def complete_order():
"""
Complete order page, either takes a SSLCertificate ID as an arg or get's
the users most recent SSL certificate.
"""
user = get_current_user()
if not user:
# TODO: fix redirect path to include args
return redirect(url_for('auth.login', redirect=request.path))
order_id = request.args.get('order_id', None)
if order_id is None:
# Fetch User's last certificate
certs = get_user_certificates(limit=1)
if len(certs) == 0:
# Not sure how they got here, best log an error
logging.error("User has no certificates")
raise Exception("Certificate not found")
cert = certs[0]
else:
cert = get_certificate(order_id, user)
if cert is None:
logging.error('Certificate not found')
raise Exception("Certificate not found")
#if cert.status != 'pending':
# TODO: redirect to dashboard
#return "Already setup"
return render_template('ssl/complete', certificate=cert)
def get_cards():
msg = None
try:
user = get_current_user()
if not user:
email = request.args.get('email')
password = request.args.get('password')
user = User.authenticate(email, password)
cards = []
if user.stripe_id:
customer = stripe.Customer.retrieve(user.stripe_id)
for _card in customer.cards.data:
card = {
"name": "**** **** **** " + _card.last4,
"id": _card.id
}
if _card.id == customer.default_card:
card['default'] = True
cards.append(card)
return jsonify(
status='SUCCESS', data={'cards': cards})
except:
if msg is None:
msg = "An error occured whilst retrieving your details from stripe"
msg += "\n\n" + sys.exc_info()[0]
logging.exception(msg)
return jsonify(status='ERROR', msg=msg)
def get_cards():
msg = None
try:
user = get_current_user()
if not user:
email = request.args.get("email")
password = request.args.get("password")
user = User.authenticate(email, password)
cards = []
if user.stripe_id:
customer = stripe.Customer.retrieve(user.stripe_id)
for _card in customer.cards.data:
card = {"name": "**** **** **** " + _card.last4, "id": _card.id}
if _card.id == customer.default_card:
card["default"] = True
cards.append(card)
return jsonify(status="SUCCESS", data={"cards": cards})
except Exception as e:
if msg is None:
msg = "An error occured whilst retrieving your details from stripe"
logging.exception(e)
return jsonify(status="ERROR", msg=msg)
def get_user_certificates(user=None, limit=20):
if user is None:
user = get_current_user()
if user is None:
# No user was provided to the function and a user it not loggedin
raise UserNotProvidedError()
return SSLCertificate.query(
ancestor=user.key
).order(
-SSLCertificate.created_at
).fetch(limit)
def list_orders():
"""
Lists all orders for this account.
"""
user = get_current_user()
if not user:
# TODO: fix redirect path to include args
return redirect(url_for('auth.login', redirect=request.path))
certs = get_user_certificates(limit=10)
return render_template('ssl/list', certificates=certs)
def order_status():
"""Checks the status of an order and returns a filtered object"""
order_id = request.args.get("order_id")
user = get_current_user()
"""Security:
Here we are fetching the certificate entity attached to this order_id
from the database, if this fails then either the order_id is wrong, in
which case the subsequent API call would fail, or it belongs to another
user. Without this an authenticated user could access other people's
order statuses.
"""
cert = get_certificate(order_id, user)
if not cert:
msg = "Order %s does not exist or belongs to another user." % order_id
return jsonify(status='ERROR', msg=msg)
if cert.status == 'active':
return jsonify(status='SUCCESS', data={'status': 'active'})
try:
result = get_order_status(order_id)
data = {}
status = result['OrderStatus']['MajorStatus']
if status == 'Pending':
data['status'] = 'pending'
elif status == 'Active':
cert.status = 'active'
cert.put()
data['status'] = 'active'
else:
logging.error("Unknown status %s" % status)
data['approver_email'] = result['ApproverEmail']
return jsonify(status='SUCCESS', data=data)
except:
logging.exception("Error checking order status")
return jsonify(
status='ERROR',
msg="An error occured checking the order status"
)
def check_request(options):
"""
Do as many preliminary checks as possible
"""
promotion = options.get('promotion', None)
email = options.get('email')
domain = options.get('domain', '')
approver_email = options.get('approver_email', None)
if 'user' in options:
user = options['user']
else:
user = get_current_user()
if user is not None:
email = user.email
if 'csr' not in options:
# check that a domain name has been submitted
if len(domain) == 0:
do_error("You haven't submitted a domain")
# check for academic status
if promotion == 'academic':
if not is_academic(email):
raise NonAcademicEmailError(
'The email address %s is not an accepted academic email'
% email)
# Check that approver email has been selected
if approver_email is None:
do_error('No approver email has been selected')
return options
def normalize_request(options):
"""Normalize request
After this, the user should be created and logged in, they
should have a stripe id associated with them and if a token was passed
as credit_card then it should be converted into a stripe card id.
TODO: update existing user if additional information is provided
"""
credit_card = options.get('credit_card')
country = options.get('country')
state = options.get('state')
coupon_code = options.get('coupon_code')
domain = options.get('domain')
options['amount'] = 50
if country in REGIONS and state in REGIONS[country]:
options['state'] = REGIONS[country][state]
def is_token(value):
"""Determines whether the passed argument is a stripe token or not"""
if value is None:
return False
return (value[:3] == 'tok')
if 'user' in options:
user = options['user']
else:
user = get_current_user()
if not user:
# user is not logged in, let's see if the email is attached to an
# account
email = options.get('email')
password = options.get('password')
name = options.get('name')
user = get_user(email)
if user:
# account exists - try to authenticate
try:
authenticate_user(email, password)
except UserAuthenticationFailedError:
return do_error('Password is incorrect')
else:
# this is a new account
user = create_user(email, password, name=name)
session['user'] = user.key.id()
if not user.name:
name = options.get('name')
user.name = name
if not user.stripe_id:
# User doesn't have a stripe customer ID
customer = stripe.Customer.create(
description=name,
email=email
)
user.stripe_id = customer.id
if is_token(credit_card):
card = customer.cards.create(card=credit_card)
credit_card = card.id
else:
# User has a stripe ID
customer = stripe.Customer.retrieve(user.stripe_id)
if is_token(credit_card):
# this is a new card
card = customer.cards.create(card=credit_card)
credit_card = card.id
user.put()
if 'csr' not in options:
# We need to generate the CSR
keypair = get_keypair(False)
csr = CertificationRequest(keypair=keypair)
# Set fields
domain = options.get('domain')
organization = options.get('organization')
state = options.get('state')
country = options.get('country')
phone_number = options.get('phone_number')
email = user.email
csr.set_subject_field('common_name', domain)
csr.set_subject_field('organization', organization)
csr.set_subject_field('state', state)
csr.set_subject_field('country', country)
csr.set_subject_field('telephone', phone_number)
csr.set_subject_field('email_address', email)
options['csr'] = csr.export()
options['keypair'] = keypair.exportKey()
options['credit_card'] = credit_card
options['user'] = user
if request.args.get('promotion') == 'academic':
options['academic'] = True
if options.get('promotion', '') == 'academic':
options['academic'] = True
return options
def download():
"""
Prepares the certificates for download (TODO: redirect to GS)
"""
user = get_current_user()
if not user:
# TODO: fix redirect path to include args
return redirect(url_for('auth.login', redirect=request.path))
order_id = request.args.get('order_id', None)
download_type = request.args.get('type', "appengine")
force = request.args.get('force', None)
if order_id is None:
# Fetch User's last certificate
certs = get_user_certificates(limit=1)
if len(certs) == 0:
# Not sure how they got here, best log an error
logging.error("User has no certificates")
raise Exception("Certificate not found")
cert = certs[0]
else:
cert = get_certificate(order_id, user)
if cert is None:
logging.error('Certificate not found')
raise Exception("Certificate not found")
cert_modified = False
if cert.certs is None or force:
certificates = get_certificates(order_id)
cert.certs = certificates['Certificates']
cert_modified = True
if cert.appengine_cert is None or force:
appengine_cert = ''
top = None
middle = None
bottom = None
for _cert in cert.certs:
logging.info(_cert)
if _cert['FileName'] == 'PositiveSSLCA2.crt':
middle = _cert['FileContent']
elif _cert['FileName'] == 'AddTrustExternalCARoot.crt':
bottom = _cert['FileContent']
else:
top = _cert['FileContent']
if top is not None and middle is not None and bottom is not None:
appengine_cert = top + middle + bottom
else:
logging.error("Predefined ssl merging rules failed")
for _cert in cert.certs:
appengine_cert += _cert['FileContent']
cert.appengine_cert = appengine_cert
cert_modified = True
if cert_modified:
cert.put()
output = StringIO()
z = zipfile.ZipFile(output, 'w')
if download_type == 'appengine':
z.writestr("certificate.crt", fix_unicode(cert.appengine_cert))
if download_type == 'unformatted':
for _cert in cert.certs:
z.writestr(
fix_unicode(_cert['FileName']),
fix_unicode(_cert['FileContent'])
)
if cert.keypair is not None:
z.writestr("privatekey.key", fix_unicode(cert.keypair))
z.close()
response = make_response(output.getvalue())
response.headers["Content-Type"] = "multipart/x-zip"
response.headers['Content-Disposition'] = "attachment; " + \
"filename=ssl_bundle.zip"
return response