def test_xss_arguments(self): addon = Addon.objects.get() au = AddonUser(addon=addon, user=self.user) amo.log(amo.LOG.CHANGE_USER_WITH_ROLE, au.user, au.get_role_display(), addon) log = ActivityLog.objects.get() eq_(log.to_string(), u'<script src="x.js"> role changed to Owner for ' '<a href="/en-US/firefox/addon/a3615/">Delicious Bookmarks</a>.')
def test_jinja_escaping(self): addon = Addon.objects.get() au = AddonUser(addon=addon, user=self.user) amo.log(amo.LOG.CHANGE_USER_WITH_ROLE, au.user, au.get_role_display(), addon) log = ActivityLog.objects.get() eq_(jingo.env.from_string('<p>{{ log }}</p>').render(log=log), '<p><script src="x.js"> role changed to Owner for <a' ' href="/en-US/firefox/addon/a3615/">Delicious Bookmarks</a>.</p>')
def save(self, commit=False): from addons.tasks import (create_persona_preview_image, save_persona_image) data = self.cleaned_data addon = Addon.objects.create(id=None, name=data['name'], slug=data['slug'], description=data['summary'], status=amo.STATUS_PENDING, type=amo.ADDON_PERSONA) addon._current_version = Version.objects.create(addon=addon, version='0') addon.save() # Save header, footer, and preview images. try: header = data['header_hash'] footer = data['footer_hash'] header = os.path.join(settings.TMP_PATH, 'persona_header', header) footer = os.path.join(settings.TMP_PATH, 'persona_footer', footer) dst = os.path.join(settings.PERSONAS_PATH, str(addon.id)) save_persona_image(src=header, dst=dst, img_basename='header.jpg') save_persona_image(src=footer, dst=dst, img_basename='footer.jpg') create_persona_preview_image(src=header, dst=dst, img_basename='preview.jpg', set_modified_on=[addon]) except IOError: addon.delete() raise IOError # Save user info. user = self.request.amo_user AddonUser(addon=addon, user=user).save() # Create Persona instance. p = Persona() p.persona_id = 0 p.addon = addon p.header = 'header' p.footer = 'footer' if data['accentcolor']: p.accentcolor = data['accentcolor'].lstrip('#') if data['textcolor']: p.textcolor = data['textcolor'].lstrip('#') p.license_id = data['license'] p.submit = datetime.now() p.author = user.name p.display_username = user.username p.save() # Save categories. tb_c, created = Category.objects.get_or_create( application_id=amo.THUNDERBIRD.id, name__id=data['category'].name.id, type=amo.ADDON_PERSONA) AddonCategory(addon=addon, category=data['category']).save() AddonCategory(addon=addon, category=tb_c).save() return addon
def test_xss_arguments_and_escaping(self): addon = Addon.objects.get() addon.name = 'Delicious <script src="x.js">Bookmarks' addon.save() addon = addon.reload() au = AddonUser(addon=addon, user=self.user) amo.log(amo.LOG.CHANGE_USER_WITH_ROLE, au.user, au.get_role_display(), addon) log = ActivityLog.objects.get() log_expected = ('yolo role changed to Owner for <a href="/en-US/' 'firefox/addon/a3615/">Delicious <script src=' '"x.js">Bookmarks</a>.') eq_(log.to_string(), log_expected) eq_(jingo.env.from_string('<p>{{ log }}</p>').render({'log': log}), '<p>%s</p>' % log_expected)
def package(request): form = forms.NewWebappForm(request.POST or None, is_packaged=True) if request.method == 'POST' and form.is_valid(): addon = Addon.from_upload( form.cleaned_data['upload'], [Platform.objects.get(id=amo.PLATFORM_ALL.id)], is_packaged=True) if addon.has_icon_in_manifest(): # Fetch the icon, do polling. addon.update(icon_type='image/png') tasks.fetch_icon.delay(addon) else: # In this case there is no need to do any polling. addon.update(icon_type='') AddonUser(addon=addon, user=request.amo_user).save() AppSubmissionChecklist.objects.create(addon=addon, terms=True, manifest=True) return redirect('submit.app.details', addon.app_slug) return jingo.render(request, 'submit/upload.html', { 'form': form, 'step': 'manifest', })
def create(self, request): if not waffle.flag_is_active(request, 'accept-webapps'): return rc.BAD_REQUEST form = NewManifestForm(request.POST) if form.is_valid(): # This feels like an awful lot of work. # But first upload the file and do the validation. upload = FileUpload.objects.create() tasks.fetch_manifest(form.cleaned_data['manifest'], upload.pk) # We must reget the object here since the above has # saved changes to the object. upload = FileUpload.uncached.get(pk=upload.pk) # Check it validated correctly. if settings.VALIDATE_ADDONS: validation = json.loads(upload.validation) if validation['errors']: response = rc.BAD_REQUEST response.write(validation) return response # Fetch the addon, the icon and set the user. addon = Addon.from_upload(upload, [Platform.objects.get(id=amo.PLATFORM_ALL.id)]) tasks.fetch_icon(addon) AddonUser(addon=addon, user=request.amo_user).save() addon.update(status=amo.STATUS_PENDING if settings.WEBAPPS_RESTRICTED else amo.STATUS_PUBLIC) else: return _form_error(form) return addon
def obj_create(self, bundle, request, **kwargs): form = UploadForm(bundle.data) if not request.amo_user.read_dev_agreement: log.info(u'Attempt to use API without dev agreement: %s' % request.amo_user.pk) raise http_error(http.HttpUnauthorized, 'Terms of service not accepted.') if not form.is_valid(): raise self.form_errors(form) if not (OwnerAuthorization() .is_authorized(request, object=form.obj)): raise http_error(http.HttpForbidden, 'You do not own that app.') plats = [Platform.objects.get(id=amo.PLATFORM_ALL.id)] # Create app, user and fetch the icon. bundle.obj = Addon.from_upload(form.obj, plats, is_packaged=form.is_packaged) AddonUser(addon=bundle.obj, user=request.amo_user).save() self._icons_and_images(bundle.obj) record_action('app-submitted', request, {'app-id': bundle.obj.pk}) log.info('App created: %s' % bundle.obj.pk) return bundle
def manifest(request): # TODO: Have decorator handle the redirection. user = UserProfile.objects.get(pk=request.user.id) if not user.read_dev_agreement: # And we start back at one... return redirect('submit.app') form = forms.NewWebappForm(request.POST or None) if request.method == 'POST' and form.is_valid(): data = form.cleaned_data plats = [Platform.objects.get(id=amo.PLATFORM_ALL.id)] addon = Addon.from_upload(data['upload'], plats) if addon.has_icon_in_manifest(): # Fetch the icon, do polling. addon.update(icon_type='image/png') tasks.fetch_icon.delay(addon) else: # In this case there is no need to do any polling. addon.update(icon_type='') AddonUser(addon=addon, user=request.amo_user).save() # Checking it once. Checking it twice. AppSubmissionChecklist.objects.create(addon=addon, terms=True, manifest=True) return redirect('submit.app.details', addon.app_slug) return jingo.render(request, 'submit/manifest.html', { 'step': 'manifest', 'form': form, })
def save(self, commit=False): from .tasks import create_persona_preview_image, save_persona_image # We ignore `commit`, since we need it to be `False` so we can save # the ManyToMany fields on our own. addon = super(NewPersonaForm, self).save(commit=False) addon.status = amo.STATUS_UNREVIEWED addon.type = amo.ADDON_PERSONA addon.save() addon._current_version = Version.objects.create(addon=addon, version='0') addon.save() amo.log(amo.LOG.CREATE_ADDON, addon) log.debug('New persona %r uploaded' % addon) data = self.cleaned_data header = data['header_hash'] footer = data['footer_hash'] header = os.path.join(settings.TMP_PATH, 'persona_header', header) footer = os.path.join(settings.TMP_PATH, 'persona_footer', footer) dst = os.path.join(settings.PERSONAS_PATH, str(addon.id)) # Save header, footer, and preview images. save_persona_image(src=header, dst=dst, img_basename='header.jpg') save_persona_image(src=footer, dst=dst, img_basename='footer.jpg') create_persona_preview_image(src=header, dst=dst, img_basename='preview.jpg', set_modified_on=[addon]) # Save user info. user = self.request.amo_user AddonUser(addon=addon, user=user).save() p = Persona() p.persona_id = 0 p.addon = addon p.header = 'header' p.footer = 'footer' if data['accentcolor']: p.accentcolor = data['accentcolor'].lstrip('#') if data['textcolor']: p.textcolor = data['textcolor'].lstrip('#') p.license_id = data['license'] p.submit = datetime.now() p.author = user.name p.display_username = user.username p.save() # Save tags. for t in data['tags']: Tag(tag_text=t).save_tag(addon) # Save categories. tb_c = Category.objects.get(application=amo.THUNDERBIRD.id, name__id=data['category'].name_id) AddonCategory(addon=addon, category=data['category']).save() AddonCategory(addon=addon, category=tb_c).save() return addon
def test_contribute_multiple_devs(self): a = Addon.objects.get(pk=592) u = UserProfile.objects.get(pk=999) AddonUser(addon=a, user=u).save() r = self.client.get(reverse('addons.meet', args=['a592'])) # Make sure it has multiple devs. assert pq(r.content)('.section-teaser') assert pq(r.content)('#contribute-button')
def manifest(request): form = forms.NewWebappForm(request.POST or None, request=request) features_form = forms.AppFeaturesForm(request.POST or None) features_form_valid = features_form.is_valid() if (request.method == 'POST' and form.is_valid() and features_form_valid): with transaction.commit_on_success(): addon = Addon.from_upload( form.cleaned_data['upload'], [Platform.objects.get(id=amo.PLATFORM_ALL.id)], is_packaged=form.is_packaged()) # Set the device type. for device in form.get_devices(): addon.addondevicetype_set.get_or_create(device_type=device.id) # Set the premium type, only bother if it's not free. premium = form.get_paid() if premium: addon.update(premium_type=premium) if addon.has_icon_in_manifest(): # Fetch the icon, do polling. addon.update(icon_type='image/png') else: # In this case there is no need to do any polling. addon.update(icon_type='') AddonUser(addon=addon, user=request.amo_user).save() # Checking it once. Checking it twice. AppSubmissionChecklist.objects.create(addon=addon, terms=True, manifest=True, details=False) # Create feature profile. addon.current_version.features.update(**features_form.cleaned_data) # Call task outside of `commit_on_success` to avoid it running before # the transaction is committed and not finding the app. tasks.fetch_icon.delay(addon) return redirect('submit.app.details', addon.app_slug) return render( request, 'submit/manifest.html', { 'step': 'manifest', 'features_form': features_form, 'form': form, 'DEVICE_LOOKUP': DEVICE_LOOKUP })
def submit_addon(request, step): if DEV_AGREEMENT_COOKIE not in request.COOKIES: return redirect('devhub.submit.1') form = forms.NewAddonForm(request.POST or None) if request.method == 'POST': if form.is_valid(): data = form.cleaned_data p = (list(data['desktop_platforms']) + list(data['mobile_platforms'])) addon = Addon.from_upload(data['upload'], p) AddonUser(addon=addon, user=request.amo_user).save() SubmitStep.objects.create(addon=addon, step=3) return redirect('devhub.submit.3', addon.slug) return jingo.render(request, 'devhub/addons/submit/upload.html', {'step': step, 'new_addon_form': form})
def obj_create(self, bundle, request, **kwargs): form = UploadForm(bundle.data) if not form.is_valid(): raise self.form_errors(form) if not (OwnerAuthorization().is_authorized(request, object=form.obj)): raise ImmediateHttpResponse(response=http.HttpForbidden()) plats = [Platform.objects.get(id=amo.PLATFORM_ALL.id)] # Create app, user and fetch the icon. bundle.obj = Webapp.from_upload(form.obj, plats) AddonUser(addon=bundle.obj, user=request.amo_user).save() tasks.fetch_icon.delay(bundle.obj) log.info('App created: %s' % bundle.obj.pk) return bundle
def create_addon(self, license=None): data = self.cleaned_data a = Addon(guid=data['guid'], name=data['name'], type=data['type'], status=amo.STATUS_UNREVIEWED, homepage=data['homepage'], summary=data['summary']) a.save() AddonUser(addon=a, user=self.request.amo_user).save() self.addon = a # Save Version, attach License self.create_version(license=license) amo.log(amo.LOG.CREATE_ADDON, a) log.info('Addon %d saved' % a.id) return a
def create(self, request, *args, **kwargs): uuid = request.DATA.get('upload', '') if uuid: is_packaged = True else: uuid = request.DATA.get('manifest', '') is_packaged = False if not uuid: raise serializers.ValidationError( 'No upload or manifest specified.') try: upload = FileUpload.objects.get(uuid=uuid) except FileUpload.DoesNotExist: raise exceptions.ParseError('No upload found.') if not upload.valid: raise exceptions.ParseError('Upload not valid.') if not request.amo_user.read_dev_agreement: log.info(u'Attempt to use API without dev agreement: %s' % request.amo_user.pk) raise exceptions.PermissionDenied('Terms of Service not accepted.') if not (upload.user and upload.user.pk == request.amo_user.pk): raise exceptions.PermissionDenied('You do not own that app.') plats = [Platform.objects.get(id=amo.PLATFORM_ALL.id)] # Create app, user and fetch the icon. obj = Webapp.from_upload(upload, plats, is_packaged=is_packaged) AddonUser(addon=obj, user=request.amo_user).save() tasks.fetch_icon.delay(obj) record_action('app-submitted', request, {'app-id': obj.pk}) log.info('App created: %s' % obj.pk) data = AppSerializer( context=self.get_serializer_context()).to_native(obj) return response.Response( data, status=201, headers={'Location': reverse('app-detail', kwargs={'pk': obj.pk})})
def obj_create(self, bundle, request, **kwargs): form = UploadForm(bundle.data) if not form.is_valid(): raise self.form_errors(form) if not (OwnerAuthorization().is_authorized(request, object=form.obj)): raise ImmediateHttpResponse(response=http.HttpForbidden()) plats = [Platform.objects.get(id=amo.PLATFORM_ALL.id)] # Create app, user and fetch the icon. bundle.obj = Addon.from_upload(form.obj, plats, is_packaged=form.is_packaged) AddonUser(addon=bundle.obj, user=request.amo_user).save() self._icons_and_images(bundle.obj) record_action('app-submitted', request, {'app-id': bundle.obj.pk}) log.info('App created: %s' % bundle.obj.pk) return bundle
def manifest(request): form = forms.NewWebappForm(request.POST or None) if request.method == 'POST' and form.is_valid(): addon = Addon.from_upload( form.cleaned_data['upload'], [Platform.objects.get(id=amo.PLATFORM_ALL.id)], is_packaged=form.is_packaged()) # Set the device type. for device in form.get_devices(): addon.addondevicetype_set.get_or_create(device_type=device.id) # Set the premium type, only bother if it's not free. premium = form.get_paid() if premium: addon.update(premium_type=premium) if addon.has_icon_in_manifest(): # Fetch the icon, do polling. addon.update(icon_type='image/png') tasks.fetch_icon.delay(addon) else: # In this case there is no need to do any polling. addon.update(icon_type='') AddonUser(addon=addon, user=request.amo_user).save() # Checking it once. Checking it twice. AppSubmissionChecklist.objects.create(addon=addon, terms=True, manifest=True) return redirect('submit.app.details', addon.app_slug) return jingo.render(request, 'submit/manifest.html', { 'step': 'manifest', 'form': form, 'DEVICE_LOOKUP': DEVICE_LOOKUP })
log.info('[@None] Skipping language pack "%s": ' 'not owned by %s' % (xpi, settings.LANGPACK_OWNER_EMAIL)) continue version = Version.from_upload(upload, addon, PLATFORMS) log.info('[@None] Updating language pack "%s" to version %s' % (xpi, data['version'])) else: if amo.VERSION_BETA.search(data['version']): log.error('[@None] Not creating beta version %s for new "%s" ' 'language pack' % (data['version'], xpi)) continue addon = Addon.from_upload(upload, PLATFORMS) AddonUser(addon=addon, user=owner).save() version = addon.versions.get() addon.status = amo.STATUS_PUBLIC if addon.default_locale.lower() == lang.lower(): addon.target_locale = addon.default_locale addon.save() log.info('[@None] Creating new "%s" language pack, version %s' % (xpi, data['version'])) # Version.from_upload will do this automatically, but only # if the add-on is already public, which it may not be in # the case of new add-ons status = amo.STATUS_PUBLIC
def test_contribute_multiple_devs(self): a = Addon.objects.get(pk=592) u = UserProfile.objects.get(pk=999) AddonUser(addon=a, user=u).save() r = self.client.get(reverse('addons.meet', args=['a592'])) eq_(pq(r.content)('#contribute-button').length, 1)
def save(self, commit=False): from addons.tasks import (create_persona_preview_images, save_persona_image) data = self.cleaned_data addon = Addon.objects.create(slug=data.get('slug'), status=amo.STATUS_PENDING, type=amo.ADDON_PERSONA) addon.name = {'en-US': data['name']} if data.get('summary'): addon.description = {'en-US': data['summary']} addon._current_version = Version.objects.create(addon=addon, version='0') addon.save() # Save header, footer, and preview images. try: header = data['header_hash'] footer = data['footer_hash'] header = os.path.join(settings.TMP_PATH, 'persona_header', header) footer = os.path.join(settings.TMP_PATH, 'persona_footer', footer) dst_root = os.path.join(settings.ADDONS_PATH, str(addon.id)) save_persona_image.delay(src=header, full_dst=os.path.join( dst_root, 'header.png')) save_persona_image.delay(src=footer, full_dst=os.path.join( dst_root, 'footer.png')) create_persona_preview_images.delay( src=header, full_dst=[ os.path.join(dst_root, 'preview.png'), os.path.join(dst_root, 'icon.png') ], set_modified_on=[addon]) except IOError: addon.delete() raise # Save user info. user = self.request.amo_user AddonUser(addon=addon, user=user).save() # Create Persona instance. p = Persona() p.persona_id = 0 p.addon = addon p.header = 'header.png' p.footer = 'footer.png' if data['accentcolor']: p.accentcolor = data['accentcolor'].lstrip('#') if data['textcolor']: p.textcolor = data['textcolor'].lstrip('#') p.license = data['license'] p.submit = datetime.now() p.author = user.name p.display_username = user.username p.save() # Save tags. for t in data['tags']: Tag(tag_text=t).save_tag(addon) # Save categories. AddonCategory(addon=addon, category=data['category']).save() return addon