fake_role_3 = FakeIdentity(RoleNeed(role_3.name))
identity_fake_role_4 = FakeIdentity(RoleNeed(role_4.name))
identity_fake_role_5 = FakeIdentity(RoleNeed(role_5.name))
identity_fake_role_6 = FakeIdentity(RoleNeed(role_6.name))
# Test if role 1 can open. In this case, the cache should store only
# this object.
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.allows(identity_fake_role_1)
assert current_access.get_action_cache('open') == (
set([Need(method='role', value=role_1.name)]),
set([])
)
# Test if role 4 can write. In this case, the cache should have this
# new object and the previous one (Open is allowed to role_1)
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_role_4)
assert current_access.get_action_cache('write') == (
set([Need(method='role', value=role_4.name)]),
set([])
)
assert current_access.get_action_cache('open') == (
set([Need(method='role', value=role_1.name)]),
set([])
)
# If we add a new role to the action open, the open action in cache
# should be removed but it should still containing the write entry.
db.session.add(ActionRoles(action='open', role=role_2))
db.session.flush()
assert current_access.get_action_cache('open') is None
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.allows(identity_fake_role_2)
assert current_access.get_action_cache('open') == (
set([Need(method='role', value=role_1.name),
Need(method='role', value=role_2.name)]),
set([])
)
assert current_access.get_action_cache('write') == (
set([Need(method='role', value=role_4.name)]),
set([])
)
# Test if the new role is added to the action 'open'
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_role_4)
assert current_access.get_action_cache('open') == (
set([Need(method='role', value=role_1.name),
Need(method='role', value=role_2.name)]),
set([])
)
assert current_access.get_action_cache('write') == (
set([Need(method='role', value=role_4.name)]),
set([])
)
# If we update an action swapping a role, the cache containing the
# action, should be removed.
role_4_action_write = ActionRoles.query.filter(
ActionRoles.action == 'write' and
ActionRoles.role == role_4).first()
role_4_action_write.role = role_3
db.session.flush()
assert current_access.get_action_cache('write') is None
assert current_access.get_action_cache('open') is not None
assert current_access.get_action_cache('open') == (
set([Need(method='role', value=role_1.name),
Need(method='role', value=role_2.name)]),
set([])
)
# Test if the role_3 can write now.
permission_write = dynamic_permission(ActionNeed('write'))
assert not permission_write.allows(identity_fake_role_4)
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_role_3)
assert current_access.get_action_cache('write') == (
set([Need(method='role', value=role_3.name)]),
set([])
)
assert current_access.get_action_cache('open') == (
set([Need(method='role', value=role_1.name),
Need(method='role', value=role_2.name)]),
set([])
)
# If we remove a role from an action, the cache should clear the
# action item.
role_3_action_write = ActionRoles.query.filter(
ActionRoles.action == 'write' and
ActionRoles.role == role_3).first()
db.session.delete(role_3_action_write)
db.session.flush()
assert current_access.get_action_cache('write') is None
# If no one is allowed to perform an action then everybody is allowed.
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_role_3)
assert current_access.get_action_cache('write') == (
set([]),
set([])
)
db.session.add(ActionRoles(action='write', role=role_5))
db.session.flush()
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_role_5)
permission_write = dynamic_permission(ActionNeed('write'))
assert not permission_write.allows(identity_fake_role_3)
assert current_access.get_action_cache('write') == (
set([Need(method='role', value=role_5.name)]),
set([])
)
assert current_access.get_action_cache('open') == (
set([Need(method='role', value=role_1.name),
Need(method='role', value=role_2.name)]),
set([])
)
# If you update the name of an existing action, the previous action
# and the new action should be remove from cache.
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_role_5)
assert current_access.get_action_cache('write') == (
set([Need(method='role', value=role_5.name)]),
set([])
)
assert current_access.get_action_cache('open') == (
set([Need(method='role', value=role_1.name),
Need(method='role', value=role_2.name)]),
set([])
)
role_5_action_write = ActionRoles.query.filter(
ActionRoles.action == 'write' and
ActionRoles.role == role_5).first()
role_5_action_write.action = 'open'
db.session.flush()
assert current_access.get_action_cache('write') is None
assert current_access.get_action_cache('open') is None
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.allows(identity_fake_role_1)
assert current_access.get_action_cache('open') == (
set([Need(method='role', value=role_1.name),
Need(method='role', value=role_2.name),
Need(method='role', value=role_5.name)]),
set([])
)
db.session.add(ActionRoles(action='write', role=role_4))
permission_write = dynamic_permission(ActionNeed('write'))
assert not permission_write.allows(identity_fake_role_5)
assert current_access.get_action_cache('write') == (
set([Need(method='role', value=role_4.name)]),
set([])
)
db.session.add(ActionRoles(action='open', argument='1', role=role_6))
db.session.flush()
permission_open_1 = dynamic_permission(
ParameterizedActionNeed('open', '1'))
assert not permission_open.allows(identity_fake_role_6)
assert permission_open_1.allows(identity_fake_role_6)
assert current_access.get_action_cache('open::1') == (
set([Need(method='role', value=role_1.name),
Need(method='role', value=role_2.name),
Need(method='role', value=role_5.name),
Need(method='role', value=role_6.name)]),
set([])
)
user_6_action_open_1 = ActionRoles.query.filter_by(
action='open', argument='1', role_id=role_6.id).first()
user_6_action_open_1.argument = '2'
db.session.flush()
assert current_access.get_action_cache('open::1') is None
assert current_access.get_action_cache('open::2') is None
permission_open_2 = dynamic_permission(
ParameterizedActionNeed('open', '2'))
assert permission_open_2.allows(identity_fake_role_6)
assert current_access.get_action_cache('open::2') == (
set([Need(method='role', value=role_1.name),
Need(method='role', value=role_2.name),
Need(method='role', value=role_5.name),
Need(method='role', value=role_6.name)]),
set([])
)
# open action cache should remain as before
assert current_access.get_action_cache('open') == (
set([Need(method='role', value=role_1.name),
Need(method='role', value=role_2.name),
Need(method='role', value=role_5.name)]),
set([])
)
CACHE : Cache
"""
CACHE_DEFAULT_TIMEOUT = 60 * 24 * 7
"""
Cache responses timeout.
CACHE_DEFAULT_TIMEOUT : int
"""
CACHE.init_app(APP)
APP.config.update(
COMPRESS_LEVEL=3,
COMPRESS_CACHE_KEY=lambda x: x.full_path,
COMPRESS_CACHE_BACKEND=lambda: SimpleCache(default_timeout= # noqa
CACHE_DEFAULT_TIMEOUT),
)
Compress(APP)
IMAGES_DIRECTORY = os.path.join(os.getcwd(), 'static', 'images')
"""
Images directory.
IMAGES_DIRECTORY : unicode
"""
def _null_to_None(data):
"""
Converts *Javascript* originated *null* and *undefined* strings
def test_invenio_access_permission_cache_system_roles_updates(
app,
dynamic_permission
):
"""Testing ActionSystemRoles cache with inserts/updates/deletes."""
# This test case is doing the same of user test case but using
# system roles.
cache = SimpleCache()
InvenioAccess(app, cache=cache)
with app.test_request_context():
system_role_1 = SystemRoleNeed('system_role_1')
system_role_2 = SystemRoleNeed('system_role_2')
system_role_3 = SystemRoleNeed('system_role_3')
system_role_4 = SystemRoleNeed('system_role_4')
system_role_5 = SystemRoleNeed('system_role_5')
system_role_6 = SystemRoleNeed('system_role_6')
current_access.system_roles = {
'system_role_1': system_role_1,
'system_role_2': system_role_2,
'system_role_3': system_role_3,
'system_role_4': system_role_4,
'system_role_5': system_role_5,
'system_role_6': system_role_6,
}
# Creation of some data to test.
db.session.add(ActionSystemRoles(action='open',
role_name=system_role_1.value))
db.session.add(ActionSystemRoles(action='write',
role_name=system_role_4.value))
db.session.flush()
# Creation of identities to test.
identity_fake_1 = FakeIdentity(system_role_1)
identity_fake_2 = FakeIdentity(system_role_2)
identity_fake_3 = FakeIdentity(system_role_3)
identity_fake_4 = FakeIdentity(system_role_4)
identity_fake_5 = FakeIdentity(system_role_5)
identity_fake_6 = FakeIdentity(system_role_6)
# Test if system_role_1 can open. In this case, the cache should store
# only this object.
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.allows(identity_fake_1)
assert current_access.get_action_cache('open') == (
set([system_role_1]),
set([])
)
# Test if system_role_2 can write. In this case, the cache should
# have this new object and the previous one (Open is allowed to
# system_role_1)
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_4)
assert current_access.get_action_cache('write') == (
set([system_role_4]),
set([])
)
assert current_access.get_action_cache('open') == (
set([system_role_1]),
set([])
)
# If we add a new system role to the action open, the open action in
# cache should be removed but it should still containing the write
# entry.
db.session.add(ActionSystemRoles(action='open',
role_name=system_role_2.value))
db.session.flush()
assert current_access.get_action_cache('open') is None
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.allows(identity_fake_2)
assert current_access.get_action_cache('open') == (
set([system_role_1, system_role_2]),
set([])
)
assert current_access.get_action_cache('write') == (
set([system_role_4]),
set([])
)
# Test if the new role is added to the action 'open'
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_4)
assert current_access.get_action_cache('open') == (
set([system_role_1, system_role_2]),
set([])
)
assert current_access.get_action_cache('write') == (
set([system_role_4]),
set([])
)
# If we update an action swapping a role, the cache containing the
# action, should be removed.
role_4_action_write = ActionSystemRoles.query.filter(
ActionSystemRoles.action == 'write' and
ActionSystemRoles.role_name == system_role_4.value).first()
role_4_action_write.role_name = system_role_3.value
db.session.flush()
assert current_access.get_action_cache('write') is None
assert current_access.get_action_cache('open') is not None
assert current_access.get_action_cache('open') == (
set([system_role_1, system_role_2]),
set([])
)
# Test if the system_role_3 can write now.
permission_write = dynamic_permission(ActionNeed('write'))
assert not permission_write.allows(identity_fake_4)
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_3)
assert current_access.get_action_cache('write') == (
set([system_role_3]),
set([])
)
assert current_access.get_action_cache('open') == (
set([system_role_1, system_role_2]),
set([])
)
# If we remove a role from an action, the cache should clear the
# action item.
cust_action_write = ActionSystemRoles.query.filter(
ActionSystemRoles.action == 'write' and
ActionSystemRoles.role_name == system_role_3).first()
db.session.delete(cust_action_write)
db.session.flush()
assert current_access.get_action_cache('write') is None
# If no one is allowed to perform an action then everybody is allowed.
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_3)
assert current_access.get_action_cache('write') == (
set([]),
set([])
)
db.session.add(ActionSystemRoles(action='write',
role_name=system_role_5.value))
db.session.flush()
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_5)
permission_write = dynamic_permission(ActionNeed('write'))
assert not permission_write.allows(identity_fake_3)
assert current_access.get_action_cache('write') == (
set([system_role_5]),
set([])
)
assert current_access.get_action_cache('open') == (
set([system_role_1, system_role_2]),
set([])
)
# If you update the name of an existing action, the previous action
# and the new action should be remove from cache.
permission_write = dynamic_permission(ActionNeed('write'))
assert permission_write.allows(identity_fake_5)
assert current_access.get_action_cache('write') == (
set([system_role_5]),
set([])
)
assert current_access.get_action_cache('open') == (
set([system_role_1, system_role_2]),
set([])
)
role_5_action_write = ActionSystemRoles.query.filter(
ActionSystemRoles.action == 'write' and
ActionSystemRoles.role_name == system_role_5.value).first()
role_5_action_write.action = 'open'
db.session.flush()
assert current_access.get_action_cache('write') is None
assert current_access.get_action_cache('open') is None
permission_open = dynamic_permission(ActionNeed('open'))
assert permission_open.allows(identity_fake_1)
assert current_access.get_action_cache('open') == (
set([system_role_1, system_role_2, system_role_5]),
set([])
)
db.session.add(ActionSystemRoles(action='write',
role_name=system_role_4.value))
permission_write = dynamic_permission(ActionNeed('write'))
assert not permission_write.allows(identity_fake_5)
assert current_access.get_action_cache('write') == (
set([system_role_4]),
set([])
)
db.session.add(ActionSystemRoles(action='open', argument='1',
role_name=system_role_6.value))
db.session.flush()
permission_open_1 = dynamic_permission(
ParameterizedActionNeed('open', '1'))
assert not permission_open.allows(identity_fake_6)
assert permission_open_1.allows(identity_fake_6)
assert current_access.get_action_cache('open::1') == (
set([system_role_1, system_role_2, system_role_5, system_role_6]),
set([])
)
user_6_action_open_1 = ActionSystemRoles.query.filter_by(
action='open', argument='1', role_name=system_role_6.value).first()
user_6_action_open_1.argument = '2'
db.session.flush()
assert current_access.get_action_cache('open::1') is None
assert current_access.get_action_cache('open::2') is None
permission_open_2 = dynamic_permission(
ParameterizedActionNeed('open', '2'))
assert permission_open_2.allows(identity_fake_6)
assert current_access.get_action_cache('open::2') == (
set([system_role_1, system_role_2, system_role_5, system_role_6]),
set([])
)
# open action cache should remain as before
assert current_access.get_action_cache('open') == (
set([system_role_1, system_role_2, system_role_5]),
set([])
)
def init_app(self, app):
"""Initialize this extension.
if the config['JWT_OIDC_WELL_KNOWN_CONFIG'] is set, then try to load the JWKS_URI & ISSUER from that
If it is not set
attempt to load the JWKS_URI and ISSUE from the application config
Required settings to function:
WELL_KNOWN_CONFIG (optional) is this is set, the JWKS_URI & ISSUER will be loaded from there
JWKS_URI: the endpoint defined for the jwks_keys
ISSUER: the endpoint for the issuer of the tokens
ALGORITHMS: only RS256 is supported
AUDIENCE: the oidc audience (or API_IDENTIFIER)
CLIENT_SECRET: the shared secret / key assigned to the client (audience)
"""
self.app = app
self.jwt_oidc_test_mode = app.config.get('JWT_OIDC_TEST_MODE', None)
#
# CHECK IF WE"RE RUNNING IN TEST_MODE!!
#
if self.jwt_oidc_test_mode:
app.logger.debug(
'JWT MANAGER running in test mode, using locally defined certs & tokens'
)
self.issuer = app.config.get('JWT_OIDC_TEST_ISSUER',
'localhost.localdomain')
self.jwt_oidc_test_keys = app.config.get('JWT_OIDC_TEST_KEYS',
None)
self.audience = app.config.get('JWT_OIDC_TEST_AUDIENCE', None)
self.client_secret = app.config.get('JWT_OIDC_TEST_CLIENT_SECRET',
None)
self.jwt_oidc_test_private_key_pem = app.config.get(
'JWT_OIDC_TEST_PRIVATE_KEY_PEM', None)
if self.jwt_oidc_test_keys:
app.logger.debug('local key being used: {}'.format(
self.jwt_oidc_test_keys))
else:
app.logger.error(
'Attempting to run JWT Manager with no local key assigned')
raise Exception(
'Attempting to run JWT Manager with no local key assigned')
else:
self.algorithms = app.config.get(
'JWT_OIDC_ALGORITHMS', JwtManager.ALGORITHMS).replace(' ', '')\
.split(',')
# If the WELL_KNOWN_CONFIG is set, then go fetch the JWKS & ISSUER
self.well_known_config = app.config.get(
'JWT_OIDC_WELL_KNOWN_CONFIG', None)
if self.well_known_config:
# try to get the jwks & issuer from the well known config
# jurl = urlopen(url=self.well_known_config, context=ssl.SSLContext()) # for gangster testing
jurl = urlopen(url=self.well_known_config)
self.well_known_obj_cache = json.loads(
jurl.read().decode('utf-8'))
self.jwks_uri = self.well_known_obj_cache['jwks_uri']
self.issuer = self.well_known_obj_cache['issuer']
else:
self.jwks_uri = app.config.get('JWT_OIDC_JWKS_URI', None)
self.issuer = app.config.get('JWT_OIDC_ISSUER', None)
# Setup JWKS caching
self.caching_enabled = app.config.get('JWT_OIDC_CACHING_ENABLED',
False)
if self.caching_enabled:
self.cache = SimpleCache(default_timeout=app.config.get(
'JWT_OIDC_JWKS_CACHE_TIMEOUT', 300))
self.audience = app.config.get('JWT_OIDC_AUDIENCE', None)
self.client_secret = app.config.get('JWT_OIDC_CLIENT_SECRET', None)
app.logger.debug('JWKS_URI: {}'.format(self.jwks_uri))
app.logger.debug('ISSUER: {}'.format(self.issuer))
app.logger.debug('ALGORITHMS: {}'.format(self.algorithms))
app.logger.debug('AUDIENCE: {}'.format(self.audience))
app.logger.debug('CLIENT_SECRET: {}'.format(self.client_secret))
app.logger.debug('JWT_OIDC_TEST_MODE: {}'.format(
self.jwt_oidc_test_mode))
app.logger.debug('JWT_OIDC_TEST_KEYS: {}'.format(
self.jwt_oidc_test_keys))
# set the auth error handler
auth_err_handler = app.config.get('JWT_OIDC_AUTH_ERROR_HANDLER',
JwtManager.handle_auth_error)
app.register_error_handler(AuthError, auth_err_handler)
app.teardown_appcontext(self.teardown)
def create_cache_list(request, tmpdir):
mc = MemcachedCache()
mc._client.flush_all()
rc = RedisCache(port=6360)
rc._client.flushdb()
request.cls.cache_list = [FileSystemCache(tmpdir), mc, rc, SimpleCache()]
UnsubscribeConfirmation = 'UnsubscribeConfirmation'
class InvalidMessageTypeException(Exception):
pass
def verify_message_type(message_type: str):
try:
SNSMessageType(message_type)
except ValueError:
raise InvalidMessageTypeException(
f'{message_type} is not a valid message type.')
certificate_cache = SimpleCache()
def get_certificate(url):
res = certificate_cache.get(url)
if res is not None:
return res
res = requests.get(url).content
certificate_cache.set(url, res, timeout=60 * 60) # 60 minutes
return res
# 400 counts as a permanent failure so SNS will not retry.
# 500 counts as a failed delivery attempt so SNS will retry.
# See https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html#DeliveryPolicies
@ses_callback_blueprint.route('/notifications/email/ses', methods=['POST'])
from cachelib import SimpleCache
from werkzeug.urls import url_encode
from discodop import treebank
from discodop.tree import (Tree, DrawTree, DrawDependencies,
writediscbrackettree)
from discodop.parser import Parser, readparam, readgrammars, probstr
from discodop.util import tokenize
logging.basicConfig(format='%(asctime)s %(message)s',
datefmt='%Y-%m-%d %H:%M:%S',
level=logging.DEBUG)
APP = Flask(__name__)
LOG = APP.logger
LIMIT = 40 # maximum sentence length
CACHE = SimpleCache()
PARSERS = {}
SHOWFUNC = True # show function tags in results
SHOWMORPH = True # show morphological features in results
# POS tagged input is tokenized, and every token is of the form "word/POS"
# POS may be empty.
POSTAGS = re.compile(r'^\s*(?:\S+/\S*)(?:\s+\S+/\S*)*\s*$')
@APP.route('/')
def main():
"""Redirect to main page."""
return redirect(url_for('index'))
@APP.route('/parser/')
import os
import sys
import json
import time
import copy
import uuid
import threading
import requests
import docopt
from flask import Flask, render_template, request, send_from_directory, make_response
from cachelib import SimpleCache
from htmlmin.minify import html_minify
cache = SimpleCache()
app = Flask(__name__, static_url_path="/static")
def update_data():
try:
print("==> Updating team data ...")
try:
r = requests.get("https://slack.com/api/team.info",
params={"token": app.config["token"]})
j = r.json()
assert j["ok"]
except:
print(" !!! Failed to update team data.")
else:
team = j["team"]
COLOURSPACE_MODEL : unicode
**{'CAM02LCD', 'CAM02SCD', 'CAM02UCS', 'CAM16LCD', 'CAM16SCD', 'CAM16UCS',
'CIE XYZ', 'CIE xyY', 'CIE Lab', 'CIE Luv', 'CIE UCS', 'CIE UVW', 'DIN 99',
'Hunter Lab', 'Hunter Rdab', 'ICTCP', 'IGPGTG', 'IPT', 'JzAzBz', 'OSA UCS',
'hdr-CIELAB', 'hdr-IPT'}**
"""
DATA_POINTER_GAMUT = Lab_to_XYZ(LCHab_to_Lab(DATA_POINTER_GAMUT_VOLUME),
CCS_ILLUMINANT_POINTER_GAMUT)
"""
Pointer's Gamut data converted to *CIE XYZ* tristimulus values.
DATA_POINTER_GAMUT : ndarray
"""
IMAGE_CACHE = SimpleCache(default_timeout=60 * 24 * 7)
"""
Server side cache for images.
IMAGE_CACHE : SimpleCache
"""
def load_image(path, decoding_cctf='sRGB'):
"""
Loads the image at given path and caches it in `IMAGE_CACHE` cache. If the
image is already cached, it is returned directly.
Parameters
----------
path : unicode