def display(self, req, form):
        """Display search history page.  A misnomer."""

        argd = wash_urlargd(form, {'p': (str, "n")
                                   })

        uid = getUid(req)

        # load the right language
        _ = gettext_set_language(argd['ln'])

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/display" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/youralerts/display%s" % (
                        CFG_SITE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usealerts']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use alerts."))

        if argd['p'] == 'y':
            _title = _("Popular Searches")
        else:
            _title = _("Your Searches")

        # register event in webstat
        if user_info['email']:
            user_str = "%s (%d)" % (user_info['email'], user_info['uid'])
        else:
            user_str = ""
        try:
            register_customevent("alerts", ["display", "", user_str])
        except:
            register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'")

        return page(title=_title,
                    body=webalert.perform_display(argd['p'], uid, ln=argd['ln']),
                    navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % {
                                 'sitesecureurl' : CFG_SITE_SECURE_URL,
                                 'ln': argd['ln'],
                                 'account' : _("Your Account"),
                              },
                    description=_("%s Personalize, Display searches") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                    keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                    uid=uid,
                    language=argd['ln'],
                    req=req,
                    lastupdated=__lastupdated__,
                    navmenuid='youralerts',
                    secure_page_p=1)
    def list(self, req, form):

        argd = wash_urlargd(form, {})

        uid = getUid(req)

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/list" % (CFG_SITE_SECURE_URL,), navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req,
                "%s/youraccount/login%s"
                % (
                    CFG_SITE_SECURE_URL,
                    make_canonical_urlargd(
                        {
                            "referer": "%s/youralerts/list%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd(argd, {})),
                            "ln": argd["ln"],
                        },
                        {},
                    ),
                ),
            )

        # load the right language
        _ = gettext_set_language(argd["ln"])
        user_info = collect_user_info(req)
        if not user_info["precached_usealerts"]:
            return page_not_authorized(req, "../", text=_("You are not authorized to use alerts."))

        # register event in webstat
        if user_info["email"]:
            user_str = "%s (%d)" % (user_info["email"], user_info["uid"])
        else:
            user_str = ""
        try:
            register_customevent("alerts", ["list", "", user_str])
        except:
            register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'")

        return page(
            title=_("Your Alerts"),
            body=webalert.perform_list_alerts(uid, ln=argd["ln"]),
            navtrail="""<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>"""
            % {"sitesecureurl": CFG_SITE_SECURE_URL, "ln": argd["ln"], "account": _("Your Account")},
            description=_("%s Personalize, Display alerts") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME),
            keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME),
            uid=uid,
            language=argd["ln"],
            req=req,
            lastupdated=__lastupdated__,
            navmenuid="youralerts",
        )
 def customevent_register(self, req, form):
     """Register a customevent and reload to it defined url"""
     argd = wash_urlargd(form, {'event_id': (str, ""),
                                'arg': (str, ""),
                                'url': (str, ""),
                                'ln': (str, CFG_SITE_LANG)})
     params = argd['arg'].split(',')
     if "WEBSTAT_IP" in params:
         index = params.index("WEBSTAT_IP")
         params[index] = str(req.remote_ip)
     register_customevent(argd['event_id'], params)
     return redirect_to_url(req, unquote(argd['url']), apache.HTTP_MOVED_PERMANENTLY)
 def customevent_register(self, req, form):
     """Register a customevent and reload to it defined url"""
     argd = wash_urlargd(
         form, {
             'event_id': (str, ""),
             'arg': (str, ""),
             'url': (str, ""),
             'ln': (str, CFG_SITE_LANG)
         })
     params = argd['arg'].split(',')
     if "WEBSTAT_IP" in params:
         index = params.index("WEBSTAT_IP")
         params[index] = str(req.remote_ip)
     register_customevent(argd['event_id'], params)
     return redirect_to_url(req, unquote(argd['url']),
                            apache.HTTP_MOVED_PERMANENTLY)
    def display(self, req, form):
        """Display search history page.  A misnomer."""

        argd = wash_urlargd(form, {'p': (str, "n")})

        uid = getUid(req)

        # load the right language
        _ = gettext_set_language(argd['ln'])

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/display" % \
                                             (CFG_SITE_SECURE_URL,),
                                       navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req, "%s/youraccount/login%s" %
                (CFG_SITE_SECURE_URL,
                 make_canonical_urlargd(
                     {
                         'referer':
                         "%s/youralerts/display%s" %
                         (CFG_SITE_SECURE_URL, make_canonical_urlargd(
                             argd, {})),
                         "ln":
                         argd['ln']
                     }, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usealerts']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use alerts."))

        if argd['p'] == 'y':
            _title = _("Popular Searches")
        else:
            _title = _("Your Searches")

        # register event in webstat
        if user_info['email']:
            user_str = "%s (%d)" % (user_info['email'], user_info['uid'])
        else:
            user_str = ""
        try:
            register_customevent("alerts", ["display", "", user_str])
        except:
            register_exception(
                suffix=
                "Do the webstat tables exists? Try with 'webstatadmin --load-config'"
            )

        return page(
            title=_title,
            body=webalert.perform_display(argd['p'], uid, ln=argd['ln']),
            navtrail=
            """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>"""
            % {
                'sitesecureurl': CFG_SITE_SECURE_URL,
                'ln': argd['ln'],
                'account': _("Your Account"),
            },
            description=_("%s Personalize, Display searches") %
            CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
            keywords=_("%s, personalize") %
            CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
            uid=uid,
            language=argd['ln'],
            req=req,
            lastupdated=__lastupdated__,
            navmenuid='youralerts',
            secure_page_p=1)
class WebInterfaceYourAlertsPages(WebInterfaceDirectory):
    """Defines the set of /youralerts pages."""

    _exports = [
        '', 'display', 'input', 'modify', 'list', 'add', 'update', 'remove'
    ]

    def index(self, req, dummy):
        """Index page."""
        redirect_to_url(req, '%s/youralerts/list' % CFG_SITE_SECURE_URL)

    def display(self, req, form):
        """Display search history page.  A misnomer."""

        argd = wash_urlargd(form, {'p': (str, "n")})

        uid = getUid(req)

        # load the right language
        _ = gettext_set_language(argd['ln'])

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/display" % \
                                             (CFG_SITE_SECURE_URL,),
                                       navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req, "%s/youraccount/login%s" %
                (CFG_SITE_SECURE_URL,
                 make_canonical_urlargd(
                     {
                         'referer':
                         "%s/youralerts/display%s" %
                         (CFG_SITE_SECURE_URL, make_canonical_urlargd(
                             argd, {})),
                         "ln":
                         argd['ln']
                     }, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usealerts']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use alerts."))

        if argd['p'] == 'y':
            _title = _("Popular Searches")
        else:
            _title = _("Your Searches")

        # register event in webstat
        if user_info['email']:
            user_str = "%s (%d)" % (user_info['email'], user_info['uid'])
        else:
            user_str = ""
        try:
            register_customevent("alerts", ["display", "", user_str])
        except:
            register_exception(
                suffix=
                "Do the webstat tables exists? Try with 'webstatadmin --load-config'"
            )

        return page(
            title=_title,
            body=webalert.perform_display(argd['p'], uid, ln=argd['ln']),
            navtrail=
            """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>"""
            % {
                'sitesecureurl': CFG_SITE_SECURE_URL,
                'ln': argd['ln'],
                'account': _("Your Account"),
            },
            description=_("%s Personalize, Display searches") %
            CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
            keywords=_("%s, personalize") %
            CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
            uid=uid,
            language=argd['ln'],
            req=req,
            lastupdated=__lastupdated__,
            navmenuid='youralerts',
            secure_page_p=1)

    def input(self, req, form):

        argd = wash_urlargd(
            form, {
                'idq': (int, None),
                'name': (str, ""),
                'freq': (str, "week"),
                'notif': (str, "y"),
                'idb': (int, 0),
                'error_msg': (str, ""),
            })

        uid = getUid(req)

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/input" % \
                                             (CFG_SITE_SECURE_URL,),
                                       navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req, "%s/youraccount/login%s" %
                (CFG_SITE_SECURE_URL,
                 make_canonical_urlargd(
                     {
                         'referer':
                         "%s/youralerts/input%s" %
                         (CFG_SITE_SECURE_URL, make_canonical_urlargd(
                             argd, {})),
                         "ln":
                         argd['ln']
                     }, {})))

        # load the right language
        _ = gettext_set_language(argd['ln'])
        user_info = collect_user_info(req)
        if not user_info['precached_usealerts']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use alerts."))

        try:
            html = webalert.perform_input_alert("add",
                                                argd['idq'],
                                                argd['name'],
                                                argd['freq'],
                                                argd['notif'],
                                                argd['idb'],
                                                uid,
                                                ln=argd['ln'])
        except webalert.AlertError, msg:
            return page(
                title=_("Error"),
                body=webalert_templates.tmpl_errorMsg(ln=argd['ln'],
                                                      error_msg=msg),
                navtrail=
                """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>"""
                % {
                    'sitesecureurl': CFG_SITE_SECURE_URL,
                    'ln': argd['ln'],
                    'account': _("Your Account"),
                },
                description=_("%s Personalize, Set a new alert") %
                CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                keywords=_("%s, personalize") %
                CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                uid=uid,
                language=argd['ln'],
                req=req,
                lastupdated=__lastupdated__,
                navmenuid='youralerts')

        if argd['error_msg'] != "":
            html = webalert_templates.tmpl_errorMsg(
                ln=argd['ln'],
                error_msg=argd['error_msg'],
                rest=html,
            )

        # register event in webstat
        alert_str = "%s (%d)" % (argd['name'], argd['idq'])
        if user_info['email']:
            user_str = "%s (%d)" % (user_info['email'], user_info['uid'])
        else:
            user_str = ""
        try:
            register_customevent("alerts", ["input", alert_str, user_str])
        except:
            register_exception(
                suffix=
                "Do the webstat tables exists? Try with 'webstatadmin --load-config'"
            )

        return page(
            title=_("Set a new alert"),
            body=html,
            navtrail=
            """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>"""
            % {
                'sitesecureurl': CFG_SITE_SECURE_URL,
                'ln': argd['ln'],
                'account': _("Your Account"),
            },
            description=_("%s Personalize, Set a new alert") %
            CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
            keywords=_("%s, personalize") %
            CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
            uid=uid,
            language=argd['ln'],
            req=req,
            lastupdated=__lastupdated__,
            navmenuid='youralerts')
        if argd['error_msg'] != "":
            html = webalert_templates.tmpl_errorMsg(
                ln=argd['ln'],
                error_msg=argd['error_msg'],
                rest=html,
            )

        # register event in webstat
        alert_str = "%s (%d)" % (argd['name'], argd['idq'])
        if user_info['email']:
            user_str = "%s (%d)" % (user_info['email'], user_info['uid'])
        else:
            user_str = ""
        try:
            register_customevent("alerts", ["modify", alert_str, user_str])
        except:
            register_exception(
                suffix=
                "Do the webstat tables exists? Try with 'webstatadmin --load-config'"
            )

        return page(
            title=_("Modify alert settings"),
            body=html,
            navtrail=
            """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>"""
            % {
                'sitesecureurl': CFG_SITE_SECURE_URL,
                'ln': argd['ln'],
                'account': _("Your Account"),
        editor = False
        if acc_authorize_action(getUid(req), "cfgwebjournal", name="%s" % journal_name)[0] == 0:
            editor = True

        if article_id is None:
            html = perform_request_index(
                req, journal_name, journal_issue, argd["ln"], category, editor, verbose=argd["verbose"]
            )
        else:
            html = perform_request_article(
                req, journal_name, journal_issue, argd["ln"], category, article_id, editor, verbose=argd["verbose"]
            )
            # register event in webstat
            try:
                register_customevent(
                    "journals", ["display", journal_name, journal_issue, category, argd["ln"], article_id]
                )
            except:
                register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'")
        return html

    def contact(self, req, form):
        """
        Display contact information for the journal.
        """
        argd = wash_urlargd(form, {"name": (str, ""), "ln": (str, ""), "verbose": (int, 0)})
        try:
            ln = wash_journal_language(argd["ln"])
            washed_journal_name = wash_journal_name(ln, argd["name"])
        except InvenioWebJournalNoJournalOnServerError, e:
            register_exception(req=req)
        if argd['error_msg'] != "":
            html = webalert_templates.tmpl_errorMsg(
                     ln = argd['ln'],
                     error_msg = argd['error_msg'],
                     rest = html,
                   )

        # register event in webstat
        alert_str = "%s (%d)" % (argd['name'], argd['idq'])
        if user_info['email']:
            user_str = "%s (%d)" % (user_info['email'], user_info['uid'])
        else:
            user_str = ""
        try:
            register_customevent("alerts", ["modify", alert_str, user_str])
        except:
            register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'")

        return page(title=_("Modify alert settings"),
                    body=html,
                    navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % {
                                 'sitesecureurl' : CFG_SITE_SECURE_URL,
                                 'ln': argd['ln'],
                                 'account' : _("Your Account"),
                              },
                    description=_("%s Personalize, Modify alert settings") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                    keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                    uid=uid,
                    language=argd['ln'],
                    req=req,
示例#10
0
def acc_get_uid_from_request(path, args):
    """
    Looks in the data base for the secret that matches with the API key in the
    request. If the REST API key is found and if the signature is correct
    returns the user's id.

    @param path: uri of the request until the "?" (i.e.: req.uri)
    @type path: string
    @param args: All the params of the request (i.e.: req.args)
    @type args: string

    @return: If everything goes well it returns the user's uid, it not -1
    """
    from invenio.webstat import register_customevent

    params = parse_qsl(args)
    api_key = signature = timestamp = None

    for param in params:
        if param[0] == 'apikey':
            api_key = param[1]
        elif param[0] == 'signature':
            signature = param[1]
            params.remove(param) #Get rid of the signature
        elif param [0] == 'timestamp':
            timestamp = param[1]
    #Check if the url is well built
    if api_key == None or signature == None:
        return -1

    url_req = "%s?%s" % (path, urlencode(params))

    authorized_time = None
    need_timestamp = False
    for url, authorized_time, need_timestamp in _CFG_WEB_API_KEY_ALLOWED_URL:
        if url.match(url_req) is not None:
            break

    if need_timestamp and timestamp == None:
        return -1

    if authorized_time is None:
        return -1

    if authorized_time != 0 and need_timestamp:
        time_lapse = time.time() - float(timestamp)
        if time_lapse > authorized_time or time_lapse < 0:
            return -1

    key = run_sql("SELECT id_user, secret FROM webapikey WHERE id=%s AND status <> %s AND status <> %s",
                  (api_key, CFG_WEB_API_KEY_STATUS['REMOVED'], CFG_WEB_API_KEY_STATUS['REVOKED']))
    if len(key) == 0 or not key:
        return -1
    else:
        uid = key[0][0]
        secret_key = key[0][1]
        server_signature = hmac.new(secret_key, url_req, sha1).hexdigest()
        if signature == server_signature:
            #If the signature is fine, log the key activity and return the UID
            register_customevent("apikeyusage", [uid, api_key, path, url_req])
            return uid
        else:
            return -1
                                         argd['ln'],
                                         category,
                                         editor,
                                         verbose=argd['verbose'])
        else:
            html = perform_request_article(req,
                                           journal_name,
                                           journal_issue,
                                           argd['ln'],
                                           category,
                                           article_id,
                                           editor,
                                           verbose=argd['verbose'])
            # register event in webstat
            try:
                register_customevent("journals", ["display", journal_name, journal_issue, category, argd['ln'], article_id])
            except:
                register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'")
        return html

    def contact(self, req, form):
        """
        Display contact information for the journal.
        """
        argd = wash_urlargd(form, {'name': (str, ""),
                                   'ln': (str, ""),
                                   'verbose': (int, 0)
                                   })
        try:
            ln = wash_journal_language(argd['ln'])
            washed_journal_name = wash_journal_name(ln, argd['name'])
示例#12
0
def acc_get_uid_from_request(path, args):
    """
    Looks in the data base for the secret that matches with the API key in the
    request. If the REST API key is found and if the signature is correct
    returns the user's id.

    @param path: uri of the request until the "?" (i.e.: req.uri)
    @type path: string
    @param args: All the params of the request (i.e.: req.args)
    @type args: string

    @return: If everything goes well it returns the user's uid, it not -1
    """
    from invenio.webstat import register_customevent

    params = parse_qsl(args)
    api_key = signature = timestamp = None

    for param in params:
        if param[0] == 'apikey':
            api_key = param[1]
        elif param[0] == 'signature':
            signature = param[1]
            params.remove(param)  #Get rid of the signature
        elif param[0] == 'timestamp':
            timestamp = param[1]
    #Check if the url is well built
    if api_key == None or signature == None:
        return -1

    url_req = "%s?%s" % (path, urlencode(params))

    authorized_time = None
    need_timestamp = False
    for url, authorized_time, need_timestamp in _CFG_WEB_API_KEY_ALLOWED_URL:
        if url.match(url_req) is not None:
            break

    if need_timestamp and timestamp == None:
        return -1

    if authorized_time is None:
        return -1

    if authorized_time != 0 and need_timestamp:
        time_lapse = time.time() - float(timestamp)
        if time_lapse > authorized_time or time_lapse < 0:
            return -1

    key = run_sql(
        "SELECT id_user, secret FROM webapikey WHERE id=%s AND status <> %s AND status <> %s",
        (api_key, CFG_WEB_API_KEY_STATUS['REMOVED'],
         CFG_WEB_API_KEY_STATUS['REVOKED']))
    if len(key) == 0 or not key:
        return -1
    else:
        uid = key[0][0]
        secret_key = key[0][1]
        server_signature = hmac.new(secret_key, url_req, sha1).hexdigest()
        if signature == server_signature:
            #If the signature is fine, log the key activity and return the UID
            register_customevent("apikeyusage", [uid, api_key, path, url_req])
            return uid
        else:
            return -1
示例#13
0
    def acc_get_uid_from_request(cls):
        """
        Looks in the data base for the secret that matches with the API key in the
        request. If the REST API key is found and if the signature is correct
        returns the user's id.

        @return: If everything goes well it returns the user's uid, if not -1
        """

        from invenio.webstat import register_customevent
        from flask import request
        api_key = signature = timestamp = None

        if 'apikey' in request.values:
            api_key = request.values['apikey']

        if 'signature' in request.values:
            signature = request.values['signature']

        if 'timestamp' in request.values:
            timestamp = request.values['timestamp']

        # Check if the request is well built
        if api_key is None or signature is None:
            return -1

        # Remove signature from the url params
        path = request.base_url
        url_req = request.url
        parsed_url = urlparse(url_req)
        params = parse_qs(parsed_url.query)
        params = dict([(i, j[0]) for i, j in list(params.items())])

        try:
            del params['signature']
        except KeyError:  # maybe signature was in post params
            pass

        # Reconstruct the url
        query = urlencode(sorted(params.items(), key=lambda x: x[0]))
        url_req = urlunparse(
            (parsed_url.scheme, parsed_url.netloc, parsed_url.path,
             parsed_url.params, query, parsed_url.fragment))

        authorized_time = None
        need_timestamp = False
        for url, authorized_time, need_timestamp in _CFG_WEB_API_KEY_ALLOWED_URL:
            if url.match(url_req) is not None:
                break

        if need_timestamp and timestamp is None:
            return -1

        if authorized_time is None:
            return -1

        if authorized_time != 0 and need_timestamp:
            time_lapse = time.time() - float(timestamp)
            if time_lapse > authorized_time or time_lapse < 0:
                return -1

        keys = cls.get_available(apikey=api_key)
        if not len(keys):
            return -1
        key = keys[0]

        uid = key.id_user
        secret_key = key.secret
        server_signature = cls.get_server_signature(secret_key, url_req)
        if signature == server_signature:
            #If the signature is fine, log the key activity and return the UID
            register_customevent("apikeyusage", [uid, api_key, path, url_req])
            return uid
        else:
            return -1