def from_build(cls, build): """Converts a BuildBucket build to BuildBucketTryJobResult.""" tags = cls.parse_tags(build.get('tags', [])) result_details = load_json_dict_safe(build, 'result_details_json') parameters = load_json_dict_safe(build, 'parameters_json') properties = (result_details.get('properties') or parameters.get('properties')) if not isinstance(properties, dict): properties = {} def read_prop(name, expected_type): return dict_get_safe(properties, name, expected_type) requester = None requester_str = read_prop('requester', basestring) if requester_str: try: requester = users.User(requester_str) except users.UserNotFoundError: pass timestamp = timestamp_to_datetime(build.get('status_changed_ts')) if timestamp is None: logging.warning('Build %s has status_changed_ts=None', build['id']) return cls( id=build['id'], # Required for to_dict() serialization. build_id=build['id'], url=dict_get_safe(build, 'url', basestring), result=cls.convert_status_to_result(build), master=tags.get('master'), builder=dict_get_safe(parameters, 'builder_name', basestring), slave=read_prop('slavename', basestring), buildnumber=read_prop('buildnumber', int), reason=read_prop('reason', basestring), revision=read_prop('revision', basestring), timestamp=timestamp, clobber=read_prop('clobber', bool), tests=read_prop('testfilter', list) or [], project=read_prop('project', basestring), requester=requester, category=read_prop('category', basestring), build_properties=json.dumps(properties, sort_keys=True), )
def _get_id_token_user(token, issuers, audiences, allowed_client_ids, time_now, cache): """Get a User for the given id token, if the token is valid. Args: token: The id_token to check. issuers: dict of Issuers audiences: List of audiences that are acceptable. allowed_client_ids: List of client IDs that are acceptable. time_now: The current time as a long (eg. long(time.time())). cache: Cache to use (eg. the memcache module). Returns: A User if the token is valid, None otherwise. """ # Verify that the token is valid before we try to extract anything from it. # This verifies the signature and some of the basic info in the token. for issuer_key, issuer in issuers.items(): issuer_cert_uri = convert_jwks_uri(issuer.jwks_uri) try: parsed_token = _verify_signed_jwt_with_certs( token, time_now, cache, cert_uri=issuer_cert_uri) except Exception: # pylint: disable=broad-except _logger.debug( 'id_token verification failed for issuer %s', issuer_key, exc_info=True) continue issuer_values = _listlike_guard(issuer.issuer, 'issuer', log_warning=False) if isinstance(audiences, _Mapping): audiences = audiences[issuer_key] if _verify_parsed_token( parsed_token, issuer_values, audiences, allowed_client_ids, # There's some special handling we do for Google issuers. # ESP doesn't do this, and it's both unnecessary and invalid for other issuers. # So we'll turn it off except in the Google issuer case. is_legacy_google_auth=(issuer.issuer == _ISSUERS)): email = parsed_token['email'] # The token might have an id, but it's a Gaia ID that's been # obfuscated with the Focus key, rather than the AppEngine (igoogle) # key. If the developer ever put this email into the user DB # and retrieved the ID from that, it'd be different from the ID we'd # return here, so it's safer to not return the ID. # Instead, we'll only return the email. return users.User(email)
def VerifyIdToken(self, cls, *args): with mock.patch.object(users_id_token, 'time') as mock_time,\ mock.patch.object(users_id_token, '_get_id_token_user') as mock_get: mock_time.time.return_value = 1001 mock_get.return_value = users.User('*****@*****.**') os.environ['HTTP_AUTHORIZATION'] = ('Bearer ' + self._SAMPLE_TOKEN) if args: cls.method(*args) else: users_id_token._maybe_set_current_user_vars(cls.method) mock_time.time.assert_called_once_with() mock_get.assert_called_once_with( self._SAMPLE_TOKEN, users_id_token._ISSUERS, self._SAMPLE_AUDIENCES, (constants.API_EXPLORER_CLIENT_ID,) + self._SAMPLE_ALLOWED_CLIENT_IDS, 1001, memcache, )
def test_user_pre_created_users_are_authenticated_case_insensitively(self): """ When a user is pre-created their email address may not have been saved with the same upper/lower case-ness as that which they end up logging in with. So the matching needs to be done case insensitively. """ User = get_user_model() backend = AppEngineUserAPIBackend() email = '*****@*****.**' # Pre-create our user User.objects.pre_create_google_user(email) # Now authenticate this user via the Google Accounts API google_user = users.User(email='*****@*****.**', _user_id='111111111100000000001') user = backend.authenticate(google_user=google_user) # Check things self.assertEqual(user.username, '111111111100000000001') # We expect the email address to have been updated to the one which they logged in with self.assertEqual(user.email, google_user.email()) self.assertIsNotNone(user.last_login) self.assertFalse(user.has_usable_password())
def get(self, user=None): self.response.headers["Content-Type"] = "text/plain" if user: to_list = [ Count.all().filter('user = '******'time < ', now - timedelta(days=150)).fetch(100) not_visited_recently = Count.all().filter( 'login < ', now - timedelta(days=60)).fetch(100) to_list = [ x for x in not_marked_recently + not_visited_recently if x.email is None ][:MAX_MAILS_PER_REQUEST] for person_info in to_list: last_visited = person_info.login or person_info.time movies = read_250_from_db() compare_days = (now - last_visited).days new_movies = extract_new(movies, read_250_from_db( compare_days)) # Extract new movies since compare_days ago if new_movies: user_count = mark_seen_movies( movies, user) # Count the number of movies the person has seen person_info = user_prop( person_info.user, set_count=user_count) # and save it in the datastore if person_info: vars = dict(locals().items() + globals().items()) mail.send_mail('*****@*****.**', person_info.user.email(), 'New movies on the IMDb Top 250', template.render('campaign.txt', vars), html=template.render('campaign.html', vars)) logging.info('Sent campaign email to ' + person_info.user.email()) self.response.out.write(person_info.user.email() + '\n') person_info.email = now person_info.put()
def test_game_progress(self): email = '*****@*****.**' user = users.User(email) hasVoted, hasAddedQuote = models.get_progress(user) self.assertFalse(hasVoted) self.assertFalse(hasAddedQuote) quoteid0 = models.add_quote('This is a test.', user, _created=1) hasVoted, hasAddedQuote = models.get_progress(user) self.assertFalse(hasVoted) self.assertTrue(hasAddedQuote) models.set_vote(quoteid0, user, 1) hasVoted, hasAddedQuote = models.get_progress(user) self.assertTrue(hasVoted) self.assertTrue(hasAddedQuote)
def test_create_and_get_tasks(self): user = users.User("*****@*****.**") # Add the first task without a reminder. summary1 = "summary1" body1 = "body1" storage.new_task(user, summary1, body1) user_tasks = storage.get_tasks(user) self.assertEquals(1, len(user_tasks)) self._assert_task(user_tasks[0], user, summary1, body1, None) # Add the second task with a reminder. summary2 = "summary2" body2 = "body2" reminder2 = "" storage.new_task(user, summary2, body2, None) user_tasks = storage.get_tasks(user) self.assertEqual(2, len(user_tasks)) self._assert_task(user_tasks[1], user, summary2, body2, None)
def update_item(self, view, item): data = json.loads(view.request.body)[self.name] for field in self.field_list: value = None if isinstance(field.field, ndb.KeyProperty): id = data.get(field.belongs_to_name, None) if id: id = int(id) kind = field.model key = ndb.Key(kind, id) value = key elif isinstance(field.field, ndb.UserProperty): email = data.get(field.underscored_name, None) if email: value = users.User(email) else: value = data.get(field.underscored_name, None) if value: setattr(item, field.name, value)
def setUp(self): super(FileVaultVolumeTest, self).setUp() self.fvv_data = { 'hdd_serial': 'XX123456', 'platform_uuid': 'A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0', 'serial': 'XX123456', 'passphrase': 'SECRET', 'volume_uuid': '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0', 'created_by': users.User('*****@*****.**'), } self.fvv = models.FileVaultVolume(**self.fvv_data) # Ensure we use KEY_TYPE_DATASTORE_FILEVAULT and KEY_TYPE_DATASTORE_XSRF for # tests. self.key_type_default_filevault_save = settings.KEY_TYPE_DEFAULT_FILEVAULT self.key_type_default_xsrf_save = settings.KEY_TYPE_DEFAULT_XSRF settings.KEY_TYPE_DEFAULT_FILEVAULT = settings.KEY_TYPE_DATASTORE_FILEVAULT settings.KEY_TYPE_DEFAULT_XSRF = settings.KEY_TYPE_DATASTORE_XSRF
def VerifyIdToken(self, cls, *args): self.mox.StubOutWithMock(time, 'time') self.mox.StubOutWithMock(users_id_token, '_get_id_token_user') time.time().AndReturn(1001) users_id_token._get_id_token_user( self._SAMPLE_TOKEN, users_id_token._ISSUERS, self._SAMPLE_AUDIENCES, self._SAMPLE_ALLOWED_CLIENT_IDS, 1001, memcache).AndReturn(users.User('*****@*****.**')) self.mox.ReplayAll() os.environ['HTTP_AUTHORIZATION'] = ('Bearer ' + self._SAMPLE_TOKEN) if args: cls.method(*args) else: users_id_token._maybe_set_current_user_vars(cls.method) self.assertEqual(os.environ.get('ENDPOINTS_AUTH_EMAIL'), '*****@*****.**') self.mox.VerifyAll()
def receive(self, mail_message): email_pattern = re.compile(r'([\w\-\.]+@(\w[\w\-]+\.)+[\w\-]+)') match = email_pattern.findall(mail_message.sender) email_addr = match[0][0] if match else '' try: user = users.User(email_addr) user = self._reload_user(user) except users.UserNotFoundError: return self.error(403) title = mail_message.subject content = '' for content_t, body in mail_message.bodies('text/plain'): content += body.decode() attachments = getattr(mail_message, 'attachments', None) self._create_note(user, title, content, attachments)
def testGhostProperties(self): user = users.User("*****@*****.**") first_name = "Master" second_name = "Roshi" ghost_name = "Babadook" ghost = Ghost( gmail=user, first_name=first_name, second_name=second_name, ghost_name=ghost_name) ghost.put() stored_ghost = Ghost.query().get() self.assertEqual(user, stored_ghost.gmail) self.assertEqual(first_name, stored_ghost.first_name) self.assertEqual(second_name, stored_ghost.second_name) self.assertEqual(ghost_name, stored_ghost.ghost_name)
def log_in_user(self, email, is_admin=False): """ Log in a `User`_ with the given email address. This will cause `users.get_current_user`_ to return a `User`_ with the same email address and user_id as if it was entered into the SDK's log in prompt. :param email: the user to be logged in :param is_admin: True if the user is an google admin """ # stolen from dev_appserver_login user_id_digest = hashlib.md5(email.lower()).digest() user_id = '1' + ''.join(['%02d' % ord(x) for x in user_id_digest])[:20] os.environ['USER_EMAIL'] = email os.environ['USER_ID'] = user_id os.environ['USER_IS_ADMIN'] = '1' if is_admin else '0' return users.User(email=email, _user_id=user_id)
def getUser(userId=None): user = users.get_current_user() if (not (userId)): if (not (user)): return None userId = user.user_id() else: user = users.User(_user_id=userId) userObjects = db.GqlQuery( "SELECT * " "FROM User " "WHERE userId = :2 AND ANCESTOR IS :1", vintage_vibe_key(), userId) if (userObjects.count() > 0): return userObjects[0] else: userObject = User(parent=vintage_vibe_key()) userObject.userId = userId userObject.userEmail = user.email() userObject.put() return userObject
def test_middleware_resaves_email(self): # Create user with uppercased email email = '*****@*****.**' google_user = users.User(email, _user_id='111111111100000000001') backend = AppEngineUserAPIBackend() user = backend.authenticate(google_user=google_user,) # Normalize_email should save a user with lowercase email self.assertEqual(user.email, email.lower()) # Run AuthenticationMiddleware, if email are mismatched with sleuth.switch('djangae.contrib.gauth.middleware.users.get_current_user', lambda: google_user): request = HttpRequest() SessionMiddleware().process_request(request) # Make the damn sessions work middleware = AuthenticationMiddleware() middleware.process_request(request) # Middleware should resave to uppercased email, keeping user the same self.assertEqual(request.user.email, email) self.assertEqual(request.user.pk, user.pk)
def test_loaner_endpoints_auth_method(self): # Test no user logged in. permissions.constants.ON_GAE = True user = None with self.assertRaises(endpoints.NotFoundException): self.call_test_as(user=user, user_auth_only=True) with self.assertRaises(endpoints.NotFoundException): self.call_test_as(user=user, permission='enroll_shelf') # Test normal user_auth_only with valid user and domain. user = users.User(email=loanertest.USER_EMAIL) self.assertTrue(self.call_test_as(user=user, user_auth_only=True)) # Make sure user_auth_only is not executed since permission is set. user = users.User(email=loanertest.USER_EMAIL) with self.assertRaises(endpoints.ForbiddenException): self.call_test_as(user=user, user_auth_only=True, permission='enroll_shelf') # Test user_auth_only invalid domain. user = users.User(email='*****@*****.**') with self.assertRaises(endpoints.UnauthorizedException): self.call_test_as(user=user, user_auth_only=True) # Test permission for Technical Admin user. user = users.User(email=loanertest.TECHNICAL_ADMIN_EMAIL) self.assertTrue( self.call_test_as(user=user, permission='enroll_device')) # Test permission for Operational Admin user. user = users.User(email=loanertest.OPERATIONAL_ADMIN_EMAIL) self.assertTrue( self.call_test_as(user=user, permission='enroll_device')) # Test permission for Technician user. user = users.User(email=loanertest.TECHNICIAN_EMAIL) self.assertTrue( self.call_test_as(user=user, permission='enroll_device')) # Test permission for normal user. user = users.User(email=loanertest.USER_EMAIL) with self.assertRaises(endpoints.ForbiddenException): self.call_test_as(user=user, permission='enroll_shelf')
def edit(request, account, tzoffset, date, key): user = get_login_user(request) tzdelta = datetime.timedelta(minutes=int(tzoffset)) if account == user.email(): target = user else: target = users.User(email=account) target = db.GqlQuery('SELECT * FROM User WHERE account = :1', target).get() event = db.get(key) if not event: return HttpResponse('Calendar event does not exist for key "%s"' % (key, )) start_time, end_time = event.start_time - tzdelta, event.end_time - tzdelta event.start_time, event.end_time = start_time, end_time if request.method == 'POST': form = EventForm(request.POST, instance=event) if form.is_valid(): event1 = form.save(commit=False) if user.email() == account: event.start_time = event1.start_time + tzdelta event.end_time = event1.end_time + tzdelta event.subject, event.description = event1.subject, event1.description event.put() return HttpResponseRedirect(get_frame_url(account, tzoffset, date)) else: form = EventForm(instance=event) return render_to_response( 'experts/calendaredit.html', { 'user': user, 'account': account, 'date': event.start_time.strftime('%A, %d %b'), 'form': form, 'is_my_calendar': bool(user.email() == account), 'person': target.name if user.email() == account else user.name, 'start_time': start_time.strftime('%A, %d %b %I:%M %p '), 'end_time': end_time.strftime('%A, %d %b %I:%M %p ') })
def get_current_user(): """Get user information from the id_token or oauth token in the request. This should only be called from within an Endpoints request handler, decorated with an @endpoints.method decorator. The decorator should include the https://www.googleapis.com/auth/userinfo.email scope. If the current request uses an id_token, this validates and parses the token against the info in the current request handler and returns the user. Or, for an Oauth token, this call validates the token against the tokeninfo endpoint and oauth.get_current_user with the scopes provided in the method's decorator. Returns: None if there is no token or it's invalid. If the token was valid, this returns a User. Only the user's email field is guaranteed to be set. Other fields may be empty. Raises: InvalidGetUserCall: if the environment variables necessary to determine the endpoints user are not set. These are typically set when processing a request using an Endpoints handler. If they are not set, it likely indicates that this function was called from outside an Endpoints request handler. """ if not _is_auth_info_available(): raise InvalidGetUserCall('No valid endpoints user in environment.') if _ENV_USE_OAUTH_SCOPE in os.environ: return oauth.get_current_user(os.environ[_ENV_USE_OAUTH_SCOPE]) if (_ENV_AUTH_EMAIL in os.environ and _ENV_AUTH_DOMAIN in os.environ): if not os.environ[_ENV_AUTH_EMAIL]: return None return users.User(os.environ[_ENV_AUTH_EMAIL], os.environ[_ENV_AUTH_DOMAIN] or None) return None
def VolumesForQuery(q, search_type, prefix_search): """Search a model for matching the string query. Args: q: str search query. search_type: str key of SEARCH_TYPES constant. prefix_search: boolean, True to perform a prefix search, False otherwise. Returns: list of entities of type SEARCH_TYPES[search_type]. Raises: ValueError: the given search_type is unknown. """ if search_type not in SEARCH_TYPES: raise ValueError('Unknown search_type supplied: %r' % search_type) model = SEARCH_TYPES[search_type] query = model.all() fields = q.split(' ') for field in fields: try: name, value = field.strip().split(':') except ValueError: logging.info('Invalid field (%r) in query: %r', field, q) continue if name == 'created_by': if '@' not in value: value = '%s@%s' % (value, os.environ.get('AUTH_DOMAIN')) value = users.User(value) elif name == 'hostname': value = model.NormalizeHostname(value) if prefix_search and name != 'created_by': query.filter('%s >=' % name, value).filter('%s <' % name, value + u'\ufffd') else: query.filter(name + ' =', value) volumes = query.fetch(999) volumes.sort(key=lambda x: x.created, reverse=True) return volumes
def testUpdateUserInvalidUpdate(self): """Test that the ToS fields can't be changed once the user agreed ToS. """ email = "*****@*****.**" account = users.User(email=email) name = 'Updated User' agreed_to_tos = False properties = { 'account': account, 'link_id': self.entity.link_id, 'name': name, 'agreed_to_tos': agreed_to_tos, } user_logic.updateOrCreateFromFields(properties) entity = user_logic.getFromKeyName(self.entity.link_id) self.failUnlessEqual(account.email().lower(), email.lower()) self.failUnlessEqual(account, entity.account) self.failUnlessEqual(name, entity.name) self.failIfEqual(agreed_to_tos, entity.agreed_to_tos)
def setUp(self): """Set up required for the cleaning logic tests. """ # Ensure that current user is created user_properties = { 'account': users.get_current_user(), 'link_id': 'current_user', 'name': 'Current User', } self.user = user_logic.updateOrCreateFromFields(user_properties) # Create another user another_user_properties = { 'account': users.User(email="*****@*****.**"), 'link_id': 'another_user', 'name': 'Another User', } self.another_user = user_logic.updateOrCreateFromFields( another_user_properties) # Create a dummy form object self.form = Form()
def post(self): username, status = self._get_parameters("username", "status") if not username: return logging.info("User %s's status changed to %s." % (username, status)) email = username + "@hackerdojo.com" user = users.User(email=email) if status == "suspended": # Put their events on hold. self.__hold_user_events(user) elif status == "active": # Restore their events to pending status. self.__restore_user_events(user) else: logging.debug("Taking no action for status %s." % (status)) self.response.out.write(json.dumps({}))
def testCheckAuthzCreatorOk(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_CREATED_BY], ).put() models.FileVaultVolume( owner='stub3', created_by=users.User('*****@*****.**'), volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "%s"' % secret, resp.body)
def _set_object_properties(self, object, data): for field, value in data.items(): # TODO: All these special cases are results of the logic in gaejson.encode(). We should put together something to decode that output back into gae stuff # Keys are special! if field == 'key': if value != str(object.key()): #TODO: Raise some sort of error. You can write attributes to a URL without specifying the key, but if you pass a different key in the JSON than in the URL, that's cause for alarm pass elif field == 'parent': # Can't update parent pass else: # Users are special! if isinstance(getattr(object, field), users.User): email = value['email'] auth_domain = value['auth_domain'] value = users.User(email=email, _auth_domain=auth_domain) setattr(object, field, value)
def make_fake_controller(db_client=None, base_dir='/dropsite', site_yaml='site.yaml'): """ Will insert a real-looking 'Site' entry, so get_current_site_controller works """ from google.appengine.api import users from siteinadropbox import models, controller owner = users.User('*****@*****.**') site = models.Site.get_or_insert( key_name=models.Site.the_key_name, owner=owner, owner_id='abekat', dropbox_access_token= 'oauth_token_secret=fakesecret&oauth_token=vc1okyqpio7irgy', dropbox_base_dir=base_dir, dropbox_site_yaml=site_yaml) gov = controller.BaseController(site) gov.db_client = db_client return gov
def GetUserFromEmail(cls, email): """Return a GAE User based on an email address. Args: email: Email address of the user. Returns: A GAE User instance, or None if the email doesn't resolve. """ u = users.User(email) key = UserValidator(user=u).put() obj = UserValidator.get(key) user = obj.user obj.delete() if not user.user_id(): logging.error('User %s not found.', email) return None return user
def get(self): current_email = self.request.get('curremail') #email that is currently used new_email = self.request.get('newemail') #email the user wants to change to swap = self.request.get('swap') #Are we changing emails? currdata = UserData.get_from_user_input_email(current_email) newdata = UserData.get_from_user_input_email(new_email) if swap and currdata: #are we swapping? make sure account exists currdata.current_user = users.User(new_email) currdata.user_email = new_email if newdata: #delete old account currdata.user_id = newdata.user_id newdata.delete() currdata.put() template_values = {'App' : App, 'curremail': current_email, 'newemail': new_email, 'currdata': currdata, 'newdata': newdata, "properties": UserData.properties()} self.render_jinja2_template('devemailpanel.html', template_values)
def ensureUser(): """Returns the current user account and associated user object. """ account = accounts.getCurrentAccount() if not account: account = users.User(email='*****@*****.**') user_properties = { 'key_name': 'test', 'link_id': 'test', 'account': account, 'name': 'Test', } current_user = User(**user_properties) current_user.put() return account, current_user
def get(self): user = None try: user = users.User(self.request.get("email")) except: user = None max_entries = 100 answers = feedback_answers_for_user(user) answers = sorted(answers, key=lambda answer: answer.date) context = { "answers": answers, "count": len(answers) } self.response.headers['Content-Type'] = 'text/xml' path = os.path.join(os.path.dirname(__file__), 'video_feedback_notification_feed.xml') self.response.out.write(template.render(path, context))
def post(self): email = self.request.get('u') token = self.request.get('token') if email and token: if self.isSecure(token, email): user = users.User(email) if user: self.returnSamples(user) else: response = { 'responseDetails': 'Username has no samples.', 'responseStatus': '404' } self.response.out.write(simplejson.dumps(response)) else: response = { 'responseDetails': 'Missing e-mail or token in request', 'responseStatus': '400' } self.response.out.write(simplejson.dumps(response))