Пример #1
0
Файл: base.py Проект: harche/wok
        def wrapper(*args, **kwargs):
            method = 'POST'
            validate_method((method), self.role_key, self.admin_methods)
            try:
                self.lookup()
                if not self.is_authorized():
                    raise UnauthorizedError('WOKAPI0009E')

                model_args = list(self.model_args)
                request = parse_request()
                validate_params(request, self, action_name)
                if action_args is not None:
                    model_args.extend(
                        request[key] if key in request.keys() else None
                        for key in action_args
                    )

                action_fn = getattr(self.model, model_fn(self, action_name))
                action_result = action_fn(*model_args)

                # log request
                reqParams = utf8_dict(self.log_args, request)
                RequestRecord(
                    self.getRequestMessage(method, action_name) % reqParams,
                    app=get_plugin_from_request(),
                    req=method,
                    user=cherrypy.session.get(USER_NAME, 'N/A')
                ).log()

                if destructive is False or \
                    ('persistent' in self.info.keys() and
                     self.info['persistent'] is True):
                    return render_fn(self, action_result)
            except MissingParameter, e:
                raise cherrypy.HTTPError(400, e.message)
Пример #2
0
    def index(self, *args, **kwargs):
        params = {}
        method = validate_method(('GET', 'POST'), self.role_key,
                                 self.admin_methods)

        try:
            if method == 'GET':
                params = cherrypy.request.params
                validate_params(params, self, 'get_list')
                return self.get(params)
            elif method == 'POST':
                params = parse_request()
                result = self.create(params, *args)

                # log request
                reqParams = utf8_dict(self.log_args, params)
                RequestRecord(self.getRequestMessage(method) % reqParams,
                              app=get_plugin_from_request(),
                              req=method,
                              user=cherrypy.session.get(USER_NAME,
                                                        'N/A')).log()

                return result
        except InvalidOperation, e:
            raise cherrypy.HTTPError(400, e.message)
Пример #3
0
Файл: base.py Проект: harche/wok
    def index(self, *args, **kwargs):
        params = {}
        method = validate_method(('GET', 'POST'),
                                 self.role_key, self.admin_methods)

        try:
            if method == 'GET':
                params = cherrypy.request.params
                validate_params(params, self, 'get_list')
                return self.get(params)
            elif method == 'POST':
                params = parse_request()
                result = self.create(params, *args)

                # log request
                reqParams = utf8_dict(self.log_args, params)
                RequestRecord(
                    self.getRequestMessage(method) % reqParams,
                    app=get_plugin_from_request(),
                    req=method,
                    user=cherrypy.session.get(USER_NAME, 'N/A')
                ).log()

                return result
        except InvalidOperation, e:
            raise cherrypy.HTTPError(400, e.message)
Пример #4
0
        def wrapper(*args, **kwargs):
            # status must be always set in order to request be logged.
            # use 500 as fallback for "exception not handled" cases.
            status = 500

            method = 'POST'
            validate_method((method), self.role_key, self.admin_methods)
            try:
                request = parse_request()
                validate_params(request, self, action_name)

                self.lookup()
                if not self.is_authorized():
                    raise UnauthorizedError('WOKAPI0009E')

                model_args = list(self.model_args)
                if action_args is not None:
                    model_args.extend(
                        request[key] if key in request.keys() else None
                        for key in action_args
                    )

                action_fn = getattr(self.model, model_fn(self, action_name))
                action_result = action_fn(*model_args)
                status = 200

                if destructive is False or \
                    ('persistent' in self.info.keys() and
                     self.info['persistent'] is True):
                    result = render_fn(self, action_result)
                    status = cherrypy.response.status
                    return result
            except WokException, e:
                status = e.getHttpStatusCode()
                raise cherrypy.HTTPError(status, e.message)
Пример #5
0
        def wrapper(*args, **kwargs):
            method = 'POST'
            validate_method((method), self.role_key, self.admin_methods)
            try:
                self.lookup()
                if not self.is_authorized():
                    raise UnauthorizedError('WOKAPI0009E')

                model_args = list(self.model_args)
                request = parse_request()
                validate_params(request, self, action_name)
                if action_args is not None:
                    model_args.extend(
                        request[key] if key in request.keys() else None
                        for key in action_args
                    )

                action_fn = getattr(self.model, model_fn(self, action_name))
                action_result = action_fn(*model_args)
                if destructive is False or \
                    ('persistent' in self.info.keys() and
                     self.info['persistent'] is True):
                    return render_fn(self, action_result)
            except MissingParameter, e:
                raise cherrypy.HTTPError(400, e.message)
Пример #6
0
        def wrapper(*args, **kwargs):
            method = 'POST'
            validate_method((method), self.role_key, self.admin_methods)
            try:
                self.lookup()
                if not self.is_authorized():
                    raise UnauthorizedError('WOKAPI0009E')

                model_args = list(self.model_args)
                request = parse_request()
                validate_params(request, self, action_name)
                if action_args is not None:
                    model_args.extend(
                        request[key] if key in request.keys() else None
                        for key in action_args)

                action_fn = getattr(self.model, model_fn(self, action_name))
                action_result = action_fn(*model_args)

                # log request
                reqParams = utf8_dict(self.log_args, request)
                RequestRecord(
                    self.getRequestMessage(method, action_name) % reqParams,
                    app=get_plugin_from_request(),
                    req=method,
                    user=cherrypy.session.get(USER_NAME, 'N/A')).log()

                if destructive is False or \
                    ('persistent' in self.info.keys() and
                     self.info['persistent'] is True):
                    return render_fn(self, action_result)
            except MissingParameter, e:
                raise cherrypy.HTTPError(400, e.message)
Пример #7
0
    def update(self, *args, **kargs):
        params = parse_request()

        try:
            update = getattr(self.model, model_fn(self, 'update'))
        except AttributeError:
            e = InvalidOperation('WOKAPI0003E', {'resource':
                                                 get_class_name(self)})
            raise cherrypy.HTTPError(405, e.message)
        finally:
            method = 'PUT'
            RequestRecord(
                self.getRequestMessage(method) % params,
                app=get_plugin_from_request(),
                req=method,
                user=cherrypy.session.get(USER_NAME, 'N/A')
            ).log()

        validate_params(params, self, 'update')

        args = list(self.model_args) + [params]
        ident = update(*args)
        self._redirect(ident)
        self.lookup()
        return self.get()
Пример #8
0
Файл: root.py Проект: fr34k8/wok
 def login(self, *args):
     try:
         params = parse_request()
         username = params['username']
         password = params['password']
     except KeyError, item:
         e = MissingParameter('WOKAUTH0003E', {'item': str(item)})
         raise cherrypy.HTTPError(400, e.message)
Пример #9
0
 def login(self, *args):
     try:
         params = parse_request()
         username = params['username']
         password = params['password']
     except KeyError, item:
         e = MissingParameter('WOKAUTH0003E', {'item': str(item)})
         raise cherrypy.HTTPError(400, e.message)
Пример #10
0
        def wrapper(*args, **kwargs):
            # status must be always set in order to request be logged.
            # use 500 as fallback for "exception not handled" cases.
            if protected is not None and protected:
                wokauth()

            details = None
            status = 500

            method = 'POST'
            validate_method(method, self.admin_methods)
            try:
                request = parse_request()
                validate_params(request, self, action_name)
                self.lookup()
                if not self.is_authorized():
                    raise UnauthorizedError('WOKAPI0009E')

                model_args = list(self.model_args)
                if action_args is not None:
                    model_args.extend(
                        request[key] if key in request.keys() else None
                        for key in action_args
                    )

                action_fn = getattr(self.model, model_fn(self, action_name))
                action_result = action_fn(*model_args)
                status = 200

                if destructive is False or (
                    'persistent' in self.info.keys(
                    ) and self.info['persistent'] is True
                ):
                    result = render_fn(self, action_result)
                    status = cherrypy.response.status

                    return result
            except WokException as e:
                details = e
                status = e.getHttpStatusCode()
                raise cherrypy.HTTPError(status, str(e))
            finally:
                # log request
                code = self.getRequestMessage(method, action_name)
                reqParams = utf8_dict(self.log_args, request)
                log_id = log_request(
                    code,
                    reqParams,
                    details,
                    method,
                    status,
                    class_name=get_class_name(self),
                    action_name=action_name,
                )
                if status == 202:
                    save_request_log_id(log_id, action_result['id'])
Пример #11
0
    def index(self, *args, **kwargs):
        method = validate_method(("GET", "POST"), self.role_key, self.admin_methods)

        try:
            if method == "GET":
                filter_params = cherrypy.request.params
                validate_params(filter_params, self, "get_list")
                return self.get(filter_params)
            elif method == "POST":
                return self.create(parse_request(), *args)
        except InvalidOperation, e:
            raise cherrypy.HTTPError(400, e.message)
Пример #12
0
    def index(self, *args, **kwargs):
        method = validate_method(('GET', 'POST'), self.role_key,
                                 self.admin_methods)

        try:
            if method == 'GET':
                filter_params = cherrypy.request.params
                validate_params(filter_params, self, 'get_list')
                return self.get(filter_params)
            elif method == 'POST':
                return self.create(parse_request(), *args)
        except InvalidOperation, e:
            raise cherrypy.HTTPError(400, e.message)
Пример #13
0
    def login(self, *args):
        details = None
        method = 'POST'
        code = self.getRequestMessage(method, 'login')

        try:
            params = parse_request()
            username = params['username']
            password = params['password']
        except KeyError, item:
            details = e = MissingParameter('WOKAUTH0003E', {'item': str(item)})
            log_request(code, params, details, method, 400)
            raise cherrypy.HTTPError(400, e.message)
Пример #14
0
    def update(self, *args, **kargs):
        try:
            update = getattr(self.model, model_fn(self, "update"))
        except AttributeError:
            e = InvalidOperation("WOKAPI0003E", {"resource": get_class_name(self)})
            raise cherrypy.HTTPError(405, e.message)

        params = parse_request()
        validate_params(params, self, "update")

        args = list(self.model_args) + [params]
        ident = update(*args)
        self._redirect(ident)

        return self.get()
Пример #15
0
    def index(self, *args, **kwargs):
        params = {}
        method = validate_method(('GET', 'POST'),
                                 self.role_key, self.admin_methods)

        try:
            if method == 'GET':
                params = cherrypy.request.params
                validate_params(params, self, 'get_list')
                return self.get(params)
            elif method == 'POST':
                params = parse_request()
                return self.create(params, *args)
        except InvalidOperation, e:
            raise cherrypy.HTTPError(400, e.message)
Пример #16
0
    def update(self, *args, **kargs):
        try:
            update = getattr(self.model, model_fn(self, 'update'))
        except AttributeError:
            e = InvalidOperation('WOKAPI0003E',
                                 {'resource': get_class_name(self)})
            raise cherrypy.HTTPError(405, e.message)

        params = parse_request()
        validate_params(params, self, 'update')

        args = list(self.model_args) + [params]
        ident = update(*args)
        self._redirect(ident)

        return self.get()
Пример #17
0
    def update(self, *args, **kargs):
        params = parse_request()

        try:
            update = getattr(self.model, model_fn(self, 'update'))
        except AttributeError:
            e = InvalidOperation('WOKAPI0003E', {'resource':
                                                 get_class_name(self)})
            raise cherrypy.HTTPError(405, e.message)

        validate_params(params, self, 'update')

        args = list(self.model_args) + [params]
        ident = update(*args)
        self._redirect(ident)
        cherrypy.response.status = 200
        self.lookup()
        return self.get()
Пример #18
0
        def wrapper(*args, **kwargs):
            validate_method(('POST'), self.role_key, self.admin_methods)
            try:
                self.lookup()
                if not self.is_authorized():
                    raise UnauthorizedError('WOKAPI0009E')

                model_args = list(self.model_args)
                if action_args is not None:
                    request = parse_request()
                    model_args.extend(request[key] for key in action_args)

                action_fn = getattr(self.model, model_fn(self, action_name))
                action_result = action_fn(*model_args)
                if destructive is False or \
                    ('persistent' in self.info.keys() and
                     self.info['persistent'] is True):
                    return render_fn(self, action_result)
            except MissingParameter, e:
                raise cherrypy.HTTPError(400, e.message)
Пример #19
0
        def wrapper(*args, **kwargs):
            # status must be always set in order to request be logged.
            # use 500 as fallback for "exception not handled" cases.
            if protected is not None and protected:
                wokauth()

            details = None
            status = 500

            method = 'POST'
            validate_method((method), self.admin_methods)
            try:
                request = parse_request()
                validate_params(request, self, action_name)

                self.lookup()
                if not self.is_authorized():
                    raise UnauthorizedError('WOKAPI0009E')

                model_args = list(self.model_args)
                if action_args is not None:
                    model_args.extend(
                        request[key] if key in request.keys() else None
                        for key in action_args
                    )

                action_fn = getattr(self.model, model_fn(self, action_name))
                action_result = action_fn(*model_args)
                status = 200

                if destructive is False or \
                    ('persistent' in self.info.keys() and
                     self.info['persistent'] is True):
                    result = render_fn(self, action_result)
                    status = cherrypy.response.status

                    return result
            except WokException, e:
                details = e
                status = e.getHttpStatusCode()
                raise cherrypy.HTTPError(status, e.message)
Пример #20
0
    def index(self, *args, **kwargs):
        # status must be always set in order to request be logged.
        # use 500 as fallback for "exception not handled" cases.
        details = None
        status = 500

        params = {}
        method = validate_method(('GET', 'POST'), self.admin_methods)

        try:
            if method == 'GET':
                params = cherrypy.request.params
                validate_params(params, self, 'get_list')
                return self.get(params)
            elif method == 'POST':
                params = parse_request()
                result = self.create(params, *args)
                status = cherrypy.response.status
                return result
        except WokException as e:
            details = e
            status = e.getHttpStatusCode()
            raise cherrypy.HTTPError(status, str(e))
        except cherrypy.HTTPError as e:
            status = e.status
            raise
        finally:
            if method not in LOG_DISABLED_METHODS and status != 202:
                # log request
                code = self.getRequestMessage(method)
                reqParams = utf8_dict(self.log_args, params)
                log_request(
                    code,
                    reqParams,
                    details,
                    method,
                    status,
                    class_name=get_class_name(self),
                )
Пример #21
0
    def index(self, *args, **kwargs):
        # status must be always set in order to request be logged.
        # use 500 as fallback for "exception not handled" cases.
        status = 500

        params = {}
        method = validate_method(('GET', 'POST'),
                                 self.role_key, self.admin_methods)

        try:
            if method == 'GET':
                params = cherrypy.request.params
                validate_params(params, self, 'get_list')
                return self.get(params)
            elif method == 'POST':
                params = parse_request()
                result = self.create(params, *args)
                status = cherrypy.response.status
                return result
        except WokException, e:
            status = e.getHttpStatusCode()
            raise cherrypy.HTTPError(status, e.message)
Пример #22
0
    def index(self, *args, **kwargs):
        # status must be always set in order to request be logged.
        # use 500 as fallback for "exception not handled" cases.
        details = None
        status = 500

        params = {}
        method = validate_method(('GET', 'POST'), self.admin_methods)

        try:
            if method == 'GET':
                params = cherrypy.request.params
                validate_params(params, self, 'get_list')
                return self.get(params)
            elif method == 'POST':
                params = parse_request()
                result = self.create(params, *args)
                status = cherrypy.response.status
                return result
        except WokException, e:
            details = e
            status = e.getHttpStatusCode()
            raise cherrypy.HTTPError(status, e.message)
Пример #23
0
    def login(self, *args):
        def _raise_timeout(user_id):
            length = self.failed_logins[user_ip_sid]["count"]
            timeout = (length - 2) * 30
            details = e = UnauthorizedError("WOKAUTH0004E",
                                            {"seconds": timeout})
            log_request(code, params, details, method, 403)
            raise cherrypy.HTTPError(403, e.message)

        details = None
        method = 'POST'
        code = self.getRequestMessage(method, 'login')

        try:
            params = parse_request()
            validate_params(params, self, "login")
            username = params['username']
            password = params['password']
        except WokException, e:
            details = e = OperationFailed("WOKAUTH0007E")
            status = e.getHttpStatusCode()
            log_request(code, params, details, method, 400)
            raise cherrypy.HTTPError(400, e.message)
Пример #24
0
    def login(self, *args):
        def _raise_timeout(user_id):
            length = self.failed_logins[user_ip_sid]["count"]
            timeout = (length - 2) * 30
            details = e = UnauthorizedError("WOKAUTH0004E",
                                            {"seconds": timeout})
            log_request(code, params, details, method, 403)
            raise cherrypy.HTTPError(403, e.message)

        details = None
        method = 'POST'
        code = self.getRequestMessage(method, 'login')

        try:
            params = parse_request()
            validate_params(params, self, "login")
            username = params['username']
            password = params['password']
        except WokException, e:
            details = e = OperationFailed("WOKAUTH0007E")
            status = e.getHttpStatusCode()
            log_request(code, params, details, method, 400)
            raise cherrypy.HTTPError(400, e.message)
Пример #25
0
    def login(self, *args):
        method = 'POST'
        code = self.getRequestMessage(method, 'login')
        app = 'wok'
        ip = cherrypy.request.remote.ip

        try:
            params = parse_request()
            msg = WokMessage(code, params).get_text(prepend_code=False)
            username = params['username']
            password = params['password']
        except KeyError, item:
            RequestRecord(
                msg,
                app=app,
                req=method,
                status=400,
                user='******',
                ip=ip
            ).log()

            e = MissingParameter('WOKAUTH0003E', {'item': str(item)})
            raise cherrypy.HTTPError(400, e.message)
Пример #26
0
    def login(self, *args):
        def _raise_timeout(user_id):
            length = self.failed_logins[user_ip_sid]['count']
            timeout = (length - 2) * 30
            details = e = UnauthorizedError(
                'WOKAUTH0004E', {'seconds': timeout})
            log_request(code, params, details, method, 403)
            raise cherrypy.HTTPError(403, str(e))

        details = None
        method = 'POST'
        code = self.getRequestMessage(method, 'login')

        try:
            params = parse_request()
            validate_params(params, self, 'login')
            username = params['username']
            password = params['password']
        except WokException as e:
            details = e = OperationFailed('WOKAUTH0007E')
            log_request(code, params, details, method, 400)
            raise cherrypy.HTTPError(400, str(e))

        # get authentication info
        remote_ip = cherrypy.request.remote.ip
        session_id = str(cherrypy.session.originalid)
        user_ip_sid = re.escape(username + remote_ip + session_id)

        # check for repetly
        count = self.failed_logins.get(user_ip_sid, {'count': 0}).get('count')
        if count >= 3:

            # verify if timeout is still valid
            last_try = self.failed_logins[user_ip_sid]['time']
            if time.time() < (last_try + ((count - 2) * 30)):
                _raise_timeout(user_ip_sid)
            else:
                self.failed_logins.pop(user_ip_sid)

        try:
            status = 200
            user_info = auth.login(username, password)

            # user logged sucessfuly: reset counters
            if self.failed_logins.get(user_ip_sid) is not None:
                self.failed_logins.pop(user_ip_sid)
        except cherrypy.HTTPError as e:

            # store time and prevent too much tries
            if self.failed_logins.get(user_ip_sid) is None:
                self.failed_logins[user_ip_sid] = {
                    'time': time.time(),
                    'ip': remote_ip,
                    'session_id': session_id,
                    'username': username,
                    'count': 1,
                }
            else:
                # tries take more than 30 seconds between each one: do not
                # increase count
                if time.time() - self.failed_logins[user_ip_sid]['time'] < 30:

                    self.failed_logins[user_ip_sid]['time'] = time.time()
                    self.failed_logins[user_ip_sid]['count'] += 1

            # more than 3 fails: raise error
            if self.failed_logins[user_ip_sid]['count'] >= 3:
                _raise_timeout(user_ip_sid)

            # return same error message to frontend
            details = e = OperationFailed('WOKAUTH0008E')
            status = e.getHttpStatusCode()
            raise cherrypy.HTTPError(401, str(e))
        finally:
            send_wok_notification('', 'login', 'POST')
            log_request(code, params, details, method, status)

        return json.dumps(user_info)