示例#1
0
        if extendType == 2:
            result['info']['serials'] = ','.join(ser_arr)
            result['info']['updates'] = ','.join(upd_arr)
    result['time'] = max_time
    result['count'] = count
    result['serial'] = serial
    return result
    # myown device will get all data that its owned


def log(message: str, tag: str = '  info'):
    utils.log(message, tag, 'mobile')


def elog(message: str, tag: str = 'error'):
    utils.log(message, tag, 'mobile')


def sql_request(sql: str):
    db.sql_request(sql)


def sql_request_ignore_error(sql: str):
    db.sql_request_ignore_error(sql)


if not auth.isMobile:  # check that this request from mobile application
    headers.jsonAPI(False)
    elog('Only from mobile uid:' + str(auth.user_id))
    headers.errorResponse('Wrong type')
示例#2
0
def badExit(index: int):
    auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
    headers.jsonAPI(False)
    time.sleep(1)
    _mobile.elog('Request error - ' + str(index), 'reg')
    headers.errorResponse(translation.getValue('bad_request'))
示例#3
0
def wrongCred(index: int):
    auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
    headers.jsonAPI(False)
    time.sleep(1)
    _mobile.elog('Credentials error - ' + str(index), 'auth')
    headers.errorResponse(translation.getValue('user_not_found'))
示例#4
0
else:
    sync1 = -1

if sync2 == 1:
    sync2 = 2
else:
    sync2 = -1

if sync3 == 1:
    sync3 = 3
else:
    sync3 = -1

src = safeGETint('src')
if src < 0:
    headers.errorResponse('@str.permission_denied')
dst = safeGETint('dst')
db.sql_request('select id from devices where id=' + str(src) + ' and uid=' +
               str(auth.user_id) + ' and state>0 and `default`=0')
row = db.mydb.fetchone()
if (row is None) or ('id' not in row) or (row['id'] is None) or (int(
        row['id']) < 1) or (int(row['id']) != src):
    headers.errorResponse('@str.permission_denied')

if dst > 0:
    db.sql_request('select id from devices where id=' + str(dst) +
                   ' and uid!=' + str(auth.user_id) + ' and state>0')
    row = db.mydb.fetchone()
    if (row is None) or ('id' not in row) or (row['id'] is None) or (int(
            row['id']) < 1) or (int(row['id']) != dst):
        headers.errorResponse('@str.permission_denied')
示例#5
0
if 'password' not in jsonpost:
    badExit(3)

if 'device' not in jsonpost:
    badExit(4)

if ('crc32_control' not in jsonpost) or ('crc32_str' not in jsonpost):
    badExit(5)
crc32_control = int(jsonpost['crc32_control'])
if crc32_control != utils.crc32(str(jsonpost['crc32_str'])):
    auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
    headers.jsonAPI(False)
    time.sleep(1)
    _mobile.elog('CRC32 control mistake', 'critical')
    headers.errorResponse("CRC32 algorithm error")

if len(jsonpost['login']) < 4 or len(jsonpost['password']) < 4 or len(
        jsonpost['device']) < 4:
    auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
    headers.jsonAPI(False)
    time.sleep(1)
    _mobile.elog('Too short symbols', 'auth')
    headers.errorResponse(translation.getValue('mobile_too_short'))

jsonpost['remember'] = -1
if auth.isMobile:  # Yes only from Mobile!!!
    jsonpost['remember'] = 1
else:
    badExit(6)
示例#6
0
import inspect
import os
import sys

currentdir = os.path.dirname(
    os.path.abspath(inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api import auth
from _common.api import headers
from mobile_service.apiv1 import _mobile

headers.jsonAPI()
devid = auth.user_some_state
if (auth._POST is None):  # only POST accepted
    _mobile.elog('No posted info uid:' + auth.user_id)
    headers.errorResponse('Wrong information')
json = auth._POST
if 'need_tasks' not in json:
    _mobile.elog('Incorrect tasks uid:' + auth.user_id)
    headers.errorResponse('Nothing was sent')
tasks = json['need_tasks']
if len(tasks) < 1:
    headers.errorResponse('No requested information was sent')
obj = _mobile.getTotalIdsString(user_id=auth.user_id,
                                devid=auth.user_some_state,
                                cross=tasks,
                                extendType=1)
if obj is None:
    headers.errorResponse('SQL error')
headers.goodResponse(obj)
示例#7
0
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api._settings import mydb
from _common.api import auth
from _common.api import headers
from _common.api import utils
from _common.api import translation

headers.jsonAPI()

sql = 'delete from tasks where devid in (select id from devices where uid=' + str(
    auth.user_id) + ')'
try:
    mydb.execute(sql)
except Exception as ex:
    utils.log(utils.clearUserLogin(str(ex)), 'error', 'mobile')
    headers.errorResponse('Can not remove tasks')

sql = 'delete from sync_devices where src in (select id from devices where uid=' + str(
    auth.user_id) + ')'
try:
    mydb.execute(sql)
except Exception as ex:
    utils.log(utils.clearUserLogin(str(ex)), 'error', 'mobile')
    headers.errorResponse('Can not remove source sync devices')

sql = 'delete from sync_devices where dst in (select id from devices where uid=' + str(
    auth.user_id) + ')'
try:
    mydb.execute(sql)
except Exception as ex:
    utils.log(utils.clearUserLogin(str(ex)), 'error', 'mobile')
示例#8
0
def wrongCred():
    auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
    headers.jsonAPI(False)
    time.sleep(1)
    headers.errorResponse('@str.user_not_found','@str.error',  404)
示例#9
0
                           devid=auth.user_some_state,
                           myself=False,
                           cache=False)  # except myself
result = {'own': [], 'in': [], 'out': []}
def_id = db.getDefaultDevice(auth.user_id)
for dev in own['all']:
    if (dev['id'] == def_id) or (dev['id'] == auth.user_id):
        continue
    result['own'].append({'id': dev['id'], 'device': dev['name']})

for key in links['in']['all']:
    dev = links['in']['all'][key]
    result['in'].append({
        'id': dev,
        'device': links['names'][dev]['device'],
        'user': links['names'][dev]['user']
    })

for key in links['out']['all']:
    dev = links['out']['all'][key]
    result['out'].append({
        'id': dev,
        'device': links['names'][dev]['device'],
        'user': links['names'][dev]['user']
    })

if len(result['out']) < 1 and len(result['in']) < 1 and len(result['own']) < 1:
    headers.errorResponse(
        'No devices available.\nInvite new devices on settings page')
headers.goodResponse(result)
示例#10
0
usr = mydb.fetchone()
if usr is None:
    wrongCred()

if usr['fail_login_timestamp'] is None:
    usr['fail_login_timestamp'] = 0

if usr['fail_login_counter'] is None:
    usr['fail_login_counter'] = 0

timestamp_int = int(time.time() * 1000)
if (abs(timestamp_int - int(usr['fail_login_timestamp'])) < 60 * 1000) and (int(usr['fail_login_counter']) > 5):
    auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
    headers.jsonAPI(False)
    time.sleep(1)
    headers.errorResponse('@str.wait_1_min', '@str.attention', 403)

timestamp_string = str(timestamp_int)
if usr['password'] != jsonpost['password'] or int(usr['state']) < 1:
    mydb.execute(
            'update users set fail_login_counter=(fail_login_counter+1),fail_login_timestamp=' + timestamp_string + ' where id=' + str(
                    usr['id']))
    wrongCred()  # auth fail

auth.user_id = int(usr['id'])  # before! buildCredentials call
if auth.isMobile:
    badExit()  # using this form from mobile app APIs is not permitted
else:
    mydb.execute('update users set fail_login_counter=0,fail_login_timestamp=0,lastlogin='******' where id=' + str(auth.user_id))
示例#11
0
def badExit(index: int = 0):
    auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
    headers.jsonAPI(False)
    time.sleep(1)
    headers.errorResponse(
            ' @str.bad_request', '@str.error',400)
示例#12
0
def sql_request(sql: str):
    try:
        mydb.execute(sql)
    except Exception as ex:
        utils.log(utils.clearUserLogin(str(ex)), 'error')
        headers.errorResponse('SQL error')
示例#13
0
import sys

currentdir = os.path.dirname(
    os.path.abspath(inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api import auth
from _common.api import headers
from _common.api import db
from _common.api import utils
from _common.api import translation
from mobile_service.apiv1._mobile import sql_request_ignore_error, getTotalIdsString, sql_request
from _common.api._settings import mydb

headers.jsonAPI()
if (auth._POST is None):
    headers.errorResponse("Bad request")
out = ''
your = ''
tasks = ''
duplicate = (auth.safeGETint('duplicate') == 1)
if ('out' in auth._POST) and not (auth._POST['out'] is None):
    out = utils.clearStringHard(auth._POST['out'])
if ('your' in auth._POST) and not (auth._POST['your'] is None):
    your = utils.clearStringHard(auth._POST['your'])
if ('tasks' in auth._POST) and not (auth._POST['tasks'] is None):
    tasks = utils.clearGlobalIds(auth._POST['tasks'])

out_arr = []
your_arr = []
tasks_arr = []
tasks = getTotalIdsString(user_id=auth.user_id,
示例#14
0
currentdir = os.path.dirname(
    os.path.abspath(inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api._settings import mydb
from _common.api import auth
from _common.api import headers
from _common.api import utils
from mobile_service.apiv1._mobile import sql_request

headers.jsonAPI()

jsonpost = auth._POST

if (jsonpost is None) or ('login' not in jsonpost) or ('device'
                                                       not in jsonpost):
    headers.errorResponse('Bad request')

login = utils.clearUserLogin(jsonpost['login'])
device = utils.clearUserLogin(jsonpost['device'])

sql_request('select id from users where login="******" and state>0')
uid = 0
rows = mydb.fetchall()
for row in rows:
    uid = int(row['id'])

sql_request('select id from devices where uid=' + str(uid) + ' and name="' +
            device + '"')
another_device = 0
rows = mydb.fetchall()
for row in rows:
示例#15
0
import os
import sys

currentdir = os.path.dirname(os.path.abspath(
        inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api import auth
from _common.api import headers
from _common.api import db
from _common.api import utils
from _common.api import translation
from mobile_service.apiv1._mobile import sql_request

headers.jsonAPI()
if (auth._POST is None):
    headers.errorResponse("Bad request")
out = ''
incom = ''
your = ''
if ('out' in auth._POST) and not (auth._POST['out'] is None):
    out = utils.clearStringHard(auth._POST['out'])
if ('in' in auth._POST) and not (auth._POST['in'] is None):
    incom = utils.clearStringHard(auth._POST['in'])
if ('your' in auth._POST) and not (auth._POST['your'] is None):
    your = utils.clearStringHard(auth._POST['your'])
out_arr = {}
in_arr = {}
your_arr = {}
if len(out) > 0:
    out_arr = set(str(int(x)) for x in out.split(','))
if len(incom) > 0:
示例#16
0
currentdir = os.path.dirname(
    os.path.abspath(inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api._settings import mydb
from _common.api import auth
from _common.api import headers
from _common.api import utils
from _common.api import translation
from mobile_service.apiv1._mobile import sql_request

headers.jsonAPI()

jsonpost = auth._POST
if (jsonpost is None) or ('invite' not in jsonpost):
    headers.errorResponse('Bad request')
invite = utils.clearStringHard(str(jsonpost['invite']))[:7].lower()
if len(invite) < 3:
    headers.errorResponse('Too short invite')
sql_request('select id from sync_devices where (dst=' +
            str(auth.user_some_state) + ') and invite="' + invite + '"')
row = mydb.fetchone()
id = 0
if row is None:
    headers.errorResponse('Not found')
id = int(row['id'])
if id < 1:
    headers.errorResponse('Not found')

sql_request('update sync_devices set invite="", state=1 where id=' + str(id))
headers.goodResponse({'state': True}, translation.getValue('confirm_invite'))