def _check_api_response_validation(self, test_id): results_path = DOVETAIL_RESULTS_PATH.format(test_id) log_path = DOVETAIL_LOG_PATH.format(test_id) res = None # For release after 2018.09 # Dovetail adds 'validation' directly into results.json if os.path.exists(results_path): with open(results_path) as f: try: data = json.load(f) if data['validation'] == 'enabled': res = 'API response validation enabled' else: res = 'API response validation disabled' except Exception: pass if res: raise gen.Return(res) # For 2018.01 and 2018.09 # Need to check dovetail.log for this info if os.path.exists(log_path): with open(log_path) as f: log_content = f.read() warning_keyword = 'Strict API response validation DISABLED' if warning_keyword in log_content: raise gen.Return('API response validation disabled') else: raise gen.Return('API response validation enabled') raises.Forbidden('neither results.json nor dovetail.log are found')
def _post(self): query = {'openid': self.json_args['reviewer_openid']} user = yield dbapi.db_find_one('users', query) if not user: raises.Forbidden(message.unauthorized()) role = self.get_secure_cookie(auth_const.ROLE) if 'reviewer' not in role.split(','): self.finish_request({'code': 403, 'msg': 'You do not have the reviewer ' 'permision / role!'}) return test = yield dbapi.db_find_one( 'tests', {'id': self.json_args['test_id']}) if test['owner'] == self.json_args['reviewer_openid']: self.finish_request({'code': 403, 'msg': 'No permision to review own results'}) return query = { 'reviewer_openid': self.json_args['reviewer_openid'], 'test_id': self.json_args['test_id'] } review = yield dbapi.db_find_one(self.table, query) if review: if review['outcome'] != self.json_args['outcome']: yield dbapi.db_update(self.table, query, {'$set': { 'outcome': self.json_args['outcome'], 'creation_date': datetime.now()}}) self.finish_request() else: self.json_args['reviewer_name'] = user['fullname'] self.json_args['reviewer_email'] = user['email'] self._create(miss_fields=[], carriers=[])
def _update(self, query, db_keys): if self.json_args is None: raises.BadRequest(message.no_body()) # check old data exist from_data = yield self._eval_db_find_one(query) if from_data is None: raises.NotFound(message.not_found(self.table, query)) data = self.table_cls.from_dict(from_data) # check new data exist equal, new_query = self._update_query(db_keys, data) if not equal: to_data = yield self._eval_db_find_one(new_query) if to_data is not None: raises.Forbidden(message.exist(self.table, new_query)) # we merge the whole document """ edit_request = self._update_requests(data) """ Updating the DB """ yield self._eval_db(self.table, 'update', query, edit_request, check_keys=False) edit_request['_id'] = str(data._id) self.finish_request(edit_request)
def wrap(self, *args, **kwargs): query = kwargs.get('query') if query: to_data = yield dbapi.db_find_one(self.table, query()) if to_data: raises.Forbidden(message.exist(self.table, query())) ret = yield gen.coroutine(xstep)(self, *args, **kwargs) raise gen.Return(ret)
def wrap(self, *args, **kwargs): carriers = kwargs.pop('carriers', {}) if carriers: for table, query in carriers: exist = yield dbapi.db_find_one(table, query()) if not exist: raises.Forbidden(message.not_found(table, query())) ret = yield gen.coroutine(xstep)(self, *args, **kwargs) raise gen.Return(ret)
def wrap(self, data, *args, **kwargs): db_keys = kwargs.pop('db_keys', []) query = self._update_query(db_keys, data) if query: to_data = yield dbapi.db_find_one(self.table, query) if to_data: raises.Forbidden(message.exist(self.table, query)) ret = yield gen.coroutine(xstep)(self, data, *args, **kwargs) raise gen.Return(ret)
def wrap(self, *args, **kwargs): carriers = kwargs.get('carriers') if carriers: for table, query in carriers: exist = yield self._eval_db_find_one(query(), table) if not exist: raises.Forbidden(message.not_found(table, query())) ret = yield gen.coroutine(xstep)(self, *args, **kwargs) raise gen.Return(ret)
def _update_requests(self, data): request = dict() for k, v in self.json_args.iteritems(): request = self._update_request(request, k, v, data.__getattribute__(k)) if not request: raises.Forbidden(message.no_update()) edit_request = data.format() edit_request.update(request) return edit_request
def wrapper(self, *args, **kwargs): if self.auth: try: token = self.request.headers['X-Auth-Token'] except KeyError: raises.Unauthorized(message.unauthorized()) query = {'access_token': token} check = yield self._eval_db_find_one(query, 'tokens') if not check: raises.Forbidden(message.invalid_token()) ret = yield gen.coroutine(method)(self, *args, **kwargs) raise gen.Return(ret)
def _check_api_response_validation(self, test_id): log_path = DOVETAIL_LOG_PATH.format(test_id) if not os.path.exists(log_path): raises.Forbidden('dovetail.log not found, please check') with open(log_path) as f: log_content = f.read() warning_keyword = 'Strict API response validation DISABLED' if warning_keyword in log_content: raise gen.Return('API response validation disabled') else: raise gen.Return('API response validation enabled')
def wrap(self, *args, **kwargs): query = kwargs.get('query') if query: query_data = query() if self.table == 'pods': if query_data.get('name') is not None: query_data['name'] = re.compile( '\\b' + query_data.get('name') + '\\b', re.IGNORECASE) to_data = yield dbapi.db_find_one(self.table, query_data) if to_data: raises.Forbidden(message.exist(self.table, query())) ret = yield gen.coroutine(xstep)(self, *args, **kwargs) raise gen.Return(ret)
def delete(self, result_id): curr_user = self.get_secure_cookie(auth_const.OPENID) curr_user_role = self.get_secure_cookie(auth_const.ROLE) if curr_user is not None: query = {'_id': objectid.ObjectId(result_id)} test_data = yield dbapi.db_find_one(self.table, query) if not test_data: raises.NotFound(message.not_found(self.table, query)) if curr_user == test_data['owner'] or \ curr_user_role.find('administrator') != -1: self._delete(query=query) else: raises.Forbidden(message.no_auth()) else: raises.Unauthorized(message.no_auth())
def _update_requests_update_projects(self, version): exists = list() malformat = list() projects = list() for n in self.body: try: f_n = models.ScenarioProject.from_dict_with_raise(n) if not any(o.project == f_n.project for o in projects): projects.append(models.ScenarioProject.from_dict(n)) else: exists.append(n['project']) except: malformat.append(n) if malformat: raises.BadRequest(message.bad_format(malformat)) elif exists: raises.Forbidden(message.exist('projects', exists)) version.projects = projects
def _del(self): query = {'openid': self.json_args['reviewer_openid']} user = yield dbapi.db_find_one('users', query) if not user: raises.Forbidden(message.unauthorized()) role = self.get_secure_cookie(auth_const.ROLE) if 'reviewer' not in role.split(','): raises.Unauthorized(message.no_auth()) test = yield dbapi.db_find_one( 'tests', {'id': self.json_args['test_id']}) if test['owner'] == self.json_args['reviewer_openid']: self.finish_request({'code': 403, 'msg': 'No permision to review own results'}) return query = { 'reviewer_openid': self.json_args['reviewer_openid'], 'test_id': self.json_args['test_id'] } yield dbapi.db_delete(self.table, query) self.finish_request()