Пример #1
0
def delete_invoices(conn, where):
    invoices = select_dict(conn, 'invoices', 'id', where=where)
    deleted_invoice_ids = []
    for id, invoice in invoices.iteritems():
        delete(conn, 'invoice_status', where={'id_invoice': id})
        invoice_id = delete(conn, 'invoices', where={'id': id}, returning='id')
        deleted_invoice_ids.append(invoice_id)
        logging.info('invoice %s deleted for %s', invoice_id, where)
    return deleted_invoice_ids
Пример #2
0
def _user_verify(conn, users_id, user_auth, ip, headers):
    """ Verify user information for the request.

    conn: database connection.
    users_id: user's id.
    user_auth: pre-image for user's password.
    ip: IP address for the request.
    headers: request header information.
    """

    # XXX enforce expiry time
    expiry = datetime.datetime.strptime(user_auth['exp'], EXPIRY_FORMAT)
    if expiry < datetime.datetime.utcnow():
        raise ValidationError('LOGIN_REQUIRED_ERR_EXPIRED_AUTH')

    columns = ('password', 'hash_algorithm', 'csrf_token', 'users_logins.id')
    where = {
        'users.id': users_id,
        'users_logins.headers': headers,
        'users_logins.ip_address': ip,
        'users_logins.cookie_expiry__gt': datetime.datetime.utcnow()
    }
    result = db_utils.join(conn, ('users', 'users_logins'),
                           columns=columns,
                           on=[('users.id', 'users_logins.users_id')],
                           where=where,
                           limit=1)
    if not result or len(result) == 0:
        raise ValidationError('LOGIN_REQUIRED_ERR_INVALID_USER')

    exp_auth, hash_algo, exp_csrf, login_id = result[0]
    try:
        # XXX use the hash algorithm specified in the user account
        cur_auth = get_authenticator(hash_algo, user_auth['auth'])
        if cur_auth != exp_auth:
            raise ValidationError('LOGIN_REQUIRED_ERR_INVALID_AUTH')

        # XXX always verify the CSRF token
        if user_auth['csrf'] != exp_csrf:
            logging.error("Invalid csrf: cur: %s, exp: %s" %
                          (user_auth['csrf'], exp_csrf))
            raise ValidationError('LOGIN_REQUIRED_ERR_INVALID_CSRF')
    except ValidationError, e:
        # XXX delete the compromised session and propagate the exception
        # TODO: Maybe log the attacker informations somewhere?
        # That would be useful to display some Gmail-like warnings:
        # Somebody from <somewhere> tried to access your account on <datetime>
        logging.error('Delete compromised session for id %s '
                      'with error:%s' % (login_id, str(e)))

        db_utils.delete(conn, 'users_logins', where={'id': login_id})
        raise e
Пример #3
0
    def _on_post(self, req, resp, conn, **kwargs):
        try:
            super(SensorIncomesResource, self)._on_post(req, resp, conn, **kwargs)
            order_list = req.get_param('order_list')

            if order_list:
                where = {'order_id__in': tuple(order_list)}
                delete(self.conn, 'incomes_log', where=where)
            logging.info('incomes_log_del: %s', order_list)
            return {'POST_R': {'res': RESP_RESULT.S}}
        except Exception, e:
            logging.error('incomes_log_del_err: %s', e, exc_info=True)
            return {'POST_R': {'res': RESP_RESULT.F}}
Пример #4
0
    def _on_post(self, req, resp, conn, **kwargs):
        try:
            super(SensorBoughtHistoryResource,
                  self)._on_post(req, resp, conn, **kwargs)
            id_list = req.get_param('id_list')

            if id_list:
                where = {'id__in': tuple(id_list)}
                delete(self.conn, 'bought_history', where=where)
            logging.info('bought_history_del: %s', id_list)
            return {'POST_R': {'res': RESP_RESULT.S}}
        except Exception, e:
            logging.error('bought_history_del_err: %s', e, exc_info=True)
            return {'POST_R': {'res': RESP_RESULT.F}}
Пример #5
0
    def _on_post(self, req, resp, conn, **kwargs):
        f = StringIO(req.query_string)
        data = decrypt_json_resp(f,
                                 settings.SERVER_APIKEY_URI_MAP[SERVICES.USR],
                                 settings.PRIVATE_KEY_PATH)
        f.close()

        form_params = cgi.parse_qs(data)
        for p in form_params:
            form_params[p] = form_params[p][0]
        action = form_params.get('action')
        id_user = form_params.get('id_user')
        email = form_params.get('email')
        imo = form_params.get('imo')
        mmsi = form_params.get('mmsi')

        if action not in ('add', 'delete'):
            raise ValidationError('INVALID_REQUEST')
        if not id_user or not email or not imo or not mmsi:
            raise ValidationError('INVALID_REQUEST')

        values = {
            'id_user': id_user,
            'email': email,
            'imo': imo,
            'mmsi': mmsi,
            'done': False,
        }
        if action == 'add':
            records = db_utils.select(conn,
                                      "vessel_arrival_notif",
                                      columns=("imo", "mmsi"),
                                      where=values)
            if len(records) == 0:
                db_utils.insert(conn, "vessel_arrival_notif", values=values)

        elif action == 'delete':
            db_utils.delete(conn, "vessel_arrival_notif", where=values)

        return {'res': RESP_RESULT.S}
Пример #6
0
def main():
    size = settings.HMAC_KEY_SIZE
    path = settings.HMAC_KEY_FILE_PATH
    hmac_key = os.urandom(size)

    with open(path, 'w') as f:
        f.write(hmac_key)
        f.close()
        logging.info('HMAC key updated at %s UTC: %s' %
                     (datetime.utcnow(), hmac_key))

    with db_utils.get_conn(settings.DATABASE) as conn:
        result = db_utils.delete(
            conn,
            'users_logins',
            where={'cookie_expiry__lt': datetime.utcnow()},
            returning='*')
        if result:
            logging.info('Delete expiry login sessions at %s UTC: %s' %
                         (datetime.utcnow(), result))
        else:
            logging.info('No sessions expired')
Пример #7
0
 def update(self, shipment_ids):
     where = {'id_shipment__in': tuple(shipment_ids)}
     delete(self.conn, 'free_shipping_fee', where=where)
     delete(self.conn, 'shipment_status', where=where)
     delete(self.conn, 'shipping_fee', where=where)
     delete(self.conn, 'shipping_list', where=where)
     delete(self.conn, 'shipping_supported_services', where=where)
     delete_invoices(self.conn, where)
     delete(self.conn, 'shipments', where={'id__in': tuple(shipment_ids)})
     logging.info('delete shipment %s for order modify', shipment_ids)
     self.create()
Пример #8
0
        if is_edit:
            db_utils.update(conn, 'coupons',
                            values=coupon_values,
                            where={'id': id_coupon})
        else:
            id_coupon = db_utils.insert(conn, 'coupons',
                                        values=coupon_values,
                                        returning='id')[0]

        if is_edit:
            for table in (
                'coupon_given_to', 'coupon_accepted_at', 'coupon_condition',
                'store_credit', 'coupon_discount', 'coupon_give_away',
                'coupon_gift'):
                db_utils.delete(conn, table,
                                where={'id_coupon': id_coupon})

        if id_users:
            for id_user in id_users:
                db_utils.insert(conn, 'coupon_given_to',
                                values={'id_coupon': id_coupon,
                                        'id_user': id_user})
        if id_shops:
            for id_shop in id_shops:
                db_utils.insert(conn, 'coupon_accepted_at',
                                values={'id_coupon': id_coupon,
                                        'id_shop': id_shop})

        if require and cond_list:
            for cond_values in cond_list:
                cond_values.update({'id_coupon': id_coupon})