def test_200_with_authorization_header(client, access_token):
headers = Headers()
headers.set('Authorization', 'Bearer ' + access_token)
response = client.get('/secrets', headers=headers)
assert response.status_code == 200
assert isinstance(response.json.get('secrets'), list)
def test_401_with_invalid_credentials(client):
headers = Headers()
headers.set('Authorization', 'Basic ' + base64.b64encode('invalid-username:invalid-password'))
response = client.get('/user', headers=headers)
assert response.status_code == 401
assert response.json.get('error') == 'invalid_token'
def test_401_with_unsupported_authorization_header(client):
headers = Headers()
headers.set("Authorization", "MAC 123456789")
response = client.get("/secrets", headers=headers)
assert response.status_code == 401
assert response.json.get("error") == "invalid_token"
def test_401_with_invalid_token(client):
headers = Headers()
headers.set("Authorization", "Bearer invalid-token")
response = client.get("/secrets", headers=headers)
assert response.status_code == 401
assert response.json.get("error") == "invalid_token"
def test_200_with_credentials(client, test_user):
headers = Headers()
headers.set('Authorization', 'Basic ' + base64.b64encode('[email protected]:secret123'))
response = client.get('/user', headers=headers)
assert response.status_code == 200
assert response.json.get('user') == test_user.id
def test_401_with_unsupported_authorization_header(client):
headers = Headers()
headers.set('Authorization', 'MAC 123456789')
response = client.get('/user', headers=headers)
assert response.status_code == 401
assert response.json.get('error') == 'invalid_token'
def test_200_with_authorization_header(client, access_token, test_user):
headers = Headers()
headers.set('Authorization', 'Bearer ' + access_token)
response = client.get('/user', headers=headers)
assert response.status_code == 200
assert response.json.get('user') == test_user.id
def test_401_with_invalid_token(client):
headers = Headers()
headers.set('Authorization', 'Bearer invalid-token')
response = client.get('/user', headers=headers)
assert response.status_code == 401
assert response.json.get('error') == 'invalid_token'
def test_200_with_authorization_header(client, access_token, test_user):
headers = Headers()
headers.set("Authorization", "Bearer " + access_token)
response = client.get("/user", headers=headers)
assert response.status_code == 200
assert response.json.get("user") == test_user.id
def test_200_with_credentials(client, test_user):
headers = Headers()
headers.set("Authorization", basic_auth_encode("*****@*****.**", "secret123"))
response = client.get("/user", headers=headers)
assert response.status_code == 200
assert response.json.get("user") == test_user.id
def test_200_with_credentials(client):
headers = Headers()
headers.set("Authorization", basic_auth_encode("*****@*****.**", "secret123"))
response = client.get("/secrets", headers=headers)
assert response.status_code == 200
assert isinstance(response.json.get("secrets"), list)
def test_200_with_credentials(client):
headers = Headers()
headers.set('Authorization', basic_auth_encode('*****@*****.**', 'secret123'))
response = client.get('/secrets', headers=headers)
assert response.status_code == 200
assert isinstance(response.json.get('secrets'), list)
def test_200_with_authorization_header(client, access_token):
headers = Headers()
headers.set("Authorization", "Bearer " + access_token)
response = client.get("/secrets", headers=headers)
assert response.status_code == 200
assert isinstance(response.json.get("secrets"), list)
def test_401_with_expired_token(client, access_token):
headers = Headers()
headers.set("Authorization", "Bearer " + access_token)
with immobilus("2099-01-14"):
response = client.get("/secrets", headers=headers)
assert response.status_code == 401
assert response.json.get("error") == "invalid_token"
def test_401_with_expired_token(client, access_token):
headers = Headers()
headers.set('Authorization', 'Bearer ' + access_token)
with freeze_time('2099-01-14'):
response = client.get('/user', headers=headers)
assert response.status_code == 401
assert response.json.get('error') == 'invalid_token'
def test_400_without_grant_type(client):
headers = Headers()
headers.set("Origin", ORIGIN)
response = client.post("/oauth/token", headers=headers)
assert response.status_code == 400
assert response.headers.get("Access-Control-Allow-Origin") == ORIGIN
assert response.headers.get("Access-Control-Allow-Credentials") == "true"
assert response.json.get("error") == "unsupported_grant_type"
def test_cors(client):
headers = Headers()
headers.set('Origin', ORIGIN)
response = client.get('/', headers=headers)
assert response.headers.get('Access-Control-Allow-Origin') == ORIGIN
assert response.headers.get('Access-Control-Allow-Credentials') == 'true'
assert 'Access-Control-Allow-Methods' not in response.headers
assert 'Access-Control-Allow-Headers' not in response.headers
def test_401_with_invalid_credentials(client):
headers = Headers()
headers.set(
"Authorization", basic_auth_encode("invalid-username", "invalid-password")
)
response = client.get("/secrets", headers=headers)
assert response.status_code == 401
assert response.json.get("error") == "invalid_token"
def test_400_without_grant_type(client):
headers = Headers()
headers.set('Origin', ORIGIN)
response = client.post('/oauth/token', headers=headers)
assert response.status_code == 400
assert response.headers.get('Access-Control-Allow-Origin') == ORIGIN
assert response.headers.get('Access-Control-Allow-Credentials') == 'true'
assert response.json.get('error') == 'unsupported_grant_type'
def test_cors(client, app):
cors.init_app(app)
headers = Headers()
headers.set("Origin", ORIGIN)
response = client.get("/", headers=headers)
assert response.headers.get("Access-Control-Allow-Origin") == ORIGIN
assert response.headers.get("Access-Control-Allow-Credentials") == "true"
assert "Access-Control-Allow-Methods" not in response.headers
assert "Access-Control-Allow-Headers" not in response.headers
def test_missing_user_agent_returns_403(client):
headers = Headers()
headers.set('User-Agent', '')
res = client.get('/', headers=headers)
assert res.status_code == 403
json = res.json
assert isinstance(json, dict)
assert 'User-Agent header' in json.get('message')
def download_file(id):
# add a filename
headers = Headers()
headers.set('Content-Disposition', 'attachment', filename='data.csv')
# stream the response as the data is generated
return Response(stream_with_context(getCsvFile(id)),
mimetype='text/csv',
headers=headers)
def test_auth_decorated_link_good_token_wrong_authority(client):
user1 = default_config()
user2 = User(name='second user', password='******', roles=['user'])
user2.save()
headers = Headers()
headers.set('Authorization', 'Bearer {}'.format(user2.auth_token))
post_data = json.dumps({'current_password': '******', 'new_password': '******'})
rsp = client.post('/users/{}/change_password'.format(user1.id), data=post_data, headers=headers)
print('\nResponse: {} -> {}'.format(rsp.status, rsp.data))
assert rsp.status_code == 403, 'should be ok'
def test_cors_with_methods(client):
headers = Headers()
headers.set("Origin", ORIGIN)
headers.set("Access-Control-Request-Methods", "get, post")
response = client.get("/", headers=headers)
assert response.headers.get("Access-Control-Allow-Origin") == ORIGIN
assert response.headers.get("Access-Control-Allow-Credentials") == "true"
assert response.headers.get("Access-Control-Allow-Methods") == "get, post"
assert "Access-Control-Allow-Headers" not in response.headers
def get_headers(self) -> "Optional[HeadersType]":
headers = Headers()
headers.set('Content-Type', 'application/octet-stream')
headers.set('Access-Control-Allow-Origin',
request.environ.get('HTTP_ORIGIN'))
headers.set('Access-Control-Allow-Headers',
request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
headers.set('Access-Control-Allow-Methods', '*')
headers.set('Access-Control-Allow-Credentials', 'true')
return headers
def test_cors_with_methods(client):
headers = Headers()
headers.set('Origin', ORIGIN)
headers.set('Access-Control-Request-Methods', 'get, post')
response = client.get('/', headers=headers)
assert response.headers.get('Access-Control-Allow-Origin') == ORIGIN
assert response.headers.get('Access-Control-Allow-Credentials') == 'true'
assert response.headers.get('Access-Control-Allow-Methods') == 'get, post'
assert 'Access-Control-Allow-Headers' not in response.headers
def get_headers(self) -> "Optional[HeadersType]":
headers = Headers()
headers.set('Access-Control-Allow-Origin',
request.environ.get('HTTP_ORIGIN'))
headers.set('Access-Control-Allow-Headers',
request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
headers.set('Access-Control-Allow-Methods', '*')
headers.set('Access-Control-Allow-Credentials', 'true')
headers.set('Access-Control-Expose-Headers', 'X-Rucio-Auth-Token')
return headers
def test_default_state_with_enabled_security(client):
user_service = kernel.register(User, methods=['GET', 'PUT', 'POST', 'PATCH', 'DELETE'])
user_service.deny_all()
user = create_basic_user()
user.update(roles=['user', 'admin'])
headers = Headers()
headers.set('Authorization', 'Bearer {}'.format(user.auth_token))
rsp = client.get('/users/{}'.format(user.id), headers=headers)
print('\nResponse: {} -> {}'.format(rsp.status, rsp.data.decode()))
assert rsp.status_code == 403, 'should be accepted'
assert rsp.json.get('message') == 'Not allowed to access method.'
def download_batch(id):
content = StringIO()
for record in Record.query.filter(Record.batch_id == id):
content.write(record.as_original())
content.seek(0)
headers = Headers()
headers.set("Content-Disposition", "attachment", filename="data.txt")
return Response(content, mimetype="text/plain", headers=headers)
def return_hydro_info(scenario_id):
'''
This function is used to return all the hydro information
'''
# TODO extract hydro data based on id
# the id is an list separate by ---
final_csv_raw_data = []
id_list = scenario_id.split('---')
for temp_id in id_list:
scenarios = Scenario.objects(id=temp_id).first()
hydro_data_list = scenarios.hydrograph.streamflow_array
hydro_time_list = scenarios.hydrograph.time_array
final_csv_raw_data.append([temp_id, hydro_time_list, hydro_data_list])
if len(hydro_time_list) != len(hydro_data_list):
return 'time and data arrays are not the same length'
else:
# idea is from
# http://stackoverflow.com/questions/28011341/create-and-download-a-csv-file
def generate():
data = StringIO.StringIO()
w = csv.writer(data)
# write header
w.writerow(('timestamp', 'HydroValue'))
yield data.getvalue()
data.seek(0)
data.truncate(0)
# write each log item
# TODO this part final_csv_raw_data[0], coz create a csv file only based on
# the first scenario
for count in range(len(final_csv_raw_data[0][1])):
w.writerow((
# format datetime as string
final_csv_raw_data[0][1][count].isoformat(),
final_csv_raw_data[0][2][count]
))
yield data.getvalue()
data.seek(0)
data.truncate(0)
# add a filename
headers = Headers()
headers.set('Content-Disposition', 'attachment', filename='hydro.csv')
# stream the response as the data is generated
return Response(
stream_with_context(generate()),
mimetype='text/csv', headers=headers
)
def admin_scio_stats():
from werkzeug.datastructures import Headers
from werkzeug.wrappers import Response
from flask import stream_with_context
def generate():
import io
import csv
A = ApplicationForm \
.query \
.filter(ApplicationForm.submitted_at.isnot(None)) \
.all()
data = io.StringIO()
w = csv.writer(data, delimiter='\t')
w.writerow(
('name', 'surname', 'birth_no', 'scio_percentile', 'scio_date'))
yield data.getvalue()
data.seek(0)
data.truncate(0)
for application in A:
sess = flask.json.loads(application.application)
if 'further_study_info' not in sess:
continue
if 'scio_date' not in sess['further_study_info'] and \
'scio_percentile' not in sess['further_study_info']:
continue
name = sess['basic_personal_data']['name']
surname = sess['basic_personal_data']['surname']
birth_no = sess['birth_no']
scio_percentile = sess['further_study_info']['scio_percentile']
scio_date = sess['further_study_info']['scio_date']
if scio_date.strip() == scio_percentile.strip() == '':
continue
w.writerow((name, surname, birth_no, scio_percentile, scio_date))
yield data.getvalue()
data.seek(0)
data.truncate(0)
headers = Headers()
headers.set('Content-Disposition', 'attachment', filename='scio_stats.tsv')
return Response(stream_with_context(generate()),
mimetype='text/tsv',
headers=headers)
def download_file(id):
file_name, file_content = getDataBaseFile(id)
# add a filename - HTTP
headers = Headers()
headers.set('Content-Disposition', 'attachment', filename=file_name)
# stream the response as the data is generated
return Response(
stream_with_context(file_content),
mimetype='application/pdf', headers=headers #https://developer.mozilla.org/pt-BR/docs/Web/HTTP/Basico_sobre_HTTP/MIME_types/Complete_list_of_MIME_types
)
def options(self):
"""
Allow cross-site scripting. Explicit for Authentication.
:status 200: OK
"""
headers = Headers()
headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))
headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
headers.set('Access-Control-Allow-Methods', '*')
headers.set('Access-Control-Allow-Credentials', 'true')
headers.set('Access-Control-Expose-Headers', 'X-Rucio-Auth-Token')
return '', 200, headers
def create_csv_response(transactions: list) -> Response:
csv_data = StringIO(newline='')
writer = csv.writer(csv_data)
column_names = [
'timestamp', 'description', 'transaction_category', 'amount'
]
writer.writerow(column_names)
for transaction in transactions:
writer.writerow([transaction[key] for key in column_names])
headers = Headers()
headers.set('Content-Disposition',
'attachment',
filename='transactions.csv')
return Response(generator(csv_data), mimetype='text/csv', headers=headers)
def test_auth_decorated_link_good_token_correct_authority(client):
user = default_config()
headers = Headers()
headers.add('X-Tenant', 'rockee')
headers.set('Authorization', 'Bearer {}'.format(user.auth_token))
post_data = json.dumps({
'current_password': '******',
'new_password': '******'
})
rsp = client.post('/users/{}/change_password'.format(user.id),
data=post_data,
headers=headers)
print('\nResponse: {} -> {}'.format(rsp.status, rsp.data.decode()))
assert rsp.status_code == 200, 'should be ok'
def index():
form = CSVUploadForm()
if form.validate_on_submit():
form_input = io.StringIO(form.file.data.stream.read().decode('utf-8'))
input_csv = csv.reader(form_input,
delimiter=',',
dialect='excel',
lineterminator='\r\n')
def remove_slash(d):
return d.replace('/', '')
def join_date_numb(d, m):
return d + m
def format_amount(a):
a1 = a.replace('$', '')
a2 = a1.replace('.', '')
return a2.replace(',', '')
row_num = 0
ce_num = 525627
txt_filename = Date.today().format('%m%d%Y') + '.txt'
with open(txt_filename, 'w+') as output_text:
for row in input_csv:
if row_num >= 1:
date = remove_slash(row[0])
date_memb = join_date_numb(date, row[2])
last_name = row[3].split(',')
amount = format_amount(row[7])
ce_num_final = str(ce_num) + 'CE'
line = '{date_memb} {last_name}{ce_num_final}{amount}\n'.format(
date_memb=date_memb.ljust(13),
last_name=last_name[0].ljust(33),
ce_num_final=ce_num_final.ljust(12),
amount=amount)
output_text.write(line)
ce_num += 1
row_num += 1
output_text.close()
headers = Headers()
headers.set('Content-Disposition', 'attachment', filename=txt_filename)
return send_from_directory(basedir,
txt_filename,
mimetype='text/css',
as_attachment=True)
return render_template('index.html', form=form)
def post(self):
"""
Trace endpoint used by the pilot and CLI clients to post data access information.
.. :quickref: Trace; Send trace.
:<json dict payload: Dictionary contain the trace information.
:status 201: Created.
:status 400: Cannot decode json data.
:status 500: Internal Error.
"""
headers = Headers()
headers.set('Content-Type', 'application/octet-stream')
headers.set('Access-Control-Allow-Origin',
request.environ.get('HTTP_ORIGIN'))
headers.set('Access-Control-Allow-Headers',
request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
headers.set('Access-Control-Allow-Methods', '*')
headers.set('Access-Control-Allow-Credentials', 'true')
try:
payload = json.loads(request.data)
# generate entry timestamp
payload['traceTimeentry'] = datetime.datetime.utcnow()
payload['traceTimeentryUnix'] = calendar.timegm(
payload['traceTimeentry'].timetuple(
)) + payload['traceTimeentry'].microsecond / 1e6
# guess client IP
payload['traceIp'] = request.headers.get(
'X-Forwarded-For', default=request.remote_addr)
# generate unique ID
payload['traceId'] = str(uuid.uuid4()).replace('-', '').lower()
trace(payload=payload)
except ValueError:
return generate_http_error_flask(
400,
'ValueError',
'Cannot decode json parameter list',
headers=headers)
except Exception as error:
print(traceback.format_exc())
return str(error), 500, headers
return 'Created', 201, headers
def stream_result_as_csv(cursor):
"""Takes one argument, SQLite3 query result, which is streamed out as CSV file."""
import io # for StringIO
import csv
# Generator object for the Response() to use
def generate(cursor):
data = io.StringIO()
writer = csv.writer(data)
# Yield header
writer.writerow(
(key[0] for key in cursor.description)
)
yield data.getvalue()
data.seek(0)
data.truncate(0)
# Yeild data
for row in cursor:
writer.writerow(row)
yield data.getvalue()
data.seek(0)
data.truncate(0)
from werkzeug.datastructures import Headers
from werkzeug.wrappers import Response
from flask import stream_with_context
#
# Response header
#
headers = Headers()
headers.set(
'Content-Disposition',
'attachment',
filename = time.strftime(
"%Y-%m-%d %H.%M.%S.csv",
time.localtime(time.time())
)
)
# RFC 7111 (wich updates RFC 4180) states that the MIME type for
# CSV is "text/csv". (Google Chrome can shut the hell up).
#
# Stream the response using the local generate() -generator function.
return Response(
stream_with_context(generate(cursor)),
mimetype='text/csv',
headers=headers
)
def csv_response(rows):
"""
:type rows: list
:param rows: list of lists to be written into csv
:rtype: :class:`~werkzeug.wrappers.Response`
:return: csv file as a html response
"""
headers = Headers()
headers.set('Content-Disposition', 'attachment', filename='summary.csv')
return Response(
stream_with_context(generate_csv(rows)),
mimetype='text/csv',
headers=headers,
)
def export():
if current_user.role != Role.admin:
abort(401, 'User needs to be an admin to access this route')
ranked_applications = Application.rank_participants()
Action.log_action(ActionType.export, current_user.id)
headers = Headers()
headers.set('Content-Disposition', 'attachment', filename='export.csv')
# stream the response as the data is generated
return Response(stream_with_context(generate_csv(ranked_applications)),
mimetype='text/csv',
headers=headers)
def downloadFile(theName, theID):
logger.info('Preparing downloading data for %s with ID %s ...' %
(theName, theID))
try:
if request.args.get('extension', '') == 'txt':
logger.info('Preparing txt file contents...')
def generate():
try:
contentsBody = StringIO()
contentsBody.write('"ItemID", "Name","Available"\n')
yield contentsBody.getvalue()
contentsBody.seek(0)
contentsBody.truncate(0)
for item in range(10):
row = []
row.append(str(item))
row.append("Item Name Is " + str(item))
row.append("Yes")
contentsBody.write('"' + '","'.join(row) + '"\n')
yield contentsBody.getvalue()
contentsBody.seek(0)
contentsBody.truncate(0)
except:
logger.error('File creation exception: %s' %
(traceback.format_exc()))
headers = Headers()
headers.set('Content-Disposition',
'attachment',
filename='%s.txt' % (str(theID)))
return Response(stream_with_context(generate()),
mimetype='text/txt',
headers=headers)
else:
raise Exception('None txt files are not supported.')
except:
logger.warning('Exception in downloadFile. Stack trace is: %s' %
(traceback.format_exc()))
abort(404)
def clara_responses_download():
items = (get_internal('clara_responses')[0])['_items']
# print(items)
def generate():
data = StringIO()
w = csv.writer(data, delimiter=';')
for item in ['main_scale', 'clara_item']:
header = []
for res in items[0]['clara_items']:
header.append(res['clara_item'][item])
# write header
w.writerow(header)
yield data.getvalue()
data.seek(0)
data.truncate(0)
# write each log item
for item in items:
# resH = []
resA = []
for res in item['clara_items']:
# resH.append(res['clara_item']['itembank_id'])
resA.append(res['response_option']['response_value'])
# w.writerow(resH)
w.writerow(resA)
yield data.getvalue()
data.seek(0)
data.truncate(0)
# add a filename
headers = Headers()
try:
headers.set('Content-Disposition',
'attachment',
filename='{}.csv'.format(
items[0]['student_class']['student_class']))
except IndexError:
headers.set('Content-Disposition', 'attachment', filename='empty.csv')
# stream the response as the data is generated
return Response(stream_with_context(generate()),
mimetype='text/csv',
headers=headers)
def admin_submitted_stats():
from werkzeug.datastructures import Headers
from werkzeug.wrappers import Response
from flask import stream_with_context
def generate():
import io
import csv
A = ApplicationForm \
.query \
.filter(ApplicationForm.submitted_at.isnot(None)) \
.all()
data = io.StringIO()
w = csv.writer(data, delimiter='\t')
w.writerow(('school', 'started_at', 'submitted_at'))
yield data.getvalue()
data.seek(0)
data.truncate(0)
for application in A:
sess = flask.json.loads(application.application)
if not sess['finished_highschool_check'] == 'SK':
continue
user = User.query.filter_by(id=application.user_id).first()
hs_code = sess['studies_in_sr']['highschool']
highschool = LISTS['highschool'][hs_code]
w.writerow(
(highschool, user.registered_at, application.submitted_at))
yield data.getvalue()
data.seek(0)
data.truncate(0)
headers = Headers()
headers.set('Content-Disposition',
'attachment',
filename='submitted_applications_stats.tsv')
return Response(stream_with_context(generate()),
mimetype='text/tsv',
headers=headers)
def csv_download():
def generate():
data = get_data()
output = "date, actual, prediction\n"
for date in data:
output += "{},{},{}\n".format(
datetime.datetime.utcfromtimestamp(date).strftime('%Y-%m-%d'),
data[date]['actual'], data[date]['prediction'])
return output
headers = Headers()
headers.set('Content-Disposition',
'attachment',
filename='stock_price_predictions.csv')
return Response(stream_with_context(generate()),
mimetype='text/csv',
headers=headers)
def download():
def generate():
data = StringIO()
w = csv.writer(data, delimiter=';')
# write header
w.writerow(('Id', 'Login', 'Vinculo', 'Cargo', 'SIAPE/MATR', 'CPF', 'Localização', 'Telefone Funcional', 'Telefone Celular' , 'Data de Nascimento', 'Lotação', 'Atualizado Em'))
yield data.getvalue()
data.seek(0)
data.truncate(0)
cur = mysql.connection.cursor()
cur.execute("SELECT * FROM users")
data_user = cur.fetchall()
data_user_l = list(data_user)
# write each data_user_l item
for item in data_user_l:
w.writerow((
item[0],
item[1],
item[2],
item[3],
item[4],
item[5],
item[6],
item[7],
item[8],
item[9],
item[10],
item[11]
))
yield data.getvalue()
data.seek(0)
data.truncate(0)
# add a filename
headers = Headers()
headers.set('Content-Disposition', 'attachment', filename='usuarios.csv')
# stream the response as the data is generated
return Response(
stream_with_context(generate()),
mimetype='text/csv', headers=headers
)
def tokens(client, test_user):
headers = Headers()
headers.set('Origin', ORIGIN)
response = client.post('/oauth/token', headers=headers, data={
'grant_type': 'password',
'username': '******',
'password': '******',
})
assert response.status_code == 200
assert response.headers.get('Access-Control-Allow-Origin') == ORIGIN
assert response.headers.get('Access-Control-Allow-Credentials') == 'true'
assert response.json.get('access_token')
assert response.json.get('expires_in')
assert response.json.get('token_type') == 'Bearer'
assert response.json.get('refresh_token')
return response.json
def werkzeug_headers():
from werkzeug.datastructures import Headers
Headers({"Access-Control-Allow-Origin": "*"}) # Noncompliant
# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
headers = Headers({"Access-Control-Allow-Origin":
"trustedwebsite.com"}) # Compliant
headers.set("Access-Control-Allow-Origin", "*") # Noncompliant
# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
headers.setdefault("Access-Control-Allow-Origin", "*") # Noncompliant
headers["Access-Control-Allow-Origin"] = "*" # Noncompliant
headers.__setitem__("Access-Control-Allow-Origin", "*") # Noncompliant
headers.set("Access-Control-Allow-Credentials", "") # Compliant
headers.set("Access-Control-Expose-Headers", "") # Compliant
headers.set("Access-Control-Max-Age", "") # Compliant
headers.set("Access-Control-Allow-Methods", "") # Compliant
headers.set("Access-Control-Allow-Headers", "") # Compliant
Headers(1, 2)
def post(self):
"""
Trace endpoint used by the XAOD framework to post data access information.
.. :quickref: XAODTrace; Send XAOD trace.
:<json dict payload: Dictionary contain the trace information.
:status 201: Created.
:status 400: Cannot decode json data.
:status 500: Internal Error.
"""
headers = Headers()
headers.set('Content-Type', 'application/octet-stream')
headers.set('Access-Control-Allow-Origin',
request.environ.get('HTTP_ORIGIN'))
headers.set('Access-Control-Allow-Headers',
request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
headers.set('Access-Control-Allow-Methods', '*')
headers.set('Access-Control-Allow-Credentials', 'true')
try:
payload = json.loads(request.data)
# generate entry timestamp
payload['timeentry'] = int(time.time())
# guess client IP
payload['ip'] = request.headers.get('X-Forwarded-For',
default=request.remote_addr)
trace(payload=payload)
except ValueError:
return generate_http_error_flask(
400,
'ValueError',
'Cannot decode json parameter list',
headers=headers)
except Exception as error:
print(traceback.format_exc())
return str(error), 500, headers
return 'Created', 201, headers
def download():
search_option = session.get("search_option")
search_address = session.get("search_address")
user_lng = session.get("user_lng")
user_lat = session.get("user_lat")
unregistered_addresses = handle_search(user_lng, user_lat, search_option)
unregistered_addresses = unregistered_addresses[['oa_number', 'oa_street']]
unregistered_addresses.columns = ['street_number', 'street_name']
unregistered_addresses = unregistered_addresses.sort_values(
['street_name', 'street_number'])
csv = unregistered_addresses.to_csv(index=False)
filename = search_address + " " + search_option + ".csv"
headers = Headers()
headers.set('Content-Disposition', 'attachment', filename=filename)
return Response(csv, mimetype="text/csv", headers=headers)
def compute_csv(urls, filters, excludes):
"""Generate a streamed CSV of all data, optionally filtered."""
def generate():
"""A generator is required to stream the actual CSV."""
fake_file = StringIO()
w = csv.writer(fake_file)
# Write the header.
w.writerow(('URL', 'Status', 'Content-Type', 'Updated'))
yield fake_file.getvalue()
fake_file.seek(0)
fake_file.truncate(0)
for url_hash, data in urls:
# Filtering.
data = apply_filters(data, filters, excludes)
if not data:
continue
# Statuses.
status = data.get('final-status-code', '')
if not status:
continue
url = data['checked-url']
content_type = data.get('content-type', '')
updated = data.get('updated', '')
w.writerow((url, status, content_type, updated))
yield fake_file.getvalue()
fake_file.seek(0)
fake_file.truncate(0)
# Set headers with the appropriated filename.
headers = Headers()
headers.set('Content-Disposition',
'attachment',
filename='croquemort-{date_iso}.csv'.format(
date_iso=datetime.now().date().isoformat()))
# Stream the response as the data is generated.
return Response(generate(), mimetype='text/csv', headers=headers)
def csv_download():
now = datetime.datetime.now()
filename = "{}.csv".format(
get_local_dt(now, human=True, format='%Y-%m-%d_%H.%M.%S'))
def generate():
data = StringIO()
writer = csv.writer(data)
writer.writerow(('predictor dt', 'predictor', 'outcome dt', 'outcome',
'difference (min)'))
yield data.getvalue()
data.seek(0)
data.truncate(0)
current_user.sessions.sort(key=lambda session: session.updated_at,
reverse=False)
for session in current_user.sessions:
session.responses.sort(key=lambda response: response.updated_at,
reverse=False)
if len(session.responses) == 1:
writer.writerow((get_local_dt(session.responses[0].updated_at),
session.responses[0].message, '', '', ''))
elif len(session.responses) == 2:
diff = relativedelta.relativedelta(
session.responses[1].updated_at,
session.responses[0].updated_at)
writer.writerow((get_local_dt(session.responses[0].updated_at),
session.responses[0].message,
get_local_dt(session.responses[1].updated_at),
session.responses[1].message, diff.minutes))
yield data.getvalue()
data.seek(0)
data.truncate(0)
headers = Headers()
headers.set('Content-Disposition', 'attachment', filename=filename)
return wrappers.Response(stream_with_context(generate()),
mimetype='text/csv',
headers=headers)
def compute_csv(urls, filters, excludes):
"""Generate a streamed CSV of all data, optionally filtered."""
def generate():
"""A generator is required to stream the actual CSV."""
fake_file = StringIO()
w = csv.writer(fake_file)
# Write the header.
w.writerow(('URL', 'Status', 'Content-Type', 'Updated'))
yield fake_file.getvalue()
fake_file.seek(0)
fake_file.truncate(0)
for url_hash, data in urls:
# Filtering.
data = apply_filters(data, filters, excludes)
if not data:
continue
# Statuses.
status = data.get('final-status-code', '')
if not status:
continue
url = data['checked-url']
content_type = data.get('content-type', '')
updated = data.get('updated', '')
w.writerow((url, status, content_type, updated))
yield fake_file.getvalue()
fake_file.seek(0)
fake_file.truncate(0)
# Set headers with the appropriated filename.
headers = Headers()
headers.set('Content-Disposition', 'attachment',
filename='croquemort-{date_iso}.csv'.format(
date_iso=datetime.now().date().isoformat()))
# Stream the response as the data is generated.
return Response(generate(), mimetype='text/csv', headers=headers)
def tokens(client, test_user):
headers = Headers()
headers.set("Origin", ORIGIN)
response = client.post(
"/oauth/token",
headers=headers,
data={
"grant_type": "password",
"username": "******",
"password": "******",
},
)
assert response.status_code == 200
assert response.headers.get("Access-Control-Allow-Origin") == ORIGIN
assert response.headers.get("Access-Control-Allow-Credentials") == "true"
assert response.json.get("access_token")
assert response.json.get("expires_in")
assert response.json.get("token_type") == "Bearer"
assert response.json.get("refresh_token")
return response.json
def test_headers():
# simple header tests
headers = Headers()
headers.add('Content-Type', 'text/plain')
headers.add('X-Foo', 'bar')
assert 'x-Foo' in headers
assert 'Content-type' in headers
headers['Content-Type'] = 'foo/bar'
assert headers['Content-Type'] == 'foo/bar'
assert len(headers.getlist('Content-Type')) == 1
# list conversion
assert headers.to_list() == [
('Content-Type', 'foo/bar'),
('X-Foo', 'bar')
]
assert str(headers) == (
"Content-Type: foo/bar\r\n"
"X-Foo: bar\r\n"
"\r\n")
assert str(Headers()) == "\r\n"
# extended add
headers.add('Content-Disposition', 'attachment', filename='foo')
assert headers['Content-Disposition'] == 'attachment; filename=foo'
headers.add('x', 'y', z='"')
assert headers['x'] == r'y; z="\""'
# defaults
headers = Headers([
('Content-Type', 'text/plain'),
('X-Foo', 'bar'),
('X-Bar', '1'),
('X-Bar', '2')
])
assert headers.getlist('x-bar') == ['1', '2']
assert headers.get('x-Bar') == '1'
assert headers.get('Content-Type') == 'text/plain'
assert headers.setdefault('X-Foo', 'nope') == 'bar'
assert headers.setdefault('X-Bar', 'nope') == '1'
assert headers.setdefault('X-Baz', 'quux') == 'quux'
assert headers.setdefault('X-Baz', 'nope') == 'quux'
headers.pop('X-Baz')
# type conversion
assert headers.get('x-bar', type=int) == 1
assert headers.getlist('x-bar', type=int) == [1, 2]
# list like operations
assert headers[0] == ('Content-Type', 'text/plain')
assert headers[:1] == Headers([('Content-Type', 'text/plain')])
del headers[:2]
del headers[-1]
assert headers == Headers([('X-Bar', '1')])
# copying
a = Headers([('foo', 'bar')])
b = a.copy()
a.add('foo', 'baz')
assert a.getlist('foo') == ['bar', 'baz']
assert b.getlist('foo') == ['bar']
headers = Headers([('a', 1)])
assert headers.pop('a') == 1
assert headers.pop('b', 2) == 2
assert_raises(KeyError, headers.pop, 'c')
# set replaces and accepts same arguments as add
a = Headers()
a.set('Content-Disposition', 'useless')
a.set('Content-Disposition', 'attachment', filename='foo')
assert a['Content-Disposition'] == 'attachment; filename=foo'
def test_headers():
# simple header tests
headers = Headers()
headers.add("Content-Type", "text/plain")
headers.add("X-Foo", "bar")
assert "x-Foo" in headers
assert "Content-type" in headers
headers["Content-Type"] = "foo/bar"
assert headers["Content-Type"] == "foo/bar"
assert len(headers.getlist("Content-Type")) == 1
# list conversion
assert headers.to_list() == [("Content-Type", "foo/bar"), ("X-Foo", "bar")]
assert str(headers) == ("Content-Type: foo/bar\r\n" "X-Foo: bar\r\n" "\r\n")
assert str(Headers()) == "\r\n"
# extended add
headers.add("Content-Disposition", "attachment", filename="foo")
assert headers["Content-Disposition"] == "attachment; filename=foo"
headers.add("x", "y", z='"')
assert headers["x"] == r'y; z="\""'
# defaults
headers = Headers([("Content-Type", "text/plain"), ("X-Foo", "bar"), ("X-Bar", "1"), ("X-Bar", "2")])
assert headers.getlist("x-bar") == ["1", "2"]
assert headers.get("x-Bar") == "1"
assert headers.get("Content-Type") == "text/plain"
assert headers.setdefault("X-Foo", "nope") == "bar"
assert headers.setdefault("X-Bar", "nope") == "1"
assert headers.setdefault("X-Baz", "quux") == "quux"
assert headers.setdefault("X-Baz", "nope") == "quux"
headers.pop("X-Baz")
# type conversion
assert headers.get("x-bar", type=int) == 1
assert headers.getlist("x-bar", type=int) == [1, 2]
# list like operations
assert headers[0] == ("Content-Type", "text/plain")
assert headers[:1] == Headers([("Content-Type", "text/plain")])
del headers[:2]
del headers[-1]
assert headers == Headers([("X-Bar", "1")])
# copying
a = Headers([("foo", "bar")])
b = a.copy()
a.add("foo", "baz")
assert a.getlist("foo") == ["bar", "baz"]
assert b.getlist("foo") == ["bar"]
headers = Headers([("a", 1)])
assert headers.pop("a") == 1
assert headers.pop("b", 2) == 2
assert_raises(KeyError, headers.pop, "c")
# set replaces and accepts same arguments as add
a = Headers()
a.set("Content-Disposition", "useless")
a.set("Content-Disposition", "attachment", filename="foo")
assert a["Content-Disposition"] == "attachment; filename=foo"
