class TempToken():
def __init__(self, request, context=None):
self.request: Request = request
self.secret = request.registry.settings['secret_key']
@view(require_csrf=False)
def post(self):
return self._post(self.request)
@staticmethod
@validate(valid_api_token,
has_keywords_in_json_path(('token', str)))
def _post(request):
token = request.json_body['token']
if check_jwt(request, token):
payload = request.validated['token-payload']
if 'sub' in payload:
del payload['sub']
del payload['exp']
del payload['iat']
response = request.response
response.content_type = "text/plain"
response.text = encode_payload(request, payload)
return response
def test_has_multiple_keywords(self):
request = construct_dummy_request({'string': 'foo', 'bool': True})
response = has_keywords_in_json_path(('string', str),
('bool', bool))(request)
self.assertTrue(response)
self.assertIn('string', request.validated)
self.assertIn('bool', request.validated)
def test_has_number_keywords(self):
request = construct_dummy_request(json_body={'int': 4, 'float': 4.0})
response = has_keywords_in_json_path(('int', int),
('float', float))(request)
self.assertTrue(response)
self.assertIn('int', request.validated)
self.assertIn('float', request.validated)
def valid_new_issue(request):
"""
Verifies given data for a new issue
:param request:
:return:
"""
fn_validator = has_keywords_in_json_path(('title', str), ('info', str),
('long_info', str))
if not fn_validator(request):
return False
title = escape_if_string(request.validated, 'title')
info = escape_if_string(request.validated, 'info')
long_info = escape_if_string(request.validated, 'long_info')
new_issue = __check_for_empty_fields(title=title,
info=info,
long_info=long_info,
request=request)
if new_issue.get('contains_empty_field'):
add_error(request, 'There is an empty field', new_issue.get('error'))
return False
new_issue = __check_for_duplicated_field(title=title,
info=info,
long_info=long_info,
request=request)
if new_issue.get('contains_duplicated_field'):
add_error(request, 'Issue data is a duplicate', new_issue.get('error'))
return False
return True
def test_has_keywords():
request = construct_dummy_request()
fn = core.has_keywords_in_json_path(('foo', int))
response = fn(request)
assert type(response) == bool
assert response is False
request = construct_dummy_request({'foo': 'bar'})
fn = core.has_keywords_in_json_path(('foo', int))
response = fn(request)
assert type(response) == bool
assert response is False
request = construct_dummy_request({'foo': 2})
fn = core.has_keywords_in_json_path(('foo', int))
response = fn(request)
assert type(response) == bool
assert response is True
class ApiUser(object):
def __init__(self, request, context=None):
self.request = request
@staticmethod
def external_view(db_user: User):
return {
'id': db_user.uid,
'nickname': db_user.public_nickname
}
def get(self):
db_user: User = DBDiscussionSession.query(User).get(int(self.request.matchdict['id']))
if db_user:
return ApiUser.external_view(db_user)
else:
self.request.response.status = 404
return "This user-id does not exist."
@staticmethod
def collection_get():
db_users: List[User] = DBDiscussionSession.query(User).all()
return [ApiUser.external_view(db_user) for db_user in db_users]
@view(require_csrf=False)
def collection_post(self):
return self._collection_post(self.request)
@staticmethod
@validate(valid_api_token,
has_keywords_in_json_path(('firstname', str), ('lastname', str), ('nickname', str), ('email', str),
('gender', str),
('id', int), ('locale', str), ('service', str)))
def _collection_post(request):
result = set_new_oauth_user(request.json_body,
request.json_body['id'],
request.json_body['service'],
Translator(request.json_body['locale']))
if result["success"]:
request.response.status = 201
return {"id": result["user"].uid}
else:
request.response.status = 400
return result["error"]
def valid_user_as_author_of_statement(request):
"""
:param request:
:return:
"""
if not has_keywords_in_json_path(('statement_id', int))(request):
return False
statement_id = request.validated['statement_id']
if valid_user(request):
db_user = request.validated['user']
db_textversion = DBDiscussionSession.query(TextVersion) \
.filter_by(statement_uid=statement_id) \
.order_by(TextVersion.uid.asc()).first()
if db_textversion and db_textversion.author_uid == db_user.uid:
request.validated['statement'] = DBDiscussionSession.query(Statement).get(statement_id)
return True
else:
_tn = Translator(get_language_from_cookie(request))
add_error(request, _tn.get(_.userIsNotAuthorOfStatement))
return False
ref_uid = request.validated["ref_uid"]
LOG.debug("Retrieving reference usages for ref_uid {}".format(ref_uid))
db_ref: StatementReference = DBDiscussionSession.query(
StatementReference).get(ref_uid)
if db_ref:
return get_all_references_by_reference_text(db_ref.text)
return error("Reference could not be found")
# =============================================================================
# USER MANAGEMENT
# =============================================================================
@login.post(require_csrf=False)
@validate(has_keywords_in_json_path(('nickname', str), ('password', str)),
validate_credentials)
def user_login(request):
"""
Check provided credentials and return a token, if it is a valid user. The function body is only executed,
if the validator added a request.validated field.
:param request:
:return: token and nickname
"""
user: User = request.validated['user']
LOG.debug('User authenticated: {}'.format(user.public_nickname))
return {
'nickname': user.public_nickname,
'uid': user.uid,
'token': request.validated['token']
def test_has_keywords_with_wrong_type(self):
request = construct_dummy_request(json_body={'int': 4})
response = has_keywords_in_json_path(('int', float))(request)
self.assertFalse(response)
self.assertNotIn('int', request.validated)
def test_has_keywords_without_keyword(self):
request = construct_dummy_request(json_body={'foo': 42})
response = has_keywords_in_json_path(('bar', int))(request)
self.assertFalse(response)
self.assertNotIn('bar', request.validated)
def test_empty_dummy_request(self):
request = construct_dummy_request(json_body={})
fn = core.has_keywords_in_json_path(('foo', int))
response = fn(request)
self.assertIsInstance(response, bool)
self.assertFalse(response)
def test_has_list_keywords(self):
request = construct_dummy_request(json_body={'list': ['<:)']})
response = has_keywords_in_json_path(('list', list))(request)
self.assertTrue(response)
self.assertIn('list', request.validated)
@validate(valid_user)
def delete_statistics(request):
"""
Request to delete votes/clicks of the user.
:param request: request of the web server
:return: json-dict()
"""
LOG.debug("Delete votes and clicks of a user")
db_user = request.validated['user']
return clear_vote_and_seen_values_of_user(db_user)
@view_config(route_name='set_discussion_properties', renderer='json')
@validate(valid_user, valid_any_issue_by_id,
has_keywords_in_json_path(('property', bool), ('value', str)))
def set_discussion_properties(request):
"""
Set availability, read-only, ... flags in the admin panel.
:param request: current request of the server
:return: json-dict()
"""
LOG.debug("Request.params: %s", request.json_body)
_tn = Translator(get_language_from_cookie(request))
prop = request.validated['property']
db_user = request.validated['user']
issue = request.validated['issue']
value = request.validated['value']
return set_discussions_properties(db_user, issue, prop, value, _tn)
def test_has_one_keyword(self):
request = construct_dummy_request(json_body={'string': 'foo'})
response = has_keywords_in_json_path(('string', str))(request)
self.assertTrue(response)
self.assertIn('string', request.validated)
# ajax - set users opinion
# ###################################
# ADDTIONAL AJAX STUFF # GET THINGS #
# ###################################
# ajax - getting changelog of a statement
# ajax - for shorten url
@view_config(route_name='get_shortened_url', renderer='json')
@validate(has_keywords_in_json_path(('url', str)))
def get_shortened_url(request):
"""
Shortens url with the help of a python lib
:param request: current request of the server
:return: dictionary with shortend url
"""
LOG.debug("Shorten URL")
return generate_short_url(request.validated['url'])
# ajax - for getting all news
@view_config(route_name='get_news', renderer='json')
def get_news(request):
"""
:rtype: list
"""
ref_uid = request.validated["ref_uid"]
LOG.debug(f"Retrieving reference usages for ref_uid {ref_uid}")
db_ref: StatementReference = DBDiscussionSession.query(StatementReference).get(ref_uid)
if db_ref:
return get_all_references_by_reference(db_ref)
return HTTPNotFound("Reference could not be found")
# =============================================================================
# USER MANAGEMENT
# =============================================================================
@login.post(require_csrf=False)
@validate(has_keywords_in_json_path(('nickname', str), ('password', str)), validate_credentials)
def user_login(request):
"""
Check provided credentials and return a token, if it is a valid user. The function body is only executed,
if the validator added a request.validated field.
:param request:
:return: token and nickname
"""
user: User = request.validated['user']
LOG.debug('User authenticated: {}'.format(user.public_nickname))
return {
'nickname': user.public_nickname,
'uid': user.uid,
'token': request.validated['token']
}
def test_provided_int_expected_int_should_succeed(self):
request = construct_dummy_request(json_body={'foo': 2})
fn = core.has_keywords_in_json_path(('foo', int))
response = fn(request)
self.assertIsInstance(response, bool)
self.assertTrue(response)
from dbas.review.queue.split import SplitQueue
from dbas.strings.translator import Translator
from dbas.validators.core import validate, has_keywords_in_json_path, has_maybe_keywords
from dbas.validators.database import valid_database_model
from dbas.validators.discussion import valid_premisegroup, valid_text_values, valid_statement, valid_argument
from dbas.validators.reviews import valid_review_reason, valid_not_executed_review, valid_uid_as_row_in_review_queue
from dbas.validators.user import valid_user, valid_user_as_author, valid_user_as_author_of_statement, \
valid_user_as_author_of_argument
from websocket.lib import send_request_for_recent_reviewer_socketio
LOG = logging.getLogger(__name__)
@view_config(route_name='flag_argument_or_statement', renderer='json')
@validate(valid_user, valid_review_reason,
has_keywords_in_json_path(('uid', int), ('is_argument', bool)),
has_maybe_keywords(('extra_uid', int, None)))
def flag_argument_or_statement(request):
"""
Flags an argument or statement for a specific reason
:param request: current request of the server
:return: json-dict()
"""
LOG.debug("Flag an argument or statement. %s", request.json_body)
ui_locales = get_discussion_language(request.matchdict, request.params,
request.session)
uid = request.validated['uid']
reason = request.validated['reason']
extra_uid = request.validated['extra_uid']
is_argument = request.validated['is_argument']
return {
'language': str(ui_locales),
'title': 'Admin - ' + table_name,
'project': project_name,
'extras': extras_dict,
'table': table_dict,
'discussion': {
'broke_limit': False
}
}
@update_row.post()
@validate(valid_user_as_admin, valid_table_name,
has_keywords_in_json_path(('keys', list), ('uids', list),
('values', list)))
def main_update(request):
"""
View configuration for updating any row
:param request: current webservers request
:return: dict()
"""
LOG.debug("def %s", request.params)
table = request.validated['table']
uids = request.validated['uids']
keys = request.validated['keys']
values = request.validated['values']
return lib.update_row(table, uids, keys, values)
:param request: current request of the server
:return: dict() with success and message
"""
LOG.debug("Register new user via AJAX. %s", request.json_body)
mailer = request.mailer
lang = request.validated['lang']
success, info, new_user = register_user_with_json_data(
request.validated, lang, mailer)
return {'success': str(success), 'error': '', 'info': str(info)}
@view_config(route_name='user_password_request', renderer='json')
@validate(valid_lang_cookie_fallback, has_keywords_in_json_path(
('email', str)))
def user_password_request(request):
"""
Sends an email, when the user requests his password
:param request: current request of the server
:return: dict() with success and message
"""
LOG.debug("Send a password request E-Mail. %s", request.json_body)
_tn = Translator(request.validated['lang'])
return request_password(request.validated['email'], request.mailer, _tn)
@view_config(route_name='set_user_setting', renderer='json')
@validate(valid_user,
has_keywords_in_json_path(('settings_value', bool),
from dbas.handler.settings import set_settings
from dbas.helper.query import set_user_language
from dbas.strings.keywords import Keywords as _
from dbas.strings.translator import Translator
from dbas.validators.common import valid_lang_cookie_fallback
from dbas.validators.core import has_keywords_in_json_path, has_maybe_keywords, validate
from dbas.validators.notifications import valid_notification_title, valid_notification_text, \
valid_notification_recipient
from dbas.validators.user import valid_user
LOG = logging.getLogger(__name__)
@view_config(request_method='POST', route_name='user_login', renderer='json')
@validate(
has_keywords_in_json_path(('user', str), ('password', str),
('keep_login', bool)),
has_maybe_keywords(('redirect_url', str, '')))
def user_login(request):
"""
Will login the user by his nickname and password
:param request: request of the web server
:return: dict() with error
"""
LOG.debug("Login user with Nickname and Password")
lang = get_language_from_cookie(request)
nickname = request.validated['user']
password = request.validated['password']
keep_login = request.validated['keep_login']
redirect_url = request.validated['redirect_url']
return_dict = graph
return_dict.update({'type': 'complete'})
if not error:
return_dict.update({'path': get_path_of_user(request.application_url, path, db_issue)})
return_dict.update({'error': ''})
else: # gets called if the data itself is malicious
ui_locales = get_language_from_cookie(request)
_t = Translator(ui_locales)
error = _t.get(_.internalKeyError)
return_dict = {'error': error}
return return_dict
@partial_graph.post()
@validate(valid_issue_by_id, has_keywords_in_json_path(('uid', int), ('is_argument', bool), ('path', str)))
def get_d3_partial_dump(request):
LOG.debug("Create partial d3 dump. %s", request.json_body)
path = request.validated['path']
uid = request.validated['uid']
is_argument = request.validated['is_argument']
db_issue = request.validated['issue']
return_dict = {
'type': 'partial'
}
if is_argument:
graph, error = get_partial_graph_for_argument(uid, db_issue)
else:
graph, error = get_partial_graph_for_statement(uid, db_issue, path)
def test_provided_string_expected_int_should_fail(self):
request = construct_dummy_request(json_body={'foo': 'bar'})
fn = core.has_keywords_in_json_path(('foo', int))
response = fn(request)
self.assertIsInstance(response, bool)
self.assertFalse(response)
