def get_current_user():
"""Get the current logged in user, or None."""
if environment.is_local_development():
return User('user@localhost')
current_request = request_cache.get_current_request()
if local_config.AuthConfig().get('enable_loas'):
loas_user = current_request.headers.get(
'X-AppEngine-LOAS-Peer-Username')
if loas_user:
return User(loas_user + '@google.com')
iap_email = get_iap_email(current_request)
if iap_email:
return User(iap_email)
cache_backing = request_cache.get_cache_backing()
oauth_email = getattr(cache_backing, '_oauth_email', None)
if oauth_email:
return User(oauth_email)
cached_email = getattr(cache_backing, '_cached_email', None)
if cached_email:
return User(cached_email)
session_cookie = get_session_cookie()
if not session_cookie:
return None
try:
decoded_claims = decode_claims(get_session_cookie())
except AuthError:
logs.log_warn('Invalid session cookie.')
return None
allowed_firebase_providers = local_config.ProjectConfig().get(
'firebase.auth_providers', ['google.com'])
firebase_info = decoded_claims.get('firebase', {})
sign_in_provider = firebase_info.get('sign_in_provider')
if sign_in_provider not in allowed_firebase_providers:
logs.log_error(f'Firebase provider {sign_in_provider} is not enabled.')
return None
# Per https://docs.github.com/en/authentication/
# keeping-your-account-and-data-secure/authorizing-oauth-apps
# GitHub requires emails to be verified before an OAuth app can be
# authorized, so we make an exception.
if (not decoded_claims.get('email_verified')
and sign_in_provider != 'github.com'):
return None
email = decoded_claims.get('email')
if not email:
return None
# We cache the email for this request if we've validated the user to make
# subsequent get_current_user() calls fast.
setattr(cache_backing, '_cached_email', email)
return User(email)
def is_current_user_admin():
"""Returns whether or not the current logged in user is an admin."""
if environment.is_local_development():
return True
user = get_current_user()
if not user:
return False
key = ndb.Key(data_types.Admin, user.email)
return bool(key.get())
def get_current_user():
"""Get the current logged in user, or None."""
if environment.is_local_development():
return User('user@localhost')
current_request = request_cache.get_current_request()
if local_config.AuthConfig().get('enable_loas'):
loas_user = current_request.headers.get(
'X-AppEngine-LOAS-Peer-Username')
if loas_user:
return User(loas_user + '@google.com')
iap_email = get_iap_email(current_request)
if iap_email:
return User(iap_email)
cache_backing = request_cache.get_cache_backing()
oauth_email = getattr(cache_backing, '_oauth_email', None)
if oauth_email:
return User(oauth_email)
cached_email = getattr(cache_backing, '_cached_email', None)
if cached_email:
return User(cached_email)
session_cookie = get_session_cookie()
if not session_cookie:
return None
try:
decoded_claims = decode_claims(get_session_cookie())
except AuthError:
logs.log_warn('Invalid session cookie.')
return None
if not decoded_claims.get('email_verified'):
return None
email = decoded_claims.get('email')
if not email:
return None
# We cache the email for this request if we've validated the user to make
# subsequent get_current_user() calls fast.
setattr(cache_backing, '_cached_email', email)
return User(email)
def get_fuzz_task_payload(platform=None):
"""Select a fuzzer that can run on this platform."""
if not platform:
queue_override = environment.get_value('QUEUE_OVERRIDE')
platform = queue_override if queue_override else environment.platform()
if environment.is_local_development():
query = data_types.FuzzerJob.query()
query = query.filter(data_types.FuzzerJobs.platform == platform)
mappings = list(ndb_utils.get_all_from_query(query))
else:
query = data_types.FuzzerJobs.query()
query = query.filter(data_types.FuzzerJobs.platform == platform)
mappings = []
for entity in query:
mappings.extend(entity.fuzzer_jobs)
if not mappings:
return None, None
selection = utils.random_weighted_choice(mappings,
weight_attribute='actual_weight')
return selection.fuzzer, selection.job