def unlock_task(name):
"""Unlock a locked task.
:return: ``True`` if the task has been unlocked; ``False`` if it was not locked.
"""
cache = GenericCache('task-locks')
if not cache.get(name):
return False
cache.delete(name)
return True
def _send_confirmation(self, email):
token_storage = GenericCache('confirm-email')
data = {'email': email, 'user_id': self.user.id}
token = make_unique_token(lambda t: not token_storage.get(t))
token_storage.set(token, data, 24 * 3600)
send_email(
make_email(email,
template=get_template_module(
'users/emails/verify_email.txt',
user=self.user,
email=email,
token=token)))
def wrapper(*args, **kwargs):
cache = GenericCache('task-locks')
name = current_task.name
if cache.get(name):
Logger.get('celery').warning(
'Task %s is locked; not executing it. '
'To manually unlock it, run `fossir celery unlock %s`', name,
name)
return
cache.set(name, True, 86400)
try:
return f(*args, **kwargs)
finally:
cache.delete(name)
def _get_user_data(self):
user_id = request.args.get('user')
if user_id is None:
return {}
elif user_id.isdigit():
# existing fossir user
user = User.find_first(id=user_id, is_deleted=False)
user_data = {t.name: getattr(user, t.name, None) if user else '' for t in PersonalDataType}
else:
# non-fossir user
data = GenericCache('pending_identities').get(user_id, {})
user_data = {t.name: data.get(t.name) for t in PersonalDataType}
user_data['title'] = get_title_uuid(self.regform, user_data['title'])
return user_data
def has_member(self, user):
if not user:
return False
cache = GenericCache('group-membership')
key = '{}:{}:{}'.format(self.provider, self.name, user.id)
rv = cache.get(key)
if rv is not None:
return rv
elif self.group is None:
warn('Tried to check if {} is in invalid group {}'.format(user, self))
rv = False
else:
rv = any(x[1] in self.group for x in user.iter_identifiers(check_providers=True, providers={self.provider}))
cache.set(key, rv, 1800)
return rv
class fossirSessionInterface(SessionInterface):
pickle_based = True
serializer = cPickle
session_class = fossirSession
temporary_session_lifetime = timedelta(days=7)
def __init__(self):
self.storage = GenericCache('flask-session')
def generate_sid(self):
return str(uuid.uuid4())
def get_cookie_secure(self, app):
return request.is_secure
def get_storage_lifetime(self, app, session):
# Permanent sessions are stored for exactly the same duration as the session id cookie.
# "Temporary" session are stored for a period that is not too short/long as some people
# close their browser very rarely and thus shouldn't be logged out that often.
if session.permanent:
return app.permanent_session_lifetime
else:
return self.temporary_session_lifetime
def should_refresh_session(self, app, session):
if session.new or '_expires' not in session:
return False
threshold = self.get_storage_lifetime(app, session) / 2
return session['_expires'] - datetime.now() < threshold
def should_refresh_sid(self, app, session):
if not session.new and self.get_cookie_secure(
app) and not session.get('_secure'):
return True
if getattr(session, '_refresh_sid', False):
return True
return False
def open_session(self, app, request):
sid = request.cookies.get(app.session_cookie_name)
if not sid:
return self.session_class(sid=self.generate_sid(), new=True)
data = self.storage.get(sid)
if data is not None:
return self.session_class(self.serializer.loads(data), sid=sid)
return self.session_class(sid=self.generate_sid(), new=True)
def save_session(self, app, session, response):
domain = self.get_cookie_domain(app)
secure = self.get_cookie_secure(app)
refresh_sid = self.should_refresh_sid(app, session)
if not session and not session.new:
# empty session, delete it from storage and cookie
self.storage.delete(session.sid)
response.delete_cookie(app.session_cookie_name, domain=domain)
return
if not refresh_sid and not session.modified and not self.should_refresh_session(
app, session):
# If the session has not been modified we only store if it needs to be refreshed
return
if config.SESSION_LIFETIME > 0:
# Setting session.permanent marks the session as modified so we only set it when we
# are saving the session anyway!
session.permanent = True
storage_ttl = self.get_storage_lifetime(app, session)
cookie_lifetime = self.get_expiration_time(app, session)
session['_expires'] = datetime.now() + storage_ttl
if refresh_sid:
self.storage.delete(session.sid)
session.sid = self.generate_sid()
session['_secure'] = request.is_secure
self.storage.set(session.sid, self.serializer.dumps(dict(session)),
storage_ttl)
response.set_cookie(app.session_cookie_name,
session.sid,
expires=cookie_lifetime,
httponly=True,
secure=secure)
def principal_from_fossil(fossil,
allow_pending=False,
allow_groups=True,
allow_missing_groups=False,
allow_emails=False,
allow_networks=False,
existing_data=None):
from fossir.modules.networks.models.networks import IPNetworkGroup
from fossir.modules.groups import GroupProxy
from fossir.modules.users import User
if existing_data is None:
existing_data = set()
type_ = fossil['_type']
id_ = fossil['id']
if type_ == 'Avatar':
if isinstance(id_, int) or id_.isdigit():
# regular user
user = User.get(int(id_))
elif allow_pending:
data = GenericCache('pending_identities').get(id_)
if not data:
raise ValueError("Cannot find user '{}' in cache".format(id_))
data = {k: '' if v is None else v for k, v in data.items()}
email = data['email'].lower()
# check if there is not already a (pending) user with that e-mail
# we need to check for non-pending users too since the search may
# show a user from external results even though the email belongs
# to an fossir account in case some of the search criteria did not
# match the fossir account
user = User.find_first(User.all_emails.contains(email),
~User.is_deleted)
if not user:
user = User(first_name=data.get('first_name') or '',
last_name=data.get('last_name') or '',
email=email,
address=data.get('address', ''),
phone=data.get('phone', ''),
affiliation=data.get('affiliation', ''),
is_pending=True)
db.session.add(user)
db.session.flush()
else:
raise ValueError(
"Id '{}' is not a number and allow_pending=False".format(id_))
if user is None:
raise ValueError('User does not exist: {}'.format(id_))
return user
elif allow_emails and type_ == 'Email':
return EmailPrincipal(id_)
elif allow_networks and type_ == 'IPNetworkGroup':
group = IPNetworkGroup.get(int(id_))
if group is None or (group.hidden and group not in existing_data):
raise ValueError('IP network group does not exist: {}'.format(id_))
return group
elif allow_groups and type_ in {'LocalGroupWrapper', 'LocalGroup'}:
group = GroupProxy(int(id_))
if group.group is None:
raise ValueError('Local group does not exist: {}'.format(id_))
return group
elif allow_groups and type_ in {'LDAPGroupWrapper', 'MultipassGroup'}:
provider = fossil['provider']
group = GroupProxy(id_, provider)
if group.group is None and not allow_missing_groups:
raise ValueError('Multipass group does not exist: {}:{}'.format(
provider, id_))
return group
else:
raise ValueError('Unexpected fossil type: {}'.format(type_))