def login(): if not all(x in request.args for x in ['username', 'password']): raise ProcessingException(description='No username or password.', code=400) username = request.args['username'] password = request.args['password'] # generate a token token = uuid4().hex try: user = User.query.filter(User.username == username).one() if not bcrypt.verify(password, user.hashed_password): raise ProcessingException(description='Bad authentication.', code=401) except NoResultFound: raise ProcessingException(description='No user found.', code=400) except MultipleResultsFound: raise ProcessingException(description='Server state inconsistent.', code=500) # update token user.token = token db.session.commit() return jsonify(id=user.id, token=user.token)
def preprocess_make_user(data=None, **kw): if 'username' not in data: raise ProcessingException(description='No username provided.', code=400) if User.query.filter(User.username == data['username']).count() != 0: raise ProcessingException(description='Username not unique.', code=400)
def check_recaptcha(data, *args, **kwargs): if current_user.is_authenticated(): if 'g-recaptcha-response' in data: del data['g-recaptcha-response'] return # TODO: return if the user comes from a verified source if 'review_request_id' in data and 'review_request_token' in data: review_request = models.ReviewRequest.query.filter_by( id=data.get('review_request_id')).first() if review_request and review_request.token == data.get( 'review_request_token'): if 'g-recaptcha-response' in data: del data['g-recaptcha-response'] return recaptcha = data.get('g-recaptcha-response') if not recaptcha: raise ProcessingException( description=ExceptionMessages.MISSING_PARAM.format( param='g-recaptcha-response'), code=401) r = requests.post(current_app.config.get("RECAPTCHA_URL"), data={ 'secret': current_app.config.get("RECAPTCHA_SECRET"), 'response': recaptcha, 'remoteip': request.remote_addr }) if not (r and r.status_code == 200 and r.json()): raise ProcessingException(description=ExceptionMessages.CAPTCHA_FAIL, code=401) if not r.json().get('success'): raise ProcessingException(description=ExceptionMessages.CAPTCHA_FAIL, code=401) del data['g-recaptcha-response']
def upload_photo(hazard_id): if 'photo' not in request.files: raise ProcessingException(description='No photo', code=400) # get hazard by id try: hazard = Hazard.query \ .options(joinedload(Hazard.user)) \ .filter(Hazard.id == hazard_id).one() except NoResultFound: raise ProcessingException(description='No hazard matching id.', code=400) except MultipleResultsFound: raise ProcessingException(description='Server state inconsistent.', code=500) # ensure user owns hazard if hazard.user.id != g.user.id: raise ProcessingException(description='User does not own hazard', code=401) # set photo_id to hazard id + random string hid = '{:011d}'.format(hazard_id) rand = ''.join('{:02x}'.format(ord(x)) for x in os.urandom(16)) hazard.photo_id = hid + rand db.session.commit() name = hazard.photo_id + '.jpg' s3_upload(name, request.files['photo']) return '', 204
def pre_create_order(data, *args, **kwargs): shop_id = data.get('shop_id') if not shop_id: raise ProcessingException(description='Shop id required', code=401) shop = models.Shop.query.filter_by(id=shop_id).first() if not shop.owner == current_user: raise ProcessingException(description='Not your shop', code=401) data['purchase_timestamp'] = unicode(datetime.datetime.utcnow())
def pre_notification_patch(instance_id, data, *args, **kwargs): if not instance_id: raise ProcessingException(description='Notification id requried!', code=401) notification = models.Notification.query.filter_by(id=instance_id).first() if not notification: raise ProcessingException(description='Review doesnt exist', code=401) data['is_read'] = True
def verify_product_url_exists(data, *args, **kwargs): product_url = data.get('url') product_name = data.get('name') if not product_url or not product_name: raise ProcessingException(description='Product url and name required', code=401) product_exists = models.Product.query.filter_by(url=product_url).first() if product_exists: raise ProcessingException(description='Product with that url exists', code=401)
def pre_post_answer(data, *args, **kwargs): question_id = data.get('to_question_id') if not question_id: raise ProcessingException(description='Question id required', code=401) question = models.Question.query.filter_by(id=question_id).first() if not question: raise ProcessingException(description='Question doesnt exist', code=401) shop_id = question.about_product.shop.id shop = models.Shop.query.filter_by(id=shop_id).first() if not shop.owner == current_user: raise ProcessingException(description='Not your shop', code=401) data['user_id'] = current_user.id
def login_user_if_possible(data, *args, **kwargs): if "user_email" in data and "user_password" in data: email = data["user_email"] password = data["user_password"] user = models.User.query.filter_by(email=email).first() if not user: raise ProcessingException(description='unauthorized', code=401) if not verify_password(password, user.password): raise ProcessingException(description='unauthorized', code=401) login_user(user) del data["user_password"] if 'user_name' in data: del data['user_name'] del data['user_email'] data["user_id"] = user.id
def decorated(*args, **kwargs): if _g and _g.user and has_roles(_g.user, requirements): return f(*args, **kwargs) else: raise ProcessingException(description='Not authenticated!', code=401)
def post_preprocessor(data, **kwargs): form = CommentForm(data=data) if form.validate(): return form.data else: raise ProcessingException(description='Invalid form submission.', code=400)
def prep(search_params=None, **kw): if search_params is None: return if 'filters' not in search_params: return filters = search_params['filters'] if len(filters) != 1: return filter = filters[0] if 'name' not in filter: return if filter['name'] != 'scholar_id': return if filter['op'] != '==': return scholar_id = filter['val'] publication = Publication.query.filter_by(scholar_id=scholar_id).first() if (publication is None or publication.retrieved_at is None): queue = taskqueue.Queue('publication-fetchers') task = taskqueue.Task(url='/publication/crawl', params={'scholar_id': scholar_id}) queue.add(task) raise ProcessingException(description='Try later.', code=202) elif (datetime.now() - publication.retrieved_at).days > 365: queue = taskqueue.Queue('publication-fetchers') task = taskqueue.Task(url='/publication/crawl', params={'scholar_id': scholar_id}) queue.add(task)
def process_new_user(data=None, **kw): if 'password' not in data: raise ProcessingException(description='No password.', code=400) password = data['password'] data['hashed_password'] = bcrypt.encrypt(password, rounds=12, ident='2y') del data['password']
def is_authorized(*args, **kwargs): if 'token' not in request.args: raise ProcessingException(description='No token or user id.', code=400) token = request.args['token'] try: user = User.query.filter(User.token == token).one() except NoResultFound: raise ProcessingException(description='Bad authentication.', code=401) except MultipleResultsFound: raise ProcessingException(description='Server state inconsistent.', code=500) # log this user in for the remainder of the request g.user = user
def authorize_modelrun(id): modelrun = ModelRun.query.get(id) #print modelrun #raise ProcessingException(description='You are not authorized to access this ModelRun', code=401) if modelrun and modelrun.user_id != current_identity.id: raise ProcessingException( description='You are not authorized to access this ModelRun', code=401)
def get_allergies_by_list(list_of_ids): AllergyArray = db.session.query(Allergy).filter( Allergy.id.in_(list_of_ids)).all() if len(list_of_ids) != len(AllergyArray): raise ProcessingException( description='Invalid allergy_id in array', code=400) return AllergyArray
def logged_in(cls, **kwargs): user_logged_in = False if not current_user.is_authenticated(): raise ProcessingException( description='Not Authorized. Please log in first.', code=401) elif current_user.is_authenticated(): user_logged_in = True return user_logged_in
def get_categories_by_list(list_of_ids): CategoryArray = db.session.query(Category).filter( Category.id.in_(list_of_ids)).all() if len(list_of_ids) != len(CategoryArray): raise ProcessingException( description='Invalid category_id in array', code=400) return CategoryArray
def malt_verify(data): errors = [] verify_is_set(data, "name", errors) verify_is_number(data, "ppg", errors) verify_is_number(data, "color", errors) if errors: raise ProcessingException(message=errors, status_code=400)
def brew_put_preprocessor(instid, data): brew = Brew.query.get(instid) print brew.user_id if not g.user.is_authenticated() or brew.user_id != g.user.id: raise ProcessingException(message='Not Authorized', status_code=401) return data
def basic_crm_admin(cls, **kwargs): user_logged_in = cls.logged_in() allowable_roles = ('basic', 'super', 'master') if user_logged_in: if current_user.crm_role not in allowable_roles: raise ProcessingException( description= 'Not Authorized. Basic CRM admin permissions or higher ' 'required.', code=401)
def master_oms_admin(cls, **kwargs): user_logged_in = cls.logged_in() allowable_roles = ('master') if user_logged_in: if current_user.oms_role not in allowable_roles: raise ProcessingException( description= 'Not Authorized. Master OMS admin permissions or higher ' 'required.', code=401)
def super_admin(cls, **kwargs): user_logged_in = cls.logged_in() allowable_roles = ('super', 'master') if user_logged_in: if current_user.admin_role not in allowable_roles: raise ProcessingException( description= 'Not Authorized. Super administrative permissions or higher ' 'required.', code=401)
def check_if_user_exists(data, *args, **kwargs): if current_user.is_authenticated(): data["user_id"] = current_user.id return user_name = data.get('user_name') user_email = data.get('user_email') user_legacy_email = None if 'user_legacy_email' in data: user_legacy_email = data.get('user_legacy_email') del data['user_legacy_email'] if not user_name: raise ProcessingException( description=ExceptionMessages.MISSING_PARAM.format( param='user_name'), code=401) if not user_email: raise ProcessingException( description=ExceptionMessages.MISSING_PARAM.format( param='user_email'), code=401) user, is_new = models.User.get_or_create_by_email( email=user_email, role_name=Constants.REVIEWER_ROLE, user_legacy_email=user_legacy_email, name=user_name) if not is_new: # TODO maybe display a passwd field if user is not new? raise ProcessingException(description=ExceptionMessages.USER_EXISTS % user_email, code=401) db.session.add(user) db.session.commit() login_user(user) if 'user_name' in data: del data['user_name'] del data['user_email'] data['user_id'] = user.id
def verify_request_by_shop_owner(data, *args, **kwargs): shop_id = data.get('shop_id') if not shop_id: raise ProcessingException( description=ExceptionMessages.MISSING_PARAM.format( param='shop_id'), code=httplib.BAD_REQUEST) if not str(shop_id).isdigit(): raise ProcessingException( description=ExceptionMessages.PARAM_NOT_INTEGER.format( param='shop_id'), code=httplib.BAD_REQUEST) shop = models.Shop.query.filter_by(id=shop_id).first() if not shop: raise ProcessingException( description=ExceptionMessages.INSTANCE_NOT_EXISTS.format( instance='shop', id=shop_id), code=httplib.BAD_REQUEST) if not shop.owner == current_user: raise ProcessingException(description=ExceptionMessages.NOT_YOUR_SHOP, code=httplib.UNAUTHORIZED)
def updated_since_filter(search_params=None, **kwargs): if 'updated_since' in request.args: #parse iso datetime try: date = dateutil.parser.parse(request.args.get('updated_since')) except (ValueError, TypeError): raise ProcessingException(message='Unable to parse updated_since parameter. Must be ISO datetime format') #filter on update time filt = dict(name='updated_at', op='gt', val=date) if 'filters' not in search_params: search_params['filters'] = [] search_params['filters'].append(filt)
def post_single_preprocessor(data=None, **kw): getReview = Review.query.filter( Review.user_id == current_user.id, Review.dish_id == data['dish_id']).first() if getReview is not None: raise ProcessingException( description= 'Er is al een review gevonden voor deze gebruiker: Review met ID %r' % getReview.id, code=400) data['user_id'] = current_user.id return data
def post_single_preprocessor(data=None, **kw): pass_length = 8 # Check if provided email address already exists getUser = User.query.filter(User.email == data['email']).first() if getUser is not None: raise ProcessingException( description='Emailadres bestaat al: %r' % getUser.email, code=400 ) # Password length check if len(data['password']) < pass_length: raise ProcessingException( description='Wachtwoord moet minimaal %r tekens lang zijn' % pass_length, code=400 ) # Hash password data['password'] = HashValidator.hash(data['password']) data['credit'] = 200 return data
def auth_func(*args, **kwargs): users = get_model('Users') access_token = request.values.get("access_token") # Less secure version user = users.query.filter_by(auth_key=access_token, active=True).first() # More secure version # uid = request.values.get("uid") # user = users.query.filter_by(auth_key=access_token, id=uid, active=True).first() if not user: raise ProcessingException('Not Authorized', 401)
def post_single_preprocessor(data=None, **kw): getMeal = Meal.query.get(data['meal_id']) if getMeal is None: raise ProcessingException(description='Meal does not exist', code=400) if current_user.credit is None or current_user.credit < ( data['amount_meals'] * getMeal.price): raise ProcessingException( description='Je hebt niet genoeg geld in je portemonnee!', code=400) if data['amount_meals'] > (getMeal.portions - getMeal.portions_claimed): raise ProcessingException( description= 'Er zijn niet genoeg maaltijden om aan je te reserveren', code=400) data['total_amount'] = getMeal.price * data['amount_meals'] data['user_id'] = current_user.id return data