def _Handle(self, handler_func):
try:
content_type = 'text/html'
if not self._HasPermission():
logging.info(
'Current user has no permission to access the endpoint.')
template = 'error.html'
data = {
'error_message':
('Either not log in yet or no permission. '
'Please log in with your @google.com account.'),
}
return_code = 401
redirect_url = None
cache_expiry = None
allowed_origin = None
else:
result = handler_func() or {}
redirect_url = result.get('redirect_url')
template = result.get('template')
data = result.get('data', {})
return_code = result.get('return_code', 200)
content_type = result.get('content_type', content_type)
cache_expiry = result.get('cache_expiry')
allowed_origin = result.get('allowed_origin')
except Exception as e:
user_agent = self.request.headers.get('user-agent')
if not (user_agent and 'GoogleSecurityScanner' in user_agent):
logging.exception(e)
template = 'error.html'
data = {'error_message': 'An internal error occurred.'}
return_code = 500
redirect_url = None
cache_expiry = None
allowed_origin = None
if redirect_url is not None:
self.response.clear()
self.redirect(redirect_url)
return
# Not add user login/logout info in unit tests environment to avoid updating
# too many existing testcases.
if (isinstance(data, dict)
and not appengine_util.IsInUnitTestEnvironment()
and not self.request.get('concise') == '1'):
data['user_info'] = auth_util.GetUserInfo(self.request.url)
# If not yet, generate one xsrf token for the login user.
if not data.get('xsrf_token') and data.get('user_info',
{}).get('email'):
data['xsrf_token'] = token.GenerateAuthToken(
'site',
data.get('user_info', {}).get('email'))
self._SendResponse(template, data, return_code, content_type,
cache_expiry, allowed_origin)
def testValidateAuthTokenExpired(self, _):
tested_token = token.GenerateAuthToken('key',
'email',
when=datetime(
2017, 06, 13, 0, 0, 0))
valid, expired = token.ValidateAuthToken('key', tested_token, 'email')
self.assertTrue(valid)
self.assertTrue(expired)
def testGeneratedXSRFTokenIsValidForSameUserAndSameAction(self, mock_now):
mock_now.side_effect = [
datetime(2017, 6, 13, 0, 0, 0),
datetime(2017, 6, 13, 0, 1, 0)
]
xsrf_token = token.GenerateAuthToken('key', 'email', 'action')
valid, expired = token.ValidateAuthToken('key', xsrf_token, 'email',
'action')
self.assertTrue(valid)
self.assertFalse(expired)
def CreatePubSubCallback(runner_id):
"""Returns the PubSubCallback instance for the given runner id.
Args:
runner_id (str): The identifier of the runner to trigger a try job.
Returns:
A PubSubCallback instance to be used in the try job.
"""
topic = 'projects/%s/topics/build-change' % app_identity.get_application_id(
)
auth_token = token.GenerateAuthToken('pubsub', 'buildbucket', runner_id)
user_data = {'runner_id': runner_id}
return PubSubCallback(topic, auth_token, user_data)
def testGeneratedXSRFTokenIsInvalidForDifferentUserAndAction(self):
xsrf_token = token.GenerateAuthToken('key', 'email1', 'action1')
valid, expired = token.ValidateAuthToken('key', xsrf_token, 'email2',
'action2')
self.assertFalse(valid)
self.assertFalse(expired)
def testValidateAuthTokenSucceed(self, _):
tested_token = token.GenerateAuthToken('key', 'email')
valid, expired = token.ValidateAuthToken('key', tested_token, 'email')
self.assertTrue(valid)
self.assertFalse(expired)
def _UpdateRequestWithPubSubCallback(request, runner_id):
request.pubsub_topic = _PUBSUB_TOPIC % app_identity.get_application_id()
request.pubsub_auth_token = token.GenerateAuthToken(
'pubsub', 'swarming', runner_id)
request.pubsub_userdata = json.dumps({'runner_id': runner_id})