def handle_request(self, auth, path, get_vars, post_vars): if path == "login": # WIP client_id = request.get("client_id") info = {} # retrieve the user info upon login code = jwt.encode(info, self.secret + client_id, algorithm="HS256") elif path == "callback": db = self.auth.db code = (get_vars.get("code"),) client_id = (get_vars.get("client_id"),) client_secret = (get_vars.get("client_secret"),) redirect_uri = (get_vars.get("callback_url"),) grant_type = get_vars.get("grant_type") if ( not grant_type == "authorization_code" or not hashlib.sha1(client_secret).hexdigest() == client_id or not db(db.oauth2.client_secret == client_secret).count() ): raise HTTP(404) info = jwt.decode(code, self.secret + client_id, algorithms=["HS256"]) access_token = jwt.encode(info, self.secret, algorithm="HS256") return dict(access_token=access_token) elif path == "profile": access_token = request.environ.get("HTTP_AUTHORIZATION", "")[7:] info = jwt.decode(access_token, self.secret, algorithms=self.algorithms) return info else: raise HTTP(404)
def on_request(self, context): print(request.environ["REMOTE_ADDR"]) if self.protocol and not request.url.startswith(self.protocol + "://"): raise HTTP(400) if self.blocked_networks is not None: if match_ip(request.environ["REMOTE_ADDR"], self.blocked_networks): raise HTTP(400) if self.allowed_networks is not None: if not match_ip(request.environ["REMOTE_ADDR"], self.allowed_networks): raise HTTP(400) referer = request.environ.get("HTTP_REFERER") if referer and not self.split(referer) == self.split(request.url): raise HTTP(400)
def get_comments(self, id=None): if not id.isnumeric(): raise HTTP(500) user_id = self.auth.current_user.get('id') # TODO: figure out if i want to attach image urls or have them load in a different call comments = self.db(self.db.comment.ticket_id == id).select( self.db.comment.ALL, self.db.auth_user.first_name, self.db.auth_user.last_name, left=self.db.auth_user.on( self.db.comment.user_id == self.db.auth_user.id)).as_list() comments = list( map(lambda x: { **x["comment"], **x["auth_user"] }, comments)) # fetch the full user user = self.db(self.db.users.user == user_id).select().first() for comment in comments: comment['editable'] = comment.get( 'user_id') == self.auth.current_user.get( 'id') or user.role == "admin" comment_creator = self.db( self.db.users.user == comment.get('user_id')).select().first() comment['img_url'] = Helper.get_user_icon(comment_creator["icon"]) return dict(comments=comments)
def delete_comment(self): comment_id = request.json.get('comment_id') auth_user_id = self.auth.current_user.get( 'id') if self.auth.current_user else None if not comment_id or not auth_user_id: raise HTTP(500) comment = self.db.comment[comment_id] user = self.db(self.db.users.user == auth_user_id).select().first() if comment.user_id != auth_user_id and user.role != "admin": raise HTTP(403) comment.delete_record() return "ok boomer"
def get_ticket_completion(ticket_id=None): if not ticket_id: raise HTTP(500) completed, discovered = _get_ticket_completion(ticket_id) return dict(percentage=completed / discovered if discovered != 0 else 0)
def on_request(self): response.headers["Access-Control-Allow-Origin"] = self.origin response.headers["Access-Control-Max-Age"] = self.age response.headers["Access-Control-Allow-Headers"] = self.headers response.headers["Access-Control-Allow-Methods"] = self.methods response.headers["Access-Control-Allow-Credentials"] = "true" if request.method == "OPTIONS": raise HTTP(200)
def on_request(self): print(request.environ['REMOTE_ADDR']) if self.protocol and not request.url.startswith(self.protocol + '://'): raise HTTP(400) if self.blocked_networks is not None: if match_ip(request.environ['REMOTE_ADDR'], self.blocked_networks): raise HTTP(400) if self.allowed_networks is not None: if not match_ip(request.environ['REMOTE_ADDR'], self.allowed_networks): raise HTTP(400) referer = request.environ.get('HTTP_REFERER') if referer and not self.split(referer) == self.split(request.url): raise HTTP(400)
def handle_request(self, auth, path, get_vars, post_vars): if path == "login": auth.session["_next"] = request.query.get("next") or URL("index") redirect(self.get_login_url()) elif path == "callback": self._handle_callback(auth, get_vars) else: raise HTTP(404)
def add_subticket(): parent_id = request.json.get('parent_id') child_id = request.json.get('child_id') if not parent_id or not child_id: raise HTTP(500) db.sub_tickets.update_or_insert(parent_id=parent_id, child_id=child_id) ticket = db(db.tickets.id == child_id).select().as_list()[0] return dict(ticket=ticket)
def _handle_callback(self, auth, get_vars): data = self.callback(get_vars) if not data: raise HTTP(401) error = data.get("error") if error: if isinstance(error, str): code, msg = 401, error else: code = error.get("code", 401) msg = error.get("message", "Unknown error") raise HTTP(code, msg) if auth.db: # map returned fields into auth_user fields user = {} for key, value in self.maps.items(): value, parts = data, value.split(".") for part in parts: value = value[int(part) if part.isdigit() else part] user[key] = value user["sso_id"] = "%s:%s" % (self.name, user["sso_id"]) if not "username" in user: user["username"] = user["sso_id"] # store or retrieve the user data = auth.get_or_register_user(user) else: # WIP Allow login without DB if not "id" in data: data["id"] = data.get("username") or data.get("email") user_id = data.get("id") auth.store_user_in_session(user_id) if "_next" in auth.session: next = auth.session.get("_next") del auth.session["_next"] else: next = URL("index") redirect(next)
def get_possible_subtickets(ticket_id=None): if not ticket_id: raise HTTP(500) tickets = db(db.tickets).select().as_list() ancestors = [] _get_ancestor_list(ticket_id, ancestors) descendants = [] _get_descendants_list(ticket_id, descendants) invalid_list = ancestors + descendants + [int(ticket_id)] print(invalid_list) valid_tickets = [] for ticket in tickets: if ticket.get("id") not in invalid_list: valid_tickets.append(ticket) return dict(tickets=valid_tickets)
def add_comment(self): content = request.json.get('content') ticket_id = request.json.get('ticket_id') if not content or not ticket_id: raise HTTP(500) # inserting it manually because the default does not seem to work user_id = self.auth.current_user.get( 'id') if self.auth.current_user else None first_name = self.auth.current_user.get( 'first_name') if self.auth.current_user else None last_name = self.auth.current_user.get( 'last_name') if self.auth.current_user else None user = self.db(self.db.users.user == user_id).select().first() EventLogger.log_comment(content, ticket_id, user_id) return dict(id=self.db.comment.insert(ticket_id=ticket_id, content=content, user_id=user_id), first_name=first_name, last_name=last_name, img_url=Helper.get_user_icon(user["icon"]))
def on_request(self): if not request.urlparts.netloc.startswith('localhost'): raise HTTP(403)