Exemplo n.º 1
0
def bid_id_signature_verified_active_bid(self):
    if self.initial_organization == self.test_financial_organization:
        response = self.app.post_json(
            '/auctions/{}/bids'.format(self.auction_id), {
                'data': {
                    'tenderers': [self.initial_organization],
                    'qualified': True,
                    'eligible': True
                }
            })
    else:
        response = self.app.post_json(
            '/auctions/{}/bids'.format(self.auction_id), {
                'data': {
                    'tenderers': [self.initial_organization],
                    'qualified': True
                }
            })
    bidder = response.json['data']
    signature = bidder['participationUrl']
    before, sep, sig = signature.partition('signature=')
    sig = b64decode(unquote(str(sig)))
    signer = Signer(
        'fe3b3b5999a08e68dfe62687c2ae147f62712ceace58c1ffca8ea819eabcb5d1'.
        decode('hex'))
    ver = Verifier(signer.hex_vk())
    verified = ver.verify(sig +
                          str('{}_{}'.format(self.auction_id, bidder['id'])))
    self.assertEqual(verified, '{}_{}'.format(self.auction_id, bidder['id']))
Exemplo n.º 2
0
def main(global_config, **settings):
    """ This function returns a Pyramid WSGI application.
    """
    read_users(settings['auth.file'])
    config = Configurator(
        settings=settings,
        authentication_policy=BasicAuthAuthenticationPolicy(
            auth_check, __name__),
        authorization_policy=ACLAuthorizationPolicy(),
        root_factory=Root,
    )
    config.add_request_method(request_params, 'params', reify=True)
    config.add_subscriber(new_request_subscriber, NewRequest)
    config.add_subscriber(add_logging_context, ContextFound)
    config.include('pyramid_exclog')
    config.add_route('status', '/')
    config.add_route('register', '/register')
    config.add_route('upload', '/upload')
    config.add_route('upload_file', '/upload/{doc_id}')
    config.add_route('get', '/get/{doc_id}')
    config.scan(ignore='openprocurement.documentservice.tests')

    config.registry.signer = signer = Signer(
        settings.get('dockey', '').decode('hex'))
    config.registry.dockey = dockey = signer.hex_vk()[:8]
    verifier = Verifier(signer.hex_vk())
    config.registry.dockeyring = dockeyring = {dockey: verifier}
    dockeys = settings.get(
        'dockeys') if 'dockeys' in settings else Signer().hex_vk()
    for key in dockeys.split('\0'):
        dockeyring[key[:8]] = Verifier(key)
    config.registry.keyring = keyring = {dockey: verifier}
    apikeys = settings.get(
        'apikeys') if 'apikeys' in settings else Signer().hex_vk()
    for key in apikeys.split('\0'):
        keyring[key[:8]] = Verifier(key)
    config.registry.apikey = key[:8]

    config.registry.upload_host = settings.get('upload_host')
    config.registry.get_host = settings.get('get_host')

    # search for storage
    storage = settings.get('storage')
    for entry_point in iter_entry_points(
            'openprocurement.documentservice.plugins', storage):
        plugin = entry_point.load()
        config.registry.storage = plugin(config)

    return config.make_wsgi_app()
Exemplo n.º 3
0
 def _public_key_from_jwk(self, jwk: Dict[str, Any]) -> Verifier:
     if jwk.get('kty') != "OKP":
         raise self.server.error("Not an Octet Key Pair")
     if jwk.get('crv') != "Ed25519":
         raise self.server.error("Invalid Curve")
     if 'x' not in jwk:
         raise self.server.error("No 'x' argument in jwk")
     key = base64url_decode(jwk['x'])
     return Verifier(key.hex().encode())
Exemplo n.º 4
0
def main(global_config, **settings):
    config = Configurator(
        autocommit=True,
        settings=settings,
        authentication_policy=AuthenticationPolicy(settings['auth.file'], __name__),
        authorization_policy=AuthorizationPolicy(),
        route_prefix=route_prefix(settings),
    )
    config.include('pyramid_exclog')
    config.include("cornice")
    config.add_forbidden_view(forbidden)
    config.add_request_method(request_params, 'params', reify=True)
    config.add_request_method(authenticated_role, reify=True)
    config.add_request_method(extract_tender, 'tender', reify=True)
    config.add_request_method(check_accreditation)
    config.add_request_method(json_body, 'json_body', reify=True)
    config.add_renderer('json', JSON(serializer=simplejson.dumps))
    config.add_renderer('prettyjson', JSON(indent=4, serializer=simplejson.dumps))
    config.add_renderer('jsonp', JSONP(param_name='opt_jsonp', serializer=simplejson.dumps))
    config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp', serializer=simplejson.dumps))
    config.add_subscriber(add_logging_context, NewRequest)
    config.add_subscriber(set_logging_context, ContextFound)
    config.add_subscriber(set_renderer, NewRequest)
    config.add_subscriber(beforerender, BeforeRender)
    config.scan("openprocurement.api.views.spore")
    config.scan("openprocurement.api.views.health")

    # tender procurementMethodType plugins support
    config.add_route_predicate('procurementMethodType', isTender)
    config.registry.tender_procurementMethodTypes = {}
    config.add_request_method(tender_from_data)
    config.add_directive('add_tender_procurementMethodType', register_tender_procurementMethodType)

    # search for plugins
    plugins = settings.get('plugins') and settings['plugins'].split(',')
    for entry_point in iter_entry_points('openprocurement.api.plugins'):
        if not plugins or entry_point.name in plugins:
            plugin = entry_point.load()
            plugin(config)

    # CouchDB connection
    db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
    server = Server(settings.get('couchdb.url'), session=Session(retry_delays=range(10)))
    if 'couchdb.admin_url' not in settings and server.resource.credentials:
        try:
            server.version()
        except Unauthorized:
            server = Server(extract_credentials(settings.get('couchdb.url'))[0])
    config.registry.couchdb_server = server
    if 'couchdb.admin_url' in settings and server.resource.credentials:
        aserver = Server(settings.get('couchdb.admin_url'), session=Session(retry_delays=range(10)))
        config.registry.admin_couchdb_server = aserver
        users_db = aserver['_users']
        if SECURITY != users_db.security:
            LOGGER.info("Updating users db security", extra={'MESSAGE_ID': 'update_users_security'})
            users_db.security = SECURITY
        username, password = server.resource.credentials
        user_doc = users_db.get('org.couchdb.user:{}'.format(username), {'_id': 'org.couchdb.user:{}'.format(username)})
        if not user_doc.get('derived_key', '') or PBKDF2(password, user_doc.get('salt', ''), user_doc.get('iterations', 10)).hexread(int(len(user_doc.get('derived_key', '')) / 2)) != user_doc.get('derived_key', ''):
            user_doc.update({
                "name": username,
                "roles": [],
                "type": "user",
                "password": password
            })
            LOGGER.info("Updating api db main user", extra={'MESSAGE_ID': 'update_api_main_user'})
            users_db.save(user_doc)
        security_users = [username, ]
        if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
            reader_username = settings.get('couchdb.reader_username')
            reader = users_db.get('org.couchdb.user:{}'.format(reader_username), {'_id': 'org.couchdb.user:{}'.format(reader_username)})
            if not reader.get('derived_key', '') or PBKDF2(settings.get('couchdb.reader_password'), reader.get('salt', ''), reader.get('iterations', 10)).hexread(int(len(reader.get('derived_key', '')) / 2)) != reader.get('derived_key', ''):
                reader.update({
                    "name": reader_username,
                    "roles": ['reader'],
                    "type": "user",
                    "password": settings.get('couchdb.reader_password')
                })
                LOGGER.info("Updating api db reader user", extra={'MESSAGE_ID': 'update_api_reader_user'})
                users_db.save(reader)
            security_users.append(reader_username)
        if db_name not in aserver:
            aserver.create(db_name)
        db = aserver[db_name]
        SECURITY[u'members'][u'names'] = security_users
        if SECURITY != db.security:
            LOGGER.info("Updating api db security", extra={'MESSAGE_ID': 'update_api_security'})
            db.security = SECURITY
        auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
        if auth_doc.get('validate_doc_update') != VALIDATE_DOC_UPDATE % username:
            auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
            LOGGER.info("Updating api db validate doc", extra={'MESSAGE_ID': 'update_api_validate_doc'})
            db.save(auth_doc)
        # sync couchdb views
        sync_design(db)
        db = server[db_name]
    else:
        if db_name not in server:
            server.create(db_name)
        db = server[db_name]
        # sync couchdb views
        sync_design(db)
    config.registry.db = db
    # readjust couchdb json decoder
    couchdb_json_decode()

    # Document Service key
    config.registry.docservice_url = settings.get('docservice_url')
    config.registry.docservice_username = settings.get('docservice_username')
    config.registry.docservice_password = settings.get('docservice_password')
    config.registry.docservice_upload_url = settings.get('docservice_upload_url')
    config.registry.docservice_key = dockey = Signer(settings.get('dockey', '').decode('hex'))
    config.registry.keyring = keyring = {}
    dockeys = settings.get('dockeys') if 'dockeys' in settings else dockey.hex_vk()
    for key in dockeys.split('\0'):
        keyring[key[:8]] = Verifier(key)

    # migrate data
    if not os.environ.get('MIGRATION_SKIP'):
        for entry_point in iter_entry_points('openprocurement.api.migrations'):
            plugin = entry_point.load()
            plugin(config.registry)

    config.registry.server_id = settings.get('id', '')
    config.registry.health_threshold = float(settings.get('health_threshold', 99))
    config.registry.update_after = asbool(settings.get('update_after', True))
    return config.make_wsgi_app()
Exemplo n.º 5
0
def main(global_config, **settings):
    config = Configurator(
        autocommit=True,
        settings=settings,
        authentication_policy=AuthenticationPolicy(settings['auth.file'],
                                                   __name__),
        authorization_policy=AuthorizationPolicy(),
        route_prefix=ROUTE_PREFIX,
    )
    config.include('pyramid_exclog')
    config.include("cornice")
    config.add_forbidden_view(forbidden)
    config.add_request_method(request_params, 'params', reify=True)
    config.add_request_method(authenticated_role, reify=True)
    config.add_request_method(check_accreditation)
    config.add_request_method(json_body, 'json_body', reify=True)
    config.add_renderer('json', JSON(serializer=simplejson.dumps))
    config.add_renderer('prettyjson',
                        JSON(indent=4, serializer=simplejson.dumps))
    config.add_renderer(
        'jsonp', JSONP(param_name='opt_jsonp', serializer=simplejson.dumps))
    config.add_renderer(
        'prettyjsonp',
        JSONP(indent=4, param_name='opt_jsonp', serializer=simplejson.dumps))

    # search for plugins
    plugins = settings.get('plugins') and settings['plugins'].split(',')
    load_plugins(config, group='openregistry.api.plugins', plugins=plugins)

    # CouchDB connection
    aserver, server, db = set_api_security(settings)
    config.registry.couchdb_server = server
    if aserver:
        config.registry.admin_couchdb_server = aserver
    config.registry.db = db
    couchdb_json_decode()

    # Document Service key
    config.registry.docservice_url = settings.get('docservice_url')
    config.registry.docservice_username = settings.get('docservice_username')
    config.registry.docservice_password = settings.get('docservice_password')
    config.registry.docservice_upload_url = settings.get(
        'docservice_upload_url')
    config.registry.docservice_key = dockey = Signer(
        settings.get('dockey', '').decode('hex'))
    config.registry.keyring = keyring = {}
    dockeys = settings.get(
        'dockeys') if 'dockeys' in settings else dockey.hex_vk()
    for key in dockeys.split('\0'):
        keyring[key[:8]] = Verifier(key)

    # migrate data
    if not os.environ.get('MIGRATION_SKIP'):
        load_plugins(config.registry, group='openregistry.api.migrations')

    config.registry.server_id = settings.get('id', '')

    # search subscribers
    subscribers_keys = [k for k in settings if k.startswith('subscribers.')]
    for k in subscribers_keys:
        subscribers = settings[k].split(',')
        for subscriber in subscribers:
            load_plugins(config,
                         group='openregistry.{}'.format(k),
                         name=subscriber)

    config.registry.health_threshold = float(
        settings.get('health_threshold', 512))
    config.registry.health_threshold_func = settings.get(
        'health_threshold_func', 'all')
    config.registry.update_after = asbool(settings.get('update_after', True))
    return config.make_wsgi_app()
Exemplo n.º 6
0
 def key_get_vk(key):
     return Verifier(key.hex_vk())
Exemplo n.º 7
0
 def key_decode_vk(string):
     return Verifier(b64_decode(string).encode('hex'))
Exemplo n.º 8
0
Arquivo: app.py Projeto: lttga/op2
def main(global_config, **settings):
    dsn = settings.get("sentry.dsn", None)
    if dsn:
        LOGGER.info("Init sentry sdk for {}".format(dsn))
        sentry_sdk.init(
            dsn=dsn,
            integrations=[
                LoggingIntegration(level=None, event_level=None),
                PyramidIntegration()
            ],
            send_default_pii=True,
            request_bodies="always",
            environment=settings.get("sentry.environment", None),
            debug=settings.get("sentry.debug", False),
        )

    config = Configurator(
        autocommit=True,
        settings=settings,
        authentication_policy=AuthenticationPolicy(settings["auth.file"],
                                                   __name__),
        authorization_policy=AuthorizationPolicy(),
        route_prefix=ROUTE_PREFIX,
    )
    config.include("pyramid_exclog")
    config.include("cornice")
    config.add_forbidden_view(forbidden)
    config.add_view(precondition, context=HTTPPreconditionFailed)
    config.add_request_method(request_params, "params", reify=True)
    config.add_request_method(authenticated_role, reify=True)
    config.add_request_method(check_accreditations)
    config.add_request_method(get_currency_rates,
                              name="currency_rates",
                              reify=True)
    config.add_renderer("json", JSON(serializer=simplejson.dumps))
    config.add_renderer("prettyjson",
                        JSON(indent=4, serializer=simplejson.dumps))
    config.add_renderer(
        "jsonp", JSONP(param_name="opt_jsonp", serializer=simplejson.dumps))
    config.add_renderer(
        "prettyjsonp",
        JSONP(indent=4, param_name="opt_jsonp", serializer=simplejson.dumps))

    # search for plugins
    plugins = settings.get("plugins") and [
        plugin.strip() for plugin in settings["plugins"].split(",")
    ]
    for entry_point in iter_entry_points("openprocurement.api.plugins"):
        if not plugins or entry_point.name in plugins:
            plugin = entry_point.load()
            plugin(config)

    # CouchDB connection
    aserver, server, db = set_api_security(settings)
    config.registry.couchdb_server = server
    if aserver:
        config.registry.admin_couchdb_server = aserver
    config.registry.db = db
    # readjust couchdb json decoder
    couchdb_json_decode()

    # Document Service key
    config.registry.docservice_url = settings.get("docservice_url")
    config.registry.docservice_username = settings.get("docservice_username")
    config.registry.docservice_password = settings.get("docservice_password")
    config.registry.docservice_upload_url = settings.get(
        "docservice_upload_url")
    config.registry.docservice_key = dockey = Signer(
        settings.get("dockey", "").decode("hex"))
    config.registry.keyring = keyring = {}
    dockeys = settings.get(
        "dockeys") if "dockeys" in settings else dockey.hex_vk()
    for key in dockeys.split("\0"):
        keyring[key[:8]] = Verifier(key)

    # Archive keys
    arch_pubkey = settings.get("arch_pubkey", None)
    config.registry.arch_pubkey = PublicKey(
        arch_pubkey.decode("hex") if arch_pubkey else SecretKey().pk)

    # migrate data
    if not os.environ.get("MIGRATION_SKIP"):
        for entry_point in iter_entry_points("openprocurement.api.migrations"):
            plugin = entry_point.load()
            plugin(config.registry)

    config.registry.server_id = settings.get("id", "")

    # search subscribers
    subscribers_keys = [k for k in settings if k.startswith("subscribers.")]
    for k in subscribers_keys:
        subscribers = settings[k].split(",")
        for subscriber in subscribers:
            for entry_point in iter_entry_points(
                    "openprocurement.{}".format(k), subscriber):
                if entry_point:
                    plugin = entry_point.load()
                    plugin(config)

    config.registry.health_threshold = float(
        settings.get("health_threshold", 512))
    config.registry.health_threshold_func = settings.get(
        "health_threshold_func", "all")
    config.registry.update_after = asbool(settings.get("update_after", True))
    return config.make_wsgi_app()