def get(self): key = auth() parser = reqparse.RequestParser() parser.add_argument("page", type=int, help="Current page number.") parser.add_argument("per_page", type=int, help="Items per page.") parser.add_argument("id", type=str, help="Unique ID") args = parser.parse_args() res = [event.jsonify() for event in get(key, Event)] res.reverse() # Pagination is performed here to ensure we # return the latest entries first. if args.page: if args.per_page: p = args.page p = p - 1 pp = args.per_page return (res[p * pp:(p * pp) + pp]) res = [ event.jsonify() for event in get(key, Event, page=args.page) ] res.reverse() return (res) if args.id: event = get(key, Event, ('uid', args.id)) if not event: abort(404) return event.jsonify() # Return the last 50 elements by default return (res[-50:])
def post(self, username): key = auth() user = get(key, User, ('username', username)) parser = reqparse.RequestParser() parser.add_argument("username", type=str, help="Username of account") parser.add_argument("name", type=str, help="Name of account") parser.add_argument("email", type=str, help="Email address of account") parser.add_argument( "key", type=str, help="Key to introduce the user to (requires systemwide:0)") parser.add_argument("password", type=str, help="Password of account") parser.add_argument("systemwide", type=bool, help="A global user", default=None) args = parser.parse_args() if user is None: abort(404, message="User {0} not found.".format(username)) # # Attaching keyfiles to users. Modify here to do things like stegenography etc. # if 'keyfile' in request.files.keys(): f = request.files['keyfile'] print f print "Nonzero:", f.__nonzero__() tmp_buffer = cStringIO.StringIO(f.read()) user.keyfile = tmp_buffer.read() db.session.add(user) db.session.commit() tmp_buffer.close() request.files['keyfile'].close() return {'message': 'User modified.'} if args.username: already = get(key, User, ('username', username)) if already: abort(422, message="This username is already in use.") user.username = args.username if args.name: user.name = args.name if args.email: user.email = args.email if args.password: user.change_passwd(args.password) if key.systemwide: if args.systemwide: del user.key if args.systemwide == False: if key.name == app.config["MASTER_KEY_NAME"] and args.key: new_key = APIKey.query.filter( APIKey.name == app.config['MASTER_KEY_NAME']).first() new_key.users.append(user) else: key.users.append(user) db.session.commit() return user.jsonify()
def post(self, name): key = auth() parser = reqparse.RequestParser() parser.add_argument("name", type=str, help="Name of the group to create.", required=True) args = parser.parse_args() group = get(key, Group, ('name', name)) if not group: abort(404, message="Unrecognized group.") if not group.key and not key.systemwide: return {"message": "Cannot revoke on global groups."}, 304 privs = [] acls = [] for n in args.name.split(','): priv = get(key, Priv, ('name', n)) if priv and (key.global_del or group.key): privs.append(priv) acl = Acl.query.filter( and_(Acl.priv == priv, Acl.group == group)).first() acls.append({acl.priv.name: acl.allowed}) db.session.delete(acl) if not privs: return { 'message': "You didn't specify any recognisable privileges." }, 304 db.session.add(group) db.session.commit() return acls
def get(self, name): key = auth() group = get(key, Group, ('name', name)) try: return get(key, Group, ('name', name)).jsonify(with_users=True, with_privs=True) except: abort(404, message="Unrecognized group.")
def get(self, name=None): key = auth() parser = reqparse.RequestParser() parser.add_argument("page", type=int, help="Current page number.") parser.add_argument("per_page", type=int, help="Items per page.") args = parser.parse_args() if args.page: if args.per_page: return [priv.jsonify() for priv in get(key, Priv, page=args.page, per_page=args.per_page)] return [priv.jsonify() for priv in get(key, Priv, page=args.page)] privs = get(key,Priv) return [priv.jsonify() for priv in privs]
def post(self): key = auth() parser = reqparse.RequestParser() parser.add_argument("name", type=str, help="Name of the privilege to create.", required=True) parser.add_argument("systemwide", type=bool, help="Determines whether the privilege is systemwide.", required=True, default=None) args = parser.parse_args() msg="Privilege names may only contain alphanumeric characters, hyphens, underscores and whitespace." if not re.match("^[\w\-\s,]+$",args.name): abort(422, message=msg) privs=[] names = args.name.split(',') for name in names: priv = get(key, Priv, ('name',name)) if priv: privs.append(priv) if not privs: return abort(404) # Be careful with reparenting global privs to the local scope, as they disappear from # other applications ACLs. for priv in privs: if key.systemwide and key.global_del and args.systemwide == False and not priv.key: key.privs.append(priv) elif args.systemwide == True and key.systemwide: key.privs.remove(priv) db.session.add(priv) db.session.commit() return [priv.jsonify() for priv in privs]
def put(self): key = auth() parser = reqparse.RequestParser() parser.add_argument("name", type=str, help="Name of the privilege to create.", required=True) parser.add_argument("systemwide", type=bool, help="Determines whether the privilege is systemwide.", default=False) args = parser.parse_args() msg="Privilege names can only contain any combination of alphanumeric characters, hyphens, underscores and whitespace." privs=[] names = args.name.split(',') for name in names: if not re.match("^[\w\-\s,]+$",name): abort(422, message=msg) priv = get(key, Priv, ('name',name)) if priv: continue priv = Priv(name=name) if not key.systemwide or not args.systemwide: key.privs.append(priv) privs.append(priv) db.session.add(priv) if not privs: return [],304 db.session.commit() return [priv.jsonify() for priv in privs],201
def get(self): key = auth() parser = reqparse.RequestParser() parser.add_argument("page", type=int, help="Current page number.") parser.add_argument("per_page", type=int, help="Items per page.") args = parser.parse_args() if args.page: if args.per_page: return [ group.jsonify() for group in get( key, Group, page=args.page, per_page=args.per_page) ] return [ group.jsonify() for group in get(key, Group, page=args.page) ] return [group.jsonify() for group in get(key, Group)]
def post(self): key = auth() if not key.systemwide: abort(403) # TODO: Use a comma-separated list of names to modify multiple groups in one request. parser = reqparse.RequestParser() parser.add_argument("name", type=str, help="Name of groups.", required=True) parser.add_argument("systemwide", type=bool, help="Systemwide flag", required=True, default=None) args = parser.parse_args() groups = [] for n in args.name.split(','): r = get(key, Group, ('name', n)) if r: if args.systemwide == True: already = get(key, Group, ('name', n), local=False) if len(already) > 1: abort( 409, message= "A systemwide group with this name already exists." ) r.key.groups.remove(r) elif args.systemwide == False and key.global_del: r.key = key groups.append(r) db.session.add(r) db.session.commit() return [group.jsonify() for group in groups]
def post(self, username): key = auth() user = get(key, User, ('username', username)) if not user: abort(404) parser = reqparse.RequestParser() parser.add_argument("password", type=str, help="Password of account", default=None) args = parser.parse_args() if args.password: if user.verify_password(args.password): user.last_login = datetime.datetime.now() ev = Event(user=user, key=key, success=True) db.session.add(ev) db.session.commit() return True ev = Event(user=user, key=key, success=False) db.session.add(ev) db.session.commit() return False # # File-based authentication would be good for card readers # stegenographically embedded UIDs in cat macros or thumbprints. # (write output to a file-like object and send it over the wire) # if 'keyfile' in request.files.keys(): f = request.files['keyfile'] print f print "Nonzero:", f.__nonzero__() tmp_buffer = cStringIO.StringIO(f.read()) request.files['keyfile'].close() if user.keyfile == tmp_buffer.read(): tmp_buffer.close() user.last_login = datetime.datetime.now() ev = Event(user=user, key=key, success=True) db.session.add(ev) db.session.commit() return True tmp_buffer.close() ev = Event(user=user, key=key, success=False) db.session.add(ev) db.session.commit() return False return {}, 400
def get(self): key = auth() parser = reqparse.RequestParser() parser.add_argument("page", type=int, help="Current page number.") parser.add_argument("per_page", type=int, help="Items per page.") parser.add_argument("id", type=str, help="Unique ID") args = parser.parse_args() if args.page: if args.per_page: return [ user.jsonify() for user in get( key, User, page=args.page, per_page=args.per_page) ] return [user.jsonify() for user in get(key, User, page=args.page)] if args.id: user = get(key, User, ('uid', args.id)) if not user: abort(404) return user.jsonify() return [user.jsonify() for user in get(key, User)]
def delete(self, username): key = auth() user = get(key, User, ('username', username)) if not user.key and not key.global_del: abort(304, message="Your API key cannot delete systemwide users.") try: db.session.delete(user) db.session.commit() except exc.UnmappedInstanceError: pass return "", 204
def post(self, name): key = auth() parser = reqparse.RequestParser() parser.add_argument("name", type=str, help="Name of the group to create.", required=True) args = parser.parse_args() group = get(key, Group, ('name', name)) if not group: abort(404, message="Unrecognized group.") privs = [] acls = [] for n in args.name.split(','): priv = get(key, Priv, ('name', n)) if priv: privs.append(priv) acl = Acl.query.filter( and_(Acl.priv == priv, Acl.group == group)).first() if not acl: acl = Acl() acl.group = group acl.priv = priv acl.allowed = False acls.append(acl) if not privs: return { 'message': "You didn't specify any recognisable privileges." }, 304 db.session.add(group) db.session.commit() return [{acl.priv.name: acl.allowed} for acl in acls]
def get(self, username): key = auth() user = get(key, User, ('username', username)) if not user: return {}, 404 else: parser = reqparse.RequestParser() parser.add_argument("can", type=str, help="Determine permission", required=False) args = parser.parse_args() if args.can: return user.can(args.can) return user.jsonify(with_groups=True)
def put(self): key = auth() parser = reqparse.RequestParser() parser.add_argument("name", type=str, help="Name of account", default="") parser.add_argument("email", type=str, help="Email address of account") parser.add_argument("username", type=str, help="Username of account", required=True) parser.add_argument("password", type=str, help="Password of account", required=True) parser.add_argument( "systemwide", type=bool, help="Determines whether this user has a parent API Key", default=None) args = parser.parse_args() msg = "%s may only contain alphanumeric characters, underscores, spaces and hyphens." if not re.match("^[\w\-\s]+$", args.username): abort(422, message=msg % "Usernames") #if not re.match("^[\w\-\s]+$",args.name): # abort(423, message=msg % "Names") if get(key, User, ('username', args.username)): return {"message": "User already exists."}, 304 try: user = User(args.username, args.email, args.name, args.password) if not key.systemwide or not args.systemwide: user.key = key db.session.add(user) db.session.commit() except exc.IntegrityError: abort(409, message="Username {0} or email {1} already in use.".format( args.username, args.email)) return user.jsonify(), 201
def delete(self): key = auth() parser = reqparse.RequestParser() parser.add_argument("name", type=str, help="Name of the group to delete.", required=True) args = parser.parse_args() groups = [] for n in args.name.split(','): r = get(key, Group, ('name', n)) if r and ((r.key == key) or key.global_del): groups.append(r) db.session.delete(r) if not groups: return {"message": "Unrecognized group(s)."}, 304 db.session.commit() return {}, 204
def put(self): "Create a group on a given API key." key = auth() parser = reqparse.RequestParser() parser.add_argument("name", type=str, help="Name of the group to create.", required=True) parser.add_argument("systemwide", type=bool, help="Determines whether the group is systemwide.", default=False) args = parser.parse_args() groups = [] response = {} msg = "Group names may only contained alphanumeric characters, underscores, spaces and hyphens." for n in args.name.split(','): if not re.match("^[\w\-\s]+$", n) or get(key, Group, ('name', n)): continue r = Group(name=n) if not key.systemwide or not args.systemwide: r.key = key groups.append(r) db.session.add(r) if not groups: return { "message": "group(s) already present or contain(s) illegal characters." }, 304 db.session.commit() return [r.jsonify() for r in groups], 201
def delete(self): key = auth() parser = reqparse.RequestParser() parser.add_argument("name", type=str, help="Name of the privilege to delete.", required=True) args = parser.parse_args() privs=[] names = args.name.split(',') for name in names: priv = get(key, Priv, ('name',name)) if priv: privs.append(priv) if not privs: return abort(404) for priv in privs: if not priv.key and not key.global_del: continue for acl in priv.groups: db.session.delete(acl) db.session.delete(priv) db.session.commit() return {}, 204
def get(self, username): key = auth() user = get(key, User, ('username', username)) parser = reqparse.RequestParser() parser.add_argument("page", type=int, help="Current page number.") parser.add_argument("per_page", type=int, help="Items per page.") args = parser.parse_args() if not user: return {}, 404 res = [event.jsonify() for event in user.events] res.reverse() if args.page: if args.per_page: p = args.page p = p - 1 pp = args.per_page return (res[p * pp:(p * pp) + pp]) return (res[-50:])
def post(self, name): key = auth() parser = reqparse.RequestParser() parser.add_argument("add", type=str, help="A list of users to add the group to.") parser.add_argument("remove", type=str, help="A list of users to remove the group from.") parser.add_argument( "allow", type=str, help="A list of permissions to grant to the group.") parser.add_argument("deny", type=str, help="A list of permissions to deny the group.") parser.add_argument( "revoke", type=str, help="A list of permissions to revoke from the group.") args = parser.parse_args() group = get(key, Group, ('name', name)) if not group: abort(404, message="Unrecognized group.") db.session.add(group) response = {} if args.add: users = [] for n in args.add.split(','): user = get(key, User, ('username', n)) if user: users.append(user) db.session.add(user) user.groups.append(group) if not users: response['add'] = { 'message': "You didn't specify any recognisable users." } else: response['add'] = [u.username for u in users] if args.remove: users = [] for n in args.remove.split(','): user = get(key, User, ('username', n)) if user: users.append(user) db.session.add(user) user.groups.remove(group) if not users: response['remove'] = { 'message': "You didn't specify any recognisable users." } else: response['remove'] = [u.username for u in users] if args.allow: allow_privs = [] allow_acls = [] for n in args.allow.split(','): priv = get(key, Priv, ('name', n)) if priv: allow_privs.append(priv) acl = Acl.query.filter( and_(Acl.priv == priv, Acl.group == group)).first() if not acl: acl = Acl() acl.group = group acl.priv = priv acl.allowed = True allow_acls.append(acl) if not allow_privs: response['allow'] = { 'message': "You didn't specify any recognisable privileges." } if allow_acls: response['allow'] = [{ acl.priv.name: acl.allowed } for acl in allow_acls] if args.deny: deny_privs = [] deny_acls = [] for n in args.deny.split(','): priv = get(key, Priv, ('name', n)) if priv: deny_privs.append(priv) acl = Acl.query.filter( and_(Acl.priv == priv, Acl.group == group)).first() if not acl: acl = Acl() acl.group = group acl.priv = priv acl.allowed = False deny_acls.append(acl) if not deny_privs: response['deny'] = { 'message': "You didn't specify any recognisable privileges." } if deny_acls: response['deny'] = [{ acl.priv.name: acl.allowed } for acl in deny_acls] if args.revoke and (key.global_del or group.key): revoke_privs = [] revoke_acls = [] for n in args.revoke.split(','): priv = get(key, Priv, ('name', n)) if priv: revoke_privs.append(priv) acl = Acl.query.filter( and_(Acl.priv == priv, Acl.group == group)).first() revoke_acls.append({acl.priv.name: acl.allowed}) del acl.group del acl.priv db.session.delete(acl) if not revoke_privs: response['revoke'] = { 'message': "You didn't specify any recognisable privileges." } else: response['revoke'] = [acl for acl in revoke_acls] if db.session.dirty: db.session.commit() return response
def get(self, name): key = auth() priv = get(key, Priv, ('name',name)) if priv: return priv.jsonify() abort(404)
def get(self, name): key = auth() group = get(key, Group, ('name', name)) if not group: abort(404, message="Unrecognized group.") return group.jsonify(with_users=True)['users']