def test_validate_chaining(self):
dataent.get_doc({
"doctype": "Transaction Log",
"reference_doctype": "Test Doctype",
"document_name": "Test Document 1",
"data": "first_data"
}).insert(ignore_permissions=True)
second_log = dataent.get_doc({
"doctype": "Transaction Log",
"reference_doctype": "Test Doctype",
"document_name": "Test Document 2",
"data": "second_data"
}).insert(ignore_permissions=True)
third_log = dataent.get_doc({
"doctype": "Transaction Log",
"reference_doctype": "Test Doctype",
"document_name": "Test Document 3",
"data": "third_data"
}).insert(ignore_permissions=True)
sha = hashlib.sha256()
sha.update(
dataent.safe_encode(str(third_log.transaction_hash)) +
dataent.safe_encode(str(second_log.chaining_hash)))
self.assertEqual(sha.hexdigest(), third_log.chaining_hash)
def hash_chain(self):
sha = hashlib.sha256()
sha.update(
dataent.safe_encode(str(self.transaction_hash)) + \
dataent.safe_encode(str(self.previous_hash))
)
return sha.hexdigest()
def hash_line(self):
sha = hashlib.sha256()
sha.update(
dataent.safe_encode(str(self.row_index)) + \
dataent.safe_encode(str(self.timestamp)) + \
dataent.safe_encode(str(self.data))
)
return sha.hexdigest()
def get_payment_url(self):
if self.reference_doctype != "Fees":
data = dataent.db.get_value(self.reference_doctype,
self.reference_name,
["company", "customer_name"],
as_dict=1)
else:
data = dataent.db.get_value(self.reference_doctype,
self.reference_name, ["student_name"],
as_dict=1)
data.update({"company": dataent.defaults.get_defaults().company})
controller = get_payment_gateway_controller(self.payment_gateway)
controller.validate_transaction_currency(self.currency)
if hasattr(controller, 'validate_minimum_transaction_amount'):
controller.validate_minimum_transaction_amount(
self.currency, self.grand_total)
return controller.get_payment_url(
**{
"amount": flt(self.grand_total, self.precision("grand_total")),
"title": data.company.encode("utf-8"),
"description": self.subject.encode("utf-8"),
"reference_doctype": "Payment Request",
"reference_docname": self.name,
"payer_email": self.email_to or dataent.session.user,
"payer_name": dataent.safe_encode(data.customer_name),
"order_id": self.name,
"currency": self.currency
})
def __init__(self, content):
"""Parses headers, content, attachments from given raw message.
:param content: Raw message."""
if six.PY2:
self.mail = email.message_from_string(safe_encode(content))
else:
if isinstance(content, bytes):
self.mail = email.message_from_bytes(content)
else:
self.mail = email.message_from_string(content)
self.text_content = ''
self.html_content = ''
self.attachments = []
self.cid_map = {}
self.parse()
self.set_content_and_type()
self.set_subject()
self.set_from()
self.message_id = (self.mail.get('Message-ID') or "").strip(" <>")
if self.mail["Date"]:
try:
utc = email.utils.mktime_tz(
email.utils.parsedate_tz(self.mail["Date"]))
utc_dt = datetime.datetime.utcfromtimestamp(utc)
self.date = convert_utc_to_user_timezone(utc_dt).strftime(
'%Y-%m-%d %H:%M:%S')
except:
self.date = now()
else:
self.date = now()
if self.date > now():
self.date = now()
def get_additional_conditions(from_date, ignore_closing_entries, filters):
additional_conditions = []
if ignore_closing_entries:
additional_conditions.append(
"ifnull(voucher_type, '')!='Period Closing Voucher'")
if from_date:
additional_conditions.append("posting_date >= %(from_date)s")
if filters:
if filters.get("project"):
if not isinstance(filters.get("project"), list):
projects = dataent.safe_encode(filters.get("project"))
filters.project = [
d.strip() for d in projects.strip().split(',') if d
]
additional_conditions.append("project in %(project)s")
if filters.get("cost_center"):
filters.cost_center = get_cost_centers_with_children(
filters.cost_center)
additional_conditions.append("cost_center in %(cost_center)s")
if filters.get("finance_book"):
if filters.get("include_default_book_entries"):
additional_conditions.append(
"finance_book in (%(finance_book)s, %(company_fb)s)")
else:
additional_conditions.append(
"finance_book in (%(finance_book)s)")
return " and {}".format(
" and ".join(additional_conditions)) if additional_conditions else ""
def upload_bank_statement():
if getattr(dataent, "uploaded_file", None):
with open(dataent.uploaded_file, "rb") as upfile:
fcontent = upfile.read()
else:
from dataent.utils.file_manager import get_uploaded_content
fname, fcontent = get_uploaded_content()
if dataent.safe_encode(fname).lower().endswith("csv".encode('utf-8')):
from dataent.utils.csvutils import read_csv_content
rows = read_csv_content(fcontent, False)
elif dataent.safe_encode(fname).lower().endswith("xlsx".encode('utf-8')):
from dataent.utils.xlsxutils import read_xlsx_file_from_attached_file
rows = read_xlsx_file_from_attached_file(fcontent=fcontent)
columns = rows[0]
rows.pop(0)
data = rows
return {"columns": columns, "data": data}
def test_auth_via_api_key_secret(self):
# generate api ke and api secret for administrator
keys = generate_keys("Administrator")
dataent.db.commit()
generated_secret = dataent.utils.password.get_decrypted_password(
"User", "Administrator", fieldname='api_secret')
api_key = dataent.db.get_value("User", "Administrator", "api_key")
header = {
"Authorization": "token {}:{}".format(api_key, generated_secret)
}
res = requests.post(dataent.get_site_config().host_name +
"/api/method/dataent.auth.get_logged_user",
headers=header)
self.assertEqual(res.status_code, 200)
self.assertEqual("Administrator", res.json()["message"])
self.assertEqual(keys['api_secret'], generated_secret)
header = {
"Authorization":
"Basic {}".format(
base64.b64encode(
dataent.safe_encode("{}:{}".format(
api_key, generated_secret))).decode())
}
res = requests.post(dataent.get_site_config().host_name +
"/api/method/dataent.auth.get_logged_user",
headers=header)
self.assertEqual(res.status_code, 200)
self.assertEqual("Administrator", res.json()["message"])
# Valid api key, invalid api secret
api_secret = "ksk&93nxoe3os"
header = {"Authorization": "token {}:{}".format(api_key, api_secret)}
res = requests.post(dataent.get_site_config().host_name +
"/api/method/dataent.auth.get_logged_user",
headers=header)
self.assertEqual(res.status_code, 403)
# random api key and api secret
api_key = "@3djdk3kld"
api_secret = "ksk&93nxoe3os"
header = {"Authorization": "token {}:{}".format(api_key, api_secret)}
res = requests.post(dataent.get_site_config().host_name +
"/api/method/dataent.auth.get_logged_user",
headers=header)
self.assertEqual(res.status_code, 401)
def create_json_gz_file(data, dt, dn):
# Storing data in CSV file causes information loss
# Reports like P&L Statement were completely unsuable because of this
json_filename = '{0}.json.gz'.format(
dataent.utils.data.format_datetime(dataent.utils.now(), "Y-m-d-H:M"))
encoded_content = dataent.safe_encode(dataent.as_json(data))
# GZip compression seems to reduce storage requirements by 80-90%
compressed_content = gzip_compress(encoded_content)
save_file(fname=json_filename,
content=compressed_content,
dt=dt,
dn=dn,
folder=None,
is_private=False)
def setup_email_account(self, append_to=None, sender=None):
self.email_account = get_outgoing_email_account(
raise_exception_not_set=False, append_to=append_to, sender=sender)
if self.email_account:
self.server = self.email_account.smtp_server
self.login = (getattr(self.email_account, "login_id", None)
or self.email_account.email_id)
if not self.email_account.no_smtp_authentication:
if self.email_account.ascii_encode_password:
self.password = dataent.safe_encode(
self.email_account.password, 'ascii')
else:
self.password = self.email_account.password
else:
self.password = None
self.port = self.email_account.smtp_port
self.use_tls = self.email_account.use_tls
self.sender = self.email_account.email_id
self.always_use_account_email_id_as_sender = cint(
self.email_account.get(
"always_use_account_email_id_as_sender"))
self.always_use_account_name_as_sender_name = cint(
self.email_account.get(
"always_use_account_name_as_sender_name"))