def post(self, request, format=None):
if not isPhoenix(self.request):
return HttpResponse(status=400)
serializer_class = self.get_serializer_class()
params = request.data
if not params['parentPartyId'] or not params['childPartyId']:
return Response(
{
'error':
'does not allow creation without parentPartyId or childPartyId'
},
status=status.HTTP_400_BAD_REQUEST)
parentPartyId = params['parentPartyId']
childPartyId = params['childPartyId']
if Party.objects.all().get(partyId=parentPartyId):
parentParty = Party.objects.all().get(partyId=parentPartyId)
else:
return Response({'error': 'parentParty does not exist'},
status=status.HTTP_400_BAD_REQUEST)
if Party.objects.all().get(partyId=childPartyId):
childParty = Party.objects.all().get(partyId=childPartyId)
else:
return Response({'error': 'childParty does not exist'},
status=status.HTTP_400_BAD_REQUEST)
PartyAffiliation.objects.create(childPartyId=childParty,
parentPartyId=parentParty)
serializer = serializer_class(childParty)
return Response(serializer.data, status=status.HTTP_201_CREATED)
def put(self, request, format=None):
# TODO: security risk here, get username based on the partyId verified in isPhoenix -SC
if not isPhoenix(self.request):
return Response(status=status.HTTP_400_BAD_REQUEST)
# http://stackoverflow.com/questions/12611345/django-why-is-the-request-post-object-immutable
serializer_class = CredentialSerializer
params = request.GET
if 'partyId' not in params:
return Response({'error': 'Put method needs partyId'})
obj = self.get_queryset().first()
#http://stackoverflow.com/questions/18930234/django-modifying-the-request-object PW-123
data = request.data.copy() # PW-123
if 'password' in data:
data['password'] = hashlib.sha1(data['password']).hexdigest()
serializer = serializer_class(obj, data=data, partial=True)
if serializer.is_valid():
serializer.save()
#update party info
if 'partyId' in serializer.data:
partyId = serializer.data['partyId']
partyObj = Party.objects.all().get(partyId=partyId)
if 'name' in data:
name = data['name']
partyData = {'name': name}
partySerializer = PartySerializer(partyObj,
data=partyData,
partial=True)
if partySerializer.is_valid():
partySerializer.save()
return Response(data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get(self, request, format=None):
if not isPhoenix(request):
return HttpResponse({'error':'credentialId and secretKey query parameters missing or invalid'},status=status.HTTP_400_BAD_REQUEST)
params = request.GET
if not params['partyId']:
return Response({'error':'does not allow get without partyId'},status=status.HTTP_400_BAD_REQUEST)
out = []
partyId = params['partyId']
#get party
if Party.objects.filter(partyId = partyId).exists():
party = Party.objects.get(partyId = partyId)
partySerializer = PartySerializer(party)
out.append(partySerializer.data)
else:
out.append({'error':'partyId '+partyId+' not found in Party tbl'})
#get credential
if Credential.objects.filter(partyId = partyId).exists():
credential = Credential.objects.get(partyId = partyId)
credentialSerializer = CredentialSerializer(credential)
out.append(credentialSerializer.data)
else:
out.append({'error':'partyId '+partyId+' not found in Credential tbl'})
return HttpResponse(json.dumps(out), content_type="application/json")
def get_queryset(self):
if isPhoenix(self.request):
if 'partyId' in self.request.GET:
partyId = self.request.GET.get('partyId')
return super(AffiliationCRUD,
self).get_queryset().get(partyId=partyId)
return []
def post(self,request):
if not isPhoenix(request):
return HttpResponse(status=400)
quantity = int(request.GET.get('quantity'))
period = int(request.GET.get('period'))
partnerId = request.GET.get('partnerId')
transactionType = request.GET.get('transactionType')
partnerObj = Partner.objects.get(partnerId=partnerId)
if quantity > 99:
return []
now = timezone.now()
activationCodes = []
for i in xrange(quantity):
# create an activation code based on partnerId and period.
activationCodeObj = ActivationCode()
activationCodeObj.activationCode=str(uuid.uuid4())
activationCodeObj.partnerId=partnerObj
activationCodeObj.period=period
activationCodeObj.partyId=None
activationCodeObj.purchaseDate=now
activationCodeObj.transactionType=transactionType
activationCodeObj.save()
activationCodes.append(activationCodeObj.activationCode)
return HttpResponse(json.dumps(activationCodes), status=200)
def post(self, request, format=None):
# security vulnerability: consortiumId should come from partyId in cookie that's been validated via isPhoenix -SC
if not isPhoenix(request):
return HttpResponse(status=400)
data = request.data
partyName = ''
partyTypeName = ''
if data['institution']:
partyName = data['institution']
partyTypeName = 'Institution'
elif data['consortium']:
partyName = data['consortium']
partyTypeName = 'Consortium'
subject = "%s Usage Request For %s" % (partyTypeName, partyName)
message = "Partner: %s\n" \
"%s: %s\n" \
"User: %s\n" \
"Email: %s\n" \
"Start date: %s\n" \
"End date: %s\n" \
"Comments: %s\n" \
% (data['partner'], partyTypeName, partyName, data['name'], data['email'], data['startDate'], data['endDate'], data['comments'])
from_email = "*****@*****.**"
recipient_list = ["*****@*****.**"]
send_mail(subject=subject,
message=message,
from_email=from_email,
recipient_list=recipient_list)
return HttpResponse(json.dumps({'message': 'success'}), status=200)
def get_queryset(self):
if isPhoenix(self.request):
if 'partyId' in self.request.GET:
partyId = self.request.GET.get('partyId')
return super(InstitutionCRUD, self).get_queryset().filter(
partyId=partyId).filter(partyType="organization")
return []
def put(self, request):
if not isPhoenix(request):
return HttpResponse(status=400)
params = request.GET
fields = ['activationCodeId', 'deleteMarker']
for field in fields:
if field not in params:
return Response({"error": field + " field is needed."}, status=status.HTTP_400_BAD_REQUEST)
activationCodeId = params['activationCodeId']
deleteMarker = True if params['deleteMarker'] == 'true' else False
activationCodeIdList = map(int, activationCodeId.split(','))
activationCodes = ActivationCode.objects.all().filter(activationCodeId__in=activationCodeIdList)
try:
activationCodes.update(deleteMarker=deleteMarker)
except:
return Response({'error':'update deleteMarker error'}, status=status.HTTP_400_BAD_REQUEST)
serializers = ActivationCodeSerializer(activationCodes, many=True)
return Response(serializers.data, status=status.HTTP_200_OK)
def put(self, request):
if not isPhoenix(request):
return HttpResponse(status=400)
params = request.GET
fields = ['activationCodeId', 'deleteMarker']
for field in fields:
if field not in params:
return Response({"error": field + " field is needed."}, status=status.HTTP_400_BAD_REQUEST)
activationCodeId = params['activationCodeId']
deleteMarker = True if params['deleteMarker'] == 'true' else False
activationCodeIdList = map(int, activationCodeId.split(','))
activationCodes = ActivationCode.objects.all().filter(activationCodeId__in=activationCodeIdList)
try:
activationCodes.update(deleteMarker=deleteMarker)
except:
return Response({'error':'update deleteMarker error'}, status=status.HTTP_400_BAD_REQUEST)
serializers = ActivationCodeSerializer(activationCodes, many=True)
return Response(serializers.data, status=status.HTTP_200_OK)
def post(self, request, format=None):
# security vulnerability: consortiumId should come from partyId in cookie that's been validated via isPhoenix -SC
if not isPhoenix(request):
return HttpResponse(status=400)
data = request.data
partyName = ''
partyTypeName = ''
if data['institution']:
partyName = data['institution']
partyTypeName = 'Institution'
elif data['consortium']:
partyName = data['consortium']
partyTypeName = 'Consortium'
subject = "%s Usage Request For %s" % (partyTypeName,partyName)
message = "Partner: %s\n" \
"%s: %s\n" \
"User: %s\n" \
"Email: %s\n" \
"Start date: %s\n" \
"End date: %s\n" \
"Comments: %s\n" \
% (data['partner'], partyTypeName, partyName, data['name'], data['email'], data['startDate'], data['endDate'], data['comments'])
from_email = "*****@*****.**"
recipient_list = ["*****@*****.**"]
send_mail(subject=subject, message=message, from_email=from_email, recipient_list=recipient_list)
return HttpResponse(json.dumps({'message': 'success'}), status=200)
def put(self, request, format=None):
# TODO: security risk here, get username based on the partyId verified in isPhoenix -SC
if not isPhoenix(self.request):
return Response(status=status.HTTP_400_BAD_REQUEST)
# http://stackoverflow.com/questions/12611345/django-why-is-the-request-post-object-immutable
serializer_class = self.get_serializer_class()
params = request.GET
if 'userIdentifier' not in params:
return Response({'error': 'Put method needs userIdentifier'})
obj = self.get_queryset().first()
#http://stackoverflow.com/questions/18930234/django-modifying-the-request-object PW-123
data = request.data.copy() # PW-123
if 'password' in data:
data['password'] = hashlib.sha1(data['password']).hexdigest()
serializer = serializer_class(obj, data=data, partial=True)
if serializer.is_valid():
serializer.save()
#update party info
if 'partyId' in serializer.data:
partyId = serializer.data['partyId']
partyObj = Party.objects.all().get(partyId = partyId)
if 'name' in data:
name = data['name']
partyData = {'name':name}
partySerializer = PartySerializer(partyObj, data=partyData, partial =True)
if partySerializer.is_valid():
partySerializer.save()
if 'password' in data:
#data['password'] = generateSecretKey(str(obj.partyId.partyId), data['password'])#PW-254 and YM: TAIR-2493
data['loginKey'] = generateSecretKey(str(obj.partyId.partyId), data['password'])
return Response(data, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self,request):
if not isPhoenix(request):
return HttpResponse(status=400)
quantity = int(request.GET.get('quantity'))
period = int(request.GET.get('period'))
partnerId = request.GET.get('partnerId')
transactionType = request.GET.get('transactionType')
partnerObj = Partner.objects.get(partnerId=partnerId)
if quantity > 99:
return []
now = timezone.now()
activationCodes = []
for i in xrange(quantity):
# create an activation code based on partnerId and period.
activationCodeObj = ActivationCode()
activationCodeObj.activationCode=str(uuid.uuid4())
activationCodeObj.partnerId=partnerObj
activationCodeObj.period=period
activationCodeObj.partyId=None
activationCodeObj.purchaseDate=now
activationCodeObj.transactionType=transactionType
activationCodeObj.save()
activationCodes.append(activationCodeObj.activationCode)
return HttpResponse(json.dumps(activationCodes), status=200)
def get_queryset(self):
if isPhoenix(self.request):
if 'partyId' in self.request.GET:
partyId = self.request.GET.get('partyId')
return super(
ConsortiumCRUD,
self).get_queryset().filter(partyId=partyId).filter(
partyType="consortium") #PW-161 consortium
return []
def get_queryset(self):
if isPhoenix(self.request):
if 'partyId' in self.request.GET:
partyId = self.request.GET.get('partyId')
return super(PartyCRUD, self).get_queryset().filter(partyId=partyId)
elif 'partyType' in self.request.GET:
partyType = self.request.GET.get('partyType')
return super(PartyCRUD, self).get_queryset().filter(partyType=partyType)
return []
def post(self, request, format=None):
if not isPhoenix(request):
return HttpResponse({'error':'POST parties/consortiums/ credentialId and secretKey query parameters missing or invalid'},status=status.HTTP_400_BAD_REQUEST)
data = request.data.copy()
if 'partyType' not in data:
return Response({'error': 'POST method needs partyType'}, status=status.HTTP_400_BAD_REQUEST)
if data['partyType'] != "consortium":
return Response({'error': 'POST parties/consortiums/. patyType must be consortium'}, status=status.HTTP_400_BAD_REQUEST)
if 'email' in data:
for partyId in Credential.objects.all().filter(email=data['email']).filter(partnerId='phoenix').values_list('partyId', flat=True):
if Party.objects.all().filter(partyId=partyId).filter(partyType='consortium').exists():
return Response({'error':'This email is already used by another consortium.'}, status=status.HTTP_400_BAD_REQUEST)
# if password is being passed and value of it is empty then error
# not passing password in form data of POST is allowed - credential will be created with empty pwd in such case
# boolean in pythin http://stackoverflow.com/questions/12644075/how-to-set-python-variables-to-true-or-false
if ('password' in data):
if (not data['password'] or data['password'] == ""):
### password passed and it's value is empty
return Response({'error': 'POST parties/consortiums/ password must not be empty'}, status=status.HTTP_400_BAD_REQUEST)
else:
### password passed and it's not empty
pwd = True
else:
# password is not passed
pwd = False
partySerializer = PartySerializer(data=data)
if partySerializer.is_valid():
partySerializer.save()
out = []
partyReturnData = partySerializer.data
out.append(partyReturnData)
data['partyId'] = partySerializer.data['partyId']
if pwd == True:
newPwd = data['password']
data['password'] = hashlib.sha1(newPwd).hexdigest()
credentialSerializer = CredentialSerializer(data=data)
else:
credentialSerializer = CredentialSerializerNoPassword(data=data)
if credentialSerializer.is_valid():
credentialSerializer.save()
credentialReturnData = credentialSerializer.data
out.append(credentialReturnData)
return HttpResponse(json.dumps(out), content_type="application/json", status=status.HTTP_201_CREATED)
#return Response(credentialSerializer.data, status=status.HTTP_201_CREATED)
else:
return Response(credentialSerializer.errors, status=status.HTTP_400_BAD_REQUEST)
else:
return Response(partySerializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
if ('activationCode' in request.data):
# subscription creation by activation code
if not ActivationCode.objects.filter(activationCode=request.data['activationCode']).exists():
return Response({"message":"incorrect activation code"}, status=status.HTTP_400_BAD_REQUEST)
activationCodeObj = ActivationCode.objects.get(activationCode=request.data['activationCode'])
if not activationCodeObj.partyId == None:
return Response({"message":"activation code is already used"}, status=status.HTTP_400_BAD_REQUEST)
try:
partyId = request.data['partyId']
partnerId = activationCodeObj.partnerId.partnerId
period = activationCodeObj.period
# retrive and update existing subscription, or creat a new one if partner/party does
# not already have one.
(subscription, transactionType, transactionStartDate, transactionEndDate) = SubscriptionControl.createOrUpdateSubscription(partyId, partnerId, period)
except Exception:
return Response('failed to create or update subscription')
try:
# get transactionType from activationCode
transactionType = activationCodeObj.transactionType
subscription.save()
transaction = SubscriptionTransaction.createFromSubscription(subscription, transactionType, transactionStartDate, transactionEndDate)
except Exception:
return Response('failed to create transaction')
try:
# set activationCodeObj to be used.
partyObj = Party.objects.get(partyId=partyId)
except Exception:
return Response('failed to get partyObj')
try:
activationCodeObj.partyId = partyObj
except Exception:
return Response('failed to assign partyObj')
try:
activationCodeObj.save()
except Exception:
return Response('failed to save activationCodeObj')
serializer = self.serializer_class(subscription)
returnData = serializer.data
returnData['subscriptionTransactionId']=transaction.subscriptionTransactionId
return Response(returnData, status=status.HTTP_201_CREATED)
else:
# basic subscription creation
if not isPhoenix(self.request):
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
subscription = serializer.save()
transaction = SubscriptionTransaction.createFromSubscription(subscription, 'create')
returnData = serializer.data
returnData['subscriptionTransactionId']=transaction.subscriptionTransactionId
return Response(returnData, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
if ('activationCode' in request.data):
# subscription creation by activation code
if not ActivationCode.objects.filter(activationCode=request.data['activationCode']).exists():
return Response({"message":"incorrect activation code"}, status=status.HTTP_400_BAD_REQUEST)
activationCodeObj = ActivationCode.objects.get(activationCode=request.data['activationCode'])
if not activationCodeObj.partyId == None:
return Response({"message":"activation code is already used"}, status=status.HTTP_400_BAD_REQUEST)
try:
partyId = request.data['partyId']
partnerId = activationCodeObj.partnerId.partnerId
period = activationCodeObj.period
# retrive and update existing subscription, or creat a new one if partner/party does
# not already have one.
(subscription, transactionType, transactionStartDate, transactionEndDate) = SubscriptionControl.createOrUpdateSubscription(partyId, partnerId, period)
except Exception:
return Response('failed to create or update subscription')
try:
# get transactionType from activationCode
transactionType = activationCodeObj.transactionType
subscription.save()
transaction = SubscriptionTransaction.createFromSubscription(subscription, transactionType, transactionStartDate, transactionEndDate)
except Exception:
return Response('failed to create transaction')
try:
# set activationCodeObj to be used.
partyObj = Party.objects.get(partyId=partyId)
except Exception:
return Response('failed to get partyObj')
try:
activationCodeObj.partyId = partyObj
except Exception:
return Response('failed to assign partyObj')
try:
activationCodeObj.save()
except Exception:
return Response('failed to save activationCodeObj')
serializer = self.serializer_class(subscription)
returnData = serializer.data
returnData['subscriptionTransactionId']=transaction.subscriptionTransactionId
return Response(returnData, status=status.HTTP_201_CREATED)
else:
# basic subscription creation
if not isPhoenix(self.request):
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
subscription = serializer.save()
transaction = SubscriptionTransaction.createFromSubscription(subscription, 'create')
returnData = serializer.data
returnData['subscriptionTransactionId']=transaction.subscriptionTransactionId
return Response(returnData, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get_queryset(self):
if isPhoenix(self.request):
if 'partyId' in self.request.GET:
partyId = self.request.GET.get('partyId')
return super(PartyCRUD,
self).get_queryset().filter(partyId=partyId)
elif 'partyType' in self.request.GET:
partyType = self.request.GET.get('partyType')
return super(PartyCRUD,
self).get_queryset().filter(partyType=partyType)
return []
def put(self, request, format=None):
if not isPhoenix(request):
return HttpResponse({'error':'PUT parties/consortiums/ credentialId and secretKey query parameters missing or invalid'},status=status.HTTP_400_BAD_REQUEST)
#http://stackoverflow.com/questions/18930234/django-modifying-the-request-object
data = request.data.copy()
params = request.GET
if not params:
return Response({'error':'PUT parties/consortiums/ does not allow update without query parameters'},status=status.HTTP_400_BAD_REQUEST)
if 'partyId' not in request.data:
return Response({'error':'PUT parties/consortiums/ partyId required'},status=status.HTTP_400_BAD_REQUEST)
consortiumId = request.data['partyId']
#get party
party = Party.objects.get(partyId = consortiumId)
partySerializer = PartySerializer(party, data=data)
if 'email' in data:
for partyId in Credential.objects.all().filter(email=data['email']).filter(partnerId='phoenix').values_list('partyId', flat=True):
if Party.objects.all().filter(partyId=partyId).filter(partyType='consortium').exists():
return Response({'error':'This email is already used by another consortium.'}, status=status.HTTP_400_BAD_REQUEST)
if 'password' in request.data:
if (not data['password'] or data['password'] == ""):
return Response({'error': 'PUT parties/consortiums/ password must not be empty'}, status=status.HTTP_400_BAD_REQUEST)
else:
newPwd = data['password']
data['password'] = hashlib.sha1(newPwd).hexdigest()
try:
credential = Credential.objects.get(partyId=party)
credentialSerializer = CredentialSerializer(credential, data=data)
except Credential.DoesNotExist:
data['partnerId'] = 'phoenix'
credentialSerializer = CredentialSerializer(data=data)
else:
credentialSerializer = CredentialSerializerNoPassword(credential, data=data, partial=True) #??
out = []
if partySerializer.is_valid():
partySerializer.save()
partyReturnData = partySerializer.data
out.append(partyReturnData)
if credentialSerializer.is_valid():
credentialSerializer.save()
credentialReturnData = credentialSerializer.data
out.append(credentialReturnData)
return HttpResponse(json.dumps(out), content_type="application/json")
else:
return Response(credentialSerializer.errors, status=status.HTTP_400_BAD_REQUEST)
else:
return Response(partySerializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get(self, request, consortiumId, format=None):
# security vulnerability: consortiumId should come from partyId in cookie that's been validated via isPhoenix -SC
if not isPhoenix(request):
return HttpResponse(status=400)
institutions = Party.objects.get(partyId=consortiumId).party_set.all()
serializer = PartySerializer(institutions, many=True)
ret = [dict(s) for s in serializer.data]
#for s in serializer.data:
# ret_tmp = dict(s)
# ret_tmp['id'] = ret_tmp['partyId']
# ret_tmp['state'] = None
# ret.append(ret_tmp)
return HttpResponse(json.dumps(ret), status=200)
def get(self, request, consortiumId, format=None):
# security vulnerability: consortiumId should come from partyId in cookie that's been validated via isPhoenix -SC
if not isPhoenix(request):
return HttpResponse(status=400)
institutions = Party.objects.get(partyId=consortiumId).party_set.all()
serializer = PartySerializer(institutions, many=True)
ret = [dict(s) for s in serializer.data]
#for s in serializer.data:
# ret_tmp = dict(s)
# ret_tmp['id'] = ret_tmp['partyId']
# ret_tmp['state'] = None
# ret.append(ret_tmp)
return HttpResponse(json.dumps(ret), status=200)
def delete(self, request, format=None):
if not isPhoenix(self.request):
return HttpResponse(status=400)
serializer_class = self.get_serializer_class()
params = request.data
if not params['parentPartyId'] or not params['childPartyId']:
return Response({'error':'does not allow deletion without query parameters'})
parentPartyId = params['parentPartyId']
childPartyId = params['childPartyId']
parentParty = Party.objects.all().get(partyId=parentPartyId)
childParty=Party.objects.all().get(partyId=childPartyId)
PartyAffiliation.objects.filter(childPartyId=childParty, parentPartyId=parentParty).delete()
serializer = serializer_class(childParty)
return Response(serializer.data)
def post(self, request, format=None):
# security vulnerability: consortiumId should come from partyId in cookie that's been validated via isPhoenix -SC
if not isPhoenix(request):
return HttpResponse(status=400)
data = request.data
subject = "Institution Usage Request For %s" % (data['institution'])
message = "Partner: %s\n" \
"Institution: %s\n" \
"Start date: %s\n" \
"End date: %s\n" \
"Comments: %s\n" \
% (data['partner'], data['institution'], data['startDate'], data['endDate'], data['comments'])
from_email = "*****@*****.**"
recipient_list = ["*****@*****.**"]
send_mail(subject=subject, message=message, from_email=from_email, recipient_list=recipient_list)
return HttpResponse(json.dumps({'message': 'success'}), status=200)
def put(self, request):
if not isPhoenix(request):
return HttpResponse(status=400)
# partnerId = request.GET.get('partnerId')
# subscription = Subscription.objects.all().filter(partnerId=partnerId)[0]
if 'subscriptionId' in request.GET:
subscriptionId = request.GET.get('subscriptionId')
subscription = Subscription.objects.all().get(subscriptionId=subscriptionId)
else:
return Response({'error':'subscriptionId required'})
serializer = SubscriptionSerializer(subscription, data=request.data)
if serializer.is_valid():
subscription = serializer.save()
returnData = serializer.data
return Response(returnData)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
if not isPhoenix(request):
return HttpResponse(status=400)
subject = "%s Subscription Request For %s" % (request.POST.get('partnerName'), request.POST.get('institution'))
message = "\n" \
"\n" \
"Please contact me about a subscription request. My information is below.\n" \
"Product: %s\n" \
"Email: %s \n" \
"Institution Name: %s \n" \
"Comments: %s \n" \
"\n" \
% (request.POST.get('partnerName'), request.POST.get('email'), request.POST.get('institution'), request.POST.get('comments'))
from_email = "*****@*****.**"
recipient_list = ["*****@*****.**"]
send_mail(subject=subject, message=message, from_email=from_email, recipient_list=recipient_list)
return HttpResponse(json.dumps({'message':'success'}), content_type="application/json")
def put(self, request, format=None):
if not isPhoenix(request):
return HttpResponse({'error':'credentialId and secretKey query parameters missing or invalid'},status=status.HTTP_400_BAD_REQUEST)
params = request.GET
data = request.data.copy()
if not params:
return Response({'error':'does not allow update without query parameters'},status=status.HTTP_400_BAD_REQUEST)
if 'partyId' not in request.data:
return Response({'error':'partyId (aka institutionId) required'},status=status.HTTP_400_BAD_REQUEST)
institutionId = request.data['partyId']
#get party
party = Party.objects.get(partyId = institutionId)
partySerializer = PartySerializer(party, data=data)
#get credential
credential = Credential.objects.get(partyId = institutionId)
if 'password' in request.data:
if (not data['password'] or data['password'] == ""):
return Response({'error': 'PUT parties/institutions/ password must not be empty'}, status=status.HTTP_400_BAD_REQUEST)
else:
newPwd = data['password']
data['password'] = hashlib.sha1(newPwd).hexdigest()
credentialSerializer = CredentialSerializer(credential, data=data)
else:
credentialSerializer = CredentialSerializerNoPassword(credential, data=data, partial=True) #??
out = []
if partySerializer.is_valid():
partySerializer.save()
partyReturnData = partySerializer.data
out.append(partyReturnData)
if credentialSerializer.is_valid():
credentialSerializer.save()
credentialReturnData = credentialSerializer.data
out.append(credentialReturnData)
return HttpResponse(json.dumps(out), content_type="application/json")
else:
return Response(credentialSerializer.errors, status=status.HTTP_400_BAD_REQUEST)
else:
return Response(partySerializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
if not isPhoenix(request):
return HttpResponse(status=400)
data = request.data
subject = "%s Subscription Request For %s" % (data['partnerName'], data['partyName'])
message = "\n" \
"\n" \
"Please contact me about a subscription request. My information is below.\n" \
"Product: %s\n" \
"Email: %s \n" \
"%s: %s \n" \
"Comments: %s \n" \
"\n" \
% (data['partnerName'], data['email'], data['partyType'], data['partyName'], data['comments'])
from_email = "*****@*****.**"
recipient_list = ["*****@*****.**"]
send_mail(subject=subject, message=message, from_email=from_email, recipient_list=recipient_list)
return HttpResponse(json.dumps({'message':'success'}), content_type="application/json")
def post(self, request):
if not isPhoenix(request):
return HttpResponse(status=400)
data = request.data
subject = "%s Subscription Request For %s" % (data['partnerName'], data['partyName'])
message = "\n" \
"\n" \
"Please contact me about a subscription request. My information is below.\n" \
"Product: %s\n" \
"Email: %s \n" \
"%s: %s \n" \
"Comments: %s \n" \
"\n" \
% (data['partnerName'], data['email'], data['partyType'], data['partyName'], data['comments'])
from_email = "*****@*****.**"
recipient_list = ["*****@*****.**"]
send_mail(subject=subject, message=message, from_email=from_email, recipient_list=recipient_list)
return HttpResponse(json.dumps({'message':'success'}), content_type="application/json")
def post(self, request, format=None):
if not isPhoenix(self.request):
return HttpResponse(status=400)
serializer_class = self.get_serializer_class()
params = request.data
if not params['parentPartyId'] or not params['childPartyId']:
return Response({'error':'does not allow creation without parentPartyId or childPartyId'},status=status.HTTP_400_BAD_REQUEST)
parentPartyId = params['parentPartyId']
childPartyId = params['childPartyId']
if Party.objects.all().get(partyId = parentPartyId):
parentParty = Party.objects.all().get(partyId=parentPartyId)
else:
return Response({'error':'parentParty does not exist'},status=status.HTTP_400_BAD_REQUEST)
if Party.objects.all().get(partyId = childPartyId):
childParty=Party.objects.all().get(partyId=childPartyId)
else:
return Response({'error':'childParty does not exist'},status=status.HTTP_400_BAD_REQUEST)
PartyAffiliation.objects.create(childPartyId=childParty,parentPartyId=parentParty)
serializer = serializer_class(childParty)
return Response(serializer.data, status=status.HTTP_201_CREATED)
def delete(self, request, format=None):
if not isPhoenix(self.request):
return HttpResponse(status=400)
serializer_class = self.get_serializer_class()
params = request.GET
if not params['parentPartyId'] or not params['childPartyId']:
return Response({'error':'does not allow deletion without query parameters'})
parentPartyId = params['parentPartyId']
childPartyId = params['childPartyId']
if Party.objects.all().get(partyId=parentPartyId):
parentParty = Party.objects.all().get(partyId=parentPartyId)
else:
return Response({'error':'cannot find parent party'}, status=status.HTTP_400_BAD_REQUEST)
if Party.objects.all().get(partyId=childPartyId):
childParty=Party.objects.all().get(partyId=childPartyId)
else:
return Response({'error':'cannot find child party'}, status=status.HTTP_400_BAD_REQUEST)
PartyAffiliation.objects.filter(childPartyId=childParty, parentPartyId=parentParty).delete()
serializer = serializer_class(childParty)
return Response(serializer.data)
def delete(self, request, format=None):
if not isPhoenix(request):
return HttpResponse(
{
'error':
'credentialId and secretKey query parameters missing or invalid'
},
status=status.HTTP_400_BAD_REQUEST)
params = request.GET
# data = request.data #body in delete request is not supported by some browsers
if not params:
return Response(
{'error': 'does not allow update without query parameters'},
status=status.HTTP_400_BAD_REQUEST)
if 'partyId' not in params:
return Response({'error': 'partyId (aka institutionId) required'},
status=status.HTTP_400_BAD_REQUEST)
# institutionId = request.data['partyId'] #body in delete request is not supported by some browsers
institutionId = params['partyId']
#get party
if Party.objects.filter(partyId=institutionId).exists():
party = Party.objects.get(partyId=institutionId)
party.delete()
#credential is being deleted automatically
return Response(
{'success': 'delete partyId ' + institutionId + ' completed'},
status=status.HTTP_200_OK)
else:
return Response(
{
'error':
'delete partyId ' + institutionId +
' failed. partyId not found'
},
status=status.HTTP_400_BAD_REQUEST)
def delete(self, request, format=None):
if (not self.phoenixOnly) or isPhoenix(self.request):
params = request.GET
# does not allow user to update everything, too dangerous
if not params:
return Response({
'error':
'does not allow delete without query parameters'
})
obj = self.get_queryset()
serializer_class = self.get_serializer_class()
ret = []
for entry in obj:
# do nothing if the record has already been expired
if not entry.expiredAt:
entry.expiredAt = datetime.datetime.now()
entry.save()
serializer = serializer_class(entry)
ret.append(serializer.data)
return Response(ret)
return Response({'error': 'Pheonix credential required'},
status=status.HTTP_400_BAD_REQUEST)
def get(self, request, format=None):
if not isPhoenix(request):
return HttpResponse(
{
'error':
'credentialId and secretKey query parameters missing or invalid'
},
status=status.HTTP_400_BAD_REQUEST)
params = request.GET
if not params['partyId']:
return Response({'error': 'does not allow get without partyId'},
status=status.HTTP_400_BAD_REQUEST)
out = []
partyId = params['partyId']
#get party
if Party.objects.filter(partyId=partyId).exists():
party = Party.objects.get(partyId=partyId)
partySerializer = PartySerializer(party)
out.append(partySerializer.data)
else:
out.append(
{'error': 'partyId ' + partyId + ' not found in Party tbl'})
#get credential
if Credential.objects.filter(partyId=partyId).exists():
credential = Credential.objects.get(partyId=partyId)
credentialSerializer = CredentialSerializer(credential)
out.append(credentialSerializer.data)
else:
out.append({
'error':
'partyId ' + partyId + ' not found in Credential tbl'
})
return HttpResponse(json.dumps(out), content_type="application/json")
def delete(self, request, format=None):
if not isPhoenix(request):
return HttpResponse({'error':'credentialId and secretKey query parameters missing or invalid'},status=status.HTTP_400_BAD_REQUEST)
params = request.GET
data = request.data
if not params:
return Response({'error':'does not allow update without query parameters'},status=status.HTTP_400_BAD_REQUEST)
if 'partyId' not in request.data:
return Response({'error':'partyId (aka institutionId) required'},status=status.HTTP_400_BAD_REQUEST)
institutionId = request.data['partyId']
#get party
if Party.objects.filter(partyId = institutionId).exists():
party = Party.objects.get(partyId = institutionId)
party.delete()
#credential is being deleted automatically
return Response({'success':'delete partyId '+institutionId+' completed'},status=status.HTTP_200_OK)
else:
return Response({'error':'delete partyId '+institutionId+' failed. partyId not found'},status=status.HTTP_400_BAD_REQUEST)
def delete(self, request, format=None):
if not isPhoenix(self.request):
return HttpResponse(status=400)
serializer_class = self.get_serializer_class()
params = request.GET
if not params['parentPartyId'] or not params['childPartyId']:
return Response(
{'error': 'does not allow deletion without query parameters'})
parentPartyId = params['parentPartyId']
childPartyId = params['childPartyId']
if Party.objects.all().get(partyId=parentPartyId):
parentParty = Party.objects.all().get(partyId=parentPartyId)
else:
return Response({'error': 'cannot find parent party'},
status=status.HTTP_400_BAD_REQUEST)
if Party.objects.all().get(partyId=childPartyId):
childParty = Party.objects.all().get(partyId=childPartyId)
else:
return Response({'error': 'cannot find child party'},
status=status.HTTP_400_BAD_REQUEST)
PartyAffiliation.objects.filter(childPartyId=childParty,
parentPartyId=parentParty).delete()
serializer = serializer_class(childParty)
return Response(serializer.data)
def delete(self, request, format=None):
if not isPhoenix(request):
return HttpResponse({'error':'DELETE parties/consortiums/ credentialId and secretKey query parameters missing or invalid'},status=status.HTTP_400_BAD_REQUEST)
params = request.GET
# data = request.data #body in delete request is not supported by some browsers
if not params:
return Response({'error':'does not allow delete without query parameters'},status=status.HTTP_400_BAD_REQUEST)
if 'partyId' not in params:
return Response({'error':'partyId required'},status=status.HTTP_400_BAD_REQUEST)
# consortiumId = request.data['partyId'] #body in delete request is not supported by some browsers
consortiumId = params['partyId']
#get party
if Party.objects.filter(partyId = consortiumId).exists():
party = Party.objects.get(partyId = consortiumId)
party.delete()
#credential is being deleted automatically
return Response({'success':'delete partyId '+consortiumId+' completed'},status=status.HTTP_200_OK)
else:
return Response({'error':'delete partyId '+consortiumId+' failed. partyId not found'},status=status.HTTP_400_BAD_REQUEST)
def get_queryset(self):
if isPhoenix(self.request):
partyId = self.request.GET.get('partyId')
return super(SubscriptionCRUD, self).get_queryset().filter(partyId=partyId)
return []
def put(self, request, format=None):
if not isPhoenix(request):
return HttpResponse(
{
'error':
'credentialId and secretKey query parameters missing or invalid'
},
status=status.HTTP_400_BAD_REQUEST)
data = request.data.copy()
out = []
if 'partyId' not in data:
return Response({'error': 'partyId (aka institutionId) required'},
status=status.HTTP_400_BAD_REQUEST)
institutionId = data['partyId']
#get party
party = Party.objects.get(partyId=institutionId)
partySerializer = PartySerializer(party, data=data, partial=True)
if any(param in CredentialSerializer.Meta.fields for param in data
if param != 'partyId'):
partner = Partner.objects.get(partnerId='phoenix')
try:
credential = Credential.objects.get(partyId=party,
partnerId=partner)
except:
if not all(param in data
for param in ('username', 'password')):
return Response(
{'error': 'username and password required.'},
status=status.HTTP_400_BAD_REQUEST)
credential = Credential(partyId=party, partnerId=partner)
if 'email' in data:
for partyId in Credential.objects.all().filter(
email=data['email']).filter(
partnerId='phoenix').values_list('partyId',
flat=True):
if Party.objects.all().filter(partyId=partyId).filter(
partyType='organization').exists():
return Response(
{
'error':
'This email is already used by another institution.'
},
status=status.HTTP_400_BAD_REQUEST)
if 'password' in data:
if (not data['password'] or data['password'] == ""):
return Response({'error': 'password must not be empty'},
status=status.HTTP_400_BAD_REQUEST)
else:
newPwd = data['password']
data['password'] = hashlib.sha1(newPwd).hexdigest()
credentialSerializer = CredentialSerializer(credential,
data=data,
partial=True)
else:
credentialSerializer = CredentialSerializerNoPassword(
credential, data=data, partial=True) #??
if partySerializer.is_valid():
if any(param in PartySerializer.Meta.fields for param in data
if param != 'partyId'):
partySerializer.save()
partyReturnData = partySerializer.data
out.append(partyReturnData)
else:
return Response(partySerializer.errors,
status=status.HTTP_400_BAD_REQUEST)
if any(param in CredentialSerializer.Meta.fields for param in data
if param != 'partyId'):
if credentialSerializer.is_valid():
credentialSerializer.save()
credentialReturnData = credentialSerializer.data
out.append(credentialReturnData)
else:
return Response(credentialSerializer.errors,
status=status.HTTP_400_BAD_REQUEST)
return HttpResponse(json.dumps(out), content_type="application/json")
def post(self, request, format=None):
if not isPhoenix(request):
return HttpResponse(
{
'error':
'POST parties/institutions/ credentialId and secretKey query parameters missing or invalid'
},
status=status.HTTP_400_BAD_REQUEST)
data = request.data.copy()
if 'partyType' not in data:
return Response({'error': 'POST method needs partyType'},
status=status.HTTP_400_BAD_REQUEST)
if data['partyType'] != "organization":
return Response(
{'error': 'POST method. patyType must be organization'},
status=status.HTTP_400_BAD_REQUEST)
if 'email' in data:
for partyId in Credential.objects.all().filter(
email=data['email']).filter(
partnerId='phoenix').values_list('partyId', flat=True):
if Party.objects.all().filter(partyId=partyId).filter(
partyType='organization').exists():
return Response(
{
'error':
'This email is already used by another institution.'
},
status=status.HTTP_400_BAD_REQUEST)
# if password is being passed and value of it is empty then error
# not passing password in form data of POST is allowed - credential will be created with empty pwd in such case
# boolean in pythin http://stackoverflow.com/questions/12644075/how-to-set-python-variables-to-true-or-false
if ('password' in data):
if (not data['password'] or data['password'] == ""):
### password passed and it's value is empty
return Response(
{
'error':
'POST parties/institutions/ password must not be empty'
},
status=status.HTTP_400_BAD_REQUEST)
else:
### password passed and it's not empty
pwd = True
else:
# password is not passed
pwd = False
partySerializer = PartySerializer(data=data)
if partySerializer.is_valid():
partySerializer.save()
out = []
partyReturnData = partySerializer.data
out.append(partyReturnData)
data['partyId'] = partySerializer.data['partyId']
if pwd == True:
newPwd = data['password']
data['password'] = hashlib.sha1(newPwd).hexdigest()
credentialSerializer = CredentialSerializer(data=data)
else:
credentialSerializer = CredentialSerializerNoPassword(
data=data)
if credentialSerializer.is_valid():
credentialSerializer.save()
credentialReturnData = credentialSerializer.data
out.append(credentialReturnData)
return HttpResponse(json.dumps(out),
content_type="application/json",
status=status.HTTP_201_CREATED)
#return Response(credentialSerializer.data, status=status.HTTP_201_CREATED)
else:
return Response(credentialSerializer.errors,
status=status.HTTP_400_BAD_REQUEST)
else:
return Response(partySerializer.errors,
status=status.HTTP_400_BAD_REQUEST)
def put(self, request, format=None):
# TODO: security risk here, get username based on the partyId verified in isPhoenix -SC
if not isPhoenix(self.request):
return Response(status=status.HTTP_400_BAD_REQUEST)
# http://stackoverflow.com/questions/12611345/django-why-is-the-request-post-object-immutable
serializer_class = self.get_serializer_class()
params = request.GET
queryResult = self.get_queryset()
if type(queryResult) == str:
return Response({'error': queryResult},
status=status.HTTP_400_BAD_REQUEST)
obj = self.get_queryset().first()
if not obj:
return Response({'error': 'cannot find any record.'},
status=status.HTTP_404_NOT_FOUND)
#http://stackoverflow.com/questions/18930234/django-modifying-the-request-object PW-123
data = request.data.copy() # PW-123
partnerId = self.request.GET['partnerId']
# CIPRES-13: Decrypt user password
if 'password' in data:
if partnerId == 'cipres':
cipher = AESCipher()
try:
decryptedPassword = cipher.decrypt(data['password'])
except Exception as e:
return Response(
{'error': 'Cannot parse password: '******'password'] = hashlib.sha1(
decryptedPassword.encode(cipher.charset)).hexdigest()
else:
data['password'] = hashlib.sha1(
data['password'].encode("utf-8")).hexdigest()
# CIPRES-13 end
# CIPRES-26: Allow update of country code
if partnerId == 'cipres' and 'countryCode' in data:
try:
country = Country.objects.get(abbreviation=data['countryCode'])
partyObj = obj.partyId
partySerializer = PartySerializer(
partyObj,
data={'country': country.countryId},
partial=True)
if partySerializer.is_valid():
partySerializer.save()
except Exception as e:
return Response({'error': 'Cannot find country: ' + str(e)},
status=status.HTTP_400_BAD_REQUEST)
# CIPRES-26 end
serializer = serializer_class(obj, data=data, partial=True)
if serializer.is_valid():
serializer.save()
#update party info
if 'partyId' in serializer.data:
partyId = serializer.data['partyId']
partyObj = Party.objects.all().get(partyId=partyId)
if 'name' in data:
name = data['name']
partyData = {'name': name}
partySerializer = PartySerializer(partyObj,
data=partyData,
partial=True)
if partySerializer.is_valid():
partySerializer.save()
if 'password' in data:
#data['password'] = generateSecretKey(str(obj.partyId.partyId), data['password'])#PW-254 and YM: TAIR-2493
data['loginKey'] = generateSecretKey(str(obj.partyId.partyId),
data['password'])
return Response(data, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get_queryset(self):
if isPhoenix(self.request):
partyId = self.request.GET.get('partyId')
return super(SubscriptionCRUD, self).get_queryset().filter(partyId=partyId)
return []
def get_queryset(self):
if isPhoenix(self.request):
if 'partyId' in self.request.GET:
partyId = self.request.GET.get('partyId')
return super(ConsortiumCRUD, self).get_queryset().filter(partyId=partyId).filter(partyType="consortium") #PW-161 consortium
return []
def get_queryset(self):
if isPhoenix(self.request):
if 'partyId' in self.request.GET:
partyId = self.request.GET.get('partyId')
return super(AffiliationCRUD, self).get_queryset().get(partyId=partyId)
return []
def get_queryset(self):
if isPhoenix(self.request):
if 'partyId' in self.request.GET:
partyId = self.request.GET.get('partyId')
return super(InstitutionCRUD, self).get_queryset().filter(partyId=partyId).filter(partyType="organization")
return []
