def unindex_object(obj, catalog=''): """Un-index given object from catalog""" LOGGER.debug("Un-indexing object {0!r}".format(obj)) intids = query_utility(IIntIds) if intids is not None: object_id = intids.queryId(obj) if object_id is not None: if isinstance(catalog, str): catalog = query_utility(ICatalog, name=catalog) if catalog is not None: catalog.unindex_doc(object_id)
def reindex_object(obj, catalog=''): """Reindex given object into catalog""" LOGGER.debug("Re-indexing object {0!r}".format(obj)) intids = query_utility(IIntIds) if intids is not None: object_id = intids.queryId(obj) if object_id is not None: if isinstance(catalog, str): catalog = query_utility(ICatalog, name=catalog) if catalog is not None: get_pyramid_registry().notify(BeforeObjectIndexEvent(obj)) catalog.reindex_doc(object_id, obj)
def check_required_utilities(site, utilities): """Utility function to check for required utilities :param ISite site: the site manager into which configuration may be checked :param tuple utilities: each element of the tuple is another tuple made of the utility interface, the utility registration name, the utility factory and the object name when creating the utility, as in: .. code-block:: python REQUIRED_UTILITIES = ((ISecurityManager, '', SecurityManager, 'Security manager'), (IPrincipalAnnotationUtility, '', PrincipalAnnotationUtility, 'User profiles')) """ registry = get_current_registry() for interface, name, factory, default_id in utilities: utility = query_utility(interface, name=name) if utility is None: lsm = site.getSiteManager() if default_id in lsm: continue if factory is None: factory = get_object_factory(interface) utility = factory() registry.notify(ObjectCreatedEvent(utility)) lsm[default_id] = utility lsm.registerUtility(utility, interface, name=name)
def get_current_jwt_token(request): """Get current JWT token for authenticated principal""" manager = query_utility(ISecurityManager) if manager is None: raise HTTPServiceUnavailable() configuration = IJWTSecurityConfiguration(manager) if not configuration.enabled: raise HTTPServiceUnavailable() if Authenticated not in request.effective_principals: raise HTTPForbidden() custom_claims = request.params.get('claims', {}) request.response.cache_expires(configuration.refresh_expiration) return { 'status': 'success', configuration.access_token_name: create_jwt_token(request, request.authenticated_userid, expiration=configuration.access_expiration, obj=ACCESS_OBJECT, **custom_claims), configuration.refresh_token_name: create_jwt_token(request, request.authenticated_userid, expiration=configuration.refresh_expiration, obj=REFRESH_OBJECT) }
def refresh_jwt_token(request): """JWT token refresh service""" sm = query_utility(ISecurityManager) # pylint: disable=invalid-name if sm is None: raise HTTPServiceUnavailable() configuration = IJWTSecurityConfiguration(sm) if not configuration.enabled: raise HTTPServiceUnavailable() # user remote authentication authority if configuration.proxy_mode: handler = IJWTProxyHandler(sm, None) if handler is not None: status_code, token = handler.refresh_token(request) # pylint: disable=assignment-from-no-return request.response.status_code = status_code return token # refresh token locally claims = get_jwt_claims(request) if not claims: raise HTTPForbidden() principal_id = claims.get('sub') if not principal_id: raise HTTPUnauthorized() params = request.params if TEST_MODE else request.validated custom_claims = params.get('claims', {}) return { 'status': 'success', configuration.access_token_name: create_jwt_token(request, principal_id, expiration=configuration.access_expiration, obj=ACCESS_OBJECT, **custom_claims) }
def index_object(obj, catalog='', ignore_notyet=False): """Index given object into catalog""" LOGGER.debug("Indexing object {0!r}".format(obj)) intids = query_utility(IIntIds) if intids is not None: try: object_id = intids.register(obj) except NotYet: if not ignore_notyet: raise else: if isinstance(catalog, str): catalog = query_utility(ICatalog, name=catalog) if catalog is not None: get_pyramid_registry().notify(BeforeObjectIndexEvent(obj)) catalog.index_doc(object_id, obj)
def handle_new_engine_data_extraction(event): """Handle new engine data""" name = event.data['name'] or '' engine = query_utility(IAlchemyEngineUtility, name=name) if engine is not None: event.form.widgets.errors += (Invalid(_("An SQLAlchemy engine is already " "registered with this name!")),)
def __acl__(self): """Get ACL for current context The result is stored into current request annotations, so it's not supposed to change during request lifetime. """ # always grant all permissions to system manager # and 'public' permission to everyone result = [(Allow, ADMIN_USER_ID, ALL_PERMISSIONS), (Allow, Everyone, {PUBLIC_PERMISSION})] # grant access to all roles permissions for role_id in self.get_granted_roles(): role = query_utility(IRole, role_id) if role is not None: result.append( (Allow, ROLE_ID.format(role_id), role.permissions)) # add denied permissions to everyone and authenticated permissions = self.get_everyone_denied() if permissions: result.append((Deny, Everyone, permissions)) permissions = self.get_authenticated_denied() if permissions: result.append((Deny, Authenticated, permissions)) # add allowed permissions to everyone and authenticated permissions = self.get_authenticated_granted() if permissions: result.append((Allow, Authenticated, permissions)) permissions = self.get_everyone_granted() if permissions: result.append((Allow, Everyone, permissions)) # deny all parent permissions if inheritance is disabled if not self.inherit_parent_security: result.append(DENY_ALL) LOGGER.debug('ACL({0!r}) = {1}'.format(self.__parent__, str(result))) return result
def get_engine(engine, use_pool=True): """Get engine matching given utility name""" if isinstance(engine, str): engine = query_utility(IAlchemyEngineUtility, name=engine) if engine is not None: return engine.get_engine(use_pool), engine.twophase return None
def notify_user_activation(user, request=None): """Send mail for user activation""" security = query_utility(ISecurityManager) settings = INotificationSettings(security) if not settings.enable_notifications: # pylint: disable=assignment-from-no-return LOGGER.info("Security notifications disabled, no message sent...") return mailer = settings.get_mailer() # pylint: disable=assignment-from-no-return if mailer is None: LOGGER.warning("Can't find mailer utility, no notification message sent!") return if request is None: request = check_request() translate = request.localizer.translate i18n_settings = II18n(settings) message_text, template_name = None, None if user.self_registered: # pylint: disable=assignment-from-no-return message_text = i18n_settings.query_attribute('registration_template', request=request) if not message_text: template_name = 'templates/register-message.pt' elif user.wait_confirmation: # pylint: disable=assignment-from-no-return message_text = i18n_settings.query_attribute('confirmation_template', request=request) if not message_text: template_name = 'templates/register-info.pt' site = get_parent(request.context, ISite) if message_text is not None: message_text = message_text.format(**user.to_dict()) elif template_name is not None: message_text = render(template_name, request=request, value={ 'user': user, 'site': site, 'settings': settings }) html_body = render('templates/register-body.pt', request=request, value={ 'user': user, 'site': site, 'settings': settings, 'message': message_text }) message = Message( subject=translate(_("{prefix}Please confirm registration")).format( prefix="{prefix} ".format(prefix=settings.subject_prefix) if settings.subject_prefix else ''), sender='{name} <{email}>'.format(name=settings.sender_name, email=settings.sender_email), recipients=("{firstname} {lastname} <{email}>".format(firstname=user.firstname, lastname=user.lastname, email=user.email),), html=Attachment(data=html_body, content_type='text/html; charset=utf-8', disposition='inline', transfer_encoding='quoted-printable'), body=Attachment(data=html_to_text(html_body), content_type='text/plain; charset=utf-8', disposition='inline', transfer_encoding='quoted-printable')) mailer.send(message)
def oid(self): """Get context ID in hexadecimal form""" intids = query_utility(IIntIds) if intids is not None: object_id = intids.register(self.context) if object_id is not None: return hex(object_id)[2:] return None
def title(self): """Title getter""" translate = self.request.localizer.translate scheduler = query_utility(IScheduler) task = get_parent(self.context, ITask) return '<small>{}</small><br />{}'.format( get_object_label(scheduler, self.request, self), translate(_("Task: {}")).format(task.name))
def check_password(self, password): """Check given password with encoded one""" if not (self.activated and self.password): return False manager = query_utility(IPasswordManager, name=self.password_manager) if manager is None: return False return manager.checkPassword(self.password, password)
def __init__(self, *args, **kwargs): # pylint: disable=unused-argument terms = [] manager = query_utility(ISecurityManager) if manager is not None: for name, plugin in manager.items(): if IUsersFolderPlugin.providedBy(plugin): terms.append(SimpleTerm(name, title=plugin.title)) super().__init__(terms)
def configuration(self): # pylint: disable=no-self-use """JWT configuration getter""" try: manager = query_utility(ISecurityManager) if manager is not None: return IJWTSecurityConfiguration(manager) except ConnectionStateError: return None return None
def get_principal(request, principal_id=None): """Get principal associated with given request""" manager = query_utility(ISecurityManager) if manager is not None: if principal_id is None: principal_id = request.authenticated_userid if principal_id: return manager.get_principal(principal_id) return UnknownPrincipal return None
def tzinfo(request=None): # pylint: disable=unused-argument """request to timezone adapter There is no easy way to get timezone from a request. This adapter assumes that the timezone is given by a registered utility... """ util = query_utility(IServerTimezone) if util is not None: return pytz.timezone(util.timezone) return GMT
def create_jwt_token(request, principal, expiration=None, audience=None, **claims): # pylint: disable=unused-argument """Create JWT token""" plugin = query_utility(IJWTAuthenticationPlugin) if (plugin is not None) and plugin.enabled: return plugin.create_token(principal, expiration, audience, **claims) return None
def __init__(self, context=None): # pylint: disable=unused-argument terms = [] negotiator = query_utility(INegotiator) if negotiator is not None: translate = check_request().localizer.translate for lang in negotiator.offered_languages: terms.append( SimpleTerm(lang, title=translate( BASE_LANGUAGES.get(lang) or _("<unknown>")))) super(I18nOfferedLanguages, self).__init__(terms)
def schedule_mode(self, value): """Scheduler mode setter""" if self._schedule_mode is not None: mode = query_utility(ITaskSchedulingMode, name=self._schedule_mode) if (mode is not None) and mode.marker_interface.providedBy(self): noLongerProvides(self, mode.marker_interface) self._schedule_mode = value if value: mode = get_utility(ITaskSchedulingMode, name=value) alsoProvides(self, mode.marker_interface) mode.schema(self).active = False if self.__parent__ is not None: self.reset()
def verify_jwt_token(request): """JWT token verification view""" manager = query_utility(ISecurityManager) if manager is None: raise HTTPServiceUnavailable() configuration = IJWTSecurityConfiguration(manager) if not configuration.enabled: raise HTTPServiceUnavailable() claims = get_jwt_claims(request) if not claims: raise HTTPForbidden() request.response.status_code = HTTPAccepted.code return {'status': 'success'}
def __call__(self, **kwargs): """Get and return layout template which is calling widget/render""" layout = self.layout if layout is None: registry = self.request.registry layout = registry.getMultiAdapter((self.context, self.request, self.form, self.field, self), IWidgetLayoutTemplate, name=self.mode) cdict = { 'context': self.context, 'request': self.request, 'view': self, 'translate': query_utility(IChameleonTranslate) } cdict.update(kwargs) return layout(**cdict)
def __call__(self, instance, *args, **keywords): request = instance.request registry = request.registry template = registry.getMultiAdapter( (request.context, request, instance.form, instance.field, instance), self.provides, name=instance.mode) keywords.update({ 'context': instance.context, 'request': instance.request, 'view': instance, 'translate': query_utility(IChameleonTranslate) }) return template(*args, **keywords)
def execute(self, task, action, job_id, registry=None): """Execute scheduler action""" scheduler = query_utility(IScheduler) if scheduler is not None: registry = registry if registry is not None else get_pyramid_registry() handler = registry.settings.get(SCHEDULER_HANDLER_KEY, False) if handler: zmq_settings = { 'zodb_name': scheduler.zodb_name, 'task_name': task.__name__, 'job_id': job_id } LOGGER.debug(f"Starting '{action}' on task {task.name} with {zmq_settings!r}") socket = zmq_socket(handler, auth=registry.settings.get(SCHEDULER_AUTH_KEY)) socket.send_json([action, zmq_settings]) zmq_response(socket)
def get_jwt_token(request): """REST login endpoint for JWT authentication""" # check security manager utility sm = query_utility(ISecurityManager) # pylint: disable=invalid-name if sm is None: raise HTTPServiceUnavailable() configuration = IJWTSecurityConfiguration(sm) if not configuration.enabled: raise HTTPServiceUnavailable() # check request params params = request.params if TEST_MODE else request.validated login = params.get('login') if not login: raise HTTPBadRequest() credentials = Credentials('jwt', id=login, **params) # use remote authentication authority if configuration.proxy_mode: handler = IJWTProxyHandler(sm, None) if handler is not None: status_code, tokens = handler.get_tokens(request, credentials) # pylint: disable=assignment-from-no-return request.response.status_code = status_code return tokens # authenticate principal in security manager principal_id = sm.authenticate(credentials, request) if principal_id is not None: custom_claims = params.get('claims', {}) request.response.cache_expires(configuration.refresh_expiration) return { 'status': 'success', configuration.access_token_name: create_jwt_token(request, principal_id, expiration=configuration.access_expiration, obj=ACCESS_OBJECT, **custom_claims), configuration.refresh_token_name: create_jwt_token(request, principal_id, expiration=configuration.refresh_expiration, obj=REFRESH_OBJECT) } request.response.status_code = HTTPUnauthorized.code return { 'status': 'error', 'message': request.localizer.translate(_("Invalid credentials!")) }
def get_contents(self, data, mode='r'): """Extract archive contents""" data, extractor = self._initialize(data, mode) members = extractor.getmembers() for member in members: filename = member.name content = extractor.extractfile(member) if content is not None: content = content.read() if not content: continue mime_type = get_magic_content_type(content[:CHUNK_SIZE]) archiver = query_utility(IArchiveExtractor, name=mime_type) if archiver is not None: yield from archiver.get_contents(content) else: yield content, filename
def get_jwt_claims(request): """Extract claims from provided JWT token""" sm = query_utility(ISecurityManager) # pylint: disable=invalid-name if sm is None: raise HTTPServiceUnavailable() configuration = IJWTSecurityConfiguration(sm) if not configuration.enabled: raise HTTPServiceUnavailable() params = request.params if TEST_MODE else request.validated obj = params.get('obj') if configuration.proxy_mode: handler = IJWTProxyHandler(sm, None) if handler is not None: status_code, claims = handler.get_claims(request, obj) # pylint: disable=assignment-from-no-return request.response.status_code = status_code return claims return get_request_claims(request, obj)
def handle_removed_task(event): """Handle removed task""" request = check_request() if request.registry is not None: handler = request.registry.settings.get(SCHEDULER_HANDLER_KEY, False) if handler: task = event.object scheduler_util = query_utility(IScheduler) zmq_settings = { 'zodb_name': scheduler_util.zodb_name, 'task_name': task.__name__, 'job_id': task.internal_id } LOGGER.debug("Removing task {0.name} with {1!r}".format(task, zmq_settings)) socket = zmq_socket(handler, auth=request.registry.settings.get(SCHEDULER_AUTH_KEY)) socket.send_json(['remove_task', zmq_settings]) zmq_response(socket)
def locale_negotiator(request): """Negotiate language based on server, browser, request and user settings Locale is extracted from request's "lang" parameter, from browser settings or from negotiator utility """ negotiator = query_utility(INegotiator) if negotiator is not None: locale_name = negotiator.get_language(request) else: locale_name = get_browser_language(request) if not locale_name: registry = request.registry locale_name = registry.settings.get('pyramid.default_locale_name', 'en') if '-' in locale_name: # remove 'sub-locale' to prevent Babel and Zope exceptions for unknown locales locale_name = locale_name.split('-')[0] return locale_name
def __init__(self, context): terms = [] translate = check_request().localizer.translate negotiator = query_utility(INegotiator) if negotiator is not None: terms.append( SimpleTerm(negotiator.server_language, title=translate( BASE_LANGUAGES.get( negotiator.server_language)))) manager = get_parent(context, II18nManager) if manager is not None: for lang in manager.languages: # pylint: disable=not-an-iterable if (negotiator is None) or (lang != negotiator.server_language): terms.append( SimpleTerm(lang, title=translate( BASE_LANGUAGES.get(lang) or _("<unknown>")))) super(I18nContentLanguages, self).__init__(terms)