示例#1
0
 def test_jwt_authorize_project_no_bearer(self, mymock):
     """Test JWT no bearer."""
     mymock.side_effect = handle_error
     project = ProjectFactory.create()
     bearer = 'Something %s' % project.secret_key
     res = jwt_authorize_project(project, bearer)
     assert res == INVALID_HEADER_BEARER, res
示例#2
0
def _retrieve_new_task(project_id):

    project = project_repo.get(project_id)

    if project is None:
        raise NotFound

    if not project.allow_anonymous_contributors and current_user.is_anonymous():
        info = dict(
            error="This project does not allow anonymous contributors")
        error = model.task.Task(info=info)
        return error

    if request.args.get('external_uid'):
        resp = jwt_authorize_project(project,
                                     request.headers.get('Authorization'))
        if resp != True:
            return resp

    if request.args.get('offset'):
        offset = int(request.args.get('offset'))
    else:
        offset = 0
    user_id = None if current_user.is_anonymous() else current_user.id
    user_ip = request.remote_addr if current_user.is_anonymous() else None
    external_uid = request.args.get('external_uid')
    task = sched.new_task(project_id, project.info.get('sched'),
                          user_id,
                          user_ip,
                          external_uid,
                          offset)
    return task
 def test_jwt_authorize_project_bearer_token(self, mymock):
     """Test JWT bearer token and something else."""
     mymock.side_effect = handle_error
     project = ProjectFactory.create()
     bearer = 'Bearer %s algo' % project.secret_key
     res = jwt_authorize_project(project, bearer)
     assert res == INVALID_HEADER_BEARER_TOKEN, res
 def test_jwt_authorize_project_no_bearer(self, mymock):
     """Test JWT no bearer."""
     mymock.side_effect = handle_error
     project = ProjectFactory.create()
     bearer = 'Something %s' % project.secret_key
     res = jwt_authorize_project(project, bearer)
     assert res == INVALID_HEADER_BEARER, res
 def test_jwt_authorize_project_bearer_no_token(self, mymock):
     """Test JWT bearer and no token."""
     mymock.side_effect = handle_error
     project = ProjectFactory.create()
     bearer = 'Bearer '
     res = jwt_authorize_project(project, bearer)
     assert res == INVALID_HEADER_TOKEN, res
示例#6
0
 def test_jwt_authorize_project_bearer_no_token(self, mymock):
     """Test JWT bearer and no token."""
     mymock.side_effect = handle_error
     project = ProjectFactory.create()
     bearer = 'Bearer '
     res = jwt_authorize_project(project, bearer)
     assert res == INVALID_HEADER_TOKEN, res
示例#7
0
 def test_jwt_authorize_project_bearer_token(self, mymock):
     """Test JWT bearer token and something else."""
     mymock.side_effect = handle_error
     project = ProjectFactory.create()
     bearer = 'Bearer %s algo' % project.secret_key
     res = jwt_authorize_project(project, bearer)
     assert res == INVALID_HEADER_BEARER_TOKEN, res
 def test_jwt_authorize_project_decode_error(self, mymock):
     """Test JWT decode error."""
     mymock.side_effect = handle_error
     project = ProjectFactory.create()
     bearer = 'Bearer %s%s' % (project.secret_key, "a")
     res = jwt_authorize_project(project, bearer)
     assert res == DECODE_ERROR_SIGNATURE, res
示例#9
0
def _retrieve_new_task(project_id):

    project = project_repo.get(project_id)

    if project is None:
        raise NotFound

    if not project.allow_anonymous_contributors and current_user.is_anonymous(
    ):
        info = dict(error="This project does not allow anonymous contributors")
        error = model.task.Task(info=info)
        return error

    if request.args.get('external_uid'):
        resp = jwt_authorize_project(project,
                                     request.headers.get('Authorization'))
        if resp != True:
            return resp

    if request.args.get('offset'):
        offset = int(request.args.get('offset'))
    else:
        offset = 0
    user_id = None if current_user.is_anonymous() else current_user.id
    user_ip = request.remote_addr if current_user.is_anonymous() else None
    external_uid = request.args.get('external_uid')
    task = sched.new_task(project_id, project.info.get('sched'), user_id,
                          user_ip, external_uid, offset)
    return task
示例#10
0
 def test_jwt_authorize_project_decode_error(self, mymock):
     """Test JWT decode error."""
     mymock.side_effect = handle_error
     project = ProjectFactory.create()
     bearer = 'Bearer %s%s' % (project.secret_key, "a")
     res = jwt_authorize_project(project, bearer)
     assert res == DECODE_ERROR_SIGNATURE, res
 def test_jwt_authorize_project_wrong_project(self, mymock, mydecode):
     """Test JWT wrong decoded project."""
     mymock.side_effect = handle_error
     mydecode.return_value = dict(project_id=99999, short_name='something')
     project = ProjectFactory.create()
     bearer = 'Bearer %s' % project.secret_key
     res = jwt_authorize_project(project, bearer)
     assert res == WRONG_PROJECT_SIGNATURE, res
示例#12
0
 def test_jwt_authorize_project_wrong_project(self, mymock, mydecode):
     """Test JWT wrong decoded project."""
     mymock.side_effect = handle_error
     mydecode.return_value = dict(project_id=99999, short_name='something')
     project = ProjectFactory.create()
     bearer = 'Bearer %s' % project.secret_key
     res = jwt_authorize_project(project, bearer)
     assert res == WRONG_PROJECT_SIGNATURE, res
示例#13
0
def _retrieve_new_task(project_id):

    project = project_repo.get(project_id)

    if project is None:
        raise NotFound

    if not project.allow_anonymous_contributors and current_user.is_anonymous(
    ):
        info = dict(error="This project does not allow anonymous contributors")
        error = [model.task.Task(info=info)]
        return error

    if request.args.get('external_uid'):
        resp = jwt_authorize_project(project,
                                     request.headers.get('Authorization'))
        if resp != True:
            return resp

    if request.args.get('limit'):
        limit = int(request.args.get('limit'))
    else:
        limit = 1

    if limit > 100:
        limit = 100

    if request.args.get('offset'):
        offset = int(request.args.get('offset'))
    else:
        offset = 0

    if request.args.get('orderby'):
        orderby = request.args.get('orderby')
    else:
        orderby = 'id'

    if request.args.get('desc'):
        desc = fuzzyboolean(request.args.get('desc'))
    else:
        desc = False

    user_id = None if current_user.is_anonymous() else current_user.id
    user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1')
               if current_user.is_anonymous() else None)
    external_uid = request.args.get('external_uid')
    task = sched.new_task(project_id,
                          project.info.get('sched'),
                          user_id,
                          user_ip,
                          external_uid,
                          offset,
                          limit,
                          orderby=orderby,
                          desc=desc)
    return task
 def test_jwt_authorize(self, mymock):
     """Test JWT decode works."""
     project = ProjectFactory.create()
     token = jwt.encode({'short_name': project.short_name,
                         'project_id': project.id},
                         project.secret_key, algorithm='HS256')
     mymock.side_effect = handle_error
     bearer = 'Bearer %s' % (token)
     res = jwt_authorize_project(project, bearer)
     assert res is True, res
示例#15
0
 def test_jwt_authorize(self, mymock):
     """Test JWT decode works."""
     project = ProjectFactory.create()
     token = jwt.encode({'short_name': project.short_name,
                         'project_id': project.id},
                         project.secret_key, algorithm='HS256')
     mymock.side_effect = handle_error
     bearer = 'Bearer %s' % (token)
     res = jwt_authorize_project(project, bearer)
     assert res is True, res
示例#16
0
def _retrieve_new_task(project_id):

    project = project_repo.get(project_id)

    if project is None:
        raise NotFound

    if not project.allow_anonymous_contributors and current_user.is_anonymous():
        info = dict(
            error="This project does not allow anonymous contributors")
        error = [model.task.Task(info=info)]
        return error

    if request.args.get('external_uid'):
        resp = jwt_authorize_project(project,
                                     request.headers.get('Authorization'))
        if resp != True:
            return resp

    if request.args.get('limit'):
        limit = int(request.args.get('limit'))
    else:
        limit = 1

    if limit > 100:
        limit = 100

    if request.args.get('offset'):
        offset = int(request.args.get('offset'))
    else:
        offset = 0

    if request.args.get('orderby'):
        orderby = request.args.get('orderby')
    else:
        orderby = 'id'

    if request.args.get('desc'):
        desc = fuzzyboolean(request.args.get('desc'))
    else:
        desc = False

    user_id = None if current_user.is_anonymous() else current_user.id
    user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1')
               if current_user.is_anonymous() else None)
    external_uid = request.args.get('external_uid')
    task = sched.new_task(project_id, project.info.get('sched'),
                          user_id,
                          user_ip,
                          external_uid,
                          offset,
                          limit,
                          orderby=orderby,
                          desc=desc)
    return task
示例#17
0
 def _validate_project_and_task(self, taskrun, task):
     if task is None:  # pragma: no cover
         raise Forbidden('Invalid task_id')
     if (task.project_id != taskrun.project_id):
         raise Forbidden('Invalid project_id')
     if taskrun.external_uid:
         resp = jwt_authorize_project(task.project,
                                      request.headers.get('Authorization'))
         if type(resp) == Response:
             msg = json.loads(resp.data)['description']
             raise Forbidden(msg)
示例#18
0
 def _validate_project_and_task(self, taskrun, task):
     if task is None:  # pragma: no cover
         raise Forbidden('Invalid task_id')
     if (task.project_id != taskrun.project_id):
         raise Forbidden('Invalid project_id')
     if taskrun.external_uid:
         resp = jwt_authorize_project(task.project,
                                      request.headers.get('Authorization'))
         if type(resp) == Response:
             msg = json.loads(resp.data)['description']
             raise Forbidden(msg)
示例#19
0
    def test_jwt_with_auth_headers(self):
        """Test JWT with Auth headers."""
        project = ProjectFactory.create()
        headers = {'Authorization': project.secret_key}
        url = '/api/auth/project/%s/token' % project.short_name
        resp = self.app.get(url, headers=headers)

        err_msg = "It should get the token"
        assert resp.status_code == 200, err_msg
        bearer = "Bearer %s" % resp.data
        data = jwt_authorize_project(project, bearer)
        assert data, err_msg
示例#20
0
    def test_jwt_with_auth_headers(self):
        """Test JWT with Auth headers."""
        project = ProjectFactory.create()
        headers = {"Authorization": project.secret_key}
        url = "/api/auth/project/%s/token" % project.short_name
        resp = self.app.get(url, headers=headers)

        err_msg = "It should get the token"
        assert resp.status_code == 200, err_msg
        bearer = "Bearer %s" % resp.data
        data = jwt_authorize_project(project, bearer)
        assert data, err_msg
示例#21
0
def _retrieve_new_task(project_id):

    project = project_repo.get(project_id)
    if project is None or not (project.published or current_user.admin
                               or current_user.id in project.owners_ids):
        raise NotFound

    if current_user.is_anonymous:
        info = dict(error="This project does not allow anonymous contributors")
        error = [model.task.Task(info=info)]
        return error, None, lambda x: x

    if current_user.get_quiz_failed(project):
        # User is blocked from project so don't return a task
        return None, None, None

    # check cookie
    pwd_manager = get_pwd_manager(project)
    user_id_or_ip = get_user_id_or_ip()
    if pwd_manager.password_needed(project, user_id_or_ip):
        raise Forbidden("No project password provided")

    if request.args.get('external_uid'):
        resp = jwt_authorize_project(project,
                                     request.headers.get('Authorization'))
        if resp != True:
            return resp, lambda x: x

    if request.args.get('limit'):
        limit = int(request.args.get('limit'))
    else:
        limit = 1

    if limit > 100:
        limit = 100

    if request.args.get('offset'):
        offset = int(request.args.get('offset'))
    else:
        offset = 0

    if request.args.get('orderby'):
        orderby = request.args.get('orderby')
    else:
        orderby = 'id'

    if request.args.get('desc'):
        desc = fuzzyboolean(request.args.get('desc'))
    else:
        desc = False

    user_id = None if current_user.is_anonymous else current_user.id
    user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1')
               if current_user.is_anonymous else None)
    external_uid = request.args.get('external_uid')
    sched_rand_within_priority = project.info.get('sched_rand_within_priority',
                                                  False)

    user = user_repo.get(user_id)
    if (project.published and user_id != project.owner_id
            and user_id not in project.owners_ids
            and user.get_quiz_not_started(project)
            and user.get_quiz_enabled(project)
            and not task_repo.get_user_has_task_run_for_project(
                project_id, user_id)):
        user.set_quiz_status(project, 'in_progress')

    # We always update the user even if we didn't change the quiz status.
    # The reason for that is the user.<?quiz?> methods take a snapshot of the project's quiz
    # config the first time it is accessed for a user and save that snapshot
    # with the user. So we want to commit that snapshot if this is the first access.
    user_repo.update(user)

    # Allow scheduling a gold-only task if quiz mode is enabled for the user and the project.
    quiz_mode_enabled = user.get_quiz_in_progress(
        project) and project.info["quiz"]["enabled"]

    task = sched.new_task(project.id,
                          project.info.get('sched'),
                          user_id,
                          user_ip,
                          external_uid,
                          offset,
                          limit,
                          orderby=orderby,
                          desc=desc,
                          rand_within_priority=sched_rand_within_priority,
                          gold_only=quiz_mode_enabled)

    handler = partial(pwd_manager.update_response,
                      project=project,
                      user=user_id_or_ip)
    return task, project.info.get('timeout'), handler
 def test_jwt_authorize_project_no_payload(self, mymock):
     """Test JWT no payload."""
     mymock.side_effect = handle_error
     project = ProjectFactory.create()
     res = jwt_authorize_project(project, None)
     assert res == INVALID_HEADER_MISSING, res
示例#23
0
 def test_jwt_authorize_project_no_payload(self, mymock):
     """Test JWT no payload."""
     mymock.side_effect = handle_error
     project = ProjectFactory.create()
     res = jwt_authorize_project(project, None)
     assert res == INVALID_HEADER_MISSING, res
示例#24
0
def _retrieve_new_task(project_id):

    project = project_repo.get(project_id)
    if project is None or not (project.published or current_user.admin
                               or current_user.id in project.owners_ids):
        raise NotFound

    if current_user.is_anonymous:
        info = dict(error="This project does not allow anonymous contributors")
        error = [model.task.Task(info=info)]
        return error, None, lambda x: x

    if current_user.get_quiz_failed(project):
        # User is blocked from project so don't return a task
        return None, None, None

    # check cookie
    pwd_manager = get_pwd_manager(project)
    user_id_or_ip = get_user_id_or_ip()
    if pwd_manager.password_needed(project, user_id_or_ip):
        raise Forbidden("No project password provided")

    if request.args.get('external_uid'):
        resp = jwt_authorize_project(project,
                                     request.headers.get('Authorization'))
        if resp != True:
            return resp, lambda x: x

    if request.args.get('limit'):
        limit = int(request.args.get('limit'))
    else:
        limit = 1

    if limit > 100:
        limit = 100

    if request.args.get('offset'):
        offset = int(request.args.get('offset'))
    else:
        offset = 0

    if request.args.get('orderby'):
        orderby = request.args.get('orderby')
    else:
        orderby = 'id'

    if request.args.get('desc'):
        desc = fuzzyboolean(request.args.get('desc'))
    else:
        desc = False

    user_id = None if current_user.is_anonymous else current_user.id
    user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1')
               if current_user.is_anonymous else None)
    external_uid = request.args.get('external_uid')
    sched_rand_within_priority = project.info.get('sched_rand_within_priority',
                                                  False)

    user = user_repo.get(user_id)
    if (user.get_quiz_not_started(project) and user.get_quiz_enabled(project)
            and not task_repo.get_user_has_task_run_for_project(
                project_id, user_id)):
        user.set_quiz_status(project, 'in_progress')

    user_repo.update(user)

    task = sched.new_task(project.id,
                          project.info.get('sched'),
                          user_id,
                          user_ip,
                          external_uid,
                          offset,
                          limit,
                          orderby=orderby,
                          desc=desc,
                          rand_within_priority=sched_rand_within_priority,
                          gold_only=user.get_quiz_in_progress(project))

    handler = partial(pwd_manager.update_response,
                      project=project,
                      user=user_id_or_ip)
    return task, project.info.get('timeout'), handler
示例#25
0
def _retrieve_new_task(project_id):

    project = project_repo.get(project_id)

    if project is None:
        raise NotFound

    if current_user.is_anonymous():
        info = dict(error="This project does not allow anonymous contributors")
        error = [model.task.Task(info=info)]
        return error, None, lambda x: x

    # check cookie
    pwd_manager = get_pwd_manager(project)
    user_id_or_ip = get_user_id_or_ip()
    if pwd_manager.password_needed(project, user_id_or_ip):
        raise Forbidden("No project password provided")

    if request.args.get('external_uid'):
        resp = jwt_authorize_project(project,
                                     request.headers.get('Authorization'))
        if resp != True:
            return resp, lambda x: x

    if request.args.get('limit'):
        limit = int(request.args.get('limit'))
    else:
        limit = 1

    if limit > 100:
        limit = 100

    if request.args.get('offset'):
        offset = int(request.args.get('offset'))
    else:
        offset = 0

    if request.args.get('orderby'):
        orderby = request.args.get('orderby')
    else:
        orderby = 'id'

    if request.args.get('desc'):
        desc = fuzzyboolean(request.args.get('desc'))
    else:
        desc = False

    user_id = None if current_user.is_anonymous() else current_user.id
    user_ip = (anonymizer.ip(request.remote_addr or '127.0.0.1')
               if current_user.is_anonymous() else None)
    external_uid = request.args.get('external_uid')
    sched_rand_within_priority = project.info.get('sched_rand_within_priority',
                                                  False)
    task = sched.new_task(project.id,
                          project.info.get('sched'),
                          user_id,
                          user_ip,
                          external_uid,
                          offset,
                          limit,
                          orderby=orderby,
                          desc=desc,
                          rand_within_priority=sched_rand_within_priority)

    handler = partial(pwd_manager.update_response,
                      project=project,
                      user=user_id_or_ip)
    return task, project.info.get('timeout'), handler