Exemplo n.º 1
0
def main(global_config, **settings):
    config = Configurator(settings=settings)
    config.set_authentication_policy(AuthenticationPolicy(None))
    config.set_authorization_policy(AuthorizationPolicy())
    config.add_renderer('prettyjson', JSON(indent=4))
    config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
    config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
    config.add_subscriber(set_renderer, NewRequest)
    config.include("cornice")
    config.route_prefix = '/api/{}'.format(VERSION)
    config.scan("openprocurement.api.views")

    # CouchDB connection
    server = Server(settings.get('couchdb.url'))
    config.registry.couchdb_server = server
    db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
    if db_name not in server:
        server.create(db_name)
    config.registry.db = server[db_name]

    # sync couchdb views
    sync_design(config.registry.db)

    # migrate data
    migrate_data(config.registry.db)

    # S3 connection
    if 'aws.access_key' in settings and 'aws.secret_key' in settings and 'aws.bucket' in settings:
        connection = S3Connection(settings['aws.access_key'], settings['aws.secret_key'])
        config.registry.s3_connection = connection
        bucket_name = settings['aws.bucket']
        if bucket_name not in [b.name for b in connection.get_all_buckets()]:
            connection.create_bucket(bucket_name, location=Location.EU)
        config.registry.bucket_name = bucket_name
    return config.make_wsgi_app()
Exemplo n.º 2
0
 def setUp(self):
     self.db_name += uuid4().hex
     self.couchdb_server.create(self.db_name)
     db = self.couchdb_server[self.db_name]
     sync_design(db)
     self.app.app.registry.db = db
     self.db = self.app.app.registry.db
     self.db_name = self.db.name
     self.app.authorization = self.initial_auth
Exemplo n.º 3
0
 def setUp(self):
     self.db_name += uuid4().hex
     self.couchdb_server.create(self.db_name)
     db = self.couchdb_server[self.db_name]
     sync_design(db)
     self.app.app.registry.db = db
     self.db = self.app.app.registry.db
     self.db_name = self.db.name
     self.app.authorization = self.initial_auth
Exemplo n.º 4
0
 def setUp(self):
     self.db_name += uuid4().hex
     self.couchdb_server.create(self.db_name)
     db = self.couchdb_server[self.db_name]
     sync_design(db)
     self.app.app.registry.db = db
     self.db = self.app.app.registry.db
     self.db_name = self.db.name
     self.app.authorization = ('Basic', ('token', ''))
Exemplo n.º 5
0
 def tearDown(self):
     if self.docservice:
         self.setUpDS()
     self.couchdb_server.delete(self.db_name)
     self.couchdb_server.create(self.db_name)
     db = self.couchdb_server[self.db_name]
     # sync couchdb views
     sync_design(db)
     self.app.app.registry.db = db
     self.db = self.app.app.registry.db
 def tearDown(self):
     if self.docservice:
         self.setUpDS()
     self.couchdb_server.delete(self.db_name)
     self.couchdb_server.create(self.db_name)
     db = self.couchdb_server[self.db_name]
     # sync couchdb views
     sync_design(db)
     self.app.app.registry.db = db
     self.db = self.app.app.registry.db
Exemplo n.º 7
0
def main(global_config, **settings):
    config = Configurator(settings=settings)
    config.add_renderer('prettyjson', JSON(indent=4))
    config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
    config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
    config.add_subscriber(set_renderer, NewRequest)
    config.include("cornice")
    config.route_prefix = '/api/{}'.format(VERSION)
    config.scan("openprocurement.api.views")

    # CouchDB connection
    server = Server(settings.get('couchdb.url'))
    config.registry.couchdb_server = server
    db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
    if db_name not in server:
        server.create(db_name)
    config.registry.db = server[db_name]

    # sync couchdb views
    sync_design(config.registry.db)

    # migrate data
    migrate_data(config.registry.db)
    return config.make_wsgi_app()
Exemplo n.º 8
0
def main(global_config, **settings):
    config = Configurator(
        autocommit=True,
        settings=settings,
        authentication_policy=AuthenticationPolicy(settings['auth.file'],
                                                   __name__),
        authorization_policy=AuthorizationPolicy(),
        route_prefix=route_prefix(settings),
    )
    config.include('pyramid_exclog')
    config.include("cornice")
    config.add_forbidden_view(forbidden)
    config.add_request_method(request_params, 'params', reify=True)
    config.add_request_method(authenticated_role, reify=True)
    config.add_request_method(extract_tender, 'tender', reify=True)
    config.add_request_method(check_accreditation)
    config.add_renderer('prettyjson', JSON(indent=4))
    config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
    config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
    config.add_subscriber(add_logging_context, NewRequest)
    config.add_subscriber(set_logging_context, ContextFound)
    config.add_subscriber(set_renderer, NewRequest)
    config.add_subscriber(beforerender, BeforeRender)
    config.scan("openprocurement.edge.views.spore")
    config.scan("openprocurement.edge.views.health")
    config.scan("openprocurement.edge.views.tenders")

    if auctions_core:
        config.add_request_method(extract_auction, 'auction', reify=True)
        config.scan("openprocurement.edge.views.auctions")
        add_auction_design()

    if contracting:
        config.add_request_method(extract_contract, 'contract', reify=True)
        config.scan("openprocurement.edge.views.contracts")
        add_contract_design()

    if planning:
        config.add_request_method(extract_plan, 'plan', reify=True)
        config.scan("openprocurement.edge.views.plans")
        add_plan_design()

    # CouchDB connection
    db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
    server = Server(settings.get('couchdb.url'),
                    session=Session(retry_delays=range(10)))
    if 'couchdb.admin_url' not in settings and server.resource.credentials:
        try:
            server.version()
        except Unauthorized:
            server = Server(
                extract_credentials(settings.get('couchdb.url'))[0])
    config.registry.couchdb_server = server
    if 'couchdb.admin_url' in settings and server.resource.credentials:
        aserver = Server(settings.get('couchdb.admin_url'),
                         session=Session(retry_delays=range(10)))
        config.registry.admin_couchdb_server = aserver
        users_db = aserver['_users']
        if SECURITY != users_db.security:
            LOGGER.info("Updating users db security",
                        extra={'MESSAGE_ID': 'update_users_security'})
            users_db.security = SECURITY
        username, password = server.resource.credentials
        user_doc = users_db.get(
            'org.couchdb.user:{}'.format(username),
            {'_id': 'org.couchdb.user:{}'.format(username)})
        if not user_doc.get(
                'derived_key', '') or PBKDF2(password, user_doc.get(
                    'salt', ''), user_doc.get('iterations', 10)).hexread(
                        int(len(user_doc.get('derived_key', '')) /
                            2)) != user_doc.get('derived_key', ''):
            user_doc.update({
                "name": username,
                "roles": [],
                "type": "user",
                "password": password
            })
            LOGGER.info("Updating edge db main user",
                        extra={'MESSAGE_ID': 'update_edge_main_user'})
            users_db.save(user_doc)
        security_users = [
            username,
        ]
        if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
            reader_username = settings.get('couchdb.reader_username')
            reader = users_db.get(
                'org.couchdb.user:{}'.format(reader_username),
                {'_id': 'org.couchdb.user:{}'.format(reader_username)})
            if not reader.get('derived_key', '') or PBKDF2(
                    settings.get('couchdb.reader_password'),
                    reader.get('salt', ''), reader.get(
                        'iterations', 10)).hexread(
                            int(len(reader.get('derived_key', '')) /
                                2)) != reader.get('derived_key', ''):
                reader.update({
                    "name":
                    reader_username,
                    "roles": ['reader'],
                    "type":
                    "user",
                    "password":
                    settings.get('couchdb.reader_password')
                })
                LOGGER.info("Updating edge db reader user",
                            extra={'MESSAGE_ID': 'update_edge_reader_user'})
                users_db.save(reader)
            security_users.append(reader_username)
        if db_name not in aserver:
            aserver.create(db_name)
        db = aserver[db_name]
        SECURITY[u'members'][u'names'] = security_users
        if SECURITY != db.security:
            LOGGER.info("Updating edge db security",
                        extra={'MESSAGE_ID': 'update_edge_security'})
            db.security = SECURITY
        auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
        if auth_doc.get(
                'validate_doc_update') != VALIDATE_DOC_UPDATE % username:
            auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
            LOGGER.info("Updating edge db validate doc",
                        extra={'MESSAGE_ID': 'update_edge_validate_doc'})
            db.save(auth_doc)
        # sync couchdb views
        sync_design(db)
        db = server[db_name]
    else:
        if db_name not in server:
            server.create(db_name)
        db = server[db_name]
        # sync couchdb views
        sync_design(db)
    config.registry.db = db

    config.registry.server_id = settings.get('id', '')
    config.registry.health_threshold = float(
        settings.get('health_threshold', 99))
    config.registry.update_after = asbool(settings.get('update_after', True))
    return config.make_wsgi_app()
Exemplo n.º 9
0
def main(global_config, **settings):
    config = Configurator(
        autocommit=True,
        settings=settings,
        authentication_policy=AuthenticationPolicy(settings['auth.file'], __name__),
        authorization_policy=AuthorizationPolicy(),
        route_prefix=route_prefix(settings),
    )
    config.include('pyramid_exclog')
    config.include("cornice")
    config.add_forbidden_view(forbidden)
    config.add_request_method(request_params, 'params', reify=True)
    config.add_request_method(authenticated_role, reify=True)
    config.add_request_method(extract_tender, 'tender', reify=True)
    config.add_request_method(check_accreditation)
    config.add_request_method(json_body, 'json_body', reify=True)
    config.add_renderer('json', JSON(serializer=simplejson.dumps))
    config.add_renderer('prettyjson', JSON(indent=4, serializer=simplejson.dumps))
    config.add_renderer('jsonp', JSONP(param_name='opt_jsonp', serializer=simplejson.dumps))
    config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp', serializer=simplejson.dumps))
    config.add_subscriber(add_logging_context, NewRequest)
    config.add_subscriber(set_logging_context, ContextFound)
    config.add_subscriber(set_renderer, NewRequest)
    config.add_subscriber(beforerender, BeforeRender)
    config.scan("openprocurement.api.views.spore")
    config.scan("openprocurement.api.views.health")

    # tender procurementMethodType plugins support
    config.add_route_predicate('procurementMethodType', isTender)
    config.registry.tender_procurementMethodTypes = {}
    config.add_request_method(tender_from_data)
    config.add_directive('add_tender_procurementMethodType', register_tender_procurementMethodType)

    # search for plugins
    plugins = settings.get('plugins') and settings['plugins'].split(',')
    for entry_point in iter_entry_points('openprocurement.api.plugins'):
        if not plugins or entry_point.name in plugins:
            plugin = entry_point.load()
            plugin(config)

    # CouchDB connection
    db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
    server = Server(settings.get('couchdb.url'), session=Session(retry_delays=range(10)))
    if 'couchdb.admin_url' not in settings and server.resource.credentials:
        try:
            server.version()
        except Unauthorized:
            server = Server(extract_credentials(settings.get('couchdb.url'))[0])
    config.registry.couchdb_server = server
    if 'couchdb.admin_url' in settings and server.resource.credentials:
        aserver = Server(settings.get('couchdb.admin_url'), session=Session(retry_delays=range(10)))
        config.registry.admin_couchdb_server = aserver
        users_db = aserver['_users']
        if SECURITY != users_db.security:
            LOGGER.info("Updating users db security", extra={'MESSAGE_ID': 'update_users_security'})
            users_db.security = SECURITY
        username, password = server.resource.credentials
        user_doc = users_db.get('org.couchdb.user:{}'.format(username), {'_id': 'org.couchdb.user:{}'.format(username)})
        if not user_doc.get('derived_key', '') or PBKDF2(password, user_doc.get('salt', ''), user_doc.get('iterations', 10)).hexread(int(len(user_doc.get('derived_key', '')) / 2)) != user_doc.get('derived_key', ''):
            user_doc.update({
                "name": username,
                "roles": [],
                "type": "user",
                "password": password
            })
            LOGGER.info("Updating api db main user", extra={'MESSAGE_ID': 'update_api_main_user'})
            users_db.save(user_doc)
        security_users = [username, ]
        if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
            reader_username = settings.get('couchdb.reader_username')
            reader = users_db.get('org.couchdb.user:{}'.format(reader_username), {'_id': 'org.couchdb.user:{}'.format(reader_username)})
            if not reader.get('derived_key', '') or PBKDF2(settings.get('couchdb.reader_password'), reader.get('salt', ''), reader.get('iterations', 10)).hexread(int(len(reader.get('derived_key', '')) / 2)) != reader.get('derived_key', ''):
                reader.update({
                    "name": reader_username,
                    "roles": ['reader'],
                    "type": "user",
                    "password": settings.get('couchdb.reader_password')
                })
                LOGGER.info("Updating api db reader user", extra={'MESSAGE_ID': 'update_api_reader_user'})
                users_db.save(reader)
            security_users.append(reader_username)
        if db_name not in aserver:
            aserver.create(db_name)
        db = aserver[db_name]
        SECURITY[u'members'][u'names'] = security_users
        if SECURITY != db.security:
            LOGGER.info("Updating api db security", extra={'MESSAGE_ID': 'update_api_security'})
            db.security = SECURITY
        auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
        if auth_doc.get('validate_doc_update') != VALIDATE_DOC_UPDATE % username:
            auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
            LOGGER.info("Updating api db validate doc", extra={'MESSAGE_ID': 'update_api_validate_doc'})
            db.save(auth_doc)
        # sync couchdb views
        sync_design(db)
        db = server[db_name]
    else:
        if db_name not in server:
            server.create(db_name)
        db = server[db_name]
        # sync couchdb views
        sync_design(db)
    config.registry.db = db
    # readjust couchdb json decoder
    couchdb_json_decode()

    # Document Service key
    config.registry.docservice_url = settings.get('docservice_url')
    config.registry.docservice_username = settings.get('docservice_username')
    config.registry.docservice_password = settings.get('docservice_password')
    config.registry.docservice_upload_url = settings.get('docservice_upload_url')
    config.registry.docservice_key = dockey = Signer(settings.get('dockey', '').decode('hex'))
    config.registry.keyring = keyring = {}
    dockeys = settings.get('dockeys') if 'dockeys' in settings else dockey.hex_vk()
    for key in dockeys.split('\0'):
        keyring[key[:8]] = Verifier(key)

    # migrate data
    if not os.environ.get('MIGRATION_SKIP'):
        for entry_point in iter_entry_points('openprocurement.api.migrations'):
            plugin = entry_point.load()
            plugin(config.registry)

    config.registry.server_id = settings.get('id', '')
    config.registry.health_threshold = float(settings.get('health_threshold', 99))
    config.registry.update_after = asbool(settings.get('update_after', True))
    return config.make_wsgi_app()
Exemplo n.º 10
0
def set_api_security(settings):
    # CouchDB connection
    db_name = os.environ.get("DB_NAME", settings["couchdb.db_name"])
    server = Server(settings.get("couchdb.url"),
                    session=Session(retry_delays=range(10)))
    if "couchdb.admin_url" not in settings and server.resource.credentials:
        try:
            server.version()
        except Unauthorized:
            server = Server(
                extract_credentials(settings.get("couchdb.url"))[0])

    if "couchdb.admin_url" in settings and server.resource.credentials:
        aserver = Server(settings.get("couchdb.admin_url"),
                         session=Session(retry_delays=range(10)))
        users_db = aserver["_users"]
        if SECURITY != users_db.security:
            LOGGER.info("Updating users db security",
                        extra={"MESSAGE_ID": "update_users_security"})
            users_db.security = SECURITY
        username, password = server.resource.credentials
        user_doc = users_db.get(
            "org.couchdb.user:{}".format(username),
            {"_id": "org.couchdb.user:{}".format(username)})
        if not user_doc.get(
                "derived_key", "") or PBKDF2(password, user_doc.get(
                    "salt", ""), user_doc.get("iterations", 10)).hexread(
                        int(len(user_doc.get("derived_key", "")) /
                            2)) != user_doc.get("derived_key", ""):
            user_doc.update({
                "name": username,
                "roles": [],
                "type": "user",
                "password": password
            })
            LOGGER.info("Updating api db main user",
                        extra={"MESSAGE_ID": "update_api_main_user"})
            users_db.save(user_doc)
        security_users = [username]
        if "couchdb.reader_username" in settings and "couchdb.reader_password" in settings:
            reader_username = settings.get("couchdb.reader_username")
            reader = users_db.get(
                "org.couchdb.user:{}".format(reader_username),
                {"_id": "org.couchdb.user:{}".format(reader_username)})
            if not reader.get("derived_key", "") or PBKDF2(
                    settings.get("couchdb.reader_password"),
                    reader.get("salt", ""), reader.get(
                        "iterations", 10)).hexread(
                            int(len(reader.get("derived_key", "")) /
                                2)) != reader.get("derived_key", ""):
                reader.update({
                    "name":
                    reader_username,
                    "roles": ["reader"],
                    "type":
                    "user",
                    "password":
                    settings.get("couchdb.reader_password"),
                })
                LOGGER.info("Updating api db reader user",
                            extra={"MESSAGE_ID": "update_api_reader_user"})
                users_db.save(reader)
            security_users.append(reader_username)
        if db_name not in aserver:
            aserver.create(db_name)
        db = aserver[db_name]
        SECURITY[u"members"][u"names"] = security_users
        if SECURITY != db.security:
            LOGGER.info("Updating api db security",
                        extra={"MESSAGE_ID": "update_api_security"})
            db.security = SECURITY
        auth_doc = db.get(VALIDATE_DOC_ID, {"_id": VALIDATE_DOC_ID})
        if auth_doc.get(
                "validate_doc_update") != VALIDATE_DOC_UPDATE % username:
            auth_doc["validate_doc_update"] = VALIDATE_DOC_UPDATE % username
            LOGGER.info("Updating api db validate doc",
                        extra={"MESSAGE_ID": "update_api_validate_doc"})
            db.save(auth_doc)
        # sync couchdb views
        sync_design(db)
        db = server[db_name]
    else:
        if db_name not in server:
            server.create(db_name)
        db = server[db_name]
        # sync couchdb views
        sync_design(db)
        aserver = None
    return aserver, server, db
Exemplo n.º 11
0
def main(global_config, **settings):
    config = Configurator(
        settings=settings,
        root_factory=factory,
        authentication_policy=AuthenticationPolicy(settings['auth.file'], __name__),
        authorization_policy=AuthorizationPolicy(),
        route_prefix=ROUTE_PREFIX,
    )
    config.add_forbidden_view(forbidden)
    config.add_request_method(authenticated_role, reify=True)
    config.add_renderer('prettyjson', JSON(indent=4))
    config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
    config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
    config.add_subscriber(add_logging_context, NewRequest)
    config.add_subscriber(set_logging_context, ContextFound)
    config.add_subscriber(set_renderer, NewRequest)
    config.add_subscriber(beforerender, BeforeRender)
    config.include('pyramid_exclog')
    config.include("cornice")
    config.scan("openprocurement.api.views")

    # CouchDB connection
    db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
    server = Server(settings.get('couchdb.url'), session=Session(retry_delays=range(10)))
    if 'couchdb.admin_url' not in settings and server.resource.credentials:
        try:
            server.version()
        except Unauthorized:
            server = Server(extract_credentials(settings.get('couchdb.url'))[0])
    config.registry.couchdb_server = server
    if 'couchdb.admin_url' in settings and server.resource.credentials:
        aserver = Server(settings.get('couchdb.admin_url'), session=Session(retry_delays=range(10)))
        users_db = aserver['_users']
        if SECURITY != users_db.security:
            LOGGER.info("Updating users db security", extra={'MESSAGE_ID': 'update_users_security'})
            users_db.security = SECURITY
        username, password = server.resource.credentials
        user_doc = users_db.get('org.couchdb.user:{}'.format(username), {'_id': 'org.couchdb.user:{}'.format(username)})
        if not user_doc.get('derived_key', '') or PBKDF2(password, user_doc.get('salt', ''), user_doc.get('iterations', 10)).hexread(int(len(user_doc.get('derived_key', '')) / 2)) != user_doc.get('derived_key', ''):
            user_doc.update({
                "name": username,
                "roles": [],
                "type": "user",
                "password": password
            })
            LOGGER.info("Updating api db main user", extra={'MESSAGE_ID': 'update_api_main_user'})
            users_db.save(user_doc)
        security_users = [username, ]
        if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
            reader_username = settings.get('couchdb.reader_username')
            reader = users_db.get('org.couchdb.user:{}'.format(reader_username), {'_id': 'org.couchdb.user:{}'.format(reader_username)})
            if not reader.get('derived_key', '') or PBKDF2(settings.get('couchdb.reader_password'), reader.get('salt', ''), reader.get('iterations', 10)).hexread(int(len(reader.get('derived_key', '')) / 2)) != reader.get('derived_key', ''):
                reader.update({
                    "name": reader_username,
                    "roles": ['reader'],
                    "type": "user",
                    "password": settings.get('couchdb.reader_password')
                })
                LOGGER.info("Updating api db reader user", extra={'MESSAGE_ID': 'update_api_reader_user'})
                users_db.save(reader)
            security_users.append(reader_username)
        if db_name not in aserver:
            aserver.create(db_name)
        db = aserver[db_name]
        SECURITY[u'members'][u'names'] = security_users
        if SECURITY != db.security:
            LOGGER.info("Updating api db security", extra={'MESSAGE_ID': 'update_api_security'})
            db.security = SECURITY
        auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
        if auth_doc.get('validate_doc_update') != VALIDATE_DOC_UPDATE % username:
            auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
            LOGGER.info("Updating api db validate doc", extra={'MESSAGE_ID': 'update_api_validate_doc'})
            db.save(auth_doc)
        # sync couchdb views
        sync_design(db)
        db = server[db_name]
    else:
        if db_name not in server:
            server.create(db_name)
        db = server[db_name]
        # sync couchdb views
        sync_design(db)
    config.registry.db = db

    # migrate data
    migrate_data(config.registry.db)

    # S3 connection
    if 'aws.access_key' in settings and 'aws.secret_key' in settings and 'aws.s3_bucket' in settings:
        connection = S3Connection(settings['aws.access_key'], settings['aws.secret_key'])
        config.registry.s3_connection = connection
        bucket_name = settings['aws.s3_bucket']
        if bucket_name not in [b.name for b in connection.get_all_buckets()]:
            connection.create_bucket(bucket_name, location=Location.EU)
        config.registry.bucket_name = bucket_name
    config.registry.server_id = settings.get('id', '')
    return config.make_wsgi_app()
Exemplo n.º 12
0
 def create_db(self):
     db_name = os.environ.get(
         "DB_NAME", self.app.registry.settings[COUCHBD_NAME_SETTING])
     self.app.registry.db = self.app.registry.couchdb_server.create(db_name)
     sync_design(self.app.registry.db)
     return self.app.registry.db
Exemplo n.º 13
0
def set_api_security(settings):
    # CouchDB connection
    db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
    server = Server(settings.get('couchdb.url'),
                    session=Session(retry_delays=range(10)))
    if 'couchdb.admin_url' not in settings and server.resource.credentials:
        try:
            server.version()
        except Unauthorized:
            server = Server(extract_credentials(
                settings.get('couchdb.url'))[0])

    if 'couchdb.admin_url' in settings and server.resource.credentials:
        aserver = Server(settings.get('couchdb.admin_url'),
                         session=Session(retry_delays=range(10)))
        users_db = aserver['_users']
        if SECURITY != users_db.security:
            LOGGER.info("Updating users db security",
                        extra={'MESSAGE_ID': 'update_users_security'})
            users_db.security = SECURITY
        username, password = server.resource.credentials
        user_doc = users_db.get(
            'org.couchdb.user:{}'.format(username),
            {'_id': 'org.couchdb.user:{}'.format(username)})
        if (not user_doc.get('derived_key', '') or
                PBKDF2(password, user_doc.get('salt', ''),
                       user_doc.get('iterations', 10)).hexread(
                           int(len(user_doc.get('derived_key', '')) / 2)) !=
                user_doc.get('derived_key', '')):
            user_doc.update({
                "name": username,
                "roles": [],
                "type": "user",
                "password": password
            })
            LOGGER.info("Updating api db main user",
                        extra={'MESSAGE_ID': 'update_api_main_user'})
            users_db.save(user_doc)
        security_users = [username, ]
        if ('couchdb.reader_username' in settings and
                'couchdb.reader_password' in settings):
            reader_username = settings.get('couchdb.reader_username')
            reader = users_db.get(
                'org.couchdb.user:{}'.format(reader_username),
                {'_id': 'org.couchdb.user:{}'.format(reader_username)})
            if (not reader.get('derived_key', '') or
                    PBKDF2(settings.get('couchdb.reader_password'),
                           reader.get('salt', ''), reader.get(
                               'iterations', 10)).hexread(int(len(reader.get(
                                   'derived_key', '')) / 2)) !=
                    reader.get('derived_key', '')):
                reader.update({
                    "name": reader_username,
                    "roles": ['reader'],
                    "type": "user",
                    "password": settings.get('couchdb.reader_password')
                })
                LOGGER.info("Updating api db reader user",
                            extra={'MESSAGE_ID': 'update_api_reader_user'})
                users_db.save(reader)
            security_users.append(reader_username)
        if db_name not in aserver:
            aserver.create(db_name)
        db = aserver[db_name]
        SECURITY[u'members'][u'names'] = security_users
        if SECURITY != db.security:
            LOGGER.info("Updating api db security",
                        extra={'MESSAGE_ID': 'update_api_security'})
            db.security = SECURITY
        auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
        if (auth_doc.get('validate_doc_update') !=
                VALIDATE_DOC_UPDATE % username):
            auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
            LOGGER.info("Updating api db validate doc",
                        extra={'MESSAGE_ID': 'update_api_validate_doc'})
            db.save(auth_doc)
        # sync couchdb views
        sync_design(db)
        db = server[db_name]
    else:
        if db_name not in server:
            server.create(db_name)
        db = server[db_name]
        # sync couchdb views
        sync_design(db)
        aserver = None
    return aserver, server, db
Exemplo n.º 14
0
def set_api_security(settings):
    # CouchDB connection
    db_name = os.environ.get("DB_NAME", settings["couchdb.db_name"])
    server = Server(settings.get("couchdb.url"), session=Session(retry_delays=list(range(10))))

    # removing provided credentials from url and create a new connection without any ??
    if "couchdb.admin_url" not in settings and server.resource.credentials:
        try:
            server.version()
        except Unauthorized:
            server = Server(extract_credentials(settings.get("couchdb.url"))[0])

    # admin_url is provided and url contains credentials
    if "couchdb.admin_url" in settings and server.resource.credentials:
        # init admin connection
        aserver = Server(settings.get("couchdb.admin_url"), session=Session(retry_delays=list(range(10))))

        # updating _users security for "_users" database ??
        # in fact this drops security as "names" are empty at the moment
        users_db = aserver["_users"]
        if SECURITY != users_db.security:
            LOGGER.info("Updating users db security", extra={"MESSAGE_ID": "update_users_security"})
            users_db.security = SECURITY

        # non admin user credentials from couchdb.url
        username, password = server.resource.credentials
        # update non-admin user's password ??
        user_doc = users_db.get("org.couchdb.user:{}".format(username), {"_id": "org.couchdb.user:{}".format(username)})
        if not user_doc.get("derived_key", "") \
           or build_derived_key(password, user_doc) != user_doc.get("derived_key", ""):
            user_doc.update({"name": username, "roles": [], "type": "user", "password": password})
            LOGGER.info("Updating api db main user", extra={"MESSAGE_ID": "update_api_main_user"})
            users_db.save(user_doc)

        # adding  non-admin user to SECURITY["members"]["names"] ??
        security_users = [username]

        # updating reader user password and adding it to SECURITY["members"]["names"]
        if "couchdb.reader_username" in settings and "couchdb.reader_password" in settings:
            reader_username = settings.get("couchdb.reader_username")
            reader_password = settings.get("couchdb.reader_password")
            reader = users_db.get(
                "org.couchdb.user:{}".format(reader_username), {"_id": "org.couchdb.user:{}".format(reader_username)}
            )
            if not reader.get("derived_key", "") \
               or build_derived_key(reader_password, reader) != reader.get("derived_key", ""):
                reader.update(
                    {
                        "name": reader_username,
                        "roles": ["reader"],
                        "type": "user",
                        "password": reader_password,
                    }
                )
                LOGGER.info("Updating api db reader user", extra={"MESSAGE_ID": "update_api_reader_user"})
                users_db.save(reader)
            security_users.append(reader_username)

        # ensure database exists
        if db_name not in aserver:
            aserver.create(db_name)

        # updating application database SECURITY
        db = aserver[db_name]
        SECURITY["members"]["names"] = security_users
        if SECURITY != db.security:
            LOGGER.info("Updating api db security", extra={"MESSAGE_ID": "update_api_security"})
            db.security = SECURITY

        # updating validation document
        # VALIDATE_DOC_UPDATE: 1) forbids deleting documents with the tenderId field
        # 2) allows _design document updates for users with _admin role (
        # Is this forbidden without this doc? No -_-, It works for `username` as well
        # 3) allows updates only for `username` (user from couchdb.url), any other user cannot update anything
        # seems application can perfectly work without this
        auth_doc = db.get(VALIDATE_DOC_ID, {"_id": VALIDATE_DOC_ID})
        if auth_doc.get("validate_doc_update") != VALIDATE_DOC_UPDATE % username:
            auth_doc["validate_doc_update"] = VALIDATE_DOC_UPDATE % username
            LOGGER.info("Updating api db validate doc", extra={"MESSAGE_ID": "update_api_validate_doc"})
            db.save(auth_doc)
        # sync couchdb views
        sync_design(db)
        db = server[db_name]
    else:
        # ensure database exists
        # in fact non admin user can't do this
        if db_name not in server:
            server.create(db_name)
        db = server[db_name]
        # sync couchdb views
        sync_design(db)
        aserver = None
    return aserver, server, db
Exemplo n.º 15
0
def set_api_security(settings):
    # CouchDB connection
    db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
    server = Server(settings.get('couchdb.url'),
                    session=Session(retry_delays=range(10)))
    if 'couchdb.admin_url' not in settings and server.resource.credentials:
        try:
            server.version()
        except Unauthorized:
            server = Server(
                extract_credentials(settings.get('couchdb.url'))[0])

    if 'couchdb.admin_url' in settings and server.resource.credentials:
        aserver = Server(settings.get('couchdb.admin_url'),
                         session=Session(retry_delays=range(10)))
        users_db = aserver['_users']
        if SECURITY != users_db.security:
            LOGGER.info("Updating users db security",
                        extra={'MESSAGE_ID': 'update_users_security'})
            users_db.security = SECURITY
        username, password = server.resource.credentials
        user_doc = users_db.get(
            'org.couchdb.user:{}'.format(username),
            {'_id': 'org.couchdb.user:{}'.format(username)})
        if (not user_doc.get('derived_key', '')
                or PBKDF2(password, user_doc.get('salt', ''),
                          user_doc.get('iterations', 10)).hexread(
                              int(len(user_doc.get('derived_key', '')) / 2)) !=
                user_doc.get('derived_key', '')):
            user_doc.update({
                "name": username,
                "roles": [],
                "type": "user",
                "password": password
            })
            LOGGER.info("Updating api db main user",
                        extra={'MESSAGE_ID': 'update_api_main_user'})
            users_db.save(user_doc)
        security_users = [
            username,
        ]
        if ('couchdb.reader_username' in settings
                and 'couchdb.reader_password' in settings):
            reader_username = settings.get('couchdb.reader_username')
            reader = users_db.get(
                'org.couchdb.user:{}'.format(reader_username),
                {'_id': 'org.couchdb.user:{}'.format(reader_username)})
            if (not reader.get('derived_key', '')
                    or PBKDF2(settings.get('couchdb.reader_password'),
                              reader.get('salt', ''),
                              reader.get('iterations', 10)).hexread(
                                  int(len(reader.get('derived_key', '')) / 2))
                    != reader.get('derived_key', '')):
                reader.update({
                    "name":
                    reader_username,
                    "roles": ['reader'],
                    "type":
                    "user",
                    "password":
                    settings.get('couchdb.reader_password')
                })
                LOGGER.info("Updating api db reader user",
                            extra={'MESSAGE_ID': 'update_api_reader_user'})
                users_db.save(reader)
            security_users.append(reader_username)
        if db_name not in aserver:
            aserver.create(db_name)
        db = aserver[db_name]
        SECURITY[u'members'][u'names'] = security_users
        if SECURITY != db.security:
            LOGGER.info("Updating api db security",
                        extra={'MESSAGE_ID': 'update_api_security'})
            db.security = SECURITY
        auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
        if (auth_doc.get('validate_doc_update') !=
                VALIDATE_DOC_UPDATE % username):
            auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
            LOGGER.info("Updating api db validate doc",
                        extra={'MESSAGE_ID': 'update_api_validate_doc'})
            db.save(auth_doc)
        # sync couchdb views
        sync_design(db)
        db = server[db_name]
    else:
        if db_name not in server:
            server.create(db_name)
        db = server[db_name]
        # sync couchdb views
        sync_design(db)
        aserver = None
    return aserver, server, db
Exemplo n.º 16
0
def main(global_config, **settings):
    config = Configurator(
        autocommit=True,
        settings=settings,
        authentication_policy=AuthenticationPolicy(settings['auth.file'],
                                                   __name__),
        authorization_policy=AuthorizationPolicy(),
        route_prefix=ROUTE_PREFIX,
    )
    config.include('pyramid_exclog')
    config.include("cornice")
    config.add_forbidden_view(forbidden)
    config.add_request_method(request_params, 'params', reify=True)
    config.add_request_method(authenticated_role, reify=True)
    config.add_request_method(extract_tender, 'tender', reify=True)
    config.add_renderer('prettyjson', JSON(indent=4))
    config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
    config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
    config.add_subscriber(add_logging_context, NewRequest)
    config.add_subscriber(set_logging_context, ContextFound)
    config.add_subscriber(set_renderer, NewRequest)
    config.add_subscriber(beforerender, BeforeRender)
    config.scan("openprocurement.api.views.spore")

    # tender procurementMethodType plugins support
    config.add_route_predicate('procurementMethodType', isTender)
    config.registry.tender_procurementMethodTypes = {}
    config.add_request_method(tender_from_data)
    config.add_directive('add_tender_procurementMethodType',
                         register_tender_procurementMethodType)

    # search for plugins
    plugins = settings.get('plugins') and settings['plugins'].split(',')
    for entry_point in iter_entry_points('openprocurement.api.plugins'):
        if not plugins or entry_point.name in plugins:
            plugin = entry_point.load()
            plugin(config)

    # CouchDB connection
    db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
    server = Server(settings.get('couchdb.url'),
                    session=Session(retry_delays=range(10)))
    if 'couchdb.admin_url' not in settings and server.resource.credentials:
        try:
            server.version()
        except Unauthorized:
            server = Server(
                extract_credentials(settings.get('couchdb.url'))[0])
    config.registry.couchdb_server = server
    if 'couchdb.admin_url' in settings and server.resource.credentials:
        aserver = Server(settings.get('couchdb.admin_url'),
                         session=Session(retry_delays=range(10)))
        users_db = aserver['_users']
        if SECURITY != users_db.security:
            LOGGER.info("Updating users db security",
                        extra={'MESSAGE_ID': 'update_users_security'})
            users_db.security = SECURITY
        username, password = server.resource.credentials
        user_doc = users_db.get(
            'org.couchdb.user:{}'.format(username),
            {'_id': 'org.couchdb.user:{}'.format(username)})
        if not user_doc.get(
                'derived_key', '') or PBKDF2(password, user_doc.get(
                    'salt', ''), user_doc.get('iterations', 10)).hexread(
                        int(len(user_doc.get('derived_key', '')) /
                            2)) != user_doc.get('derived_key', ''):
            user_doc.update({
                "name": username,
                "roles": [],
                "type": "user",
                "password": password
            })
            LOGGER.info("Updating api db main user",
                        extra={'MESSAGE_ID': 'update_api_main_user'})
            users_db.save(user_doc)
        security_users = [
            username,
        ]
        if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
            reader_username = settings.get('couchdb.reader_username')
            reader = users_db.get(
                'org.couchdb.user:{}'.format(reader_username),
                {'_id': 'org.couchdb.user:{}'.format(reader_username)})
            if not reader.get('derived_key', '') or PBKDF2(
                    settings.get('couchdb.reader_password'),
                    reader.get('salt', ''), reader.get(
                        'iterations', 10)).hexread(
                            int(len(reader.get('derived_key', '')) /
                                2)) != reader.get('derived_key', ''):
                reader.update({
                    "name":
                    reader_username,
                    "roles": ['reader'],
                    "type":
                    "user",
                    "password":
                    settings.get('couchdb.reader_password')
                })
                LOGGER.info("Updating api db reader user",
                            extra={'MESSAGE_ID': 'update_api_reader_user'})
                users_db.save(reader)
            security_users.append(reader_username)
        if db_name not in aserver:
            aserver.create(db_name)
        db = aserver[db_name]
        SECURITY[u'members'][u'names'] = security_users
        if SECURITY != db.security:
            LOGGER.info("Updating api db security",
                        extra={'MESSAGE_ID': 'update_api_security'})
            db.security = SECURITY
        auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
        if auth_doc.get(
                'validate_doc_update') != VALIDATE_DOC_UPDATE % username:
            auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
            LOGGER.info("Updating api db validate doc",
                        extra={'MESSAGE_ID': 'update_api_validate_doc'})
            db.save(auth_doc)
        # sync couchdb views
        sync_design(db)
        db = server[db_name]
    else:
        if db_name not in server:
            server.create(db_name)
        db = server[db_name]
        # sync couchdb views
        sync_design(db)
    config.registry.db = db

    # migrate data
    migrate_data(config.registry.db)

    # S3 connection
    if 'aws.access_key' in settings and 'aws.secret_key' in settings and 'aws.s3_bucket' in settings:
        connection = S3Connection(settings['aws.access_key'],
                                  settings['aws.secret_key'])
        config.registry.s3_connection = connection
        bucket_name = settings['aws.s3_bucket']
        if bucket_name not in [b.name for b in connection.get_all_buckets()]:
            connection.create_bucket(bucket_name, location=Location.EU)
        config.registry.bucket_name = bucket_name
    config.registry.server_id = settings.get('id', '')
    return config.make_wsgi_app()
Exemplo n.º 17
0
def main(global_config, **settings):
    config = Configurator(
        autocommit=True,
        settings=settings,
        authentication_policy=AuthenticationPolicy(settings['auth.file'], __name__),
        authorization_policy=AuthorizationPolicy(),
        route_prefix=route_prefix(settings),
    )
    config.include('pyramid_exclog')
    config.include("cornice")
    config.add_forbidden_view(forbidden)
    config.add_request_method(request_params, 'params', reify=True)
    config.add_request_method(authenticated_role, reify=True)
    config.add_request_method(extract_tender, 'tender', reify=True)
    config.add_request_method(check_accreditation)
    config.add_renderer('prettyjson', JSON(indent=4))
    config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
    config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
    config.add_subscriber(add_logging_context, NewRequest)
    config.add_subscriber(set_logging_context, ContextFound)
    config.add_subscriber(set_renderer, NewRequest)
    config.add_subscriber(beforerender, BeforeRender)
    config.scan("openprocurement.edge.views.spore")
    config.scan("openprocurement.edge.views.health")
    config.scan("openprocurement.edge.views.tenders")

    if auctions_core:
        config.add_request_method(extract_auction, 'auction', reify=True)
        config.scan("openprocurement.edge.views.auctions")
        add_auction_design()

    if contracting:
        config.add_request_method(extract_contract, 'contract', reify=True)
        config.scan("openprocurement.edge.views.contracts")
        add_contract_design()

    if planning:
        config.add_request_method(extract_plan, 'plan', reify=True)
        config.scan("openprocurement.edge.views.plans")
        add_plan_design()

    # CouchDB connection
    db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
    server = Server(settings.get('couchdb.url'), session=Session(retry_delays=range(10)))
    if 'couchdb.admin_url' not in settings and server.resource.credentials:
        try:
            server.version()
        except Unauthorized:
            server = Server(extract_credentials(settings.get('couchdb.url'))[0])
    config.registry.couchdb_server = server
    if 'couchdb.admin_url' in settings and server.resource.credentials:
        aserver = Server(settings.get('couchdb.admin_url'), session=Session(retry_delays=range(10)))
        config.registry.admin_couchdb_server = aserver
        users_db = aserver['_users']
        if SECURITY != users_db.security:
            LOGGER.info("Updating users db security", extra={'MESSAGE_ID': 'update_users_security'})
            users_db.security = SECURITY
        username, password = server.resource.credentials
        user_doc = users_db.get('org.couchdb.user:{}'.format(username), {'_id': 'org.couchdb.user:{}'.format(username)})
        if not user_doc.get('derived_key', '') or PBKDF2(password, user_doc.get('salt', ''), user_doc.get('iterations', 10)).hexread(int(len(user_doc.get('derived_key', '')) / 2)) != user_doc.get('derived_key', ''):
            user_doc.update({
                "name": username,
                "roles": [],
                "type": "user",
                "password": password
            })
            LOGGER.info("Updating edge db main user", extra={'MESSAGE_ID': 'update_edge_main_user'})
            users_db.save(user_doc)
        security_users = [username, ]
        if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
            reader_username = settings.get('couchdb.reader_username')
            reader = users_db.get('org.couchdb.user:{}'.format(reader_username), {'_id': 'org.couchdb.user:{}'.format(reader_username)})
            if not reader.get('derived_key', '') or PBKDF2(settings.get('couchdb.reader_password'), reader.get('salt', ''), reader.get('iterations', 10)).hexread(int(len(reader.get('derived_key', '')) / 2)) != reader.get('derived_key', ''):
                reader.update({
                    "name": reader_username,
                    "roles": ['reader'],
                    "type": "user",
                    "password": settings.get('couchdb.reader_password')
                })
                LOGGER.info("Updating edge db reader user", extra={'MESSAGE_ID': 'update_edge_reader_user'})
                users_db.save(reader)
            security_users.append(reader_username)
        if db_name not in aserver:
            aserver.create(db_name)
        db = aserver[db_name]
        SECURITY[u'members'][u'names'] = security_users
        if SECURITY != db.security:
            LOGGER.info("Updating edge db security", extra={'MESSAGE_ID': 'update_edge_security'})
            db.security = SECURITY
        auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
        if auth_doc.get('validate_doc_update') != VALIDATE_DOC_UPDATE % username:
            auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
            LOGGER.info("Updating edge db validate doc", extra={'MESSAGE_ID': 'update_edge_validate_doc'})
            db.save(auth_doc)
        # sync couchdb views
        sync_design(db)
        db = server[db_name]
    else:
        if db_name not in server:
            server.create(db_name)
        db = server[db_name]
        # sync couchdb views
        sync_design(db)
    config.registry.db = db

    config.registry.server_id = settings.get('id', '')
    config.registry.health_threshold = float(settings.get('health_threshold', 99))
    config.registry.update_after = asbool(settings.get('update_after', True))
    return config.make_wsgi_app()