def test_jwt_authorize_project_no_bearer(self, mymock): """Test JWT no bearer.""" mymock.side_effect = handle_error project = ProjectFactory.create() bearer = 'Something %s' % project.secret_key res = jwt_authorize_project(project, bearer) assert res == INVALID_HEADER_BEARER, res
def _retrieve_new_task(project_id): project = project_repo.get(project_id) if project is None: raise NotFound if not project.allow_anonymous_contributors and current_user.is_anonymous(): info = dict( error="This project does not allow anonymous contributors") error = model.task.Task(info=info) return error if request.args.get('external_uid'): resp = jwt_authorize_project(project, request.headers.get('Authorization')) if resp != True: return resp if request.args.get('offset'): offset = int(request.args.get('offset')) else: offset = 0 user_id = None if current_user.is_anonymous() else current_user.id user_ip = request.remote_addr if current_user.is_anonymous() else None external_uid = request.args.get('external_uid') task = sched.new_task(project_id, project.info.get('sched'), user_id, user_ip, external_uid, offset) return task
def test_jwt_authorize_project_bearer_token(self, mymock): """Test JWT bearer token and something else.""" mymock.side_effect = handle_error project = ProjectFactory.create() bearer = 'Bearer %s algo' % project.secret_key res = jwt_authorize_project(project, bearer) assert res == INVALID_HEADER_BEARER_TOKEN, res
def test_jwt_authorize_project_bearer_no_token(self, mymock): """Test JWT bearer and no token.""" mymock.side_effect = handle_error project = ProjectFactory.create() bearer = 'Bearer ' res = jwt_authorize_project(project, bearer) assert res == INVALID_HEADER_TOKEN, res
def test_jwt_authorize_project_decode_error(self, mymock): """Test JWT decode error.""" mymock.side_effect = handle_error project = ProjectFactory.create() bearer = 'Bearer %s%s' % (project.secret_key, "a") res = jwt_authorize_project(project, bearer) assert res == DECODE_ERROR_SIGNATURE, res
def _retrieve_new_task(project_id): project = project_repo.get(project_id) if project is None: raise NotFound if not project.allow_anonymous_contributors and current_user.is_anonymous( ): info = dict(error="This project does not allow anonymous contributors") error = model.task.Task(info=info) return error if request.args.get('external_uid'): resp = jwt_authorize_project(project, request.headers.get('Authorization')) if resp != True: return resp if request.args.get('offset'): offset = int(request.args.get('offset')) else: offset = 0 user_id = None if current_user.is_anonymous() else current_user.id user_ip = request.remote_addr if current_user.is_anonymous() else None external_uid = request.args.get('external_uid') task = sched.new_task(project_id, project.info.get('sched'), user_id, user_ip, external_uid, offset) return task
def test_jwt_authorize_project_wrong_project(self, mymock, mydecode): """Test JWT wrong decoded project.""" mymock.side_effect = handle_error mydecode.return_value = dict(project_id=99999, short_name='something') project = ProjectFactory.create() bearer = 'Bearer %s' % project.secret_key res = jwt_authorize_project(project, bearer) assert res == WRONG_PROJECT_SIGNATURE, res
def _retrieve_new_task(project_id): project = project_repo.get(project_id) if project is None: raise NotFound if not project.allow_anonymous_contributors and current_user.is_anonymous( ): info = dict(error="This project does not allow anonymous contributors") error = [model.task.Task(info=info)] return error if request.args.get('external_uid'): resp = jwt_authorize_project(project, request.headers.get('Authorization')) if resp != True: return resp if request.args.get('limit'): limit = int(request.args.get('limit')) else: limit = 1 if limit > 100: limit = 100 if request.args.get('offset'): offset = int(request.args.get('offset')) else: offset = 0 if request.args.get('orderby'): orderby = request.args.get('orderby') else: orderby = 'id' if request.args.get('desc'): desc = fuzzyboolean(request.args.get('desc')) else: desc = False user_id = None if current_user.is_anonymous() else current_user.id user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1') if current_user.is_anonymous() else None) external_uid = request.args.get('external_uid') task = sched.new_task(project_id, project.info.get('sched'), user_id, user_ip, external_uid, offset, limit, orderby=orderby, desc=desc) return task
def test_jwt_authorize(self, mymock): """Test JWT decode works.""" project = ProjectFactory.create() token = jwt.encode({'short_name': project.short_name, 'project_id': project.id}, project.secret_key, algorithm='HS256') mymock.side_effect = handle_error bearer = 'Bearer %s' % (token) res = jwt_authorize_project(project, bearer) assert res is True, res
def _retrieve_new_task(project_id): project = project_repo.get(project_id) if project is None: raise NotFound if not project.allow_anonymous_contributors and current_user.is_anonymous(): info = dict( error="This project does not allow anonymous contributors") error = [model.task.Task(info=info)] return error if request.args.get('external_uid'): resp = jwt_authorize_project(project, request.headers.get('Authorization')) if resp != True: return resp if request.args.get('limit'): limit = int(request.args.get('limit')) else: limit = 1 if limit > 100: limit = 100 if request.args.get('offset'): offset = int(request.args.get('offset')) else: offset = 0 if request.args.get('orderby'): orderby = request.args.get('orderby') else: orderby = 'id' if request.args.get('desc'): desc = fuzzyboolean(request.args.get('desc')) else: desc = False user_id = None if current_user.is_anonymous() else current_user.id user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1') if current_user.is_anonymous() else None) external_uid = request.args.get('external_uid') task = sched.new_task(project_id, project.info.get('sched'), user_id, user_ip, external_uid, offset, limit, orderby=orderby, desc=desc) return task
def _validate_project_and_task(self, taskrun, task): if task is None: # pragma: no cover raise Forbidden('Invalid task_id') if (task.project_id != taskrun.project_id): raise Forbidden('Invalid project_id') if taskrun.external_uid: resp = jwt_authorize_project(task.project, request.headers.get('Authorization')) if type(resp) == Response: msg = json.loads(resp.data)['description'] raise Forbidden(msg)
def test_jwt_with_auth_headers(self): """Test JWT with Auth headers.""" project = ProjectFactory.create() headers = {'Authorization': project.secret_key} url = '/api/auth/project/%s/token' % project.short_name resp = self.app.get(url, headers=headers) err_msg = "It should get the token" assert resp.status_code == 200, err_msg bearer = "Bearer %s" % resp.data data = jwt_authorize_project(project, bearer) assert data, err_msg
def test_jwt_with_auth_headers(self): """Test JWT with Auth headers.""" project = ProjectFactory.create() headers = {"Authorization": project.secret_key} url = "/api/auth/project/%s/token" % project.short_name resp = self.app.get(url, headers=headers) err_msg = "It should get the token" assert resp.status_code == 200, err_msg bearer = "Bearer %s" % resp.data data = jwt_authorize_project(project, bearer) assert data, err_msg
def _retrieve_new_task(project_id): project = project_repo.get(project_id) if project is None or not (project.published or current_user.admin or current_user.id in project.owners_ids): raise NotFound if current_user.is_anonymous: info = dict(error="This project does not allow anonymous contributors") error = [model.task.Task(info=info)] return error, None, lambda x: x if current_user.get_quiz_failed(project): # User is blocked from project so don't return a task return None, None, None # check cookie pwd_manager = get_pwd_manager(project) user_id_or_ip = get_user_id_or_ip() if pwd_manager.password_needed(project, user_id_or_ip): raise Forbidden("No project password provided") if request.args.get('external_uid'): resp = jwt_authorize_project(project, request.headers.get('Authorization')) if resp != True: return resp, lambda x: x if request.args.get('limit'): limit = int(request.args.get('limit')) else: limit = 1 if limit > 100: limit = 100 if request.args.get('offset'): offset = int(request.args.get('offset')) else: offset = 0 if request.args.get('orderby'): orderby = request.args.get('orderby') else: orderby = 'id' if request.args.get('desc'): desc = fuzzyboolean(request.args.get('desc')) else: desc = False user_id = None if current_user.is_anonymous else current_user.id user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1') if current_user.is_anonymous else None) external_uid = request.args.get('external_uid') sched_rand_within_priority = project.info.get('sched_rand_within_priority', False) user = user_repo.get(user_id) if (project.published and user_id != project.owner_id and user_id not in project.owners_ids and user.get_quiz_not_started(project) and user.get_quiz_enabled(project) and not task_repo.get_user_has_task_run_for_project( project_id, user_id)): user.set_quiz_status(project, 'in_progress') # We always update the user even if we didn't change the quiz status. # The reason for that is the user.<?quiz?> methods take a snapshot of the project's quiz # config the first time it is accessed for a user and save that snapshot # with the user. So we want to commit that snapshot if this is the first access. user_repo.update(user) # Allow scheduling a gold-only task if quiz mode is enabled for the user and the project. quiz_mode_enabled = user.get_quiz_in_progress( project) and project.info["quiz"]["enabled"] task = sched.new_task(project.id, project.info.get('sched'), user_id, user_ip, external_uid, offset, limit, orderby=orderby, desc=desc, rand_within_priority=sched_rand_within_priority, gold_only=quiz_mode_enabled) handler = partial(pwd_manager.update_response, project=project, user=user_id_or_ip) return task, project.info.get('timeout'), handler
def test_jwt_authorize_project_no_payload(self, mymock): """Test JWT no payload.""" mymock.side_effect = handle_error project = ProjectFactory.create() res = jwt_authorize_project(project, None) assert res == INVALID_HEADER_MISSING, res
def _retrieve_new_task(project_id): project = project_repo.get(project_id) if project is None or not (project.published or current_user.admin or current_user.id in project.owners_ids): raise NotFound if current_user.is_anonymous: info = dict(error="This project does not allow anonymous contributors") error = [model.task.Task(info=info)] return error, None, lambda x: x if current_user.get_quiz_failed(project): # User is blocked from project so don't return a task return None, None, None # check cookie pwd_manager = get_pwd_manager(project) user_id_or_ip = get_user_id_or_ip() if pwd_manager.password_needed(project, user_id_or_ip): raise Forbidden("No project password provided") if request.args.get('external_uid'): resp = jwt_authorize_project(project, request.headers.get('Authorization')) if resp != True: return resp, lambda x: x if request.args.get('limit'): limit = int(request.args.get('limit')) else: limit = 1 if limit > 100: limit = 100 if request.args.get('offset'): offset = int(request.args.get('offset')) else: offset = 0 if request.args.get('orderby'): orderby = request.args.get('orderby') else: orderby = 'id' if request.args.get('desc'): desc = fuzzyboolean(request.args.get('desc')) else: desc = False user_id = None if current_user.is_anonymous else current_user.id user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1') if current_user.is_anonymous else None) external_uid = request.args.get('external_uid') sched_rand_within_priority = project.info.get('sched_rand_within_priority', False) user = user_repo.get(user_id) if (user.get_quiz_not_started(project) and user.get_quiz_enabled(project) and not task_repo.get_user_has_task_run_for_project( project_id, user_id)): user.set_quiz_status(project, 'in_progress') user_repo.update(user) task = sched.new_task(project.id, project.info.get('sched'), user_id, user_ip, external_uid, offset, limit, orderby=orderby, desc=desc, rand_within_priority=sched_rand_within_priority, gold_only=user.get_quiz_in_progress(project)) handler = partial(pwd_manager.update_response, project=project, user=user_id_or_ip) return task, project.info.get('timeout'), handler
def _retrieve_new_task(project_id): project = project_repo.get(project_id) if project is None: raise NotFound if current_user.is_anonymous(): info = dict(error="This project does not allow anonymous contributors") error = [model.task.Task(info=info)] return error, None, lambda x: x # check cookie pwd_manager = get_pwd_manager(project) user_id_or_ip = get_user_id_or_ip() if pwd_manager.password_needed(project, user_id_or_ip): raise Forbidden("No project password provided") if request.args.get('external_uid'): resp = jwt_authorize_project(project, request.headers.get('Authorization')) if resp != True: return resp, lambda x: x if request.args.get('limit'): limit = int(request.args.get('limit')) else: limit = 1 if limit > 100: limit = 100 if request.args.get('offset'): offset = int(request.args.get('offset')) else: offset = 0 if request.args.get('orderby'): orderby = request.args.get('orderby') else: orderby = 'id' if request.args.get('desc'): desc = fuzzyboolean(request.args.get('desc')) else: desc = False user_id = None if current_user.is_anonymous() else current_user.id user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1') if current_user.is_anonymous() else None) external_uid = request.args.get('external_uid') sched_rand_within_priority = project.info.get('sched_rand_within_priority', False) task = sched.new_task(project.id, project.info.get('sched'), user_id, user_ip, external_uid, offset, limit, orderby=orderby, desc=desc, rand_within_priority=sched_rand_within_priority) handler = partial(pwd_manager.update_response, project=project, user=user_id_or_ip) return task, project.info.get('timeout'), handler