Пример #1
0
 def get(self):
     assert self.current_user
     origin = self.get_argument("origin", None)
     session = model.Session()
     actions_param = self.get_argument("actions", None)
     where = [model.UserConsent.user_id==self.current_user]
     if origin is not None:
         where.append(model.UserConsent.origin==origin)
     if actions_param is not None:
         actions = actions_param.split(",")
         where.append(model.UserConsent.operation.in_(actions))
     existing = session.query(model.UserConsent).filter(
                     and_(*where)).all()
     result = {}
     for e in existing:
         origin_result = result.setdefault(e.origin, {})
         origin_result[e.operation] = e.allowed
     # work out if we are trying to serve up the html ui or just the data.
     accepts = urllib2.parse_http_list(self.request.headers.get("Accept", ""))
     try:
         json_ndx = accepts.index("application/json")
     except ValueError:
         json_ndx = 10000
     try:
         html_ndx = accepts.index("text/html")
     except ValueError:
         html_ndx = 10000
     if html_ndx < json_ndx:
         self.render("consent.html", consent_items=result)
     else:
         self.write(result)
Пример #2
0
def ban_check(numip, name, subject, comment):
    '''This function raises an exception if the IP address is banned, or
    the post contains a forbidden (non-spam) string. It otherwise returns
    nothing.'''

    session = model.Session()
    table = model.admin

    # IP Banned?
    sql = table.select().where(and_(table.c.type == 'ipban',
                                    table.c.ival1.op('&')(table.c.ival2) \
                                        == table.c.ival2.op('&')(numip)))
    ip_row = session.execute(sql).fetchone()

    if ip_row:
        raise WakaError('Address %s banned. Reason: %s' % \
            (misc.dec_to_dot(numip), ip_row.comment))

    # To determine possible string bans, first normalize input to lowercase.
    comment = comment.lower()
    subject = subject.lower()
    name = name.lower()

    sql = select([table.c.sval1], table.c.type == 'wordban')
    query = session.execute(sql)

    for row in query:
        bad_string = row.sval1.lower()
        if comment.count(bad_string) or subject.count(bad_string) or \
                name.count(bad_string):
            raise WakaError(strings.STRREF)
Пример #3
0
 def post(self):
     assert self.current_user
     session = model.Session()
     origin = self.get_argument("origin")
     for operation, values in self.request.arguments.iteritems():
         if operation=="origin": # gross...
             continue
         print "HAVE OPERATION", operation, values
         if values[0]=='null':
             allowed = None
         else:
             allowed = values[0]=='true'
         try:
             existing = session.query(model.UserConsent).filter(
                 and_(model.UserConsent.user_id==self.current_user,
                      model.UserConsent.origin==origin,
                      model.UserConsent.operation==operation
                     )).one()
         except NoResultFound:
             if allowed is not None:
                 uc = model.UserConsent(self.current_user, origin, operation, allowed)
                 session.add(uc)
         else:
             if allowed is None:
                 # request to 'unremember'
                 session.delete(existing)
             else:
                 existing.allowed = allowed
     session.commit()
     self.write("<html><body>permissions updated</body></html>")
Пример #4
0
 def get(self, req_type):
     if req_type == "request":
         got = self.request_access()
         if got is not None:
             self.write(got)
     elif req_type == "verify":
         data = self.verify()
         identifier = data['profile']['identifier']
         session = model.Session()
         # XXX - should update profile info?
         existing = model.identity(session, identifier)
         if not existing:
             # Must be a new user.
             user = model.User()
             session.add(user)
             dn = data['profile']['displayName']
             provider = data['profile']['provider']
             identity = model.Identity(identifier, user, dn, provider)
             session.add(identity)
         elif len(existing) == 1:
             identity = existing[0]
         else:
             raise AssertionError("more than one identity??")
         self.set_secure_cookie('uid', str(identity.user_id))
         identity.verifiedNow()
         session.commit()
         req_return_to = self.get_secure_cookie('req_return_to')
         self.clear_cookie('req_return_to')
         if not req_return_to:
             req_return_to = "/"
         self.redirect(req_return_to)
     else:
         raise tornado.web.HTTPError(404)
Пример #5
0
def remove_old_backups():
    session = model.Session()
    table = model.backup
    sql = table.select().where(table.c.timestampofarchival.op('+')\
                               (config.POST_BACKUP_EXPIRE) <= time.time())
    query = session.execute(sql)

    for row in query:
        board_obj = board.Board(row['board_name'])
        backup_path = os.path.join(board_obj.path,
                                   board_obj.options['ARCHIVE_DIR'],
                                   board_obj.options['BACKUP_DIR'], '')
        if row.image:
            # Delete backup image; then, mark post for deletion.
            filename = os.path.join(backup_path, os.path.basename(row.image))
            if os.path.exists(filename):
                os.unlink(filename)
        if row.thumbnail \
                and re.match(board_obj.options['THUMB_DIR'], row.thumbnail):
            filename = os.path.join(backup_path,
                                    os.path.basename(row.thumbnail))
            if os.path.exists(filename):
                os.unlink(filename)

    # Perform SQL DELETE
    sql = table.delete().where(table.c.timestampofarchival.op('+')\
                              (config.POST_BACKUP_EXPIRE) <= time.time())
    session.execute(sql)
Пример #6
0
def doUpdates():
    """ Function of the script to be ran every 30 minutes or every hour under
    lock protection.

    Open connection to the validator and obtain data.
    Count stats and run updates to the DB.
    """

    # open RIPE validator connection
    apiep = RIPEValidatorConnector.RPKIValidatorAPI()

    # get current metadata
    bgpprev = apiep.getBGPPreview()
    totalCount, lastModified = apiep.decodeBGPPreviewMeta(bgpprev)

    # get current time
    currTime = int(time.time())
    ts = datetime.datetime.fromtimestamp(currTime)
    w("Running update at %s (%d)" % (str(ts), currTime))

    # test if metadata makes sense
    if lastModified > currTime:
        raise Exception("Validator returned last modified time in future: %d" %
                        lastModified)

    w("Validator returned: lastModified=%d (%s) totalCount=%d" %
      (lastModified, str(
          datetime.datetime.fromtimestamp(lastModified)), totalCount))

    # open DB connection
    sess = model.Session()

    # test if date point is linear in time
    if ts > getLastUpdate(sess):
        stats = defaultdict(lambda: 0)
        conflicts = {}

        # extract data from validator response
        data = apiep.extractBGPPreviewData(bgpprev)
        for dr in data:
            asn, pfx, val = apiep.decodeBGPPrevRow(dr)
            stats[val] += 1
            if val >= RIPEValidatorConnector.RPKIValidatorAPI.RPKI_INVALID_ASN:
                conflicts[(asn, pfx)] = val

        # update conflict records
        updateRPKIRecords(sess, conflicts, ts)
        # update stats
        appendCurrentStats(sess, stats, ts)

        # finish
        sess.commit()
        sess.close()
    else:
        w("DB last datapoint in future. Skipping datapoint.")
        sess.close()

    endTime = time.time()
    w("Finished update at %s (%d)" %
      (str(datetime.datetime.fromtimestamp(endTime)), endTime))
Пример #7
0
def remove_admin_entry(task_data, num, override_log=False, no_redirect=False):
    session = model.Session()
    table = model.admin
    sql = table.select().where(table.c.num == num)
    row = session.execute(sql).fetchone()

    if not row:
        raise WakaError('Entry not found. Deleted?')

    ival1 = row['ival1']
    ip = misc.dec_to_dot(ival1) if ival1 else ''
    string_val = row['sval1']

    if row['total']:
        remove_htaccess_entry(ip)

    sql = table.delete().where(table.c.num == num)
    session.execute(sql)
    task_data.action = row['type'] + '_remove'
    if string_val:
        task_data.contents.append(row['sval1'])
    else:
        task_data.contents.append(ip + ' (' + misc.dec_to_dot(row['ival2']) \
                                  + ')')

    board = local.environ['waka.board']
    forward_url = misc.make_script_url(task='bans', board=board.name)

    return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)
Пример #8
0
def addUser():
    user = login.checkSession()
    login.checkIsAdmin()
    dbs = model.Session()
    renewPass = True
    if request.forms.id:
        userI = dbs.query(model.User).get(request.forms.id)
        if not request.forms.password:
            renewPass = False
    else:
        userI = model.User()

    salt = uuid.uuid4().hex
    hashed_password = hashlib.sha1(request.forms.password + salt).hexdigest()
    userI.Username = request.forms.name
    userI.Email = request.forms.email

    if renewPass:
        userI.Password = hashed_password
        userI.Hash = salt

    userI.Credit = request.forms.credits

    userI.IsAdmin = False
    dbs.add(userI)
    dbs.commit()
    dbs.close()
    redirect('/admin/users/ok')
Пример #9
0
def del_img(eid):
    logging.info('task.del_image:entry id->%s ' % (str(eid)))
    db = m.Session()
    target_dir_path = path.join(config.img_storage_path, str(eid))
    if path.isdir(target_dir_path):
        rmtree(target_dir_path)
    db.close()
Пример #10
0
def editUser(userid):
    user = login.checkSession()
    login.checkIsAdmin()
    dbs = model.Session()
    user = dbs.query(model.User).get(userid)
    dbs.close()
    return template('admin_includes/addUser', user=user, text='Editar')
Пример #11
0
def cleanup(*args, **kwargs):
    '''Destroy the thread-local session and environ'''
    session = model.Session()
    session.commit()
    session.transaction = None  # fix for a circular reference
    model.Session.remove()
    local.environ = {}
Пример #12
0
def reset_password(uid):
    db = m.Session()
    user = db.query(m.User).filter_by(id=uid).first()
    if user is None:
        logging.warning('try reset password for uid->%s but user not found' %
                        (str(uid)))
        return
    old_request = db.query(m.Password).filter_by(uid=uid).first()
    if old_request is not None:
        db.delete(old_request)

    token = md5_hexdigest()
    password = m.Password(token=token, uid=user.id)
    db.add(password)
    template = tmp_env.get_template('email/reset_password.txt')
    subject = 'reset password token'
    content = template.render(username=user.name, token=token).encode('utf8')
    to_addr = user.email
    try:
        db.commit()
    except:
        db.rollback()
        raise
    finally:
        db.close()
    send_notice(subject, content, to_addr)
Пример #13
0
def test():
    from model import Item
    session = model.Session()
    session.add(Item(name='alexey'))
    session.commit()

    print(session.query(Item).filter_by(name='alexey').all())
Пример #14
0
def staff_exists():
    session = model.Session()
    table = model.account
    sql = select([func.count()], table)
    row = session.execute(sql).fetchone()

    return row[0] != 0
Пример #15
0
    def make_admin_staff_panel(self):
        session = model.Session()
        table = model.account
        sql = table.select().order_by(table.c.account.asc(),
                                      table.c.username.asc())

        query = session.execute(sql)
        users = [dict(row.items()) for row in query]

        rowtype = 1
        for row in users:
            # Alternate between values 1 and 2.
            rowtype ^= 0x3
            row['rowtype'] = rowtype

            # Get latest action from DB.
            action_table = model.activity
            action_grab_sql = action_table.select()\
                        .where(action_table.c.username == row['username'])\
                        .order_by(action_table.c.date.desc())
            last_action = session.execute(action_grab_sql).fetchone()

            # Copy to row.
            if last_action:
                row['action'] = last_action['action']
                row['actiondate'] = last_action['date']
            else:
                row['action'] = None
                row['actiondate'] = None

        Template.__init__(self, 'staff_management', users=users)
Пример #16
0
def add_staff(username, pt_password, account, reign):
    if not username:
        raise WakaError('A username is necessary.')
    if not pt_password:
        raise WakaError('A password is necessary.')
    if len(pt_password) < 8:
        raise WakaError('Passwords should be eight characters minimum.')
    if len(reign) == 0 and account == MODERATOR:
        raise WakaError('Board reign not specified for moderator account.')

    # Check whether the user exists already.
    try:
        StaffMember.get(username)
    except LoginError:
        # User not found. Good.
        pass
    else:
        raise WakaError('Username exists.')

    session = model.Session()
    table = model.account
    password = misc.hide_critical_data(pt_password, config.SECRET)
    reign_str = ','.join(reign)

    sql = table.insert().values(username=username,
                                password=password,
                                account=account,
                                reign=reign_str,
                                disabled=0)
    session.execute(sql)
Пример #17
0
    def _on_access_token(self, callback, response):
        if response.error:
            logging.warning("Could not fetch access token")
            callback(None)
            return

        uid = self.get_secure_cookie("uid")
        if not uid:
            logging.warn("No user session: redirecting to root")
            return self.redirect("/")

        # NOTE that we assume the user has only one GMail account here!
        # This may be okay given that Google is moving towards single-login/multiple-account
        # but it could be a problem.
        access_token = tornado.auth._oauth_parse_response(response.body)
        session = model.Session()
        user = model.user(session, uid)
        id = user.identity(session, model.OP_GOOGLE)
        if id:
            id.accessToken = access_token["key"]
            id.accessSecret = access_token["secret"]
            session.add(id)
            session.commit()
        else:  # strange, we have no id for this user
            self.write(
                "Whoops - we don't have an authenticated Google login for you.  That's weird."
            )
            self.finish()
            return

        self.write(
            "Success.  Saved access codes for Google.  <a href='/fetch/google'>Take a look</a>"
        )
        self.finish()
Пример #18
0
def log_in():
    """Endpoint for logging in.

    Request:
            {
              'username': <username>,
              'password': <password>
            }

    Response:
            {
              'status': <status>,
              'msg': <msg>
            }"""

    credentials = json.loads(flask.request.data)

    user = model.User.query.filter(
        model.User.username == credentials['username']).first()

    # If user doesn't exist or password is invalid, throw error.
    if not user or \
       not bcrypt.checkpw(credentials['password'].encode(), user.credentials.encode()):
        return unauthorized()

    # Create a session with a difficult-to-guess ID.
    session_id = uuid.uuid4().hex
    new_session = model.Session(session_id=session_id, user_id=user.user_id)
    model.db.session.add(new_session)
    model.db.session.commit()

    response = flask.jsonify({'status': 'OK', 'msg': 'Successfully logged in'})
    response.set_cookie('session_id', value=session_id)
    return response
Пример #19
0
def edit_user(user_id):

    dbtransaction = model.Session()
    user_data = dbtransaction.query(model.User).get(user_id)
    dbtransaction.delete(user_data)
    dbtransaction.commit()
    dbtransaction.close()

    return redirect('/admin')
Пример #20
0
def deleteLead(uId):
    user = login.checkSession()
    login.checkIsAdmin()
    dbs = model.Session()
    User = dbs.query(model.User).get(uId)
    dbs.delete(User)
    dbs.commit()
    dbs.close()
    redirect('/admin/users')
Пример #21
0
def deleteLead(leadId):
    user = login.checkSession()
    login.checkIsAdmin()
    dbs = model.Session()
    Lead = dbs.query(model.Lead).get(leadId)
    dbs.delete(Lead)
    dbs.commit()
    dbs.close()
    redirect('/admin/leads')
Пример #22
0
def admin_section():

    dbtransaction = model.Session()
    users = dbtransaction.query(model.user).all()
    dbtransaction.close()

    return template('views/admin/userlist',
                    get_url=webApp.get_url,
                    users=users)
Пример #23
0
    def flush_db(self):
        session = model.Session()
        table = self._table

        if len(self._update_dict) > 0:
            db_update = table.update()\
                             .where(table.c.username == self.username)\
                             .values(**self._update_dict)
            session.execute(db_update)
Пример #24
0
def home():
    dbs = model.Session()
    latestLeads = dbs.query(model.Lead).order_by(model.Lead.Date.desc())[0:5]
    ret = ''
    for l in latestLeads:
        firstword = str(l.Name).split(' ', 1)
        sol = l.Type or l.Brand
        ret += '<li>' + str(firstword[0]) + ' solicito un ' + sol + '</li>'
    return ret
Пример #25
0
def edit_user(user_id):

    dbtransaction = model.Session()
    user_data = dbtransaction.query(model.User).get(user_id)
    dbtransaction.close()

    return template('views/admin/user_form',
                    get_url=webApp.get_url,
                    user=user_data)
Пример #26
0
    def make_admin_proxy_panel(self):
        session = model.Session()
        table = model.proxy
        query = table.select().order_by(table.c.timestamp.asc())
        rows = session.execute(query)

        Template.__init__(self,
                          'proxy_panel_template',
                          scanned=rows,
                          now=time.time())
Пример #27
0
  def get(self):
    uid = self.current_user

    session = model.Session()
    user = model.user(session, uid)
    result = {"status":"ok"}
    services = result["services"] = []
    for anID in user.identities:
      services.append(anID.name())

    self.write(result)
Пример #28
0
def remove_proxy_entry(task_data, num):
    session = model.Session()
    table = model.proxy

    query = table.delete().where(table.c.num == num)
    session.execute(query)

    board = local.environ['waka.board']
    forward_url = misc.make_script_url(task='proxy', board=board.name)

    return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)
Пример #29
0
def userList(status=None):
    user = login.checkSession()
    login.checkIsAdmin()
    dbs = model.Session()
    userList = dbs.query(model.User).filter(model.User.IsAdmin != True).all()
    dbs.close()

    return template('admin_includes/userList',
                    content=userList,
                    stats=status,
                    user=user)
Пример #30
0
def removeUser(userid):
    user = login.checkSession()
    login.checkIsAdmin()
    dbs = model.Session()
    userI = dbs.query(model.User).get(userid)
    dbs.delete(userI)
    dbs.commit()
    dbs.close()
    payload = {}
    payload['success'] = True
    return payload