def test_should_response_200_json(self, session):
self._create_dagrun(session)
key = self.app.config["SECRET_KEY"]
serializer = URLSafeSerializer(key)
token = serializer.dumps({"download_logs": False})
headers = {'Accept': 'application/json'}
response = self.client.get(
f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/"
f"taskInstances/{self.TASK_ID}/logs/1?token={token}",
headers=headers
)
expected_filename = "{}/{}/{}/{}/1.log".format(
self.log_dir,
self.DAG_ID,
self.TASK_ID,
self.default_time.replace(":", ".")
)
self.assertEqual(
response.json['content'],
f"*** Reading local file: {expected_filename}\nLog for testing."
)
info = serializer.loads(response.json['continuation_token'])
self.assertEqual(
info,
{'end_of_log': True}
)
self.assertEqual(200, response.status_code)
def test_get_logs_of_removed_task(self, session):
self._create_dagrun(session)
# Recreate DAG without tasks
dagbag = self.app.dag_bag # pylint: disable=no-member
dag = DAG(self.DAG_ID, start_date=timezone.parse(self.default_time))
dagbag.bag_dag(dag=dag, root_dag=dag)
key = self.app.config["SECRET_KEY"]
serializer = URLSafeSerializer(key)
token = serializer.dumps({"download_logs": True})
response = self.client.get(
f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/"
f"taskInstances/{self.TASK_ID}/logs/1?token={token}",
headers={'Accept': 'text/plain'},
environ_overrides={'REMOTE_USER': "******"},
)
expected_filename = "{}/{}/{}/{}/1.log".format(
self.log_dir, self.DAG_ID, self.TASK_ID, self.default_time.replace(':', '.')
)
assert 200 == response.status_code
assert (
response.data.decode('utf-8')
== f"\n*** Reading local file: {expected_filename}\nLog for testing.\n"
)
def post(self):
#Get user id from email,send email with encoded userId link. On link click call another method that decodes and allows pw [email protected]
email = request.form['email']
user = Accounts.query.filter_by(email=email).first()
userID = user.id_user
s = URLSafeSerializer("RYJ5k67yr57K%$YHErenT46wjrrtdrmnwtrdnt")
encodedUser = s.dumps(user.id_user)
msg = Message('Confirm Email', recipients=[user.email])
emailBody = "Plase click the link to confirm your email http://167.172.59.89:5000/reset/" + encodedUser
msg.body = emailBody
mail.send(msg)
def test_get_logs_response_with_ti_equal_to_none(self, session):
self._create_dagrun(session)
key = self.app.config["SECRET_KEY"]
serializer = URLSafeSerializer(key)
token = serializer.dumps({"download_logs": True})
response = self.client.get(
f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/"
f"taskInstances/Invalid-Task-ID/logs/1?token={token}", )
self.assertEqual(response.status_code, 400)
self.assertEqual(response.json['detail'],
"Task instance did not exist in the DB")
def test_should_raise_403_forbidden(self):
key = self.app.config["SECRET_KEY"]
serializer = URLSafeSerializer(key)
token = serializer.dumps({"download_logs": True})
response = self.client.get(
f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/"
f"taskInstances/{self.TASK_ID}/logs/1?token={token}",
headers={'Accept': 'text/plain'},
environ_overrides={'REMOTE_USER': "******"},
)
assert response.status_code == 403
def test_should_raises_401_unauthenticated(self):
key = self.app.config["SECRET_KEY"]
serializer = URLSafeSerializer(key)
token = serializer.dumps({"download_logs": False})
response = self.client.get(
f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/"
f"taskInstances/{self.TASK_ID}/logs/1?token={token}",
headers={'Accept': 'application/json'},
)
assert_401(response)
def serialize_user_flag(account_id, challenge_id, challenge_data=None, *, secret=None):
if secret is None:
secret = current_app.config["SECRET_KEY"]
serializer = URLSafeSerializer(secret)
data = [account_id, challenge_id]
if challenge_data is not None:
data.append(challenge_data)
user_flag = serializer.dumps(data)[::-1]
return user_flag
class Guard:
def __init__(self):
self.serializer = URLSafeSerializer("secret-key", salt="upgrade")
def hash_password(self, password):
return hashlib.sha256(password.encode()).hexdigest()
def dumps_user(self, username):
return self.serializer.dumps(username)
def loads_token(self, token):
if token[0:14] != "6NEVebMx6_bULg":
return False, ""
return self.serializer.loads_unsafe(token[14:])
def hash(self, key:str, salt:str=None, parallel:bool=False, parallel_statusbar:bool=False, inplace=False): """ To hash an entire DataFrame Parameters ---------- key: str salt: str, optional parallel: bool, optional parallel_statusbar: bool, optional Returns ------- pd.core.frame.DataFrame """ df_input = self._obj.copy() if inplace: df = df_input else: df = df_input.copy() from itsdangerous.url_safe import URLSafeSerializer serializer = URLSafeSerializer(key, salt=salt) if parallel: from pandarallel import pandarallel pandarallel.initialize(progress_bar=parallel_statusbar) df = df.parallel_applymap(lambda x: serializer.dumps(x)) else: df = df.applymap(serializer.dumps) df.columns = [serializer.dumps(c) for c in df.columns.tolist()] if inplace: df_input = df.copy() else: return df
def test_get_logs_for_handler_without_read_method(self, mock_log_reader):
type(mock_log_reader.return_value).supports_read = PropertyMock(
return_value=False)
key = self.app.config["SECRET_KEY"]
serializer = URLSafeSerializer(key)
token = serializer.dumps({"download_logs": False})
headers = {'Content-Type': 'application/jso'} # check guessing
response = self.client.get(
f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/"
f"taskInstances/{self.TASK_ID}/logs/1?token={token}",
headers=headers)
self.assertEqual(400, response.status_code)
self.assertIn('Task log handler does not support read logs.',
response.data.decode('utf-8'))
def with_cookie(
cookie_name: str, cookie_data: Any, response, *args, **kwargs
) -> flask.Response:
"""
Takes in a response and attaches a signed cookie with the name
`cookie_name` and data `cookie_data`. This helps verify the
integrity of the cookie. All cookies are httpOnly and rest of
the arguments are passed as is to the `flask.Response.set_cookie`
method.
"""
serializer = URLSafeSerializer(flask.current_app.config["SECRET_KEY"])
data = serializer.dumps(cookie_data)
res = flask.make_response(response)
res.set_cookie(cookie_name, data, httponly=True, *args, **kwargs)
return res
def test_should_response_200_text_plain(self, session):
self._create_dagrun(session)
key = self.app.config["SECRET_KEY"]
serializer = URLSafeSerializer(key)
token = serializer.dumps({"download_logs": True})
response = self.client.get(
f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/"
f"taskInstances/{self.TASK_ID}/logs/1?token={token}",
headers={'Accept': 'text/plain'})
expected_filename = "{}/{}/{}/{}/1.log".format(
self.log_dir, self.DAG_ID, self.TASK_ID,
self.default_time.replace(':', '.'))
self.assertEqual(200, response.status_code)
self.assertEqual(
response.data.decode('utf-8'),
f"*** Reading local file: {expected_filename}\nLog for testing.\n")
def test_should_respond_200_json(self, session):
self._create_dagrun(session)
key = self.app.config["SECRET_KEY"]
serializer = URLSafeSerializer(key)
token = serializer.dumps({"download_logs": False})
response = self.client.get(
f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/"
f"taskInstances/{self.TASK_ID}/logs/1?token={token}",
headers={'Accept': 'application/json'},
environ_overrides={'REMOTE_USER': "******"},
)
expected_filename = "{}/{}/{}/{}/1.log".format(
self.log_dir, self.DAG_ID, self.TASK_ID, self.default_time.replace(":", ".")
)
assert (
response.json['content']
== f"[('', '*** Reading local file: {expected_filename}\\nLog for testing.')]"
)
info = serializer.loads(response.json['continuation_token'])
assert info == {'end_of_log': True}
assert 200 == response.status_code
class CSRFMiddleware(BaseHTTPMiddleware):
def __init__(
self,
app: ASGIApp,
secret: str,
sensitive_cookies: Optional[Set[str]] = None,
cookie_name: str = "csrftoken",
cookie_path: str = "/",
cookie_domain: Optional[str] = None,
cookie_secure: bool = False,
cookie_httponly: bool = False,
cookie_samesite: str = "lax",
header_name: str = "x-csrftoken",
safe_methods: Set[str] = {"GET", "HEAD", "OPTIONS", "TRACE"},
exempt_urls: Optional[List[Pattern]] = None,
) -> None:
super().__init__(app)
self.serializer = URLSafeSerializer(secret, "csrftoken")
self.secret = secret
self.sensitive_cookies = sensitive_cookies
self.cookie_name = cookie_name
self.cookie_path = cookie_path
self.cookie_domain = cookie_domain
self.cookie_secure = cookie_secure
self.cookie_httponly = cookie_httponly
self.cookie_samesite = cookie_samesite
self.header_name = header_name
self.safe_methods = safe_methods
self.exempt_urls = exempt_urls
async def dispatch(self, request: Request, call_next: RequestResponseEndpoint):
csrf_cookie = request.cookies.get(self.cookie_name)
if (
request.method not in self.safe_methods
and self._has_sensitive_cookies(request.cookies)
and not self._url_is_exempt(request.url)
):
submitted_csrf_token = await self._get_submitted_csrf_token(request)
if (
not csrf_cookie
or not submitted_csrf_token
or not self._csrf_tokens_match(csrf_cookie, submitted_csrf_token)
):
return self._get_error_response(request)
response = await call_next(request)
if not csrf_cookie:
response.set_cookie(
self.cookie_name,
self._generate_csrf_token(),
path=self.cookie_path,
domain=self.cookie_domain,
secure=self.cookie_secure,
httponly=self.cookie_httponly,
samesite=self.cookie_samesite,
)
return response
def _has_sensitive_cookies(self, cookies: Dict[str, str]) -> bool:
if not self.sensitive_cookies:
return True
for sensitive_cookie in self.sensitive_cookies:
if sensitive_cookie in cookies:
return True
return False
def _url_is_exempt(self, url: URL) -> bool:
if not self.exempt_urls:
return False
for exempt_url in self.exempt_urls:
if exempt_url.match(url.path):
return True
return False
async def _get_submitted_csrf_token(self, request: Request) -> Optional[str]:
return request.headers.get(self.header_name)
def _generate_csrf_token(self) -> str:
return cast(str, self.serializer.dumps(secrets.token_urlsafe(128)))
def _csrf_tokens_match(self, token1: str, token2: str) -> bool:
try:
decoded1: str = self.serializer.loads(token1)
decoded2: str = self.serializer.loads(token2)
return secrets.compare_digest(decoded1, decoded2)
except BadSignature:
return False
def _get_error_response(self, request: Request) -> Response:
return PlainTextResponse(
content="CSRF token verification failed", status_code=403
)
from itsdangerous.serializer import Serializer
s = Serializer("secret-key")
serializer_value = s.dumps([1, 2, 3, 4])
print(serializer_value)
print(s.loads(serializer_value))
from itsdangerous.url_safe import URLSafeSerializer
s1 = URLSafeSerializer("secret-key", salt="activate")
s1.dumps(1)
s2 = URLSafeSerializer("secret-key", salt="upgrade")
s2.dumps(1)
print(s1.dumps(1))
print(s2.dumps(1))
print(s1.loads(s1.dumps(1)))
print(s2.loads(s2.dumps(1)))
s = URLSafeSerializer("secret-key")
s.dumps([1, 2, 3, 4])
print(s.dumps([1, 2, 3, 4]))
print(s.loads(s.dumps([1, 2, 3, 4])))
def encrypt_cookie(content):
s = URLSafeSerializer(current_app.config["SECRET_KEY"], salt="cookie")
encrypted_content = s.dumps(content)
return encrypted_content
def generate_token_from_data(data: dict, salt: str = "user_activation") -> str:
secret_key = os.environ.get('SECRET_KEY')
serializer = URLSafeSerializer(secret_key)
token = serializer.dumps(data, salt=salt)
return token
