def login(self, foreign_id='tester', name=None, email=None, is_admin=False): role = self.create_user(foreign_id=foreign_id, name=name, email=email, is_admin=is_admin) with self.client.session_transaction() as sess: sess['roles'] = [Role.system(Role.SYSTEM_GUEST), Role.system(Role.SYSTEM_USER), role.id] sess['user'] = role.id return role
def check_alerts(): for role_id, in Role.notifiable(): with current_app.test_request_context('/'): role = Role.by_id(role_id) request.auth_role = role request.logged_in = True # FIXME: can't re-gain access to implicit oauth rules. # -> https://github.com/pudo/aleph/issues/14 request.auth_roles = [Role.system(Role.SYSTEM_USER), Role.system(Role.SYSTEM_GUEST), role.id] check_role_alerts(role)
def login(self, foreign_id='tester', name=None, email=None, is_admin=False): role = self.create_user(foreign_id=foreign_id, name=name, email=email, is_admin=is_admin) with self.client.session_transaction() as sess: sess['roles'] = [ Role.system(Role.SYSTEM_GUEST), Role.system(Role.SYSTEM_USER), role.id ] sess['user'] = role.id return role
def callback(): resp = oauth_provider.authorized_response() if resp is None or isinstance(resp, OAuthException): log.warning("Failed OAuth: %r", resp) # FIXME: notify the user, somehow. return redirect(url_for('base_api.ui')) session['oauth'] = resp session['roles'] = [Role.system(Role.SYSTEM_USER)] if 'googleapis.com' in oauth_provider.base_url: me = oauth_provider.get('userinfo') user_id = 'google:%s' % me.data.get('id') role = Role.load_or_create(user_id, Role.USER, me.data.get('name'), email=me.data.get('email')) elif 'occrp.org' in oauth_provider.base_url or \ 'investigativedashboard.org' in oauth_provider.base_url: me = oauth_provider.get('api/2/accounts/profile/') user_id = 'idashboard:user:%s' % me.data.get('id') role = Role.load_or_create(user_id, Role.USER, me.data.get('display_name'), email=me.data.get('email'), is_admin=me.data.get('is_admin')) for group in me.data.get('groups', []): group_id = 'idashboard:%s' % group.get('id') group_role = Role.load_or_create(group_id, Role.GROUP, group.get('name')) session['roles'].append(group_role.id) else: raise RuntimeError("Unknown OAuth URL: %r" % oauth_provider.base_url) session['roles'].append(role.id) session['user'] = role.id db.session.commit() log.info("Logged in: %r", role) return redirect(url_for('base_api.ui'))
def load_role(): request.auth_roles = set([Role.system(Role.SYSTEM_GUEST)]) request.auth_role = None request.logged_in = False auth_header = request.headers.get('Authorization') if session.get('user'): request.auth_roles.update(session.get('roles', [])) request.auth_role = Role.by_id(session.get('user')) request.logged_in = True elif auth_header is not None: if not auth_header.lower().startswith('apikey'): return api_key = auth_header.split(' ', 1).pop() role = Role.by_api_key(api_key) if role is None: return request.auth_role = role request.auth_roles.update([Role.system(Role.SYSTEM_USER), role.id]) request.logged_in = True
def load_role(): request.auth_roles = set([Role.system(Role.SYSTEM_GUEST)]) request.auth_role = None request.logged_in = False if session.get('user'): request.auth_roles.update(session.get('roles', [])) request.auth_role = Role.by_id(session.get('user')) request.logged_in = True else: api_key = request.args.get('api_key') if api_key is None: auth_header = request.headers.get('Authorization') or '' if auth_header.lower().startswith('apikey'): api_key = auth_header.split(' ', 1).pop() role = Role.by_api_key(api_key) if role is None: return request.auth_role = role request.auth_roles.update([Role.system(Role.SYSTEM_USER), role.id]) request.logged_in = True
def callback(): resp = oauth_provider.authorized_response() if resp is None or isinstance(resp, OAuthException): log.warning("Failed OAuth: %r", resp) # FIXME: notify the user, somehow. return redirect('/') session['oauth'] = resp session['roles'] = [Role.system(Role.SYSTEM_USER)] signals.handle_oauth_session.send(provider=oauth_provider, session=session) db.session.commit() log.info("Logged in: %r", session['user']) return redirect('/')
def setUp(self): super(SourcesApiTestCase, self).setUp() self.source = Source() self.source.foreign_id = "test" self.source.label = "Test Collection" self.source.category = "news" db.session.add(self.source) db.session.flush() permission = Permission() permission.role_id = Role.system(Role.SYSTEM_USER) permission.read = True permission.write = True permission.resource_id = self.source.id permission.resource_type = Permission.SOURCE db.session.add(permission) db.session.commit()