def register(request):
'''View function handling user registration.
This function parse and validate incoming request's form data and check
table auth_user for authenticity before storing user record in table or
output error message.
Args:
request: Incoming request.
Returns:
Indicator that user is successfully created or error message that either
form data is invalid or user exists.
'''
form = UserForm(request.POST)
response = HttpResponse()
if form.is_valid():
try:
user = User.objects.create_user(
form.cleaned_data['name'],
password=form.cleaned_data['passwd'])
success(request, 'Successfully create user.')
except IntegrityError:
error(request, 'User name exists.')
response.status_code = 400
else:
error(request, 'Invalid input data')
response.status_code = 400
response.write(''.join([item.message for item in get_messages(request)]))
return response
def register(request):
'''View function handling user registration.
This function parse and validate incoming request's form data and check
table auth_user for authenticity before storing user record in table or
output error message.
Args:
request: Incoming request.
Returns:
Indicator that user is successfully created or error message that either
form data is invalid or user exists.
'''
form = UserForm(request.POST)
response = HttpResponse()
if form.is_valid():
try:
user = User.objects.create_user(form.cleaned_data['name'],
password=form.cleaned_data['passwd'])
success(request, 'Successfully create user.')
except IntegrityError:
error(request, 'User name exists.')
response.status_code = 400
else:
error(request, 'Invalid input data')
response.status_code = 400
response.write(''.join([item.message for item in get_messages(request)]))
return response
def employes(request):
msg = check_access(request)
if msg == 'ok':
if 'page' in request.GET:
page = paginate(request.GET['page'], Employe.objects.all())
if page is None:
resp = HttpResponse()
resp.status_code = 500
return resp
objects = page.object_list
else:
objects = get_list_or_404(Employe)
employe_list = ["emp: {0} position: {1} id: {2}".format(obj.user.first_name,
obj.position.name,
obj.user.id) for obj in objects]
response_data = {}
response_data['items_cnt'] = len(employe_list)
response_data['employes'] = employe_list
resp = HttpResponse(json.dumps(response_data), content_type="application/json")
resp.status_code = 200
return resp
else:
resp = HttpResponse()
resp.status_code = 401
return resp
def log_in(request):
'''View function corresponding to url /login.
The purpose of this function vary with http method. If method is GET it
behaves as unauthorize redirect destination; If method is POST it accepts
request's form data, validates it and adds session to authorize the user.
Args:
request: Incoming request
Returns:
When GET, indicate the page has been redirected here; When POST,
return either message that user is logged in or error that form invalid
or user name/password error.
'''
response = HttpResponse()
if request.method == 'GET':
info(request, 'Indicator')
else:
form = UserForm(request.POST)
if form.is_valid():
user = authenticate(username=form.cleaned_data['name'],
password=form.cleaned_data['passwd'])
if user != None:
login(request, user)
success(request, 'User exists.')
else:
error(request, 'User does not exist.')
response.status_code = 400
else:
error(request, 'Invalid input data')
response.status_code = 400
response.write(''.join([item.message for item in get_messages(request)]))
return response
def position_id(request, pos_id):
msg = check_access(request)
if msg == 'ok':
access_code = request.META['HTTP_AUTHORIZATION']
acc_obj = access_token.objects.get(token=access_code)
user = acc_obj.user
str_user_id = "{0}".format(user.id)
str_pos_id = "{0}".format(pos_id)
if str_user_id != str_pos_id:
resp = HttpResponse()
resp.status_code = 403
return resp
try:
emp_obj = Employe.objects.get(user=pos_id)
except Employe.DoesNotExist:
raise Http404
position = emp_obj.position
response_data = {}
response_data['full_name'] = user.first_name
response_data['position_name'] = position.name
response_data['salary'] = position.salary
response_data['salary_currency'] = position.salary_currency
resp = HttpResponse(json.dumps(response_data), content_type="application/json")
resp.status_code = 200
return resp
else:
resp = HttpResponse()
resp.status_code = 401
return resp
def employe_id(request, emp_id):
msg = check_access(request)
if msg == 'ok':
access_code = request.META['HTTP_AUTHORIZATION']
acc_obj = access_token.objects.get(token=access_code)
user = acc_obj.user
str_user_id = "{0}".format(user.id)
str_emp_id = "{0}".format(emp_id)
if str_user_id != str_emp_id:
resp = HttpResponse()
resp.status_code = 403
return resp
try:
emp_obj = Employe.objects.get(user=emp_id)
except Employe.DoesNotExist:
raise Http404
position = emp_obj.position
response_data = {}
response_data['full_name'] = user.first_name
response_data['username'] = user.username
response_data['email'] = user.email
response_data['mobile_phone'] = user.mobile_phone
response_data['birthday'] = user.birth_day
response_data['position'] = position.name
resp = HttpResponse(json.dumps(response_data), content_type="application/json")
resp.status_code = 200
return resp
else:
resp = HttpResponse()
resp.status_code = 401
return resp
def healthcheck(request):
"""Simple view to display the result of defined
healthchecks
:param request: django request
:return: Django response containing text/plain
"""
# dictionary containing functions to be called
checks = {'DB': _test_db_connection,
'Topics': _test_topics_connection,
'Events search': _test_events_search}
response = HttpResponse()
overall_ok = True
for name, service in checks.items():
try:
# run the healthcheck function
ok, message = service()
except Exception as e:
ok = False
message = e
logger.error('Error in healthcheck {name}'.format(name=name), exc_info=True)
if not ok:
overall_ok = False
response.write('* !! {service}: {text}\n'.format(service=name, text=message))
else:
response.write('* {service}: {text}\n'.format(service=name, text=message.replace('\n', '')))
response['Content-Type'] = "text/plain; charset=utf-8"
response['Cache-Control'] = "must-revalidate,no-cache,no-store"
if overall_ok:
response.status_code = 200
else:
response.status_code = 500
return response
def cart(request):
if request.method == "POST":
action = request.POST.get("action")
# if add item
if action == "add":
# if added
if add_cart_item(request.POST.get("id")):
return JsonResponse({"status": "success"}, safe=False)
# no added
response = HttpResponse(request)
response.status_code = 404
return response
# if delete
elif action == "del":
# if removed
if del_cart_item(request.POST.get("id")):
return JsonResponse({"status": "success"}, safe=False)
# no added
response = HttpResponse(request)
response.status_code = 404
return response
cart_items = get_cart_items()
response = JsonResponse(cart_items, safe=False)
response.headers = {"X-CSRFToken": get_token(request)}
return response
def weather(request, story_id):
"""
This API gets information about Story's locations weather.
Filters the gathered information and returns it.
It also adds a comment about the weather.
"""
if (request.method != 'GET'):
httpresponse = HttpResponse(
'Only GET method is available for this API')
httpresponse.status_code = 405
return httpresponse
if (not isinstance(story_id, int)):
httpresponse = HttpResponse('Only integer values are used by this API')
httpresponse.status_code = 400
return httpresponse
try:
story = Story.objects.get(id=story_id)
except Story.DoesNotExist:
httpresponse = HttpResponse('Story does not exist')
httpresponse.status_code = 404
return httpresponse
resp = requests.get(
"http://api.openweathermap.org/data/2.5/weather?lat=%s&lon=%s&appid=%s"
% (story.latitude, story.longitude, WEATHER_API_KEY))
if (resp.status_code != 200):
httpresponse = HttpResponse(
'Could not send request to OpenWeather API')
httpresponse.status_code = 400
return httpresponse
weather = resp.json()
condition = weather['weather'][0]['main']
temperature = round(weather['main']['temp'] - (273.15), 2)
feel = round(weather['main']['feels_like'] - (273.15), 2)
wind = weather['wind']['speed']
country = weather['sys']['country']
timezone = round(weather['timezone'] / 3600)
if (temperature < 0):
comment = "Wow it is freezing out there!"
elif (temperature < 15):
comment = "It is cold!"
elif (temperature < 30):
comment = "Temperatures are great! Go out there and have fun!"
else:
comment = "It is hot! You sure you are OK?"
return JsonResponse({
'condition': condition,
'temperature': temperature,
'feel': feel,
'wind': wind,
'country': country,
'time_zone': timezone,
'comment': comment
})
def post(self, request, *args, **kwargs):
payload = json.loads(request.body.decode('utf-8'))
if request.META.get('HTTP_X_GITHUB_EVENT') == "ping":
return HttpResponse('Hi!')
if False:
if request.META.get('HTTP_X_GITHUB_EVENT') != "push":
response = HttpResponse()
response.status_code = 403
return response
signature = request.META.get('HTTP_X_HUB_SIGNATURE').split('=')[1]
secret = settings.GITHUB_HOOK_SECRET
if isinstance(secret, str):
secret = secret.encode('utf-8')
mac = hmac.new(secret, msg=request.body, digestmod=sha1)
if not hmac.compare_digest(mac.hexdigest(), signature):
response = HttpResponse()
response.status_code = 403
return response
handle_push_hook_request(payload)
return HttpResponse("OK")
def get_majors(request):
tour_id = request.GET.get('tour', None)
major1_id = request.GET.get('major1', None)
major2_id = request.GET.get('major2', None)
if tour_id and major1_id and major2_id:
try:
tour = Tour.objects.get(id=tour_id)
majors = tour.majors.filter().exclude(id__in=[major1_id, major2_id])
data = serializers.serialize("json", majors)
return HttpResponse(data, content_type='application/json')
except Tour.DoesNotExist:
response = HttpResponse(content_type='application/json')
response.status_code = 400
return response
else:
if tour_id and major1_id:
try:
tour = Tour.objects.get(id=tour_id)
majors = tour.majors.all().exclude(id__in=[major1_id])
data = serializers.serialize("json", majors)
return HttpResponse(data, content_type='application/json')
except Tour.DoesNotExist:
response = HttpResponse(content_type='application/json')
response.status_code = 400
return response
else:
response = HttpResponse(content_type='application/json')
response.status_code = 400
return response
def log_in(request):
'''View function corresponding to url /login.
The purpose of this function vary with http method. If method is GET it
behaves as unauthorize redirect destination; If method is POST it accepts
request's form data, validates it and adds session to authorize the user.
Args:
request: Incoming request
Returns:
When GET, indicate the page has been redirected here; When POST,
return either message that user is logged in or error that form invalid
or user name/password error.
'''
response = HttpResponse()
if request.method == 'GET':
info(request, 'Indicator')
else:
form = UserForm(request.POST)
if form.is_valid():
user = authenticate(username=form.cleaned_data['name'],
password=form.cleaned_data['passwd'])
if user != None:
login(request, user)
success(request, 'User exists.')
else:
error(request, 'User does not exist.')
response.status_code = 400
else:
error(request, 'Invalid input data')
response.status_code = 400
response.write(''.join([item.message for item in get_messages(request)]))
return response
def post(self, request, *args, **kwargs):
payload = json.loads(request.body.decode())
if request.META.get('HTTP_X_GITHUB_EVENT') == "ping":
return HttpResponse('Hi!')
if False:
if request.META.get('HTTP_X_GITHUB_EVENT') != "push":
response = HttpResponse()
response.status_code = 403
return response
signature = request.META.get('HTTP_X_HUB_SIGNATURE').split('=')[1]
secret = settings.GITHUB_HOOK_SECRET
if isinstance(secret, str):
secret = secret.encode()
mac = hmac.new(secret, msg=request.body, digestmod=sha1)
if not hmac.compare_digest(mac.hexdigest(), signature):
response = HttpResponse()
response.status_code = 403
return response
handle_push_hook_request(payload)
return HttpResponse("OK")
def healthcheck(request):
"""Simple view to display the result of defined
healthchecks
:param request: django request
:return: Django response containing text/plain
"""
# dictionary containing functions to be called
checks = {'DB': _test_db_connection,
'Topics': _test_topics_connection,
'Events search': _test_events_search}
response = HttpResponse()
overall_ok = True
for name, service in checks.iteritems():
try:
# run the healthcheck function
ok, message = service()
except Exception as e:
ok = False
message = e
logger.error('Error in healthcheck {name}'.format(name=name), exc_info=True)
if not ok:
overall_ok = False
response.write('* !! {service}: {text}\n'.format(service=name, text=message))
else:
response.write('* {service}: {text}\n'.format(service=name, text=message.replace('\n', '')))
response['Content-Type'] = "text/plain; charset=utf-8"
response['Cache-Control'] = "must-revalidate,no-cache,no-store"
if overall_ok:
response.status_code = 200
else:
response.status_code = 500
return response
def is_logged(request):
if request.user.is_authenticated():
res = HttpResponse("")
res.status_code = 200
return res
else:
res = HttpResponse("Unauthorized")
res.status_code = 401
return res
def check_url(request):
url = request.GET["url"]
res = HttpResponse()
try:
r = requests.head(url)
if r.status_code / 400 >= 1:
res.status_code = 303
else:
res.status_code = r.status_code
except:
res.status_code = 303
return res
def make_link(request):
if request.method == "POST" and len(request.body) > 0:
params = json.loads(request.body)
# key validation
keys = params.keys()
if len(keys) > 1 or 'url' not in keys:
res = HttpResponse()
res.status_code = 400
res.content = 'Please provide a json object with the format { "url" : "http://example.com" }'
return res
# url validation
url = params.get('url')
validate = URLValidator()
try:
validate(url)
except:
res = HttpResponse()
res.status_code = 400
res.content = "Not a valid URL"
return res
# look up link by long url
try:
Link.objects.get(long=url)
except ObjectDoesNotExist:
# if doesnotexist:
# generate shortid and make new url in db
# add 1 visit record
shorty = sid.generate()
short_url = build_short_url(request.is_secure(),
request.get_host(), shorty)
link = Link(long=url, short=short_url)
link.save()
visit = Visit(link_id=link.id)
visit.save()
# return newly created short link
return JsonResponse({"shorturl": link.short})
# if link exists already, return it
found = Link.objects.get(long=url)
return JsonResponse({'shorturl': found.short})
return HttpResponse(
status=400,
content="Bad request body or wrong request type (POST only)")
def login_page(request):
if request.method == "POST":
form = LoginForm(request, data=request.POST)
if form.is_valid():
username = form.cleaned_data.get("username")
password = form.cleaned_data.get("password")
user = authenticate(username=username, password=password)
if user is not None:
msg = "You have successfully logged in."
messages.success(request, msg)
login(request, user)
response = HttpResponse(msg)
response.status_code = 200
return response
else:
for msg in form.error_messages:
messages.error(request, f"{msg.upper()}: {form.error_messages[msg]}")
response = {
"msg": render_to_string(
"static_html/messages.html",
{
"messages": messages.get_messages(request),
},
),
}
res = HttpResponse(
json.dumps(response),
content_type="application/json",
)
res.status_code = 218
return res
else:
for msg in form.error_messages:
messages.error(request, f"{msg.upper()}: {form.error_messages[msg]}")
return error_msg_response(request)
if request.user.is_authenticated:
return redirect("Main:home_page")
form = LoginForm()
return render(request,"login.html", context={"form": form})
def get(self, request, *args, **kwargs):
""" Lors d'une requête GET """
dashboard = self.dashboard_class()
dashboard.init_with_context(RequestContext(request))
response = HttpResponse(dashboard.pre_content)
response.status_code = 200
return response
def _http_auth_helper(self, request):
# At this point, the user is either not logged in, or must log
# in using http auth. If they have a header that indicates a
# login attempt, then use this to try to login.
if 'HTTP_AUTHORIZATION' in request.META:
auth = request.META['HTTP_AUTHORIZATION'].split()
if len(auth) == 2:
if auth[0].lower() == 'basic':
# Currently, only basic http auth is used.
uname, passwd = base64.b64decode(auth[1]).split(':')
user = authenticate(username=uname, password=passwd)
if user and user.is_staff:
request.session['moat_username'] = uname
return
# The username/password combo was incorrect, or not provided.
# Challenge the user for a username/password.
resp = HttpResponse()
resp.status_code = 401
try:
# If we have a realm in our settings, use this for the
# challenge.
realm = settings.HTTP_AUTH_REALM
except AttributeError:
realm = ""
resp['WWW-Authenticate'] = 'Basic realm="%s"' % realm
return resp
def follow_unfollow_success_response(request, user_slug):
user = UserProfile.objects.get(slug=user_slug).user
followings = user.user_profile.following.order_by("username")
completed_quizzes = CompletedQuiz.objects.filter(
user__user_profile__slug=user_slug
).order_by("-completed_date")
data = {
"msg": render_to_string(
"static_html/messages.html",
{
"messages": messages.get_messages(request),
},
),
"new_page": render_to_string(
"user_profile.html",
context={
"viewing_user": user,
"followings": followings,
"completed_quizzes": completed_quizzes,
},
request=request
)
}
response = HttpResponse(
json.dumps(data),
content_type="application/json",
)
response.status_code = 200
return response
def response_resource_written_ok(cls,
view_name,
resource_id,
http_status,
http_request=None):
"""
Internal building of response for Rest services CREATE or UPDATE:
the header Location property is completed.
:param cls:
:type cls:
:param view_name:view name is an alias of the URL django configuration of the
Rest service writing the resource
:type view_name: str
:param resource_id: ID of written resource
:type resource_id: int or str
:param http_status: specified Http code
:type http_status: int
:param http_request: the request source of this response, optional default None:
may be required for the location property prefix in the response
:type http_request: django.http.HttpRequest
:return: the response of the writing service
:rtype: django.http.HttpResponse
"""
response = HttpResponse()
response.status_code = http_status
response['Location'] = HttpCommonsIkats.get_resource_location(
view_name, resource_id, http_request)
return response
def process_request(self, request):
"""
Parse the session id from the 'Session-Id: ' header when using the api.
"""
if self.is_api_request(request):
try:
parsed_session_uri = parse_session_id(request)
if parsed_session_uri is not None:
domain = get_domain(request)
if parsed_session_uri['realm'] != domain:
raise exceptions.PermissionDenied(
_('Can not accept cookie with realm %s on realm %s') % (
parsed_session_uri['realm'],
domain
)
)
session_id = session_id_from_parsed_session_uri(
parsed_session_uri)
request.session = start_or_resume(
session_id, session_type=parsed_session_uri['type'])
request.parsed_session_uri = parsed_session_uri
# since the session id is assigned by the CLIENT, there is
# no point in having csrf_protection. Session id's read
# from cookies, still need csrf!
request.csrf_processing_done = True
return None
except exceptions.APIException as e:
response = HttpResponse('{"reason": "%s"}' % e.detail,
content_type='application/json')
response.status_code = e.status_code
return response
return super(HeaderSessionMiddleware, self).process_request(request)
def process_request(self, request):
"""
Parse the session id from the 'Session-Id: ' header when using the api.
"""
if self.is_api_request(request):
try:
parsed_session_uri = parse_session_id(request)
if parsed_session_uri is not None:
domain = get_domain(request)
if parsed_session_uri['realm'] != domain:
raise exceptions.PermissionDenied(
_('Can not accept cookie with realm %s on realm %s') % (
parsed_session_uri['realm'],
domain
)
)
session_id = session_id_from_parsed_session_uri(
parsed_session_uri)
request.session = start_or_resume(
session_id, session_type=parsed_session_uri['type'])
request.parsed_session_uri = parsed_session_uri
# since the session id is assigned by the CLIENT, there is
# no point in having csrf_protection. Session id's read
# from cookies, still need csrf!
request.csrf_processing_done = True
return None
except exceptions.APIException as e:
response = HttpResponse('{"reason": "%s"}' % e.detail,
content_type='application/json')
response.status_code = e.status_code
return response
return super(HeaderSessionMiddleware, self).process_request(request)
def getrisktypes():
rtqs = RiskType.objects.all()
rtl = []
for e in rtqs:
py_dict = {}
py_dict[globals.RT_NAME] = e.riskname
py_dict[globals.RT_ATTRS] = []
rtaqs = RiskTypeAttribute.objects.filter(risktype=e)
for a in rtaqs:
eed = {}
if a.riskattrtype == globals.TENUM:
rtaee = RiskTypeAttributeEnumEntry.objects.filter(riskattr=a)
for ee in rtaee:
eed[ee.riskenumentryname] = ee.riskenumentryvalue
py_dict[globals.RT_ATTRS].append({
globals.RT_ATTR_NAME: a.riskattrname,
globals.RT_ATTR_TYPE: a.riskattrtype,
globals.EDICT: eed
})
else:
py_dict[globals.RT_ATTRS].append({
globals.RT_ATTR_NAME:
a.riskattrname,
globals.RT_ATTR_TYPE:
a.riskattrtype
})
rtl.append(py_dict)
r = HttpResponse(content=json.dumps(rtl), content_type='application/json')
r.status_code = 200
return r
def attach(request, app_name):
'''View function to attach facebook/twitter account to user.
If a twitter account is to be attached, the incoming request is simply an
indicator. This function then call twitter request_token api to ask for a
temporary twitter token and twitter secret token, save it to database and
send back to the client.
Args:
request: Incoming request.
app_name: The name of social network to be attached.
Returns:
Token string if twitter token is successfully received. Error message
if network is not supported.
'''
response = HttpResponse()
if app_name == 'facebook':
success(request, 'facebook account attached')
elif app_name == 'twitter':
request_token_url = 'https://api.twitter.com/oauth/request_token'
oauth = OAuth1(client_key,
client_secret=client_secret)
r = requests.post(url=request_token_url,
auth=oauth,
data={'oauth_callback': 'http://ec2-54-173-9-169.compute-1.amazonaws.com:9090/twitter'})
twitter_query = QueryDict(r.content)
UserProfile.insert_twitter_token(twitter_query, request.user)
return HttpResponse(twitter_query['oauth_token'])
else:
error(request, 'Unsupported social network')
response.status_code = 400
response.write(''.join([item.message for item in get_messages(request)]))
return response
def getrisktype(rtname):
try:
rt = RiskType.objects.get(riskname=rtname)
except RiskType.DoesNotExist:
raise error.RTException(error.RISKTYPE_NOT_EXISTS)
py_dict = {}
py_dict[globals.RT_NAME] = rt.riskname
py_dict[globals.RT_ATTRS] = []
rtaqs = RiskTypeAttribute.objects.filter(risktype=rt)
for e in rtaqs:
eed = {}
if e.riskattrtype == globals.TENUM:
rtaee = RiskTypeAttributeEnumEntry.objects.filter(riskattr=e)
for ee in rtaee:
eed[ee.riskenumentryname] = ee.riskenumentryvalue
py_dict[globals.RT_ATTRS].append({
globals.RT_ATTR_NAME: e.riskattrname,
globals.RT_ATTR_TYPE: e.riskattrtype,
globals.EDICT: eed
})
else:
py_dict[globals.RT_ATTRS].append({
globals.RT_ATTR_NAME:
e.riskattrname,
globals.RT_ATTR_TYPE:
e.riskattrtype
})
r = HttpResponse(content=json.dumps(py_dict),
content_type='application/json')
r.status_code = 200
return r
def risktype(request, rtname=''):
if request.method == 'POST':
try:
return createrisktype(request)
except Exception as e:
if type(e) is error.RTException:
return error.handle_RT_exception(e)
else:
return error.handle_RT_exception(
error.RTException(e.__str__(), 500))
elif request.method == 'GET':
try:
return getrisktype(rtname)
except Exception as e:
if type(e) is error.RTException:
return error.handle_RT_exception(e)
else:
return error.handle_RT_exception(
error.RTException(e.__str__(), 500))
else:
r = HttpResponse(content=json.dumps(
{globals.MSG: error.HTTP_METHOD_NOT_SUPPORTED}),
content_type='application/json')
r.status_code = 400
return r
def postImageContent(request):
userId = request.session.get(KEY_USER_ID, '')
if not userId:
return HttpResponse('你还未登录或登录已过期')
print(str(request.POST))
images = request.POST.getlist('images[]')
texts = request.POST.getlist('texts[]')
title = request.POST.get('title')
category = request.POST.get('category')
author = request.POST.get('author')
print("分类:", category)
articleType = 3 # 图文
contentType = 3 # 图文
if articleService.addImageArticle(userId, title, category, contentType, articleType, images, texts, author):
return HttpResponse(SUCCESS)
else:
response = HttpResponse(ERROR)
response.status_code = 500
return response
def set_cookie(request):
print(request.COOKIES)
res = HttpResponse()
res.content = '我已经设置好了cookie!!!'
res.status_code = 200
res.set_cookie('name', value='lisi', max_age=30)
return res
def login_response(request):
# 1. 操作 参数
# return HttpResponse(
# content="浏览器显示的内容",
# # 服务器接收内容的类型
# # content_type='application/json',
# # status=200,
# )
# 2. 操作 属性
# 实例一个response对象
response = HttpResponse()
# 设置属性
response.content = '操作属性'
response.status_code = 200
response.status_code = HttpResponseBadRequest.status_code
def render_response(self, result, http_headers, status_code, fieldset):
if isinstance(result, HttpResponseBase):
return result
else:
if not fieldset and 'fields' in self.request._rest_context:
del self.request._rest_context['fields']
response = HttpResponse()
try:
response.status_code = status_code
http_headers = self._get_headers(http_headers)
self._serialize(response, result, status_code, http_headers)
except UnsupportedMediaTypeException:
response.status_code = 415
http_headers['Content-Type'] = self.request.get('HTTP_ACCEPT')
self._set_response_headers(response, http_headers)
return response
def logout(request):
logger.info('enter logout page')
logout_data = json.loads(str(request.body, encoding="utf-8"))
response = HttpResponse(content_type='application/json')
try:
del request.session['user_email']
logger.info('logout fail')
response.status_code = 406
response.content = json.dumps({'msg': 'logout fail', 'data': ''})
return response
except:
response.status_code = 200
response.content = json.dumps({
'msg': 'logout successfully',
'data': ''
})
return response
def make_response(status=200, content=None):
if content is None:
content = {}
response = HttpResponse()
response.status_code = status
response['Content-Type'] = "application/json"
response.content = json.dumps(content)
return response
def index(request):
response_data = {}
response_data['server'] = 'oauth2_server.com'
response_data['version'] = 'django {0}'.format(get_version())
resp = HttpResponse(json.dumps(response_data), content_type="application/json")
resp.status_code = 200
return resp
def render_response(self, result, http_headers, status_code, fieldset):
if isinstance(result, HttpResponseBase):
return result
else:
if not fieldset and 'fields' in self.request._rest_context:
del self.request._rest_context['fields']
response = HttpResponse()
try:
response.status_code = status_code
http_headers = self._get_headers(http_headers)
self._serialize(response, result, status_code, http_headers)
except UnsupportedMediaTypeException:
response.status_code = 415
http_headers['Content-Type'] = self.request.get('HTTP_ACCEPT')
self._set_response_headers(response, http_headers)
return response
def riskhome(request):
if request.method == 'GET':
return render(request, 'risk.htm')
else:
r = HttpResponse(content=json.dumps(
{globals.MSG: error.HTTP_METHOD_NOT_SUPPORTED}),
content_type='application/json')
r.status_code = 400
return r
def check_common_authorization(request):
#credential check
if request.META.has_key('HTTP_AUTHORIZATION') != True:
debug_print('>>> no HTTP_AUTHORIZATION')
r = HttpResponse(content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
r['WWW-Authenticate'] = 'Basic realm="taxii", type=1, title="Login to \"apps\"", Basic realm="simple"'
r.status_code = 401
return r
if request.META['HTTP_AUTHORIZATION'] != HTTP_AUTHORIZATION_VALUE:
debug_print('>>> invalid HTTP_AUTHORIZATION')
debug_print(HTTP_AUTHORIZATION_VALUE)
debug_print(request.META['HTTP_AUTHORIZATION'])
r = HttpResponse(content_type=RESPONSE_COMMON_CONTENT_TYPE_TAXII_JSON)
r['WWW-Authenticate'] = 'Basic realm="taxii", type=1, title="Login to \"apps\"", Basic realm="simple"'
r.status_code = 401
return r
return None
def redirect_through_normal_response_new_headers_attr(request):
private = "private"
next = request.GET.get("next")
resp = HttpResponse() # $ HttpResponse mimetype=text/html
resp.status_code = 302
resp.headers['Location'] = next # $ MISSING: redirectLocation=next
resp.content = private # $ MISSING: responseBody=private
return resp
def test_should_throw_a_runtime_exception_when_status_code_is_not_200(self):
rest_client = RestClient()
rest_client.post_data = MagicMock()
output_content = b""
expeted_response = HttpResponse(content=output_content)
expeted_response.status_code = 500
rest_client.post_data.return_value = expeted_response
service = CompilerService(rest_client)
self.assertRaises(RuntimeError,service.run_code,"print('hi')", "python3")
def robots_txt(request):
content = 'User-agent: *\n' \
'Disallow: /admin/*\n' \
'Sitemap: https://mervinz.me/sitemap.xml\n'
response = HttpResponse()
response.status_code = 200
response.charset = 'utf-8'
response['Content-Type'] = 'text/plain; charset=UTF-8'
response.write(content.encode(encoding='utf-8'))
return response
def get(self, request):
if not request.user.is_authenticated():
response = HttpResponse(json.dumps(
{"errors": ["Not authenticated"]}), content_type='application/json')
response.status_code = 403
return response
if not request.user.profile.school:
response = HttpResponse(json.dumps(
{"errors": ["Not associated with any school"]}), content_type='application/json')
response.status_code = 403
return response
form = ExportForm(request.GET)
if form.is_valid():
download = export_logs(form.cleaned_data, self.request.user.profile.timezone)
if download:
# Mime type data:
# https://blogs.msdn.microsoft.com/vsofficedeveloper/2008/05/08/office-2007-file-format-mime-types-for-http-content-streaming-2/
now = datetime.now(timezone(TIME_ZONE))
filename = "{}.logs.{}-{}-{}".format(
request.user.profile.school.short_name,
now.year, now.month, now.day
)
response = HttpResponse(
download.read(),
content_type="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
)
response['Content-Disposition'] = 'attachment; filename={}.xlsx'.format(
filename)
return response
response = HttpResponse(json.dumps(
{"errors": ["No columns selected"]}))
response.status_code = 400
return response
else:
response = HttpResponse(json.dumps(form.errors))
response.status_code = 400
return response
def search(search_query):
'''
:param search_query:
'''
response = HttpResponse()
try:
response.content = extract_and_search(search_query)
except Exception, ex:
response.status_code = 500
logger.exception(ex)
def throw_error(errno, pretty =False, xlimits =[]): print(errno) json_pretty = ConsoleAPI.json_base_response(errno['ERRNO'], errno['ERRMSG']) json_pretty = json.dumps(json_pretty, sort_keys=True, indent=4) if pretty else json.dumps(json_pretty) response = HttpResponse(json_pretty, content_type="application/json") response.status_code = errno['HTTP_CODE'] if xlimits: response['X-RateLimit-Limit'] = xlimits[1] response['X-RateLimit-Remaining'] = xlimits[2] response['X-RateLimit-Reset'] = xlimits[3] return response
def test_should_print_a_simple_hi(self):
rest_client = RestClient()
rest_client.post_data = MagicMock()
output_content = b"hi"
expeted_response = HttpResponse(content=output_content)
expeted_response.status_code = 200
rest_client.post_data.return_value = expeted_response
service = CompilerService(rest_client)
actual_output = service.run_code("print('hi')", "python3")
self.assertEqual(output_content, actual_output)
def json_response(errno, data, pretty =False, xlimits =[]): json_data = ConsoleAPI.json_base_response(errno['ERRNO'], errno['ERRMSG']) json_data['data'] = data json_pretty = ConsoleAPI._pretty_json(json_data) response = HttpResponse(json_pretty, content_type="application/json") response.status_code = errno['HTTP_CODE'] if xlimits: response['X-RateLimit-Limit'] = xlimits[1] response['X-RateLimit-Remaining'] = xlimits[2] response['X-RateLimit-Reset'] = xlimits[3] return response
def upload(request):
logger.info('server get message from rsp success')
data = json.loads(str(request.body, encoding="utf-8"))
response = HttpResponse(content_type='application/json')
if data['email'] is None or data['email'] == '':
logger.info('data lacks email', data)
response.status_code = 406
response.content = json.dumps({'msg': '', 'date': ''})
if data['type'] is None or data['type'] == '':
# must select one type
logger.info('data lacks type', data)
response.status_code = 406
response.content = json.dumps({
'msg': 'please confirm your message type',
'date': ''
})
return response
if data['type'] == 'clock' or data['type'] == 'todo':
if data['time'] is None or data['time'] == '':
logger.info('data lacks time', data)
response.status_code = 406
response.content = json.dumps({
'msg': 'this message must have time',
'date': ''
})
return response
try:
Users.objects.get(email=data['email'])
except Users.DoesNotExist:
response.status_code = 401
response.content = json.dumps({
'msg': 'you have not registered yet',
'date': ''
})
return response
message_save = Messages.create(data)
message_save.save()
logger.info('message is saved')
response.status_code = 200
response.content = json.dumps({'msg': 'upload successfully', 'date': ''})
return response
def delete_value(hotel_id):
'''
:param hotel_id:
'''
response = HttpResponse()
try:
del DataStore().data[hotel_id]
except Exception, ex:
response.status_code = 500
logger.exception(ex)
raise ex
def position(request):
if 'page' in request.GET:
page = paginate(request.GET['page'], Position.objects.all())
if page is None:
resp = HttpResponse()
resp.status_code = 500
return resp
objects = page.object_list
else:
objects = get_list_or_404(Position)
position_list = [{'id': obj.id, 'name' : obj.name} for obj in objects]
response_data = {}
response_data['items_cnt'] = len(position_list)
response_data['positions'] = position_list
resp = HttpResponse(json.dumps(response_data), content_type="application/json")
resp.status_code = 200
return resp
def parse_access_req_params(req_params):
access_need_params = {'grant_type' : 0, 'client_id' : 0, 'client_secret' : 0, 'redirect_uri' : 0, 'code' : 0}
for key, value in access_need_params.items():
if key not in req_params:
print("ERR: no authorization needed param `{0}'").format(key)
resp = HttpResponse()
resp.status_code = 400
return resp
access_need_params[key] = req_params[key]
return access_need_params
def me(request):
msg = check_access(request)
if msg == 'ok':
access_code = request.META['HTTP_AUTHORIZATION']
acc_obj = access_token.objects.get(token=access_code)
user = acc_obj.user
response_data = {}
response_data['full_name'] = user.first_name
response_data['username'] = user.username
response_data['email'] = user.email
response_data['mobile_phone'] = user.mobile_phone
response_data['birthday'] = user.birth_day
resp = HttpResponse(json.dumps(response_data), content_type="application/json")
resp.status_code = 200
return resp
else:
print "ERR: {0}".format(msg)
resp = HttpResponse()
resp.status_code = 401
return resp
def oidtest(request):
ax = (("http://axschema.org/eid/card-validity/end",
"http://axschema.org/person/gender",
"http://axschema.org/contact/postalAddress/home",
"http://axschema.org/namePerson/first",
"http://axschema.org/eid/photo",
"http://axschema.org/eid/card-validity/begin",
"http://axschema.org/contact/city/home",
"http://axschema.org/contact/postalCode/home",
"http://axschema.org/birthDate",
"http://openid.net/schema/birthDate/birthYear",
"http://openid.net/schema/birthDate/birthMonth",
"http://openid.net/schema/birthDate/birthday",
"http://axschema.org/eid/pob",
"http://axschema.org/eid/card-number",
"http://axschema.org/eid/nationality",
"http://axschema.org/namePerson/last",
"http://axschema.org/namePerson",
"http://axschema.org/eid/rrn",
# "http://axschema.org/eid/cert/auth",
"http://axschema.org/eid/age"), ())
uri = "https://www.e-contract.be/eid-idp/endpoints/openid/ident"
kind, claimedId = openid2rp.normalize_uri(uri)
res = openid2rp.discover(claimedId)
if res is not None:
services, op_endpoint, op_local = res
session = openid2rp.associate(services, op_endpoint)
redirect_url = openid2rp.request_authentication(
services,
op_endpoint,
session['assoc_handle'],
"http://127.0.0.1:8000/tests/openid2",
claimedId, op_local,
sreg=((), ()),
ax=ax
)
response = HttpResponse()
response['Location'] = redirect_url
response.status_code=303
return response
def unauthed(self):
response = HttpResponse("""<html><title>Auth required</title><body>
<h1>Authorization Required</h1></body></html>""", content_type="text/html")
response['WWW-Authenticate'] = 'Basic realm="Staging"'
response.status_code = 401
return response
def get_access_token(request):
if 'grant_type' not in request.POST:
print "ERR: no grant_type field in req"
resp = HttpResponse()
resp.status_code = 400
return resp
if request.POST['grant_type'] == 'authorization_code':
access_params = parse_access_req_params(request.POST)
for key, value in access_params.items():
print "{0} -> {1}".format(key, value)
#check authorization code
try:
authorization_code = auth_code.objects.get(code=access_params['code'])
except auth_code.DoesNotExist:
print "ERR: no auth code `{0}' in db".format(access_params['code'])
resp = HttpResponse()
resp.status_code = 401
return resp
#check client id and secret in db
client_app = None
try:
client_app = get_object_or_404(client_info,
client_id=access_params['client_id'],
client_secret=access_params['client_secret'])
except DoesNotExist:
print("ERR: client with client_id: {0} client_secret: {1} doesn't exist").format(
access_params['client_id'],
access_params['client_secret'])
resp = HttpResponse()
resp.status_code = 400
return resp
if authorization_code.client_id != client_app:
print "ERR: diff client_id and auth_code.client_id"
raise Http404
#check redirect uri
if client_app.redirect_domain != access_params['redirect_uri']:
print "ERR: redirect_uri {0} is not correct".format(access_params['redirect_uri'])
resp = HttpResponse()
resp.status_code = 400
return resp
#create refresh and access tokens
req_refresh_token = generate_code()
req_access_token = generate_code()
print "INF: created tokens: access: {0} refresh: {1}".format(req_access_token, req_refresh_token)
token = access_token.objects.create(token=req_access_token, app_id=client_app,
refresh_token=req_refresh_token, user=authorization_code.user)
elif request.POST['grant_type'] == 'refresh_token':
req_refresh_token = request.POST['refresh_token'] if 'refresh_token' in request.POST else None
if req_refresh_token is None:
print "ERR: no field `refresh_token' in req"
resp = HttpResponse()
resp.status_code = 400
return resp
#check if refresh token is in db
try:
token = access_token.objects.get(refresh_token=req_refresh_token)
except access_token.DoesNotExist:
print "ERR: no refresh_token `{0}' in db".format(req_refresh_token)
resp = HttpResponse()
resp.status_code = 400
return resp
#generate new aceess token
req_access_token = generate_code()
#update db with new access_token
token.token = req_access_token
token.creation_time = datetime.now()
token.save()
print "INF: generated new access_token {0}".format(req_access_token)
else:
print "ERR: incorrect grant_type"
resp = HttpResponse()
resp.status_code = 400
return resp
return JsonResponse({
'access_token': token.token,
'token_type' : 'bearer',
'expires_in' : token.expires_in(),
'refresh_token': token.refresh_token,
})
def processa_django_request(request):
path = request.path.split('/')
action = path[1]
action = urls.get(action, None)
if not action:
action = get_service_info
# PROCESSA OS PARAMETROS
params = []
logger = logging.getLogger(__name__)
if request.method == 'POST':
params = request.body.decode()
params = Serializer.json_to_object(params)
if params != None and not len(params):
params = []
if not isinstance(params, list):
params = [params]
# Retorno
result = {"result": "OK",
"data": ""}
try:
# if the action is an str which it means that need to make post request
if isinstance(action, str):
request = Request(action, urlencode(params).encode())
result['data'] = urlopen(request).read().decode()
else:
result['data'] = action(*params)
result = Serializer.object_to_json(result)
response = HttpResponse()
response.status_code = 200
response.write(result)
return response
except Exception as e:
result['result'] = 'ERRO'
result['data'] = {}
if not hasattr(e, 'code'):
e.code = ''
if not hasattr(e, 'message'):
e.message = str(e)
message_detail2 = ''
if hasattr(e, 'message_detail'):
message_detail2 = e.message_detail2
if 'positional arguments but' in e.message \
or 'must be a sequence, not NoneType' in e.message \
or 'positional argument' in e.message:
e.message = 'Number of parameters incorrect'
result['data']['code'] = e.code
result['data']['message'] = e.message
# message_detail = format_exception(e)
# result['data']['message_detail'] = message_detail
result['data']['message_detail2'] = message_detail2
logger.error(e.message)
return result
def get_visible_fields(self,
schema_fields, filter_fields, manual_field_includes,
visibilities, exact_fields=[], order_params=[]):
'''
Construct an ordered dict of schema fields that are visible, based on
- the field["visibility"] of each field on the resource,
- if the field is in the manual_field_includes
- if the field is in the filter_fields
- if the field key in another fields schema field['dependencies']
TODO: this method is not SqlAlchemy specific
'''
DEBUG_VISIBILITY = False or logger.isEnabledFor(logging.DEBUG)
visibilities = set(visibilities)
if DEBUG_VISIBILITY:
logger.info('get_visible_fields: field_hash initial: %r, manual: %r, exact: %r',
schema_fields.keys(),manual_field_includes, exact_fields )
try:
if exact_fields:
temp = { key:field for key,field in schema_fields.items()
if key in exact_fields or key in filter_fields }
else:
temp = { key:field for key,field in schema_fields.items()
if ((field.get('visibility', None)
and visibilities & set(field['visibility']))
or field['key'] in manual_field_includes
or '*' in manual_field_includes ) }
# manual excludes
temp = { key:field for key,field in temp.items()
if '-%s' % key not in manual_field_includes }
# dependency fields
dependency_fields = set()
for field in temp.values():
if field.get('value_template', None):
dependency_fields.update(
re.findall(r'{([a-zA-Z0-9_-]+)}', field['value_template']))
if field.get('display_options', None):
dependency_fields.update(
re.findall(r'{([a-zA-Z0-9_-]+)}', field['display_options']))
if field.get('dependencies',None):
dependency_fields.update(field.get('dependencies'))
logger.debug('field: %s, dependencies: %s', field['key'],field.get('dependencies',[]))
if DEBUG_VISIBILITY:
logger.info('dependency_fields %s', dependency_fields)
if dependency_fields:
temp.update({ key:field
for key,field in schema_fields.items() if key in dependency_fields })
# filter_fields
if filter_fields:
temp.update({ key:field
for key,field in schema_fields.items() if key in filter_fields })
# order params
if order_params:
temp.update({ key:field
for key,field in schema_fields.items()
if ( key in order_params or '-%s'%key in order_params) })
field_hash = OrderedDict(sorted(temp.iteritems(),
key=lambda x: x[1].get('ordinal',999)))
if DEBUG_VISIBILITY:
logger.info('field_hash final: %s', field_hash.keys())
if not field_hash:
response = HttpResponse('no fields specified')
response.status_code = 400
raise ImmediateHttpResponse(
response=response)
return field_hash
except ImmediateHttpResponse:
raise
except Exception, e:
logger.exception('on get_visible_fields')
raise e
def response_error(message):
response = HttpResponse(json.dumps({'message': message}), 'application/json')
response.status_code = 500
return response
def get_response_401(self):
response = HttpResponse('Unauthorized\r\n')
response.status_code = 401
response['WWW-Authenticate'] = 'Basic realm="What Manager"'
return response
