def handle_error(error):
"""Generically handle error messages with custom messages"""
# Handle exceptions that are not Internal Server Errors
if not isinstance(error, HTTPException):
error = InternalServerError() # pragma: no cover
error.custom_message = custom_error_messages.get(error.code, error.description)
return render_template("errors.html", error=error), error.code
def _wsgi(e, environ, start_response):
'''Wraps the given exception ``e`` in a WSGI application and calls it
with the given ``environ`` and ``start_response``.
If the exception is a subclass of ``HTTPException`` it will be used
as-is; otherwise its message gets extracted and wrapped in an
``InternalServerError``.'''
if not isinstance(e, HTTPException):
logging.getLogger('modulo').debug('Creating InternalServerError')
e = InternalServerError(e.message)
return e.get_response(environ)(environ, start_response)
def publish(request, mount):
model = resolve_model(request, mount)
try:
return resolve_response(request, model)
except HTTPException as e:
return e.get_response(request.environ)
except (SystemExit, KeyboardInterrupt) as e:
raise
except:
print_exc(file=sys.stderr)
e = InternalServerError()
return e.get_response(request.environ)
def enroll(username, friend_id):
error = InternalServerError()
error.type = 'enroll'
if len(friend_id) != 14 or not friend_id.isnumeric()\
or not friend_id.startswith('2440'):
error.msg = 'err_enroll_friend_id_knit'
raise error
if len(username) <= 2:
error.msg = 'err_username_too_short'
raise error
friend_id = int(friend_id)
query = database.User.filter(or_(
database.User.friend_id == int(friend_id),
database.User.alias.contains(username)))
if query.count() > 0:
user = query.first()
if user.friend_id == friend_id:
error.msg = 'err_enroll_duplicated_friend_id'
elif user.alias == username:
error.msg = 'err_enroll_duplicated_alias'
else:
error.msg = 'err_enroll_duplicate' # available?
raise error
database.session.add(database.User(friend_id, username))
database.session.add(database.UserRequest(friend_id))
return render_template('enroll.html', username=username)
def request_music(username, music_key):
if music_key.isnumeric():
music_id = int(music_key)
else:
music_id = Music.by_keyword(music_key, g.lang)
args = dependency.build(check_user)
user = args['user']
try:
database.MusicRequest.by(friend_id=user.friend_id)
e = InternalServerError()
e.type = 'request'
e.title = 'err_request_denied'
e.msg = 'err_request_duplicated'
raise e
except:
pass
database.session.add(database.MusicRequest(user.friend_id, music_id))
return render_templace('request.html', **args)
def parse_response(self, res):
e = InternalServerError("Call returned an invalid value")
e.remote = True
is_empty = res.text == ""
if ((self.response_must_be_empty == True and not is_empty) or
(is_empty and self.response_can_be_empty == False)):
raise e
r = {
'code': res.status_code,
'headers': res.headers
}
if self.json_response:
try:
r['json'] = string_to_json(res.text)
except ValueError:
raise e
else:
r['data'] = res.text
if r['code'] not in self.acceptable_response_codes:
message = None
if 'json' in r and r['json'] and type(r['json'].datum) == dict:
if r['json'].datum.get('is_validation_error', False):
raise ValidationError(r['json'].datum.get('error', ''))
if 'error' in r['json'].datum:
message = r['json'].datum['error']
try:
abort(r['code'], message)
except Exception as e:
# Flag the exception to specify that it came from a remote
# API. If this exception bubbles up to the web layer, a
# generic 500 response will be returned
e.remote = True
raise
return r
def errorhandler(e):
"""Handle error"""
if not isinstance(e, HTTPException):
e = InternalServerError()
return apology(e.name, e.code)
def run_wsgi(self):
if self.headers.get('Expect', '').lower().strip() == '100-continue':
self.wfile.write(b'HTTP/1.1 100 Continue\r\n\r\n')
self.environ = environ = self.make_environ()
headers_set = []
headers_sent = []
def write(data):
assert headers_set, 'write() before start_response'
if not headers_sent:
status, response_headers = headers_sent[:] = headers_set
try:
code, msg = status.split(None, 1)
except ValueError:
code, msg = status, ""
self.send_response(int(code), msg)
header_keys = set()
for key, value in response_headers:
self.send_header(key, value)
key = key.lower()
header_keys.add(key)
if 'content-length' not in header_keys:
self.close_connection = True
self.send_header('Connection', 'close')
if 'server' not in header_keys:
self.send_header('Server', self.version_string())
if 'date' not in header_keys:
self.send_header('Date', self.date_time_string())
self.end_headers()
assert isinstance(data, bytes), 'applications must write bytes'
self.wfile.write(data)
self.wfile.flush()
def start_response(status, response_headers, exc_info=None):
if exc_info:
try:
if headers_sent:
reraise(*exc_info)
finally:
exc_info = None
elif headers_set:
raise AssertionError('Headers already set')
headers_set[:] = [status, response_headers]
return write
def execute(app):
application_iter = app(environ, start_response)
try:
for data in application_iter:
write(data)
if not headers_sent:
write(b'')
finally:
if hasattr(application_iter, 'close'):
application_iter.close()
application_iter = None
try:
execute(self.server.app)
except (socket.error, socket.timeout) as e:
self.connection_dropped(e, environ)
except Exception:
if self.server.passthrough_errors:
raise
from werkzeug.debug.tbtools import get_current_traceback
traceback = get_current_traceback(ignore_system_exceptions=True)
try:
# if we haven't yet sent the headers but they are set
# we roll back to be able to set them again.
if not headers_sent:
del headers_set[:]
execute(InternalServerError())
except Exception:
pass
self.server.log('error', 'Error on request:\n%s',
traceback.plaintext)
def post_respondent(party, session):
"""
Register respondent and set up pending enrolment before account verification
:param party: respondent to be created details
:param session
:return: created respondent
"""
# Validation, curation and checks
expected = ('emailAddress', 'firstName', 'lastName', 'password',
'telephone', 'enrolmentCode')
v = Validator(Exists(*expected))
if 'id' in party:
# Note: there's not strictly a requirement to be able to pass in a UUID, this is currently supported to
# aid with testing.
logger.info("'id' in respondent post message")
try:
uuid.UUID(party['id'])
except ValueError:
logger.info("Invalid respondent id type",
respondent_id=party['id'])
raise BadRequest(
f"'{party['id']}' is not a valid UUID format for property 'id'"
)
if not v.validate(party):
logger.debug(v.errors)
raise BadRequest(v.errors)
iac = request_iac(party['enrolmentCode'])
if not iac.get('active'):
logger.info("Inactive enrolment code")
raise BadRequest("Enrolment code is not active")
existing = query_respondent_by_email(party['emailAddress'].lower(),
session)
if existing:
logger.info("Email already exists",
party_uuid=str(existing.party_uuid))
raise BadRequest("Email address already exists")
case_context = request_case(party['enrolmentCode'])
case_id = case_context['id']
business_id = case_context['partyId']
collection_exercise_id = case_context['caseGroup']['collectionExerciseId']
collection_exercise = request_collection_exercise(collection_exercise_id)
survey_id = collection_exercise['surveyId']
business = query_business_by_party_uuid(business_id, session)
if not business:
logger.error(
"Could not locate business when creating business association",
business_id=business_id,
case_id=case_id,
collection_exercise_id=collection_exercise_id)
raise InternalServerError(
"Could not locate business when creating business association")
# Chain of enrolment processes
translated_party = {
'party_uuid': party.get('id') or str(uuid.uuid4()),
'email_address': party['emailAddress'].lower(),
'first_name': party['firstName'],
'last_name': party['lastName'],
'telephone': party['telephone'],
'status': RespondentStatus.CREATED
}
# This might look odd but it's done in the interest of keeping the code working in the same way.
# If raise_for_status in the function raises an error, it would've been caught by @with_db_session,
# rolled back the db and raised it. Whether that's something we want is another question.
try:
respondent = _add_enrolment_and_auth(business, business_id, case_id,
party, session, survey_id,
translated_party)
except HTTPError:
logger.error("add_enrolment_and_auth raised an HTTPError",
exc_info=True)
session.rollback()
raise
# If the disabling of the enrolment code fails we log an error and continue anyway. In the interest of keeping
# the code working in the same way (which may itself be wrong...) we'll handle the ValueError that can be raised
# in the same way as before (rollback the session and raise) but it's not clear whether this is the desired
# behaviour.
try:
disable_iac(party['enrolmentCode'], case_id)
except ValueError:
logger.error("disable_iac didn't return json in its response",
exc_info=True)
session.rollback()
raise
_send_email_verification(respondent.party_uuid,
party['emailAddress'].lower())
return respondent.to_respondent_dict()
def shop_data_export():
google_sheets_credentials = get_google_sheets_credentials()
if not google_sheets_credentials:
raise InternalServerError('Google sheets credentials invalid')
SPREADSHEET_ID = '1EVAHeUcqszrtAftpv8jN3lJtrBHnCM-F2MNej1Izy7o'
service = build('sheets', 'v4', credentials=google_sheets_credentials)
workbook = service.spreadsheets()
workbook_data = workbook.get(spreadsheetId=SPREADSHEET_ID).execute()
# new_shop_ids = db.session.query(ShopSalesData.shop_id.distinct()).filter(
# ShopSalesData.date > (datetime.today().date() - timedelta(days=10))
# ).all()
new_shop_ids = db.session.query(ShopSalesData.shop_id.distinct()).all()
new_shop_ids = [i[0] for i in new_shop_ids]
previous_sheet_delete_requests = [
{
"deleteSheet": {
"sheetId": sheet['properties']['sheetId']
}
}
for sheet in workbook_data['sheets']
if sheet['properties']['title'] != 'the-one-you-cant-delete'
]
add_new_sheet_requests = [
{
"addSheet": {
"properties": {
"title": sheet_name,
}
}
}
for sheet_name in new_shop_ids
]
requests = previous_sheet_delete_requests + add_new_sheet_requests
batch_update_spreadsheet_request_body = {
'requests': requests
}
response = workbook.batchUpdate(
spreadsheetId=SPREADSHEET_ID,
body=batch_update_spreadsheet_request_body
).execute()
# shop_sales_data = ShopSalesData.query.filter(
# ShopSalesData.shop_id.in_(new_shop_ids),
# ShopSalesData.date > (datetime.today().date() - timedelta(days=10))
# ).all()
shop_sales_data = ShopSalesData.query.filter(ShopSalesData.shop_id.in_(new_shop_ids)).all()
sales_divided_by_shop = {}
for sales_data in shop_sales_data:
shop_data = sales_divided_by_shop.setdefault(
sales_data.shop_id,
[['shop_id', 'date', 'bill_number', 'barcode', 'product_description', 'quantity', 'amount']]
)
shop_data.append([sales_data.shop_id, str(sales_data.date), sales_data.bill_number, sales_data.barcode,
sales_data.product_description, sales_data.sales_quantity, sales_data.amount])
sales_data_for_sheet_body = [
{
'range': key,
'values': sales_divided_by_shop[key]
}
for key in sales_divided_by_shop
]
sheet_request_body = {
'valueInputOption': 'USER_ENTERED',
'data': sales_data_for_sheet_body
}
workbook.values().batchUpdate(
spreadsheetId=SPREADSHEET_ID,
body=sheet_request_body
).execute()
return {'result': 'success'}
def view500():
# flask-login user is loaded during @login_required, so check that the db has been queried
mock_user_get.assert_called_with(user['login_id'])
raise InternalServerError('error')
def request_handler(request):
"""Handle an http request.
The parameter `request` must be an instance of werkzeug's `Request` class.
The return value will be a werkzeug `Response` object.
"""
adapter = _url_map.bind_to_environ(request.environ)
try:
(f, schema), values = adapter.match()
if schema is None:
# no data needed from the body:
request_data = {}
# XXX: It would be nice to detect if the body is erroneously
# non-empty, which is probably indicitave of a bug in the client.
else:
try:
# Parse the body as json and validate it with the schema:
request_handle = request.environ['wsgi.input']
request_json = request_handle.read(request.content_length)
request_data = schema.validate(json.loads(request_json))
if not isinstance(request_data, dict):
raise ValidationError("The body of the request is not a JSON object.")
except ValueError:
# Parsing the json failed.
raise ValidationError("The body of the request is not valid JSON.")
except SchemaError:
# Validating the schema failed.
# It would be nice to return a more helpful error message here, but
# it's a little awkward to extract one from the exception. You can
# easily get something like:
#
# 'hello' should be instance of <type 'int'>
#
# which, while fairly clear and helpful, is obviously talking about
# python types, which is gross.
raise ValidationError("The request body %r is not valid for "
"this request." % request_json)
for k, v in values.iteritems():
if k in request_data:
logger.error("Argument %r to api function %r exists in both "
"the URL path and the body of the request. "
"This is a BUG in the schema for %r; the schema "
"is responsible for eliminating this possibility.",
k, f.__name__, f.__name__)
raise InternalServerError()
request_data[k] = v
logger.debug('Recieved api call %s(%s)', f.__name__, _format_arglist(**request_data))
response_body = f(**request_data)
if not response_body:
response_body = ""
logger.debug("completed call to api function %s, "
"response body: %r", f.__name__, response_body)
return Response(response_body, status=200)
except APIError as e:
logger.debug('Invalid call to api function %s, raised exception: %r',
f.__name__, e)
return e.response()
except ServerError as e:
logger.error('Server-side failure in function %s, raised exception: %r',
f.__name__, e)
return InternalServerError()
except HTTPException, e:
return e
def errorhandler(e):
"""Handle error"""
if not isinstance(e, HTTPException):
e = InternalServerError()
return render_template("error.html")
def errorhandler(e):
if not isinstance(e, HTTPException):
e = InternalServerError()
return render_template('error.html',
title='HTTP Exception',
text='You encountered an HTTP Exception, try again')
def xml(self, **kwargs):
database = kwargs.get('database', None)
if not database:
database = db_monodb()
req = odoo.http.request
language = kwargs.get('language', None)
if req.httprequest.method == 'GET':
# Login
database = kwargs.get('database', None)
req.session.db = database
try:
uid = self.authenticate(req, database, language)
except Exception as e:
logger.warning("Failed login attempt: %s" % e)
return Response(
'Login with Odoo user name and password', 401,
headers=[('WWW-Authenticate', 'Basic realm="odoo"')]
)
# As an optional extra security check we can validate a web token attached
# to the request. It allows use to verify that the request is generated
# from frePPLe and not from somebody else.
# Generate data
try:
xp = exporter(
req,
uid=uid,
database=database,
company=kwargs.get('company', None),
mode=int(kwargs.get('mode', 1))
)
# TODO Returning an iterator to stream the response back to the client and
# to save memory on the server side
return req.make_response(
''.join([i for i in xp.run()]),
headers=[
('Content-Type', 'application/xml;charset=utf8'),
('Cache-Control', 'no-cache, no-store, must-revalidate'),
('Pragma', 'no-cache'),
('Expires', '0')
])
except Exception as e:
logger.exception('Error generating frePPLe XML data')
raise InternalServerError(description='Error generating frePPLe XML data: check the Odoo log file for more details')
elif req.httprequest.method == 'POST':
# Authenticate the user
database = req.httprequest.form.get('database', None)
req.session.db = database
try:
self.authenticate(req, database, language)
except Exception as e:
logger.warning("Failed login attempt %s" % e)
return Response(
'Login with Odoo user name and password', 401,
headers=[('WWW-Authenticate', 'Basic realm="odoo"')]
)
# Validate the company argument
company_name = req.httprequest.form.get('company', None)
company = None
m = req.env['res.company']
recs = m.search([('name', '=', company_name)], limit=1)
for i in recs:
company = i
if not company:
return Response('Invalid company name argument', 401)
# Verify that the data was posted from frePPLe and nobody else
try:
webtoken = req.httprequest.form.get('webtoken', None)
decoded = jwt.decode(
webtoken,
company.webtoken_key,
algorithms=['HS256']
)
if self.user != decoded.get('user', None):
return Response('Incorrect or missing webtoken', 401)
except:
return Response('Incorrect or missing webtoken', 401)
# Import the data
try:
ip = importer(
req,
database=database,
company=company,
mode=req.httprequest.form.get('mode', 1)
)
return req.make_response(
ip.run(),
[
('Content-Type', 'text/plain'),
('Cache-Control', 'no-cache, no-store, must-revalidate'),
('Pragma', 'no-cache'),
('Expires', '0')
])
except Exception as e:
logger.exception('Error processing data posted by frePPLe')
raise InternalServerError(description='Error processing data posted by frePPLe: check the Odoo log file for more details')
else:
raise MethodNotAllowed('Only GET and POST requests are accepted')
def put(self, mine_guid, mine_incident_guid):
incident = MineIncident.find_by_mine_incident_guid(mine_incident_guid)
if not incident or str(incident.mine_guid) != mine_guid:
raise NotFound("Mine Incident not found")
data = self.parser.parse_args()
do_sub_codes = []
if data['determination_type_code'] == 'DO':
do_sub_codes = data['dangerous_occurrence_subparagraph_ids']
if not do_sub_codes:
raise BadRequest(
'Dangerous occurrences require one or more cited sections of HSRC code 1.7.3'
)
for key, value in data.items():
if key == 'dangerous_occurrence_subparagraph_ids':
continue
if key in [
'reported_to_inspector_party_guid',
'responsible_inspector_party_guid',
'determination_inspector_party_guid'
]:
tmp_party = Party.query.filter_by(party_guid=value).first()
if tmp_party and 'INS' in tmp_party.business_roles_codes:
setattr(incident, key, value)
else:
setattr(incident, key, value)
incident.dangerous_occurrence_subparagraphs = []
for id in do_sub_codes:
sub = ComplianceArticle.find_by_compliance_article_id(id)
if not _compliance_article_is_do_subparagraph(sub):
raise BadRequest(
'One of the provided compliance articles is not a sub-paragraph of section 1.7.3 (dangerous occurrences)'
)
incident.dangerous_occurrence_subparagraphs.append(sub)
updated_documents = data.get('updated_documents')
if updated_documents is not None:
for updated_document in updated_documents:
if not any(
str(doc.document_manager_guid) ==
updated_document['document_manager_guid']
for doc in incident.documents):
mine_doc = MineDocument(
mine_guid=mine_guid,
document_name=updated_document['document_name'],
document_manager_guid=updated_document[
'document_manager_guid'])
if not mine_doc:
raise BadRequest(
'Unable to register uploaded file as document')
mine_doc.save()
mine_incident_doc = MineIncidentDocumentXref(
mine_document_guid=mine_doc.mine_document_guid,
mine_incident_id=incident.mine_incident_id,
mine_incident_document_type_code=updated_document[
'mine_incident_document_type_code']
if updated_document['mine_incident_document_type_code']
else 'INI')
incident.documents.append(mine_incident_doc)
mine_incident_doc.save()
for doc in incident.documents:
if not any(updated_document['document_manager_guid'] == str(
doc.document_manager_guid)
for updated_document in updated_documents):
incident.documents.remove(doc)
db.session.delete(doc)
db.session.commit()
try:
incident.save()
except Exception as e:
raise InternalServerError(f'Error when saving: {e}')
return incident
def post(self, mine_guid):
mine = Mine.find_by_mine_guid(mine_guid)
if not mine:
raise NotFound('Mine not found')
data = self.parser.parse_args()
do_sub_codes = []
if data['determination_type_code'] == 'DO':
do_sub_codes = data['dangerous_occurrence_subparagraph_ids']
if not do_sub_codes:
raise BadRequest(
'Dangerous occurrences require one or more cited sections of HSRC code 1.7.3'
)
incident = MineIncident.create(
mine,
data['incident_timestamp'],
data['incident_description'],
determination_type_code=data['determination_type_code'],
followup_investigation_type_code=data[
'followup_investigation_type_code'],
reported_timestamp=data['reported_timestamp'],
reported_by_name=data['reported_by_name'],
)
incident.reported_by_email = data.get('reported_by_email')
incident.reported_by_phone_no = data.get(
'reported_by_phone_no') # string
incident.reported_by_phone_ext = data.get(
'reported_by_phone_ext') # string
incident.number_of_fatalities = data.get('number_of_fatalities') # int
incident.number_of_injuries = data.get('number_of_injuries') # int
incident.emergency_services_called = data.get(
'emergency_services_called') # bool
incident.followup_inspection = data.get('followup_inspection') # bool
incident.followup_inspection_date = data.get(
'followup_inspection_date')
# lookup and validated inspector party relationships
tmp_party = Party.query.filter_by(
party_guid=data.get('reported_to_inspector_party_guid')).first()
if tmp_party and 'INS' in tmp_party.business_roles_codes:
incident.reported_to_inspector_party_guid = tmp_party.party_guid
tmp_party = Party.query.filter_by(
party_guid=data.get('responsible_inspector_party_guid')).first()
if tmp_party and 'INS' in tmp_party.business_roles_codes:
incident.responsible_inspector_party_guid = tmp_party.party_guid
tmp_party = Party.query.filter_by(
party_guid=data.get('determination_inspector_party_guid')).first()
if tmp_party and 'INS' in tmp_party.business_roles_codes:
incident.determination_inspector_party_guid = tmp_party.party_guid
incident.determination_type_code = data.get('determination_type_code')
incident.followup_investigation_type_code = data.get(
'followup_investigation_type_code')
for id in do_sub_codes:
sub = ComplianceArticle.find_by_compliance_article_id(id)
if not _compliance_article_is_do_subparagraph(sub):
raise BadRequest(
'One of the provided compliance articles is not a sub-paragraph of section 1.7.3 (dangerous occurrences)'
)
incident.dangerous_occurrence_subparagraphs.append(sub)
updated_documents = data.get('updated_documents')
if updated_documents is not None:
for updated_file in updated_documents:
mine_doc = MineDocument(
mine_guid=mine.mine_guid,
document_name=updated_file['document_name'],
document_manager_guid=updated_file['document_manager_guid']
)
if not mine_doc:
raise BadRequest(
'Unable to register uploaded file as document')
mine_doc.save()
mine_incident_doc = MineIncidentDocumentXref(
mine_document_guid=mine_doc.mine_document_guid,
mine_incident_id=incident.mine_incident_id,
mine_incident_document_type_code=updated_file[
'mine_incident_document_type_code']
if updated_file['mine_incident_document_type_code'] else
'INI')
incident.documents.append(mine_incident_doc)
try:
incident.save()
except Exception as e:
raise InternalServerError(f'Error when saving: {e}')
if data.get('recommendations') is not None:
for recommendation in data.get('recommendations'):
new_recommendation = MineIncidentRecommendation.create(
recommendation['recommendation'],
mine_incident_id=incident.mine_incident_id)
new_recommendation.save()
return incident, 201
def patch_version(self):
if self.sversion:
return int(int(self.sversion / 100) / 100)
raise InternalServerError(self._INFORMATION_MSG)
def major_version(self):
if self.sversion is not None:
return int(self.sversion / 10000)
raise InternalServerError(self._INFORMATION_MSG)
def run_wsgi(self):
environ = self.make_environ()
headers_set = []
headers_sent = []
def write(data):
assert headers_set, 'write() before start_response'
if not headers_sent:
status, response_headers = headers_sent[:] = headers_set
try:
code, msg = status.split(None, 1)
except ValueError:
code, msg = status, ""
self.send_response(int(code), msg)
header_keys = set()
for key, value in response_headers:
self.send_header(key, value)
key = key.lower()
header_keys.add(key)
if 'content-length' not in header_keys:
self.close_connection = True
self.send_header('Connection', 'close')
if 'server' not in header_keys:
self.send_header('Server', self.version_string())
if 'date' not in header_keys:
self.send_header('Date', self.date_time_string())
self.end_headers()
assert type(data) is bytes, 'applications must write bytes'
self.wfile.write(data)
self.wfile.flush()
def start_response(status, response_headers, exc_info=None):
if exc_info:
try:
if headers_sent:
reraise(*exc_info)
finally:
exc_info = None
elif headers_set:
raise AssertionError('Headers already set')
headers_set[:] = [status, response_headers]
return write
def app_proxy(environ, start_response):
# We reject an invalid content length here because it can cause
# problems with how WSGI apps respond to values in it.
content_length = environ['CONTENT_LENGTH']
if content_length and not content_length.isdigit():
resp = BadRequest()
else:
resp = self.server.app
return resp(environ, start_response)
def execute(app):
application_iter = app(environ, start_response)
try:
for data in application_iter:
write(data)
if not headers_sent:
write(b'')
finally:
if hasattr(application_iter, 'close'):
application_iter.close()
application_iter = None
try:
execute(app_proxy)
except (socket.error, socket.timeout) as e:
self.connection_dropped(e, environ)
except Exception:
if self.server.passthrough_errors:
raise
from werkzeug.debug.tbtools import get_current_traceback
traceback = get_current_traceback(ignore_system_exceptions=True)
try:
# if we haven't yet sent the headers but they are set
# we roll back to be able to set them again.
if not headers_sent:
del headers_set[:]
execute(InternalServerError())
except Exception:
pass
self.server.log('error', 'Error on request:\n%s',
traceback.plaintext)
def view500():
raise InternalServerError('error')
class WSGIRequestHandler(BaseHTTPRequestHandler, object):
"""A request handler that implements WSGI dispatching."""
@property
def server_version(self):
return 'Werkzeug/' + werkzeug.__version__
def make_environ(self):
if '?' in self.path:
path_info, query = self.path.split('?', 1)
else:
path_info = self.path
query = ''
def shutdown_server():
self.server.shutdown_signal = True
url_scheme = self.server.ssl_context is None and 'http' or 'https'
environ = {
'wsgi.version': (1, 0),
'wsgi.url_scheme': url_scheme,
'wsgi.input': self.rfile,
'wsgi.errors': sys.stderr,
'wsgi.multithread': self.server.multithread,
'wsgi.multiprocess': self.server.multiprocess,
'wsgi.run_once': False,
'werkzeug.server.shutdown':
shutdown_server,
'SERVER_SOFTWARE': self.server_version,
'REQUEST_METHOD': self.command,
'SCRIPT_NAME': '',
'PATH_INFO': unquote(path_info),
'QUERY_STRING': query,
'CONTENT_TYPE': self.headers.get('Content-Type', ''),
'CONTENT_LENGTH': self.headers.get('Content-Length', ''),
'REMOTE_ADDR': self.client_address[0],
'REMOTE_PORT': self.client_address[1],
'SERVER_NAME': self.server.server_address[0],
'SERVER_PORT': str(self.server.server_address[1]),
'SERVER_PROTOCOL': self.request_version
}
for key, value in self.headers.items():
key = 'HTTP_' + key.upper().replace('-', '_')
if key not in ('HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH'):
environ[key] = value
return environ
def run_wsgi(self):
app = self.server.app
environ = self.make_environ()
headers_set = []
headers_sent = []
def write(data):
assert headers_set, 'write() before start_response'
if not headers_sent:
status, response_headers = headers_sent[:] = headers_set
code, msg = status.split(None, 1)
self.send_response(int(code), msg)
header_keys = set()
for key, value in response_headers:
self.send_header(key, value)
key = key.lower()
header_keys.add(key)
if 'content-length' not in header_keys:
self.close_connection = True
self.send_header('Connection', 'close')
if 'server' not in header_keys:
self.send_header('Server', self.version_string())
if 'date' not in header_keys:
self.send_header('Date', self.date_time_string())
self.end_headers()
assert type(data) is str, 'applications must write bytes'
self.wfile.write(data)
self.wfile.flush()
def start_response(status, response_headers, exc_info=None):
if exc_info:
try:
if headers_sent:
raise exc_info[0], exc_info[1], exc_info[2]
finally:
exc_info = None
elif headers_set:
raise AssertionError('Headers already set')
headers_set[:] = [status, response_headers]
return write
def execute(app):
application_iter = app(environ, start_response)
try:
for data in application_iter:
write(data)
# make sure the headers are sent
if not headers_sent:
write('')
finally:
if hasattr(application_iter, 'close'):
application_iter.close()
application_iter = None
try:
execute(app)
except (socket.error, socket.timeout), e:
self.connection_dropped(e, environ)
except Exception:
if self.server.passthrough_errors:
raise
from werkzeug.debug.tbtools import get_current_traceback
traceback = get_current_traceback(ignore_system_exceptions=True)
try:
# if we haven't yet sent the headers but they are set
# we roll back to be able to set them again.
if not headers_sent:
del headers_set[:]
execute(InternalServerError())
except Exception:
pass
self.server.log('error', 'Error on request:\n%s',
traceback.plaintext)
def check_for_previous_run():
"""Check whether previous run is failed"""
import webapp2 # pylint: disable=import-error
if int(webapp2.get_request().headers["X-Appengine-Taskexecutioncount"]):
raise InternalServerError("previous run is failed")
def xml(self, **kwargs):
req = odoo.http.request
language = kwargs.get("language", None)
if req.httprequest.method == "GET":
# Login
database = kwargs.get("database", None)
if not database:
database = db_monodb()
req.session.db = database
try:
uid = self.authenticate(req, database, language)
except Exception as e:
logger.warning("Failed login attempt: %s" % e)
return Response(
"Login with Odoo user name and password",
401,
headers=[("WWW-Authenticate", 'Basic realm="odoo"')],
)
# As an optional extra security check we can validate a web token attached
# to the request. It allows use to verify that the request is generated
# from frePPLe and not from somebody else.
# Generate data
try:
xp = exporter(
req,
uid=uid,
database=database,
company=kwargs.get("company", None),
mode=int(kwargs.get("mode", 1)),
)
# TODO Returning an iterator to stream the response back to the client and
# to save memory on the server side
return req.make_response(
"".join([i for i in xp.run()]),
headers=[
("Content-Type", "application/xml;charset=utf8"),
("Cache-Control",
"no-cache, no-store, must-revalidate"),
("Pragma", "no-cache"),
("Expires", "0"),
],
)
except Exception as e:
logger.exception("Error generating frePPLe XML data")
raise InternalServerError(
description=
"Error generating frePPLe XML data: check the Odoo log file for more details"
)
elif req.httprequest.method == "POST":
# Authenticate the user
database = req.httprequest.form.get("database", None)
if not database:
database = db_monodb()
req.session.db = database
try:
self.authenticate(req, database, language)
except Exception as e:
logger.warning("Failed login attempt %s" % e)
return Response(
"Login with Odoo user name and password",
401,
headers=[("WWW-Authenticate", 'Basic realm="odoo"')],
)
# Validate the company argument
company_name = req.httprequest.form.get("company", None)
company = None
m = req.env["res.company"]
recs = m.search([("name", "=", company_name)], limit=1)
for i in recs:
company = i
if not company:
return Response("Invalid company name argument", 401)
# Verify that the data was posted from frePPLe and nobody else
try:
webtoken = req.httprequest.form.get("webtoken", None)
decoded = jwt.decode(webtoken,
company.webtoken_key,
algorithms=["HS256"])
if self.user != decoded.get("user", None):
return Response("Incorrect or missing webtoken", 401)
except Exception:
return Response("Incorrect or missing webtoken", 401)
# Import the data
try:
ip = importer(
req,
database=database,
company=company,
mode=req.httprequest.form.get("mode", 1),
)
return req.make_response(
ip.run(),
[
("Content-Type", "text/plain"),
("Cache-Control",
"no-cache, no-store, must-revalidate"),
("Pragma", "no-cache"),
("Expires", "0"),
],
)
except Exception as e:
logger.exception("Error processing data posted by frePPLe")
raise InternalServerError(
description=
"Error processing data posted by frePPLe: check the Odoo log file for more details"
)
else:
raise MethodNotAllowed("Only GET and POST requests are accepted")
def _handle_exception(self, exception):
"""Called within an except block to allow converting exceptions
to abitrary responses. Anything returned (except None) will
be used as response."""
try:
return super(HttpRequest, self)._handle_exception(exception)
except UserError, e:
return WrapJsonException(BadRequest(e.message))
except MissingError, e:
return WrapJsonException(NotFound(e.value))
except AccessError, e:
return WrapJsonException(Forbidden(e.value))
except HTTPException, e:
return WrapJsonException(e)
except:
return WrapJsonException(InternalServerError())
def make_response(self, data, headers=None, cookies=None):
data = json.dumps(data)
if headers is None:
headers = {}
headers['Content-Type'] = 'application/json'
return super(HttpJsonRequest, self).make_response(data,
headers=headers,
cookies=cookies)
ori_get_request = Root.get_request
def get_request(self, httprequest):
def app_test():
raise InternalServerError()
def add_new_survey_for_respondent(payload, tran, session):
"""
Add a survey for an existing respondent
:param payload: json containing party_id and enrolment_code
:param tran:
:param session: database session
"""
logger.info("Enrolling existing respondent in survey")
respondent_party_id = payload['party_id']
enrolment_code = payload['enrolment_code']
iac = request_iac(enrolment_code)
if not iac.get('active'):
logger.info("Inactive enrolment code")
raise BadRequest("Enrolment code is not active")
respondent = query_respondent_by_party_uuid(respondent_party_id, session)
case_context = request_case(enrolment_code)
case_id = case_context['id']
business_id = case_context['partyId']
collection_exercise_id = case_context['caseGroup']['collectionExerciseId']
collection_exercise = request_collection_exercise(collection_exercise_id)
survey_id = collection_exercise['surveyId']
business_respondent = query_business_respondent_by_respondent_id_and_business_id(
business_id, respondent.id, session)
if not business_respondent:
# Associate respondent with new business
business = query_business_by_party_uuid(business_id, session)
if not business:
logger.error("Could not find business",
business_id=business_id,
case_id=case_id,
collection_exercise_id=collection_exercise_id)
raise InternalServerError(
"Could not locate business when creating business association")
business_respondent = BusinessRespondent(business=business,
respondent=respondent)
enrolment = Enrolment(business_respondent=business_respondent,
survey_id=survey_id,
status=EnrolmentStatus.ENABLED)
session.add(enrolment)
session.commit()
disable_iac(enrolment_code, case_id)
if count_enrolment_by_survey_business(survey_id, business_id,
session) == 0:
logger.info("Informing case of respondent enrolled",
survey_id=survey_id,
business_id=business_id,
respondent_id=respondent.party_uuid)
post_case_event(case_id=case_id,
category="RESPONDENT_ENROLED",
desc="Respondent enroled")
# This ensures the log message is only written once the DB transaction is committed
tran.on_success(lambda: logger.info(
'Respondent has enroled to survey for business', business=business_id))
def search(request_params: MultiDict,
archives: Optional[List[str]] = None) -> Response:
"""
Perform a simple search.
This supports requests from both the form-based view (provided here) AND
from the mini search widget displayed on all arXiv.org pages.
At a minimum, expects the parameter ``value`` in the GET request. This may
be a match value for a search query, or an arXiv ID.
Parameters
----------
request_params : :class:`.MultiDict`
archives : list
A list of archives within which the search should be performed.
Returns
-------
dict
Search result response data.
int
HTTP status code.
dict
Headers to add to the response.
Raises
------
:class:`.InternalServerError`
Raised when there is a problem communicating with ES, or there was an
unexpected problem executing the query.
"""
if archives is not None and len(archives) == 0:
raise NotFound("No such archive")
# We may need to intervene on the request parameters, so we'll
# reinstantiate as a mutable MultiDict.
if isinstance(request_params, ImmutableMultiDict):
request_params = MultiDict(request_params.items(multi=True))
logger.debug("simple search form")
response_data = {} # type: Dict[str, Any]
logger.debug("simple search request")
if "query" in request_params:
try:
# first check if the URL includes an arXiv ID
arxiv_id: Optional[str] = identifier.parse_arxiv_id(
request_params["query"])
# If so, redirect.
logger.debug(f"got arXiv ID: {arxiv_id}")
except ValueError:
logger.debug("No arXiv ID detected; fall back to form")
arxiv_id = None
else:
arxiv_id = None
if arxiv_id:
headers = {"Location": url_for("abs_by_id", paper_id=arxiv_id)}
return {}, HTTPStatus.MOVED_PERMANENTLY, headers
# Here we intervene on the user's query to look for holdouts from the
# classic search system's author indexing syntax (surname_f). We
# rewrite with a comma, and show a warning to the user about the
# change.
response_data["has_classic_format"] = False
if "searchtype" in request_params and "query" in request_params:
if request_params["searchtype"] in ["author", "all"]:
_query, _classic = catch_underscore_syntax(request_params["query"])
response_data["has_classic_format"] = _classic
request_params["query"] = _query
# Fall back to form-based search.
form = SimpleSearchForm(request_params)
if form.query.data:
# Temporary workaround to support classic help search
if form.searchtype.data == "help":
return (
{},
HTTPStatus.MOVED_PERMANENTLY,
{
"Location": f"/help/search?q={form.query.data}"
},
)
# Support classic "expeirmental" search
elif form.searchtype.data == "full_text":
return (
{},
HTTPStatus.MOVED_PERMANENTLY,
{
"Location":
"http://search.arxiv.org:8081/"
f"?in=&query={form.query.data}"
},
)
q: Optional[Query]
if form.validate():
logger.debug("form is valid")
q = _query_from_form(form)
if archives is not None:
q = _update_with_archives(q, archives)
# Pagination is handled outside of the form.
q = paginate(q, request_params)
try:
# Execute the search. We'll use the results directly in
# template rendering, so they get added directly to the
# response content.asdict
response_data.update(SearchSession.search(q)) # type: ignore
except index.IndexConnectionError as ex:
# There was a (hopefully transient) connection problem. Either
# this will clear up relatively quickly (next request), or
# there is a more serious outage.
logger.error("IndexConnectionError: %s", ex)
raise InternalServerError(
"There was a problem connecting to the search index. This is "
"quite likely a transient issue, so please try your search "
"again. If this problem persists, please report it to "
"[email protected].") from ex
except index.QueryError as ex:
# Base exception routers should pick this up and show bug page.
logger.error("QueryError: %s", ex)
raise InternalServerError(
"There was a problem executing your query. Please try your "
"search again. If this problem persists, please report it to "
"[email protected].") from ex
except index.OutsideAllowedRange as ex:
raise BadRequest(
"Hello clever friend. You can't get results in that range"
" right now.") from ex
except Exception as ex:
logger.error("Unhandled exception: %s", str(ex))
raise
else:
logger.debug("form is invalid: %s", str(form.errors))
if "order" in form.errors or "size" in form.errors:
# It's likely that the user tried to set these parameters manually,
# or that the search originated from somewhere else (and was
# configured incorrectly).
simple_url = url_for("ui.search")
raise BadRequest(
f"It looks like there's something odd about your search"
f" request. Please try <a href='{simple_url}'>starting"
f" over</a>.")
q = None
response_data["query"] = q
response_data["form"] = form
return response_data, HTTPStatus.OK, {}
from bartendro.model.dispenser import Dispenser
from bartendro.error import BartendroBusyError, BartendroBrokenError, BartendroCantPourError, BartendroCurrentSenseError
def ws_make_drink(drink_id):
recipe = {}
for arg in request.args:
disp = int(arg[5:])
recipe[disp] = int(request.args.get(arg))
drink = Drink.query.filter_by(id=int(drink_id)).first()
try:
app.mixer.make_drink(drink, recipe)
except mixer.BartendroCantPourError, err:
raise BadRequest(err)
except mixer.BartendroBrokenError, err:
raise InternalServerError(err)
except mixer.BartendroBusyError, err:
raise ServiceUnavailable(err)
return "ok\n"
@app.route('/ws/drink/<int:drink>')
def ws_drink(drink):
drink_mixer = app.mixer
if app.options.must_login_to_dispense and not current_user.is_authenticated():
return "login required"
return ws_make_drink(drink)
@app.route('/ws/drink/custom')
def ws_custom_drink():
def wrapped_get_info(request, ident, base_uri):
# don't fail silently
r = unwrapped_get_info(request, ident, base_uri)
if not r.content_length:
return InternalServerError('empty json')
return r
def errorhandler(error):
""" Handle errors """
if not isinstance(error, HTTPException):
error = InternalServerError()
return apology(error.name, error.code)
async def handle_httpexception(
self, ctx: HTTPRequestContext, exception: HTTPException, environ: dict = None
) -> Response:
"""
Handle a HTTP Exception.
:param ctx: The context of the request.
:param exception: The HTTPException to handle.
:param environ: The fake WSGI environment.
:return: A :class:`werkzeug.wrappers.Response` that handles this response.
"""
# Try and load the error handler recursively from the ctx.route.blueprint.
bp = ctx.bp or self.root
if environ is None:
environ = ctx.environ
cbl = lambda environ: Response(
"Internal server error during processing. Report this.", status=500
)
error_handler = bp.get_errorhandler(exception)
if not error_handler:
# Try the root Blueprint. This may happen if the blueprint requested isn't registered
# properly in the root, for some reason.
error_handler = self.root.get_errorhandler(exception)
if not error_handler:
# Just return the Exception's get_response.
cbl = exception.get_response
else:
# Try and invoke the error handler to get the Response.
# Wrap it in the try/except, so we can handle a default one.
try:
res = await error_handler.invoke(ctx, args=(exception,))
# hacky way of unifying everything
cbl = lambda environ: res
except HTTPException as e:
# why tho?
logger.warning(
"Error handler function raised another error, using the " "response from that..."
)
cbl = e.get_response
except Exception as e:
logger.exception("Error in error handler!")
cbl = InternalServerError(e).get_response
# else:
# result = wrap_response(result, self.response_class)
try:
result = cbl(environ=environ)
except Exception:
# ok
logger.critical(
"Whilst handling a {}, response.get_response ({}) raised exception".format(
exception.code, cbl
),
exc_info=True,
)
result = Response("Critical server error. Your application is broken.", status=500)
if result.status_code != exception.code:
logger.warning(
"Error handler {} returned code {} when exception was code {}...".format(
error_handler.callable_repr, result.status_code, exception.code
)
)
return result
def run_wsgi(self):
app = self.server.app
environ = self.make_environ()
headers_set = []
headers_sent = []
def write(data):
if not headers_sent:
status, response_headers = headers_sent[:] = headers_set
code, msg = status.split(None, 1)
self.send_response(int(code), msg)
header_keys = set()
for key, value in response_headers:
self.send_header(key, value)
key = key.lower()
header_keys.add(key)
if 'content-length' not in header_keys:
self.close_connection = True
self.send_header('Connection', 'close')
if 'server' not in header_keys:
self.send_header('Server', self.version_string())
if 'date' not in header_keys:
self.send_header('Date', self.date_time_string())
self.end_headers()
self.wfile.write(data)
self.wfile.flush()
def start_response(status, response_headers, exc_info = None):
if exc_info:
try:
if headers_sent:
raise exc_info[0], exc_info[1], exc_info[2]
finally:
exc_info = None
elif headers_set:
raise AssertionError('Headers already set')
headers_set[:] = [status, response_headers]
return write
def execute(app):
application_iter = app(environ, start_response)
try:
for data in application_iter:
write(data)
if not headers_sent:
write('')
finally:
if hasattr(application_iter, 'close'):
application_iter.close()
application_iter = None
try:
execute(app)
except (socket.error, socket.timeout) as e:
self.connection_dropped(e, environ)
except:
if self.server.passthrough_errors:
raise
from werkzeug.debug.tbtools import get_current_traceback
traceback = get_current_traceback(ignore_system_exceptions=True)
try:
if not headers_sent:
del headers_set[:]
execute(InternalServerError())
except:
pass
self.server.log('error', 'Error on request:\n%s', traceback.plaintext)
def errorhandler(e):
"""Handle error"""
if not isinstance(e, HTTPException):
e = InternalServerError()
return "Error"
def post(self):
args = parser.parse_args(strict=False)
username = args['username']
token = args["Authorization"]
ip = args['Ipaddress']
decoded_token = token_verify_or_raise(token, username, ip)
# data = json.loads(str(request.data, encoding='utf-8'))
# print(data)
role = args["role"]
print(role)
user_name = args["user"]
print(args["statuschange"])
user = Users.query.filter_by(Username=user_name).first()
msgtext = None
subject = None
if "password" in args.keys():
print(args.keys())
if user is None:
raise UnprocessableEntity('Username is not valid')
try:
if role == roles.ROLES_REVIEW_MANAGER or role == roles.ROLES_ADMIN:
status_change = args["statuschange"]
print(status_change)
if not status_change:
display_name = args["displayname"]
email = args["email"]
phone_number = args["phonenumber"]
is_password_change = args["passwordchange"]
# session_expiry = data["session_expiry"]
if is_password_change:
password = randomStringwithDigitsAndSymbols()
password_enc = Encryption().encrypt(password)
print("password change")
user.DisplayName = display_name
user.Email = email
user.PhoneNumber = phone_number
user.Password = password_enc
user.TemporaryPassword = True
msgtext = f'<p>Your password has been reset. The temporary password is: {password}</p>' + \
'<p>Please log into your system as soon as possible to set your new password.</p>'
subject = "Temporary Password for Saxon Portals"
else:
if "password" in args and args["password"] is not None:
user.Password = Encryption().encrypt(args["password"])
user.TemporaryPassword = True
print("not password change")
user.DisplayName = display_name
user.Email = email
user.PhoneNumber = phone_number
else:
if not str(args["status"]).upper() in [STATUS_ACTIVE, STATUS_INACTIVE, STATUS_DELETE]:
raise BadRequest("Invalid status")
status = args["status"]
user.Status = str(status).upper()
db.session.commit()
if msgtext is not None and subject is not None:
send_email(user.Email, subject=subject, body=msgtext)
return RESPONSE_OK
elif role == roles.ROLES_EMPLOYER or role == roles.ROLES_MEMBER or role == roles.ROLES_HR:
display_name = args["displayname"]
email = args["email"]
is_password_change = args["passwordchange"]
if is_password_change:
password = randomStringwithDigitsAndSymbols()
password_enc = Encryption().encrypt(password)
user.DisplayName = display_name
user.Email = email
user.Password = password_enc
user.TemporaryPassword = True
msgtext = f'<p>Your password has been reset. The temporary password is: {password}</p>' + \
f'<p>Please log into your system as soon as possible to set your new password.</p>'
subject = "Temporary Password for Saxon Portals"
else:
if "password" in args and args["password"] is not None:
user.Password = Encryption().encrypt(args["password"])
user.TemporaryPassword = True
user.DisplayName = display_name
user.Email = email
db.session.commit()
if msgtext is not None and subject is not None:
send_email(user.Email, subject=subject, body=msgtext)
return RESPONSE_OK
else:
raise BadRequest('Invalid Role')
except Exception as e:
LOG.error("Exception while updating user", e)
raise InternalServerError("Can't update user")
def errorhandler(e):
"""Handle error"""
if not isinstance(e, HTTPException):
e = InternalServerError()
return render_template("apology.html", error=e.name, error_code=e.code)