def savedata(): """ User has finished the experiment and is posting their data in the form of a (long) string. They will receive a debreifing back. """ print request.args.keys() if not request.args.has_key('uniqueId'): raise ExperimentError('improper_inputs') else: uniqueId = request.args['uniqueId'] print "/debrief called with", uniqueId user = Participant.query.\ filter(Participant.uniqueid == uniqueId).\ one() if config.getboolean('Task Parameters', 'use_debriefing'): user.status = COMPLETED user.endhit = datetime.datetime.now() db_session.add(user) db_session.commit() return render_template('debriefing.html', workerId=user.workerid, assignmentId=user.assignmentid) else: user.status = DEBRIEFED user.endhit = datetime.datetime.now() db_session.add(user) db_session.commit() return render_template('closepopup.html')
def set_diceware_password(user, password): try: user.set_password(password) except PasswordError: flash(gettext( 'You submitted a bad password! Password not changed.'), 'error') return try: db_session.commit() except Exception: flash(gettext( 'There was an error, and the new password might not have been ' 'saved correctly. To prevent you from getting locked ' 'out of your account, you should reset your password again.'), 'error') current_app.logger.error('Failed to update a valid password.') return # using Markup so the HTML isn't escaped flash(Markup("<p>" + gettext( "Password updated. Don't forget to " "save it in your KeePassX database. New password:") + ' <span><code>{}</code></span></p>'.format(password)), 'success')
def add_admin(): while True: username = raw_input("Username: "******"Sorry, that username is already in use." else: break while True: password = getpass("Password: "******"Confirm Password: "******"Passwords didn't match!" hotp_input = raw_input("Is this admin using a YubiKey [HOTP]? (y/N): ") otp_secret = None if hotp_input.lower() == "y" or hotp_input.lower() == "yes": while True: otp_secret = raw_input("Please configure your YubiKey and enter the secret: ") if otp_secret: break admin = Journalist(username=username, password=password, is_admin=True, otp_secret=otp_secret) try: db_session.add(admin) db_session.commit() except Exception, e: if "username is not unique" in str(e): print "ERROR: That username is already taken!" else: print "ERROR: An unknown error occurred, traceback:" print e
def enterexp(): """ AJAX listener that listens for a signal from the user's script when they leave the instructions and enter the real experiment. After the server receives this signal, it will no longer allow them to re-access the experiment applet (meaning they can't do part of the experiment and referesh to start over). """ app.logger.info("Accessing /inexp") if not 'uniqueId' in request.form: raise ExperimentError('improper_inputs') unique_id = request.form['uniqueId'] try: user = Participant.query.\ filter(Participant.uniqueid == unique_id).one() user.status = STARTED user.beginexp = datetime.datetime.now() db_session.add(user) db_session.commit() resp = {"status": "success"} except exc.SQLAlchemyError: app.logger.error("DB error: Unique user not found.") resp = {"status": "error, uniqueId not found"} return jsonify(**resp)
def admin_edit_user(user_id): user = Journalist.query.get(user_id) if request.method == "POST": if request.form["username"] != "": user.username = request.form["username"] if request.form["password"] != "": if request.form["password"] != request.form["password_again"]: flash("Passwords didn't match", "error") return redirect(url_for("admin_edit_user", user_id=user_id)) try: user.set_password(request.form["password"]) except InvalidPasswordLength: flash( "Your password is too long " "(maximum length {} characters)".format(Journalist.MAX_PASSWORD_LEN), "error", ) return redirect(url_for("admin_edit_user", user_id=user_id)) user.is_admin = bool(request.form.get("is_admin")) try: db_session.add(user) db_session.commit() except Exception, e: db_session.rollback() if "username is not unique" in str(e): flash("That username is already in use", "notification") else: flash("An unknown error occurred, please inform your administrator", "error")
def insertData(qiniukey): share = Share.query.filter(Share.share_qiniuurl == qiniukey).first() if share is None: share = Share(None, qiniukey) db_session.add(share) db_session.commit() return share
def quitter(): """ Mark quitter as such. """ unique_id = request.form['uniqueId'] if unique_id[:5] == "debug": debug_mode = True else: debug_mode = False if debug_mode: resp = {"status": "didn't mark as quitter since this is debugging"} return jsonify(**resp) else: try: unique_id = request.form['uniqueId'] app.logger.info("Marking quitter %s" % unique_id) user = Participant.query.\ filter(Participant.uniqueid == unique_id).\ one() user.status = QUITEARLY db_session.add(user) db_session.commit() except exc.SQLAlchemyError: raise ExperimentError('tried_to_quit') else: resp = {"status": "marked as quitter"} return jsonify(**resp)
def edit_skills(): """ About block edit """ #saved? saved = False if request.method == 'POST': for field in request.form: if field.startswith('skill'): skill, skill_id = field.split('_') skill = Skill.query.get(int(skill_id)) skill.percent = int(escape(request.form[field])) db_session.add(skill) db_session.commit() saved = True skills = Skill.query.all() prop = dict() prop.update(default) prop['skills'] = skills prop['saved'] = saved return render_template('admin/edit_skills.html', **prop)
def new_client(): """ About block edit """ # if errors detected errors = [] # if form incoming if request.method == 'POST': if not request.form['title']: errors += ['Title required!'] if not errors: client = dict() client['title'] = unicode(escape(request.form['title'])) client['description'] = unicode(escape(request.form['description'])) client['logo'] = unicode(escape(request.form['logo'])) client['link'] = unicode(escape(request.form['link'])) client = Client(**client) try: db_session.add(client) db_session.commit() except exc.SQLAlchemyError: db_session.rollback() errors += ['Error creating client #{0}\n'.format(client.id)] return redirect(url_for('edit_client', client_id=client.id)) prop = dict() prop.update(default) prop['errors'] = errors return render_template('admin/new_client.html', **prop)
def edit_about(): """ About block edit """ # saved? saved = False if request.method == 'POST': about = Info.query.filter(Info.title == 'about').first() about.value = unicode(request.form['about']) try: db_session.add(about) db_session.commit() saved = True except exc.SQLAlchemyError: db_session.rollback() saved = False about = Info.query.filter(Info.title == 'about').first() prop = dict() prop.update(default) prop['about'] = about.value prop['saved'] = saved return render_template('admin/edit_about.html', **prop)
def submit(): msg = request.form['msg'] fh = request.files['fh'] strip_metadata = True if 'notclean' in request.form else False fnames = [] if msg: fnames.append(store.save_message_submission(g.sid, msg)) flash("Thanks! We received your message.", "notification") if fh: fnames.append(store.save_file_submission(g.sid, fh.filename, fh.stream, fh.content_type, strip_metadata)) flash("Thanks! We received your document '%s'." % fh.filename or '[unnamed]', "notification") for fname in fnames: submission = Submission(g.source, fname) db_session.add(submission) if g.source.pending: g.source.pending = False # Generate a keypair now, if there's enough entropy (issue #303) entropy_avail = int(open('/proc/sys/kernel/random/entropy_avail').read()) if entropy_avail >= 2400: crypto_util.genkeypair(g.sid, g.codename) g.source.last_updated = datetime.now() db_session.commit() normalize_timestamps(g.sid) return redirect(url_for('lookup'))
def update(uid=None): """ Save experiment data, which should be a JSON object and will be stored after converting to string. """ app.logger.info("PUT /sync route with id: %s" % uid) try: user = Participant.query.\ filter(Participant.uniqueid == uid).\ one() except exc.SQLAlchemyError: app.logger.error("DB error: Unique user not found.") if hasattr(request, 'json'): user.datastring = request.data.decode('utf-8').encode( 'ascii', 'xmlcharrefreplace' ) db_session.add(user) db_session.commit() try: data = json.loads(user.datastring) except: data = {} trial = data.get("currenttrial", None) app.logger.info("saved data for %s (current trial: %s)", uid, trial) resp = {"status": "user data saved"} return jsonify(**resp)
def _admin_logs_in(self): # Create a test admin user for logging in admin_user_info = dict( username='******', password='******', is_admin=True) admin_user = Journalist(**admin_user_info) db_session.add(admin_user) db_session.commit() # Stash the admin user on self so we can use it in later tests self.admin_user = admin_user_info self.admin_user['orm_obj'] = admin_user self._login_user(admin_user_info['username'], admin_user_info['password'], admin_user.totp.now()) # Admin user should log in to the same interface as a normal user, # since there may be users who wish to be both journalists and admins. headline = self.driver.find_element_by_css_selector('span.headline') self.assertIn('Sources', headline.text) # Admin user should have a link that take them to the admin page links = self.driver.find_elements_by_tag_name('a') self.assertIn('Admin', [el.text for el in links])
def delete_user(args): """Deletes a journalist or administrator from the application.""" username = _get_username_to_delete() try: selected_user = Journalist.query.filter_by(username=username).one() except NoResultFound: print('ERROR: That user was not found!') return 0 # Confirm deletion if user is found if not _get_delete_confirmation(selected_user.username): return 0 # Try to delete user from the database try: db_session.delete(selected_user) db_session.commit() except Exception as e: # If the user was deleted between the user selection and confirmation, # (e.g., through the web app), we don't report any errors. If the user # is still there, but there was a error deleting them from the # database, we do report it. try: Journalist.query.filter_by(username=username).one() except NoResultFound: pass else: raise e print('User "{}" successfully deleted'.format(username)) return 0
def update_broadcasting_status(group_id): users = db_session.query(models.User).filter(models.User.group_id == group_id) if users: for user in users: user.is_near_dorm = NOT_BROADCASTING db_session.commit() return 1
def post_delete(id): post = db_session.query(Post).get(id) if post is None: abort(404) db_session.delete(post) db_session.commit() return redirect(url_for('index'))
def update(id=None): """ Save experiment data, which should be a JSON object and will be stored after converting to string. """ app.logger.info("accessing the /sync route with id: %s" % id) try: user = Participant.query.\ filter(Participant.uniqueid == id).\ one() except: app.logger.error( "DB error: Unique user not found.") if hasattr(request, 'json'): user.datastring = request.data.decode('utf-8').encode('ascii', 'xmlcharrefreplace') db_session.add(user) db_session.commit() resp = {"condition": user.cond, "counterbalance": user.counterbalance, "assignmentId": user.assignmentid, "workerId": user.workerid, "hitId": user.hitid} return jsonify(**resp)
def callback(): code=request.args.get('code') if not code: return 'failed' url = AUTHORIZE_URL.format(code=code, client_id=clientid, secret=secret) resp = requests.get(url) if resp.ok: access_token = resp.json()['access_token'] # now get 4sq id and name from self endpoint payload = {'oauth_token': access_token, 'v': API_VERSION} resp2 = requests.get(SELF_URL, params=payload) if resp2.ok: user_w = resp2.json() user = user_w.get('response',{}).get('user',{}) if user: name = user.get('firstName') + ' ' + user.get('lastName','') foursquare_id = user.get('id') u = User.query.filter(User.foursquare_id == foursquare_id).first() if u: u.access_token = access_token db_session.commit() else: u = User(foursquare_id, access_token, name) db_session.add(u) db_session.commit() return 'callback ok (POST)' else: return 'something went wrong...'
def create_single_version_file_on_drive(task, parent_drive_id, redmine_type, redmine_id, file_name, local_path, description, mime_type, version, modified_date): if not parent_drive_id: raise Exception("parent_drive_id is required") if not redmine_type: raise Exception("redmine_type is required") if redmine_id is None: raise Exception("redmine_id is required") if not file_name: raise Exception("folder_name is required") if not local_path: raise Exception("local_path is required") if not os.path.isfile(local_path): raise Exception("local_path %s is missing" % local_path) db_mapping = db_session.query(RedmineToDriveMapping).filter_by(redmine_id=redmine_id).filter_by( mapping_type=redmine_type).first() if db_mapping and db_mapping.drive_id: logger.info("File %s already mapped to %s", file_name, db_mapping.drive_id) return if not db_mapping: try: db_mapping = RedmineToDriveMapping(redmine_id=redmine_id, mapping_type=redmine_type, last_update=datetime.datetime.utcnow()) db_session.add(db_mapping) db_session.commit() logger.info("Created mapping for %s %s id:%s", redmine_type, file_name, redmine_id) except IntegrityError, e: logger.info("Cannot create mapping due to duplicate, will retry: %s", e) db_session.rollback() task.retry(countdown=min(2 + (2 * current_task.request.retries), 128))
def update(id=None): """ Save experiment data, which should be a JSON object and will be stored after converting to string. """ print "accessing the /sync route with id:", id try: user = Participant.query.\ filter(Participant.uniqueid == id).\ one() except: print "DB error: Unique user not found." if hasattr(request, 'json'): user.datastring = request.data db_session.add(user) db_session.commit() resp = {"condition": user.cond, "counterbalance": user.counterbalance, "assignmentId": user.assignmentid, "workerId": user.workerid, "hitId": user.hitid} return jsonify(**resp)
def make_star_false(filesystem_id): source = get_source(filesystem_id) if not source.star: source_star = SourceStar(source) db_session.add(source_star) db_session.commit() source.star.starred = False
def reset_two_factor_hotp(): uid = request.form['uid'] otp_secret = request.form.get('otp_secret', None) if otp_secret: user = Journalist.query.get(uid) try: user.set_hotp_secret(otp_secret) except TypeError as e: if "Non-hexadecimal digit found" in str(e): flash(gettext( "Invalid secret format: " "please only submit letters A-F and numbers 0-9."), "error") elif "Odd-length string" in str(e): flash(gettext( "Invalid secret format: " "odd-length secret. Did you mistype the secret?"), "error") else: flash(gettext( "An unexpected error occurred! " "Please inform your administrator."), "error") current_app.logger.error( "set_hotp_secret '{}' (id {}) failed: {}".format( otp_secret, uid, e)) return render_template('admin_edit_hotp_secret.html', uid=uid) else: db_session.commit() return redirect(url_for('admin.new_user_two_factor', uid=uid)) else: return render_template('admin_edit_hotp_secret.html', uid=uid)
def login(): if request.method == "POST": try: user = Journalist.login(request.form["username"], request.form["password"], request.form["token"]) except Exception as e: app.logger.error("Login for '{}' failed: {}".format(request.form["username"], e)) login_flashed_msg = "Login failed." if isinstance(e, LoginThrottledException): login_flashed_msg += " Please wait at least 60 seconds before logging in again." else: try: user = Journalist.query.filter_by(username=request.form["username"]).one() if user.is_totp: login_flashed_msg += " Please wait for a new two-factor token before logging in again." except: pass flash(login_flashed_msg, "error") else: app.logger.info( "Successful login for '{}' with token {}".format(request.form["username"], request.form["token"]) ) # Update access metadata user.last_access = datetime.utcnow() db_session.add(user) db_session.commit() session["uid"] = user.id return redirect(url_for("index")) return render_template("login.html")
def admin_reset_two_factor_totp(): uid = request.form["uid"] user = Journalist.query.get(uid) user.is_totp = True user.regenerate_totp_shared_secret() db_session.commit() return redirect(url_for("admin_new_user_two_factor", uid=uid))
def test_source_is_deleted_while_logged_in(self, logger): """If a source is deleted by a journalist when they are logged in, a NoResultFound will occur. The source should be redirected to the index when this happens, and a warning logged.""" with self.client as client: codename = new_codename(client, session) resp = client.post('login', data=dict(codename=codename), follow_redirects=True) # Now the journalist deletes the source filesystem_id = crypto_util.hash_codename(codename) crypto_util.delete_reply_keypair(filesystem_id) source = Source.query.filter_by(filesystem_id=filesystem_id).one() db_session.delete(source) db_session.commit() # Source attempts to continue to navigate resp = client.post('/lookup', follow_redirects=True) self.assertEqual(resp.status_code, 200) self.assertIn('Submit documents for the first time', resp.data) self.assertNotIn('logged_in', session.keys()) self.assertNotIn('codename', session.keys()) logger.assert_called_once_with( "Found no Sources when one was expected: " "No row was found for one()")
def reset_two_factor_hotp(): otp_secret = request.form.get('otp_secret', None) if otp_secret: g.user.set_hotp_secret(otp_secret) db_session.commit() return redirect(url_for('account.new_two_factor')) else: return render_template('account_edit_hotp_secret.html')
def _add_user(is_admin=False): username = _get_username() print("Note: Passwords are now autogenerated.") password = _make_password() print("This user's password is: {}".format(password)) is_hotp = _get_yubikey_usage() otp_secret = None if is_hotp: while True: otp_secret = raw_input( "Please configure this user's YubiKey and enter the secret: ") if otp_secret: tmp_str = otp_secret.replace(" ", "") if len(tmp_str) != 40: print("The length of the secret is not correct. " "Expected 40 characters, but received {0}. " "Try again.".format(len(tmp_str))) continue if otp_secret: break try: user = Journalist(username=username, password=password, is_admin=is_admin, otp_secret=otp_secret) db_session.add(user) db_session.commit() except Exception as exc: db_session.rollback() if "UNIQUE constraint failed: journalists.username" in str(exc): print('ERROR: That username is already taken!') else: exc_type, exc_value, exc_traceback = sys.exc_info() print(repr(traceback.format_exception(exc_type, exc_value, exc_traceback))) return 1 else: print('User "{}" successfully added'.format(username)) if not otp_secret: # Print the QR code for FreeOTP print('\nScan the QR code below with FreeOTP:\n') uri = user.totp.provisioning_uri(username, issuer_name='SecureDrop') qr = qrcode.QRCode() qr.add_data(uri) sys.stdout = codecs.getwriter("utf-8")(sys.stdout) qr.print_ascii(tty=sys.stdout.isatty()) print('\nIf the barcode does not render correctly, try changing ' "your terminal's font (Monospace for Linux, Menlo for OS " 'X). If you are using iTerm on Mac OS X, you will need to ' 'change the "Non-ASCII Font", which is your profile\'s Text ' "settings.\n\nCan't scan the barcode? Enter following " 'shared secret ' 'manually:\n{}\n'.format(user.formatted_otp_secret)) return 0
def vote(poll_id, answer_id): user_id = get_user_id() poll = Poll.query.filter(Poll.id == poll_id).first() answer = Answer.query.filter(Answer.id == answer_id).first() if poll.vote_limit > count_votes(poll, user_id): answer.votes.append(Vote(user_id)) db_session.add(answer) db_session.commit() return redirect("/view/%s" % poll.id)
def doc(sid, fn): if ".." in fn or fn.startswith("/"): abort(404) try: Submission.query.filter(Submission.filename == fn).one().downloaded = True except NoResultFound as e: app.logger.error("Could not mark " + fn + " as downloaded: %s" % (e,)) db_session.commit() return send_file(store.path(sid, fn), mimetype="application/pgp-encrypted")
def bulk_delete(sid, items_selected): for item in items_selected: item_path = store.path(sid, item.filename) worker.enqueue(store.secure_unlink, item_path) db_session.delete(item) db_session.commit() flash("Submission{} deleted.".format("s" if len(items_selected) > 1 else ""), "notification") return redirect(url_for("col", sid=sid))
def start(): pid = request.args.get("pid") password = request.args.get("password") # get by pid try: poll = db_session.query(Poll).filter_by(pid=pid).filter_by( password=password).first() poll.started = True db_session.commit() #push message saying owner started pusher.trigger( pid, "notify-status", { "status": "COMPLETED" if poll.completed else ("STARTED" if poll.started else "WAITING") }) return "Poll started", 200 except Exception as e: return "Invalid pid or password.", 400
def edit_data(): if "admin_email" not in request.form: build_html_error_response("Missing Field", 400, "Missing admin email when registering app") if "name" not in request.form: build_html_error_response("Missing Field", 400, "Missing name when registering app") if "homepage" not in request.form: build_html_error_response("Missing Field", 400, "Missing homepage when registering app") if "callback_url" not in request.form: build_html_error_response("Missing Field", 400, "Missing callback when registering app") app = Apps.query.filter_by(client_id=session["client_id"]).first() app.name = request.form.get("name") app.admin_email = request.form.get("admin_email") app.homepage = request.form.get("homepage") app.callback = request.form.get("callback_url") db_session.commit() return redirect(url_for("apps.get", client_id=app.client_id))
def create_user_tokens(): # write the user tokens to the appropriate db fields counter = 0 try: users = db_session.query(User).filter(User.active == 1).all() for user in users: token = token_serializer.dumps({ 'username': user.username, 'user_id': user.id }).decode('utf-8') user.token = token user.token_last_update = datetime.now() db_session.commit() db_session.flush() print('*** token for {} ***: {}\n'.format(user.username, token)) counter += 1 print('Updated {} tokens.'.format(str(counter))) except exc.SQLAlchemyError as err: print('Database error updating tokens: {}'.format(str(err)))
def add_admin(): while True: username = raw_input("Username: "******"Sorry, that username is already in use." else: break while True: password = getpass("Password: "******"Confirm Password: "******"Passwords didn't match!" hotp_input = raw_input("Is this admin using a YubiKey [HOTP]? (y/N): ") otp_secret = None if hotp_input.lower() == "y" or hotp_input.lower() == "yes": while True: otp_secret = raw_input( "Please configure your YubiKey and enter the secret: ") if otp_secret: break admin = Journalist(username=username, password=password, is_admin=True, otp_secret=otp_secret) try: db_session.add(admin) db_session.commit() except Exception, e: if "username is not unique" in str(e): print "ERROR: That username is already taken!" else: print "ERROR: An unknown error occurred, traceback:" print e
def delete_user(): # pragma: no cover """Deletes a journalist or administrator from the application.""" # Select user to delete username = raw_input('Username to delete: ') try: selected_user = Journalist.query.filter_by(username=username).one() except NoResultFound: print('ERROR: That user was not found!') return 0 # Confirm deletion if user is found confirmation = raw_input('Are you sure you want to delete user ' '{} (y/n)?'.format(selected_user)) if confirmation.lower() != 'y': print('Confirmation not received: user "{}" was NOT ' 'deleted'.format(username)) return 0 # Try to delete user from the database try: db_session.delete(selected_user) db_session.commit() except: # If the user was deleted between the user selection and confirmation, # (e.g., through the web app), we don't report any errors. If the user # is still there, but there was a error deleting them from the # database, we do report it. try: selected_user = Journalist.query.filter_by(username=username).one() except NoResultFound: pass else: raise print('User "{}" successfully deleted'.format(username)) return 0
def logout(): if 'redirect_url' in request.args: referrer = request.args.get('redirect_url') else: referrer = request.referrer if 'Access-Token' not in request.headers and 'access_token' not in request.args: return build_html_error_response("Missing authentication", \ 400,\ "Access-Token header not present in the request") if 'Access-Token' not in request.headers: access_token = request.args.get('access_token') else: access_token = request.headers.get('Access-Token') user = Users.query.filter_by(access_token=access_token).first() if user == None: return build_html_error_response("Invalid authentication", \ 401,\ "Access-Token is invalid for this service") user.token_valid = False db_session.commit() return render_template("logout.html", referrer=referrer.split('?')[0], email=user.email)
def add_task(): """Convert the input JSON to task object and add it to the database""" try: task_json_object = validate_json_task(request.json) except (ValueError, ValidationError) as validation_error: return Response("Incorrect JSON input: " + str(validation_error), 400) # Model attribute names are the same as JSON keys, # so we can use dict unpacking current_task = Task(**task_json_object) if request.access_route: current_task.author_ip = request.access_route[0] else: current_task.author_ip = request.remote_addr if not current_task.done: current_task.done = False elif not current_task.done_date: current_task.done_date = datetime.datetime.utcnow() db_session.add(current_task) db_session.commit() return jsonify(task_id=current_task.id)
def login(): if request.method == 'POST': try: user = Journalist.login(request.form['username'], request.form['password'], request.form['token']) except Exception as e: app.logger.error("Login for '{}' failed: {}".format( request.form['username'], e)) login_flashed_msg = "Login failed." if isinstance(e, LoginThrottledException): login_flashed_msg += " Please wait at least 60 seconds before logging in again." else: try: user = Journalist.query.filter_by( username=request.form['username']).one() if user.is_totp: login_flashed_msg += " Please wait for a new two-factor token before logging in again." except: pass flash(login_flashed_msg, "error") else: app.logger.info("Successful login for '{}' with token {}".format( request.form['username'], request.form['token'])) # Update access metadata user.last_access = datetime.utcnow() db_session.add(user) db_session.commit() session['uid'] = user.id return redirect(url_for('index')) return render_template("login.html")
def download(zip_basename, submissions): """Send client contents of zipfile *zip_basename*-<timestamp>.zip containing *submissions*. The zipfile, being a :class:`tempfile.NamedTemporaryFile`, is stored on disk only temporarily. :param str zip_basename: The basename of the zipfile download. :param list submissions: A list of :class:`db.Submission`s to include in the zipfile. """ zf = store.get_bulk_archive(submissions, zip_directory=zip_basename) attachment_filename = "{}--{}.zip".format( zip_basename, datetime.utcnow().strftime("%Y-%m-%d--%H-%M-%S")) # Mark the submissions that have been downloaded as such for submission in submissions: submission.downloaded = True db_session.commit() return send_file(zf.name, mimetype="application/zip", attachment_filename=attachment_filename, as_attachment=True)
def admin_edit_user(user_id): user = Journalist.query.get(user_id) if request.method == 'POST': if request.form['username'] != "": user.username = request.form['username'] if request.form['password'] != "": if request.form['password'] != request.form['password_again']: flash("Passwords didn't match", "error") return redirect(url_for("admin_edit_user", user_id=user_id)) user.set_password(request.form['password']) user.is_admin = bool(request.form.get('is_admin')) try: db_session.add(user) db_session.commit() except Exception, e: db_session.rollback() if "username is not unique" in str(e): flash("That username is already in use", "notification") else: flash("An unknown error occurred, please inform your administrator", "error")
def _admin_logs_in(self): # Create a test admin user for logging in admin_user_info = dict(username='******', password='******', is_admin=True) admin_user = Journalist(**admin_user_info) db_session.add(admin_user) db_session.commit() # Stash the admin user on self so we can use it in later tests self.admin_user = admin_user_info self.admin_user['orm_obj'] = admin_user self._login_user(admin_user_info['username'], admin_user_info['password'], admin_user.totp.now()) # Admin user should log in to the same interface as a normal user, # since there may be users who wish to be both journalists and admins. headline = self.driver.find_element_by_css_selector('span.headline') self.assertIn('Sources', headline.text) # Admin user should have a link that take them to the admin page links = self.driver.find_elements_by_tag_name('a') self.assertIn('Admin', [el.text for el in links])
def debug_complete(): ''' Debugging route for complete. ''' if not 'uniqueId' in request.args: raise ExperimentError('improper_inputs') else: unique_id = request.args['uniqueId'] if unique_id[:5] == "debug": debug_mode = True else: debug_mode = False try: user = Participant.query.\ filter(Participant.uniqueid == unique_id).one() user.status = COMPLETED user.endhit = datetime.datetime.now() db_session.add(user) db_session.commit() except: raise ExperimentError('error_setting_worker_complete') else: if debug_mode: return render_template('complete.html') else: # send them back to mturk. return render_template('closepopup.html')
def validate_account_addresses(): active_no_wallet_accounts = db_session.query(Account).filter( Account.active == 'true', Account.wallet_address == None).all() unassigned_accounts = [] for acc in active_no_wallet_accounts: acct_fqdn = acc.fully_qualified_name #append qbo fully qualified account name into unassigned_accounts array unassigned_accounts.append(acct_fqdn) #generate new address and output it to text file in home directory get_new_addr_command = base_command % ( 'getnewaddress >~/newaddress.txt 2>&1') #os.system(get_new_addr_command) cur_dir = os.getcwd() tmp_folder = cur_dir + '/tmp' print(tmp_folder) if not os.path.exists(tmp_folder): print('not there') os.makedirs(tmp_folder) path = tmp_folder + '/newaddress.txt' #opens text file and extracts new address and adds it to unassigned_addresses array with open(path) as fp: for j, line in enumerate(fp): if j == 2: unassigned_addresses.append(line) #updates the wallet_address column for the account acc.wallet_address = line db_session.add(acc) #saves database changes as permanent db_session.commit() #deletes placeholder text file in home directory os.system("cd ~ & sudo rm newaddress.txt") return unassigned_accounts, unassigned_addresses
def mutate(self, info, positionData): import utils if utils.isAllowAccess(): from mutation_position import isPositionByPosCodeExist newPos = None status = False msg = 'This posCode \'{}\' is exist.'.format(positionData.posCode) if isPositionByPosCodeExist(positionData.posCode, info) is False: newPos = PositionDBModel() newPos.posCode = positionData.posCode newPos.pos_desc = positionData.pos_desc db_session.add(newPos) db_session.commit() status = True msg = 'Create position\'s posCode {} success.'.format( positionData.posCode) return CreatePosition(position=newPos, status=status, msg=msg)
def completed(): """ This is sent in when the participant completes the debriefing. The participant can accept the debriefing or declare that they were not adequately debriefed, and that response is logged in the database. """ print "accessing the /complete route" if not (request.form.has_key('assignmentid') and request.form.has_key('agree')): raise ExperimentError('improper_inputs') assignmentId = request.form['assignmentid'] workerId = request.form['workerid'] agreed = request.form['agree'] print workerId, assignmentId, agreed user = Participant.query.\ filter(Participant.assignmentid == assignmentId).\ filter(Participant.workerid == workerId).\ one() user.status = DEBRIEFED user.debriefed = agreed == 'true' db_session.add(user) db_session.commit() return render_template('closepopup.html')
def search(self, words: List[str]): # language = tokenizer.guess_language(text) # words = tokenizer.word_tokenize(text, language) words_id = db_interface.get_words_id(words) # очищаем список слов, использованный при предыдущем поиске db_session.query(SearchWords).filter( SearchWords.session_id == self.sess.id).delete() db_session.commit() # найти id всех книг, которые содержат все найденные слова for i in words_id: db_session.add(SearchWords(session_id=self.session_id, word_id=i)) db_session.commit() q = db_session.query(BookWord.book_id).\ join(SearchWords, and_(SearchWords.session_id == self.session_id, SearchWords.word_id == BookWord.word_id)).\ group_by(BookWord.book_id).\ having(func.count(BookWord.word_id) == db_session.query(func.count(SearchWords.word_id.distinct())). filter(SearchWords.session_id == self.session_id) ) self.search_result.clear() # очищаем результат предыдущего поиска db_session.query(SearchResult).filter( SearchResult.session_id == self.sess.id).delete() db_session.commit() for i in q.all(): book = db_session.query(Book).filter(Book.id == i[0]).first() self.search_result.append( b.Book(zip_file=book.zip_name, book_name=book.book_name, annotation=book.annotation, authors=book.authors, title=book.title, genre=book.genre)) db_session.add( SearchResult(session_id=self.sess.id, book_id=book.id)) db_session.commit()
def login_callback(): info = json.loads(session["info"]) user = Users.query.filter_by(uid=info["id"]).first() # Signup if user == None: user = Users.query.filter_by(email=info["email"]).first() if user != None: if user.has_merged: user.access_token = base64.b64encode(os.urandom(16)) user.creation_date = datetime.datetime.now() user.token_valid = True db_session.commit() return redirect( session['referrer'] + "?" + urllib.urlencode({"access_token": user.access_token}), 302) if session["platform"] == "facebook": return render_template("merge_option.html", facebook=info, google=user) elif session["platform"] == "google": return render_template("merge_option.html", facebook=user, google=info) user = Users(uid=info["id"], email=info["email"], name=info["name"], picture=info["picture"], platform=info["platform"]) db_session.add(user) db_session.commit() # Login if not valid_token(user): # Renew token user.access_token = base64.b64encode(os.urandom(16)) user.creation_date = datetime.datetime.now() user.token_valid = True db_session.commit() return redirect( session['referrer'] + "?" + urllib.urlencode({"access_token": user.access_token}), 302)
def get_nearest_cafe(lat, lng): geo_json = get_cafe_json(lat, lng) if not geo_json: return cafes = [] tags_and_cafes = {} for data in geo_json.get('results'): cafe = Cafe(name=data['name'], lat=data['geometry']['location']['lat'], lng=data['geometry']['location']['lng'], rating=data.get('rating'), address=data['vicinity']) saved_cafe = Cafe.query.filter(Cafe.lat == cafe.lat and Cafe.lng == cafe.lng).first() if saved_cafe: cafe = saved_cafe else: db_session.add(cafe) db_session.commit() cafes.append(cafe) for type_name in data.get('types'): tags_and_cafes.setdefault(type_name, []) tags_and_cafes[type_name].append(cafe.id) for tag_name in tags_and_cafes.keys(): tag = Tag(tag_name=tag_name, localized_name='') db_session.add(tag) db_session.commit() for cafe_id in tags_and_cafes[tag_name]: tag_to_add = TagsForCafe(tag_id=tag.id, cafe_id=cafe_id) db_session.add(tag_to_add) db_session.commit() return cafes
def submit(): msg = request.form['msg'] fh = request.files['fh'] # Don't bother submitting anything if it was an "empty" submission. #878. if not (msg or fh): flash("You must enter a message or choose a file to submit.", "error") return redirect(url_for('lookup')) fnames = [] journalist_filename = g.source.journalist_filename first_submission = g.source.interaction_count == 0 if msg: g.source.interaction_count += 1 fnames.append( store.save_message_submission(g.filesystem_id, g.source.interaction_count, journalist_filename, msg)) if fh: g.source.interaction_count += 1 fnames.append( store.save_file_submission(g.filesystem_id, g.source.interaction_count, journalist_filename, fh.filename, fh.stream)) if first_submission: msg = render_template('first_submission_flashed_message.html') flash(Markup(msg), "success") else: if msg and not fh: things = 'message' elif not msg and fh: things = 'document' else: things = 'message and document' msg = render_template('next_submission_flashed_message.html', things=things) flash(Markup(msg), "success") for fname in fnames: submission = Submission(g.source, fname) db_session.add(submission) if g.source.pending: g.source.pending = False # Generate a keypair now, if there's enough entropy (issue #303) entropy_avail = int( open('/proc/sys/kernel/random/entropy_avail').read()) if entropy_avail >= 2400: async_genkey(g.filesystem_id, g.codename) g.source.last_updated = datetime.utcnow() db_session.commit() normalize_timestamps(g.filesystem_id) return redirect(url_for('lookup'))
def delete(id): item = Items.query.filter(Items.id == id).one() db_session.delete(item) db_session.commit() return redirect(url_for('index'))
def worker_bonus(self, chosen_hit, auto, amount, reason='', assignment_ids=None): ''' Bonus worker ''' if self.config.has_option('Shell Parameters', 'bonus_message'): reason = self.config.get('Shell Parameters', 'bonus_message') while not reason: user_input = raw_input("Type the reason for the bonus. Workers " "will see this message: ") reason = user_input # Bonus already-bonused workers if the user explicitly lists their # assignment IDs override_status = True if chosen_hit: override_status = False workers = self.amt_services.get_workers("Approved", chosen_hit) if not workers: print "No approved workers for HIT", chosen_hit return print 'bonusing workers for HIT', chosen_hit elif len(assignment_ids) == 1: workers = [self.amt_services.get_worker(assignment_ids[0])] if not workers: print "No submissions found for requested assignment ID" return else: workers = self.amt_services.get_workers("Approved") if not workers: print "No approved workers found." return workers = [worker for worker in workers if \ worker['assignmentId'] in assignment_ids] for worker in workers: assignment_id = worker['assignmentId'] try: init_db() part = Participant.query.\ filter(Participant.assignmentid == assignment_id).\ filter(Participant.workerid == worker['workerId']).\ filter(Participant.endhit != None).\ one() if auto: amount = part.bonus status = part.status if amount <= 0: print "bonus amount <=$0, no bonus given for assignment", assignment_id elif status == 7 and not override_status: print "bonus already awarded for assignment", assignment_id else: success = self.amt_services.bonus_worker(assignment_id, amount, reason) if success: print "gave bonus of $" + str(amount) + " for assignment " + \ assignment_id part.status = 7 db_session.add(part) db_session.commit() db_session.remove() else: print "*** failed to bonus assignment", assignment_id except: print "*** failed to bonus assignment", assignment_id
def admin_delete_user(user_id): user = Journalist.query.get(user_id) db_session.delete(user) db_session.commit() return redirect(url_for('admin_index'))
def start_exp(): """ Serves up the experiment applet. """ if not ('hitId' in request.args and 'assignmentId' in request.args and 'workerId' in request.args): raise ExperimentError('hit_assign_worker_id_not_set_in_exp') hit_id = request.args['hitId'] assignment_id = request.args['assignmentId'] worker_id = request.args['workerId'] mode = request.args['mode'] app.logger.info("Accessing /exp: %(h)s %(a)s %(w)s " % { "h": hit_id, "a": assignment_id, "w": worker_id }) if hit_id[:5] == "debug": debug_mode = True else: debug_mode = False # Check first to see if this hitId or assignmentId exists. If so, check to # see if inExp is set matches = Participant.query.\ filter(Participant.workerid == worker_id).\ all() numrecs = len(matches) if numrecs == 0: # Choose condition and counterbalance subj_cond, subj_counter = get_random_condcount() worker_ip = "UNKNOWN" if not request.remote_addr else \ request.remote_addr browser = "UNKNOWN" if not request.user_agent.browser else \ request.user_agent.browser platform = "UNKNOWN" if not request.user_agent.platform else \ request.user_agent.platform language = "UNKNOWN" if not request.user_agent.language else \ request.user_agent.language # Set condition here and insert into database. participant_attributes = dict(assignmentid=assignment_id, workerid=worker_id, hitid=hit_id, cond=subj_cond, counterbalance=subj_counter, ipaddress=worker_ip, browser=browser, platform=platform, language=language) part = Participant(**participant_attributes) db_session.add(part) db_session.commit() else: # A couple possible problems here: # 1: They've already done an assignment, then we should tell them they # can't do another one # 2: They've already worked on this assignment, and got too far to # start over. # 3: They're in the database twice for the same assignment, that should # never happen. # 4: They're returning and all is well. nrecords = 0 for record in matches: other_assignment = False if record.assignmentid != assignment_id: other_assignment = True else: nrecords += 1 if nrecords <= 1 and not other_assignment: part = matches[0] # In experiment (or later) can't restart at this point if part.status >= STARTED and not debug_mode: raise ExperimentError('already_started_exp') else: if nrecords > 1: app.logger.error("Error, hit/assignment appears in database \ more than once (serious problem)") raise ExperimentError( 'hit_assign_appears_in_database_more_than_once') if other_assignment: raise ExperimentError('already_did_exp_hit') if mode == 'sandbox' or mode == 'live': # If everything goes ok here relatively safe to assume we can lookup # the ad. ad_id = get_ad_via_hitid(hit_id) if ad_id != "error": if mode == "sandbox": ad_server_location = 'https://sandbox.ad.psiturk.org/complete/'\ + str(ad_id) elif mode == "live": ad_server_location = 'https://ad.psiturk.org/complete/' +\ str(ad_id) else: raise ExperimentError('hit_not_registered_with_ad_server') else: ad_server_location = '/complete' return render_template('exp.html', uniqueId=part.uniqueid, condition=part.cond, counterbalance=part.counterbalance, adServerLoc=ad_server_location, mode=mode)
def add_star(sid): make_star_true(sid) db_session.commit() return redirect(url_for('index'))
def remove_star(sid): make_star_false(sid) db_session.commit() return redirect(url_for('index'))
def col_star(cols_selected): for sid in cols_selected: make_star_true(sid) db_session.commit() return redirect(url_for('index'))
def col_un_star(cols_selected): for source_id in cols_selected: make_star_false(source_id) db_session.commit() return redirect(url_for('index'))
def flag(): g.source.flagged = True db_session.commit() return render_template('flag.html', sid=g.sid, codename=g.source.journalist_designation)
import csv import datetime from db import User, db_session, Post posts_list=[] u=User with open('blog.csv', 'r' , encoding='utf-8' ) as f: fields = ['title', 'image', 'published','content','email','first_name','last_name'] reader = csv.DictReader(f, fields, delimiter=';') for row in reader: row['published']=datetime.datetime.strptime(row['published'], '%d.%m.%y %H:%M') author=u.query.filter(User.email==row['email']).first() row['user_id']=author.id posts_list.append(row) for post_data in posts_list: post=Post(post_data['title'],post_data['image'], post_data['published'],post_data['content'], post_data['user_id']) db_session.add(post) db_session.commit()
def _add_user(is_admin=False): # pragma: no cover while True: username = raw_input('Username: '******'Password: '******'Confirm Password: '******'Your password is too long (maximum length {} characters). ' 'Please pick a shorter ' 'password.'.format(Journalist.MAX_PASSWORD_LEN)) continue if len(password) < Journalist.MIN_PASSWORD_LEN: print('Error: Password needs to be at least {} characters.'.format( Journalist.MIN_PASSWORD_LEN )) continue if password == password_again: break print("Passwords didn't match!") hotp_input = raw_input('Will this user be using a YubiKey [HOTP]? (y/N): ') otp_secret = None if hotp_input.lower() in ('y', 'yes'): while True: otp_secret = raw_input( 'Please configure your YubiKey and enter the secret: ') if otp_secret: break try: user = Journalist(username=username, password=password, is_admin=is_admin, otp_secret=otp_secret) db_session.add(user) db_session.commit() except Exception as exc: db_session.rollback() if "UNIQUE constraint failed: journalists.username" in str(exc): print('ERROR: That username is already taken!') else: exc_type, exc_value, exc_traceback = sys.exc_info() print(repr(traceback.format_exception(exc_type, exc_value, exc_traceback))) return 1 else: print('User "{}" successfully added'.format(username)) if not otp_secret: # Print the QR code for FreeOTP/ Google Authenticator print('\nScan the QR code below with FreeOTP or Google ' 'Authenticator:\n') uri = user.totp.provisioning_uri(username, issuer_name='SecureDrop') qr = qrcode.QRCode() qr.add_data(uri) qr.print_ascii(tty=sys.stdout.isatty()) print('\nIf the barcode does not render correctly, try changing ' "your terminal's font (Monospace for Linux, Menlo for OS " 'X). If you are using iTerm on Mac OS X, you will need to ' 'change the "Non-ASCII Font", which is your profile\'s Text ' "settings.\n\nCan't scan the barcode? Enter following " 'shared secret ' 'manually:\n{}\n'.format(user.formatted_otp_secret)) return 0