Пример #1
0
def module_router(moduleuri):
    """
    """
    dolog("INFO", "In module router, %s" % request.method)
    requesting_user_uri = g.userID
    payload = obtain_payload(request)

    if request.method == "GET":
        return generic_get(moduleuri, requesting_user_uri)

    elif request.method == "POST":
        if payload is None:
            raise Rhaptos2HTTPStatusError(
                "Received a Null payload, expecting JSON",
                code=400)
        else:
            return generic_post(model.Module,
                                payload, requesting_user_uri)

    elif request.method == "PUT":
        if payload is None:
            raise Rhaptos2HTTPStatusError(
                "Received a Null payload, expecting JSON",
                code=400)
        else:
            return generic_put(model.Module, moduleuri,
                               payload, requesting_user_uri)

    elif request.method == "DELETE":
        return generic_delete(moduleuri, requesting_user_uri)

    else:
        return Rhaptos2HTTPStatusError("Methods:GET PUT POST DELETE.")
Пример #2
0
    def __init__(self, authenticated_identifier):
        """initialise from a id we have had verified by third party

        .. todo::
           this is stubbed out - it should always go to user
           dbase and lookup fromidentifer

        .. todo::
           what should I do if user dbase is unavilable???

        .. todo::
           totally unsafe laoding of user details

        """

        payload = {'user': authenticated_identifier}

        user_server_url = app.config['globals'][
            u'userserver'].replace("/user", "/openid")

        dolog("INFO", "user info - from url %s and query string %s" %
                      (user_server_url, repr(payload)))

        try:
            r = requests.get(user_server_url, params=payload)
            userdetails = r.json()
        except Exception, e:
            #.. todo:: not sure what to do here ... the user dbase is down
            dolog("INFO", e)
            userdetails = None
Пример #3
0
def loginpersona():
    """Taken mostly from mozilla quickstart """
    dolog("INFO", "loginpersona")
    # The request has to have an assertion for us to verify
    if 'assertion' not in request.form:
        abort(400)

    # Send the assertion to Mozilla's verifier service.
    audience = "http://%s" % app.config['www_server_name']
    data = {'assertion': request.form['assertion'], 'audience': audience}
    resp = requests.post(
        'https://verifier.login.persona.org/verify', data=data, verify=True)

    # Did the verifier respond?
    if resp.ok:
        # Parse the response
        verification_data = json.loads(resp.content)
        dolog("INFO", "Verified persona:%s" % repr(verification_data))

        # Check if the assertion was valid
        if verification_data['status'] == 'okay':
            # Log the user in by setting a secure session cookie
#            session.update({'email': verification_data['email']})
            auth.after_authentication(verification_data['email'], 'persona')
            return resp.content

    # Oops, something failed. Abort.
    abort(500)
Пример #4
0
def crash():
    ''' '''
    if app.debug == True:
        dolog("INFO", 'crash command called', caller=crash, statsd=['rhaptos2.repo.crash',])
        raise exceptions.Rhaptos2Error('Crashing on demand')
    else:
        abort(404)
Пример #5
0
def workspaceGET():
    ''' '''
    # TODO - should whoami redirect to a login page?
    ### yes the client should only expect to handle HTTP CODES
    ### compare on userID

    identity = auth.whoami()
    if not identity:
        abort(403)
    else:
        wout = {}
        dolog("INFO", "Calling workspace with %s" % identity.userID)
        w = model.workspace_by_user(identity.userID)
        dolog("INFO", repr(w))
        ## w is a list of models (folders, cols etc).
        # it would require some flattening or a JSONEncoder but we just want
        # short form for now
        short_format_list = [{
            "id": i.id_, "title": i.title, "mediaType": i.mediaType} for i in w]
        flatten = json.dumps(short_format_list)

    resp = flask.make_response(flatten)
    resp.content_type = 'application/json; charset=utf-8'
    resp.headers["Access-Control-Allow-Origin"] = "*"

    auth.callstatsd('rhaptos2.e2repo.workspace.GET')
    return resp
Пример #6
0
    def __init__(self, user_id):
        """ """
        dolog("INFO", "in workspace of %s" % user_id,
              caller=WorkSpace, statsd=['rhaptos2.repo.workspace.entered',])

        self.user_id = user_id
        repodir = app.config['repodir']
        plain = []
        annotated = []
        files = [os.path.join(repodir, f)
                 for f in os.listdir(repodir)
                 # Check for the file extension.
                 if len(f.split('.')) < 2]

        for fpath in files:
            if not os.path.isdir(fpath):
                ndoc = NodeDoc()
                ndoc.load_from_file(fpath)
                if user_id in ndoc.contentrw:
                    plain.append(os.path.basename(fpath))
                    annotated.append([os.path.basename(fpath),
                                     ndoc.title
                                     ])
        self.files_plain = plain
        self.files_annotated = annotated
Пример #7
0
 def allow_other_change(self, user_id):
     """ """
     if user_id in self.contentrw:
         dolog("INFO", "Found %s in %s" % (user_id, self.contentrw))
         return True
     else:
         dolog("INFO", "Not Found %s in %s" % (user_id, self.contentrw))
         return False
Пример #8
0
def burn():
    ''' '''
    if app.debug == True:
        dolog("INFO", 'burn command called - dying hard with os._exit'
                      , caller=crash, statsd=['rhaptos2.repo.crash',])
        #sys.exit(1)
        #Flask traps sys.exit (threads?)
        os._exit(1) #trap _this_
    else:
        abort(404)
Пример #9
0
def moduleDELETE(modname):
    '''support deletion of a module

    200 - delete file successful                                                                                             202 - queued for deletion
    404 - no such file found                                                                                                 '''

    status_code = 200
    headers = []

    dolog("INFO", 'DELETE CALLED on %s' % modname, caller=moduleDELETE, statsd=['rhaptos2.repo.module.DELETE',])
    try:
        jsonstr = model.delete_module(modname)
    except IOError, e:
        status_code = 404
Пример #10
0
def serve_aloha(filename):
    """ serve static files for development purposes

    We would expect that these routes would be "overwritten" by say
    the front portion of the reverse proxy we expect flask to sit
    behind.  So these will only ever be called by requests
    during development, but the URL /cdn/aloha/... would still
    exist, possibly on a CDN, certainly a good cache server.


    """
    # os.path.isfile is checked by the below function in Flask.
    dolog("INFO", repr((app.config["aloha_staging_dir"], filename)))
    return send_from_directory(app.config["aloha_staging_dir"], filename)
Пример #11
0
def index():
    """
    .. dicussion::

    The index page for an api.cnx.org might point to say docs
    The index page here is the index of www.cnx, so it should serve
     the workspace.
    Which is not something "known" by the repo, hence the redirect.
    It may be neater to bring the index.html page into here later on.

    TODO: either use a config value, or bring a index template in here
    """
    dolog("INFO", "THis is request %s" % g.requestid)
    return redirect("/js/")
Пример #12
0
def modulePUT():
    dolog("INFO", 'MODULE PUT CALLED', caller=modulePUT, statsd=['rhaptos2.repo.module.PUT',])
    try:


        d = request.json
        if d['uuid'] == u'':
            return ("PUT WITHOUT A UUID" , 400)

        current_nd = model.mod_from_file(d['uuid'])
        current_nd.load_from_djson(d) #this checks permis
        uid = current_nd.uuid
        current_nd.save()

    except Exception, e:
        raise(e)
Пример #13
0
def whoami():
    '''
    return the identity url stored in session cookie
    TODO: store the userid in session cookie too ?

    .. todo::
       session assumes there will be a key of 'authenticated_identifier'

    .. todo::
       I always go and look this up - decide if this is sensible / secure

    .. todo::
       use secure cookie

    I really need to think about session cookies. Default for now.


    ..  todo:: document fajkeuserID
    '''
    dolog("INFO", "Whoami called", caller=whoami)

    if HTTPHEADER_STORING_USERURI in request.headers and app.debug is True:
        fakeuserid = request.headers.get(HTTPHEADER_STORING_USERURI)
        g.user_id = fakeuserid
        return Identity(fakeuserid)

    elif (HTTPHEADER_STORING_USERAUTH in request.headers
          and app.debug is True
          and 'authenticated_identifier' not in session):
        fakeuserauth = request.headers.get(HTTPHEADER_STORING_USERAUTH)
        after_authentication(fakeuserauth, "openid")
        return Identity(fakeuserauth)

    elif 'authenticated_identifier' in session:
        user = Identity(session['authenticated_identifier'])
        g.user_id = user.userID
        return user
    else:
        callstatsd("rhaptos2.repo.notloggedin")
        g.user_id = None
        g.user = None
        return None
Пример #14
0
def modulePOST():
    """
    """
    dolog("INFO", 'A Module POSTed', caller=modulePOST, statsd=['rhaptos2.repo.module.POST',])

    d = request.json
    if d['uuid'] != u'':
        return ("POSTED WITH A UUID" , 400)
    else:
        d['uuid'] = None

    #app.logger.info(repr(d))
    ### maybe we know too much about nodedocs
    nd = model.mod_from_json(d)
    uid = nd.uuid
    nd.save()
    del(nd)

    s = model.asjson({'hashid':uid})
    return s
Пример #15
0
    def is_action_auth(self, action=None,
                       requesting_user_uri=None):
        """ Given a user and a action type, determine if it is
            authorised on this object

        
        #unittest not available as setup is large.
        >> C = CNXBase()
        >> C.is_action_auth(action="PUT", requesting_user_uri="Fake1")
        *** [u'Fake1']
        True
        >> C.is_action_auth(action="PUT", requesting_user_uri="ff")
        *** [u'Fake1']
        False

        """
        s = "*****AUTH"
        s += "model" + str(self)
        s += "action" + str(action)
        s += "user" + str(requesting_user_uri)
        s += "*****/AUTH"
        dolog("INFO", s)
        if action in ("GET", "HEAD", "OPTIONS"):
            valid_user_list = [u.user_uri for u in self.userroles
                               if u.role_type in ("aclro", "aclrw")]
        elif action in ("POST", "PUT", "DELETE"):
            valid_user_list = [u.user_uri for u in self.userroles
                               if u.role_type in ("aclrw",)]
        else:
            # raise Rhaptos2SecurityError("Unknown action type: %s" % action)
            return False

        if requesting_user_uri is None:
            # raise Rhaptos2SecurityError("No user_uri supplied: %s" %
            #                            requesting_user_uri)
            return False
        else:
            if requesting_user_uri in valid_user_list:
                return True
            else:
                return False
Пример #16
0
def whoami():
    """
    return the identity url stored in session cookie
    TODO: store the userid in session cookie too ?

    .. todo:: session assumes there will be a key of 'authenticated_identifier'
    .. todo:: I always go and look this up - decide if this is sensible / secure
    .. todo:: use secure cookie

    I really need to think about session cookies. Default for now.
    """
    dolog("INFO", "Whoami called", caller=whoami)
    if "authenticated_identifier" in session:
        user = Identity(session["authenticated_identifier"])
        g.user_id = user.userID
        return user
    else:
        callstatsd("rhaptos2.repo.notloggedin")
        g.user_id = None
        g.user = None
        return None
Пример #17
0
def after_authentication(authenticated_identifier, method):
    """Called after a user has provided a validated ID (openid or peresons)

    method either openid, or persona

    """
    dolog("INFO", "in after auth - %s %s" % (authenticated_identifier, method))
    dolog("INFO", "before session - %s" % repr(session))
    userobj = get_user_from_identifier(authenticated_identifier)

    # set session, set g, set JS
    # session update?
    if method not in ('openid', 'persona'):
        raise Rhaptos2Error("Incorrect method of authenticating ID")
    session['authenticated_identifier'] = authenticated_identifier
    g.user = userobj

    dolog("INFO", "ALLG:%s" % repr(g))
    dolog("INFO", "ALLG.user:%s" % repr(g.user))
    dolog("INFO", "AFTER session %s" % repr(session))

    return userobj
Пример #18
0
def obj_from_urn(URN, requesting_user_uri, klass=None):
    """
    THis is the refactored version of get_by_id

    URN
      cnxmodule:1234-5678

    requesting_user_urn
      cnxuser:1234-5678

    I have reservations about encoding the type in the ID string.
    But not many.

    """
    if not klass:
        try:
            klass = klass_from_uri(URN)
        except:
            dolog("INFO", "Faioled getting klass %s" % URN)
            abort(400)

    q = db_session.query(klass)
    q = q.filter(klass.id_ == URN)
    rs = q.all()
    if len(rs) == 0:
        raise Rhaptos2Error("ID Not found in this repo")
    ### There is  a uniq constraint on the table, but anyway...
    if len(rs) > 1:
        raise Rhaptos2Error("Too many matches")

    newu = rs[0]
    if not change_approval(newu, {}, requesting_user_uri, "GET"):
        raise Rhaptos2AccessNotAllowedError("user %s not allowed access to %s"
                                            % (requesting_user_uri,
                                                URN))
    return newu
Пример #19
0
def whoami():
    '''
    return the Identity object stored in session cookie
    TODO: store the userid in session cookie too ?

    .. todo::
       session assumes there will be a key of 'authenticated_identifier'

    .. todo::
       I always go and look this up - decide if this is sensible / secure

    .. todo::
       use secure cookie

    I really need to think about session cookies. Default for now.


    ..  todo:: document fajkeuserID
    '''
    if (HTTPHEADER_STORING_USERAUTH in request.headers
         and app.debug is True
           and 'authenticated_identifier' not in session):
        fakeuserauth = request.headers.get(HTTPHEADER_STORING_USERAUTH)
        ident = after_authentication(fakeuserauth, "openid")
        dolog("INFO", "FAKING USER LOGIN - %s" % fakeuserauth)
        return ident

    elif 'authenticated_identifier' in session:
        ident = Identity(session['authenticated_identifier'])
        g.userID = ident.userID
        dolog("INFO", "Session active user is - %s" % ident.userID)
        return ident
    else:
        callstatsd("rhaptos2.repo.notloggedin")
        dolog("INFO", "not headers, not session")        
        g.userID = None
        return None
Пример #20
0
def logoutpersona():
    dolog("INFO", "logoutpersona")
    return "Yes"
Пример #21
0
def index():
    dolog("INFO", "THis is request %s" % g.requestid)
    return render_template('index.html', confd=app.config)
Пример #22
0
def index():
    dolog("INFO", "This is request %s" % g.requestid)
    directory = os.path.join(app.config["atc_directory"], 'test')
    return send_from_directory(directory, 'test-atc.html')
Пример #23
0
def serve_atc_js():
    filename = 'atc.js'
    directory = os.path.join(app.config["atc_directory"])
    filepath = os.path.join(directory, filename)
    dolog("INFO", filepath)
    return send_from_directory(directory, filename)
Пример #24
0
def serve_atc_nav_serialize_hbs():
    filename = 'atc-nav-serialize.hbs'
    directory = os.path.join(app.config["atc_directory"])
    filepath = os.path.join(directory, filename)
    dolog("INFO", filepath)
    return send_from_directory(directory, filename)
Пример #25
0
def moduleGET(modname):
    dolog("INFO", 'MODULE GET CALLED on %s' % modname, caller=moduleGET, statsd=['rhaptos2.repo.module.GET',])
    try:
        jsonstr = model.fetch_module(modname)
    except Exception, e:
        raise e
Пример #26
0
def serve_bookish_css():
    filename = 'bookish.css'
    directory = os.path.join(app.config["atc_directory"])
    filepath = os.path.join(directory, filename)
    dolog("INFO", filepath)
    return send_from_directory(directory, filename)
Пример #27
0
def serve_helpers(filename):
    directory = os.path.join(app.config["atc_directory"], 'helpers')
    filepath = os.path.join(directory, filename)
    dolog("INFO", filepath)
    return send_from_directory(directory, filename)
Пример #28
0
def serve_other_thirdpartycss(filename):
    """ see :def:serve_aloha """
    dolog("INFO", repr((app.config["css_staging_dir"], filename)))
    return send_from_directory(app.config["css_staging_dir"], filename)
Пример #29
0
def test_can_log():
    app = make_app()

    dolog("WARN", "Help")