def test_jwt_authorize_project_no_bearer(self, mymock):
"""Test JWT no bearer."""
mymock.side_effect = handle_error
project = ProjectFactory.create()
bearer = 'Something %s' % project.secret_key
res = jwt_authorize_project(project, bearer)
assert res == INVALID_HEADER_BEARER, res
def _retrieve_new_task(project_id):
project = project_repo.get(project_id)
if project is None:
raise NotFound
if not project.allow_anonymous_contributors and current_user.is_anonymous():
info = dict(
error="This project does not allow anonymous contributors")
error = model.task.Task(info=info)
return error
if request.args.get('external_uid'):
resp = jwt_authorize_project(project,
request.headers.get('Authorization'))
if resp != True:
return resp
if request.args.get('offset'):
offset = int(request.args.get('offset'))
else:
offset = 0
user_id = None if current_user.is_anonymous() else current_user.id
user_ip = request.remote_addr if current_user.is_anonymous() else None
external_uid = request.args.get('external_uid')
task = sched.new_task(project_id, project.info.get('sched'),
user_id,
user_ip,
external_uid,
offset)
return task
def test_jwt_authorize_project_bearer_token(self, mymock):
"""Test JWT bearer token and something else."""
mymock.side_effect = handle_error
project = ProjectFactory.create()
bearer = 'Bearer %s algo' % project.secret_key
res = jwt_authorize_project(project, bearer)
assert res == INVALID_HEADER_BEARER_TOKEN, res
def test_jwt_authorize_project_no_bearer(self, mymock):
"""Test JWT no bearer."""
mymock.side_effect = handle_error
project = ProjectFactory.create()
bearer = 'Something %s' % project.secret_key
res = jwt_authorize_project(project, bearer)
assert res == INVALID_HEADER_BEARER, res
def test_jwt_authorize_project_bearer_no_token(self, mymock):
"""Test JWT bearer and no token."""
mymock.side_effect = handle_error
project = ProjectFactory.create()
bearer = 'Bearer '
res = jwt_authorize_project(project, bearer)
assert res == INVALID_HEADER_TOKEN, res
def test_jwt_authorize_project_bearer_no_token(self, mymock):
"""Test JWT bearer and no token."""
mymock.side_effect = handle_error
project = ProjectFactory.create()
bearer = 'Bearer '
res = jwt_authorize_project(project, bearer)
assert res == INVALID_HEADER_TOKEN, res
def test_jwt_authorize_project_bearer_token(self, mymock):
"""Test JWT bearer token and something else."""
mymock.side_effect = handle_error
project = ProjectFactory.create()
bearer = 'Bearer %s algo' % project.secret_key
res = jwt_authorize_project(project, bearer)
assert res == INVALID_HEADER_BEARER_TOKEN, res
def test_jwt_authorize_project_decode_error(self, mymock):
"""Test JWT decode error."""
mymock.side_effect = handle_error
project = ProjectFactory.create()
bearer = 'Bearer %s%s' % (project.secret_key, "a")
res = jwt_authorize_project(project, bearer)
assert res == DECODE_ERROR_SIGNATURE, res
def _retrieve_new_task(project_id):
project = project_repo.get(project_id)
if project is None:
raise NotFound
if not project.allow_anonymous_contributors and current_user.is_anonymous(
):
info = dict(error="This project does not allow anonymous contributors")
error = model.task.Task(info=info)
return error
if request.args.get('external_uid'):
resp = jwt_authorize_project(project,
request.headers.get('Authorization'))
if resp != True:
return resp
if request.args.get('offset'):
offset = int(request.args.get('offset'))
else:
offset = 0
user_id = None if current_user.is_anonymous() else current_user.id
user_ip = request.remote_addr if current_user.is_anonymous() else None
external_uid = request.args.get('external_uid')
task = sched.new_task(project_id, project.info.get('sched'), user_id,
user_ip, external_uid, offset)
return task
def test_jwt_authorize_project_decode_error(self, mymock):
"""Test JWT decode error."""
mymock.side_effect = handle_error
project = ProjectFactory.create()
bearer = 'Bearer %s%s' % (project.secret_key, "a")
res = jwt_authorize_project(project, bearer)
assert res == DECODE_ERROR_SIGNATURE, res
def test_jwt_authorize_project_wrong_project(self, mymock, mydecode):
"""Test JWT wrong decoded project."""
mymock.side_effect = handle_error
mydecode.return_value = dict(project_id=99999, short_name='something')
project = ProjectFactory.create()
bearer = 'Bearer %s' % project.secret_key
res = jwt_authorize_project(project, bearer)
assert res == WRONG_PROJECT_SIGNATURE, res
def test_jwt_authorize_project_wrong_project(self, mymock, mydecode):
"""Test JWT wrong decoded project."""
mymock.side_effect = handle_error
mydecode.return_value = dict(project_id=99999, short_name='something')
project = ProjectFactory.create()
bearer = 'Bearer %s' % project.secret_key
res = jwt_authorize_project(project, bearer)
assert res == WRONG_PROJECT_SIGNATURE, res
def _retrieve_new_task(project_id):
project = project_repo.get(project_id)
if project is None:
raise NotFound
if not project.allow_anonymous_contributors and current_user.is_anonymous(
):
info = dict(error="This project does not allow anonymous contributors")
error = [model.task.Task(info=info)]
return error
if request.args.get('external_uid'):
resp = jwt_authorize_project(project,
request.headers.get('Authorization'))
if resp != True:
return resp
if request.args.get('limit'):
limit = int(request.args.get('limit'))
else:
limit = 1
if limit > 100:
limit = 100
if request.args.get('offset'):
offset = int(request.args.get('offset'))
else:
offset = 0
if request.args.get('orderby'):
orderby = request.args.get('orderby')
else:
orderby = 'id'
if request.args.get('desc'):
desc = fuzzyboolean(request.args.get('desc'))
else:
desc = False
user_id = None if current_user.is_anonymous() else current_user.id
user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1')
if current_user.is_anonymous() else None)
external_uid = request.args.get('external_uid')
task = sched.new_task(project_id,
project.info.get('sched'),
user_id,
user_ip,
external_uid,
offset,
limit,
orderby=orderby,
desc=desc)
return task
def test_jwt_authorize(self, mymock):
"""Test JWT decode works."""
project = ProjectFactory.create()
token = jwt.encode({'short_name': project.short_name,
'project_id': project.id},
project.secret_key, algorithm='HS256')
mymock.side_effect = handle_error
bearer = 'Bearer %s' % (token)
res = jwt_authorize_project(project, bearer)
assert res is True, res
def test_jwt_authorize(self, mymock):
"""Test JWT decode works."""
project = ProjectFactory.create()
token = jwt.encode({'short_name': project.short_name,
'project_id': project.id},
project.secret_key, algorithm='HS256')
mymock.side_effect = handle_error
bearer = 'Bearer %s' % (token)
res = jwt_authorize_project(project, bearer)
assert res is True, res
def _retrieve_new_task(project_id):
project = project_repo.get(project_id)
if project is None:
raise NotFound
if not project.allow_anonymous_contributors and current_user.is_anonymous():
info = dict(
error="This project does not allow anonymous contributors")
error = [model.task.Task(info=info)]
return error
if request.args.get('external_uid'):
resp = jwt_authorize_project(project,
request.headers.get('Authorization'))
if resp != True:
return resp
if request.args.get('limit'):
limit = int(request.args.get('limit'))
else:
limit = 1
if limit > 100:
limit = 100
if request.args.get('offset'):
offset = int(request.args.get('offset'))
else:
offset = 0
if request.args.get('orderby'):
orderby = request.args.get('orderby')
else:
orderby = 'id'
if request.args.get('desc'):
desc = fuzzyboolean(request.args.get('desc'))
else:
desc = False
user_id = None if current_user.is_anonymous() else current_user.id
user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1')
if current_user.is_anonymous() else None)
external_uid = request.args.get('external_uid')
task = sched.new_task(project_id, project.info.get('sched'),
user_id,
user_ip,
external_uid,
offset,
limit,
orderby=orderby,
desc=desc)
return task
def _validate_project_and_task(self, taskrun, task):
if task is None: # pragma: no cover
raise Forbidden('Invalid task_id')
if (task.project_id != taskrun.project_id):
raise Forbidden('Invalid project_id')
if taskrun.external_uid:
resp = jwt_authorize_project(task.project,
request.headers.get('Authorization'))
if type(resp) == Response:
msg = json.loads(resp.data)['description']
raise Forbidden(msg)
def _validate_project_and_task(self, taskrun, task):
if task is None: # pragma: no cover
raise Forbidden('Invalid task_id')
if (task.project_id != taskrun.project_id):
raise Forbidden('Invalid project_id')
if taskrun.external_uid:
resp = jwt_authorize_project(task.project,
request.headers.get('Authorization'))
if type(resp) == Response:
msg = json.loads(resp.data)['description']
raise Forbidden(msg)
def test_jwt_with_auth_headers(self):
"""Test JWT with Auth headers."""
project = ProjectFactory.create()
headers = {'Authorization': project.secret_key}
url = '/api/auth/project/%s/token' % project.short_name
resp = self.app.get(url, headers=headers)
err_msg = "It should get the token"
assert resp.status_code == 200, err_msg
bearer = "Bearer %s" % resp.data
data = jwt_authorize_project(project, bearer)
assert data, err_msg
def test_jwt_with_auth_headers(self):
"""Test JWT with Auth headers."""
project = ProjectFactory.create()
headers = {"Authorization": project.secret_key}
url = "/api/auth/project/%s/token" % project.short_name
resp = self.app.get(url, headers=headers)
err_msg = "It should get the token"
assert resp.status_code == 200, err_msg
bearer = "Bearer %s" % resp.data
data = jwt_authorize_project(project, bearer)
assert data, err_msg
def _retrieve_new_task(project_id):
project = project_repo.get(project_id)
if project is None or not (project.published or current_user.admin
or current_user.id in project.owners_ids):
raise NotFound
if current_user.is_anonymous:
info = dict(error="This project does not allow anonymous contributors")
error = [model.task.Task(info=info)]
return error, None, lambda x: x
if current_user.get_quiz_failed(project):
# User is blocked from project so don't return a task
return None, None, None
# check cookie
pwd_manager = get_pwd_manager(project)
user_id_or_ip = get_user_id_or_ip()
if pwd_manager.password_needed(project, user_id_or_ip):
raise Forbidden("No project password provided")
if request.args.get('external_uid'):
resp = jwt_authorize_project(project,
request.headers.get('Authorization'))
if resp != True:
return resp, lambda x: x
if request.args.get('limit'):
limit = int(request.args.get('limit'))
else:
limit = 1
if limit > 100:
limit = 100
if request.args.get('offset'):
offset = int(request.args.get('offset'))
else:
offset = 0
if request.args.get('orderby'):
orderby = request.args.get('orderby')
else:
orderby = 'id'
if request.args.get('desc'):
desc = fuzzyboolean(request.args.get('desc'))
else:
desc = False
user_id = None if current_user.is_anonymous else current_user.id
user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1')
if current_user.is_anonymous else None)
external_uid = request.args.get('external_uid')
sched_rand_within_priority = project.info.get('sched_rand_within_priority',
False)
user = user_repo.get(user_id)
if (project.published and user_id != project.owner_id
and user_id not in project.owners_ids
and user.get_quiz_not_started(project)
and user.get_quiz_enabled(project)
and not task_repo.get_user_has_task_run_for_project(
project_id, user_id)):
user.set_quiz_status(project, 'in_progress')
# We always update the user even if we didn't change the quiz status.
# The reason for that is the user.<?quiz?> methods take a snapshot of the project's quiz
# config the first time it is accessed for a user and save that snapshot
# with the user. So we want to commit that snapshot if this is the first access.
user_repo.update(user)
# Allow scheduling a gold-only task if quiz mode is enabled for the user and the project.
quiz_mode_enabled = user.get_quiz_in_progress(
project) and project.info["quiz"]["enabled"]
task = sched.new_task(project.id,
project.info.get('sched'),
user_id,
user_ip,
external_uid,
offset,
limit,
orderby=orderby,
desc=desc,
rand_within_priority=sched_rand_within_priority,
gold_only=quiz_mode_enabled)
handler = partial(pwd_manager.update_response,
project=project,
user=user_id_or_ip)
return task, project.info.get('timeout'), handler
def test_jwt_authorize_project_no_payload(self, mymock):
"""Test JWT no payload."""
mymock.side_effect = handle_error
project = ProjectFactory.create()
res = jwt_authorize_project(project, None)
assert res == INVALID_HEADER_MISSING, res
def test_jwt_authorize_project_no_payload(self, mymock):
"""Test JWT no payload."""
mymock.side_effect = handle_error
project = ProjectFactory.create()
res = jwt_authorize_project(project, None)
assert res == INVALID_HEADER_MISSING, res
def _retrieve_new_task(project_id):
project = project_repo.get(project_id)
if project is None or not (project.published or current_user.admin
or current_user.id in project.owners_ids):
raise NotFound
if current_user.is_anonymous:
info = dict(error="This project does not allow anonymous contributors")
error = [model.task.Task(info=info)]
return error, None, lambda x: x
if current_user.get_quiz_failed(project):
# User is blocked from project so don't return a task
return None, None, None
# check cookie
pwd_manager = get_pwd_manager(project)
user_id_or_ip = get_user_id_or_ip()
if pwd_manager.password_needed(project, user_id_or_ip):
raise Forbidden("No project password provided")
if request.args.get('external_uid'):
resp = jwt_authorize_project(project,
request.headers.get('Authorization'))
if resp != True:
return resp, lambda x: x
if request.args.get('limit'):
limit = int(request.args.get('limit'))
else:
limit = 1
if limit > 100:
limit = 100
if request.args.get('offset'):
offset = int(request.args.get('offset'))
else:
offset = 0
if request.args.get('orderby'):
orderby = request.args.get('orderby')
else:
orderby = 'id'
if request.args.get('desc'):
desc = fuzzyboolean(request.args.get('desc'))
else:
desc = False
user_id = None if current_user.is_anonymous else current_user.id
user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1')
if current_user.is_anonymous else None)
external_uid = request.args.get('external_uid')
sched_rand_within_priority = project.info.get('sched_rand_within_priority',
False)
user = user_repo.get(user_id)
if (user.get_quiz_not_started(project) and user.get_quiz_enabled(project)
and not task_repo.get_user_has_task_run_for_project(
project_id, user_id)):
user.set_quiz_status(project, 'in_progress')
user_repo.update(user)
task = sched.new_task(project.id,
project.info.get('sched'),
user_id,
user_ip,
external_uid,
offset,
limit,
orderby=orderby,
desc=desc,
rand_within_priority=sched_rand_within_priority,
gold_only=user.get_quiz_in_progress(project))
handler = partial(pwd_manager.update_response,
project=project,
user=user_id_or_ip)
return task, project.info.get('timeout'), handler
def _retrieve_new_task(project_id):
project = project_repo.get(project_id)
if project is None:
raise NotFound
if current_user.is_anonymous():
info = dict(error="This project does not allow anonymous contributors")
error = [model.task.Task(info=info)]
return error, None, lambda x: x
# check cookie
pwd_manager = get_pwd_manager(project)
user_id_or_ip = get_user_id_or_ip()
if pwd_manager.password_needed(project, user_id_or_ip):
raise Forbidden("No project password provided")
if request.args.get('external_uid'):
resp = jwt_authorize_project(project,
request.headers.get('Authorization'))
if resp != True:
return resp, lambda x: x
if request.args.get('limit'):
limit = int(request.args.get('limit'))
else:
limit = 1
if limit > 100:
limit = 100
if request.args.get('offset'):
offset = int(request.args.get('offset'))
else:
offset = 0
if request.args.get('orderby'):
orderby = request.args.get('orderby')
else:
orderby = 'id'
if request.args.get('desc'):
desc = fuzzyboolean(request.args.get('desc'))
else:
desc = False
user_id = None if current_user.is_anonymous() else current_user.id
user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1')
if current_user.is_anonymous() else None)
external_uid = request.args.get('external_uid')
sched_rand_within_priority = project.info.get('sched_rand_within_priority',
False)
task = sched.new_task(project.id,
project.info.get('sched'),
user_id,
user_ip,
external_uid,
offset,
limit,
orderby=orderby,
desc=desc,
rand_within_priority=sched_rand_within_priority)
handler = partial(pwd_manager.update_response,
project=project,
user=user_id_or_ip)
return task, project.info.get('timeout'), handler
