def test_validate_pki_bundle(self):
"""Text the pki bundle validation"""
# Valid bundle:
bundle = self.mkPEMBundle('fra_cert.pem', 'fra_key.pem', 'password', 'chain_subissuer-issuer-root.pem')
# Test valid bundle with intermediates and without trusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), ['The root certificate of the certificate chain is self-signed, and untrusted'])
# Test valid without intermediates
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), ['The issuer certificate of a locally looked up certificate could not be found', 'No certificates could be verified'])
# Test valid with intermediates and trusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, True, True), [])
# Wrong chain
bundle = self.mkPEMBundle('fra_cert.pem', 'fra_key.pem', 'password', 'chain_issuer2-root2.pem')
# Test invalid bundle with intermediates and without trusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), ['The issuer certificate of a locally looked up certificate could not be found', 'No certificates could be verified'])
# Test valid without intermediates
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), ['The issuer certificate of a locally looked up certificate could not be found', 'No certificates could be verified'])
# Test valid with intermediates and trusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, True, True), ['The issuer certificate of a locally looked up certificate could not be found', 'No certificates could be verified'])
# Wrong key
bundle = self.mkPEMBundle('fra_cert.pem', 'ptolemy_key.pem', 'password', 'chain_subissuer-issuer-root.pem')
# Test invalid bundle with intermediates and without trusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), ['The root certificate of the certificate chain is self-signed, and untrusted', 'Private key does not match client certificate public key.'])
# Test invalid without intermediates
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), ['The issuer certificate of a locally looked up certificate could not be found', 'No certificates could be verified', 'Private key does not match client certificate public key.'])
# Test invalid with intermediates and trusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, True, True), ['Private key does not match client certificate public key.'])
# Expired root CA
bundle = self.mkPEMBundle('piri_cert.pem', 'piri_key.pem', 'password', 'chain_issuer3-root3-EXPIRED.pem')
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), ['The root certificate of the certificate chain is self-signed, and untrusted', 'The certificate has expired'])
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), ['The issuer certificate of a locally looked up certificate could not be found', 'No certificates could be verified'])
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, True, True), ['The root certificate of the certificate chain is self-signed, and untrusted', 'The certificate has expired'])
# Expired intermediate CA
bundle = self.mkPEMBundle('marinus_cert-EXPIRED.pem', 'marinus_key_w-pass.pem', 'password', 'chain_issuer2-root2.pem')
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), ['The root certificate of the certificate chain is self-signed, and untrusted', 'The certificate has expired'])
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), ['The issuer certificate of a locally looked up certificate could not be found', 'No certificates could be verified'])
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, True, True), ['The certificate has expired'])
# Expired client cert
bundle = self.mkPEMBundle('henricus_cert.pem', 'henricus_key_w-pass.pem', 'password', 'chain_issuer4-EXPIRED-root2.pem')
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), ['The root certificate of the certificate chain is self-signed, and untrusted', 'The certificate has expired'])
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), ['The issuer certificate of a locally looked up certificate could not be found', 'No certificates could be verified'])
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, True, True), ['The certificate has expired'])
# Untrusted root, positive test before untrust is applied
bundle = self.mkPEMBundle('nicholas_cert.pem', 'nicholas_key.pem', 'password', 'chain_issuer2-root2.pem')
# Test valid with intermediates and trusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, True, True), [])
# Untrust this root
root2 = QgsAuthCertUtils.certFromFile(PKIDATA + '/' + 'root2_ca_cert.pem')
QgsApplication.authManager().storeCertAuthority(root2)
self.assertTrue(QgsApplication.authManager().storeCertTrustPolicy(root2, QgsAuthCertUtils.Untrusted))
QgsApplication.authManager().rebuildCaCertsCache()
# Test valid with intermediates and untrusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, True, True), ['The issuer certificate of a locally looked up certificate could not be found'])
def __init__(self, parent, plugin):
QDialog.__init__(self, parent)
self.setupUi(self)
self.plugin = plugin
self.mResult = ""
self.progressBar.setRange(0, 0)
self.progressBar.setFormat("%p%")
self.labelName.setText(plugin["name"])
self.buttonBox.clicked.connect(self.abort)
url = QUrl(plugin["download_url"])
fileName = plugin["filename"]
tmpDir = QDir.tempPath()
tmpPath = QDir.cleanPath(tmpDir + "/" + fileName)
self.file = QFile(tmpPath)
self.request = QNetworkRequest(url)
authcfg = repositories.all()[plugin["zip_repository"]]["authcfg"]
if authcfg and isinstance(authcfg, str):
if not QgsApplication.authManager().updateNetworkRequest(
self.request, authcfg.strip()):
self.mResult = self.tr(
"Update of network request with authentication "
"credentials FAILED for configuration '{0}'").format(authcfg)
self.request = None
if self.request is not None:
self.reply = QgsNetworkAccessManager.instance().get(self.request)
self.reply.downloadProgress.connect(self.readProgress)
self.reply.finished.connect(self.requestFinished)
self.stateChanged(4)
def requestFetching(self, key, url=None, redirectionCounter=0):
""" start fetching the repository given by key """
self.mRepositories[key]["state"] = 1
if not url:
url = QUrl(self.mRepositories[key]["url"] + self.urlParams())
# v=str(Qgis.QGIS_VERSION_INT)
# url.addQueryItem('qgis', '.'.join([str(int(s)) for s in [v[0], v[1:3]]]) ) # don't include the bugfix version!
self.mRepositories[key]["QRequest"] = QNetworkRequest(url)
authcfg = self.mRepositories[key]["authcfg"]
if authcfg and isinstance(authcfg, str):
if not QgsApplication.authManager().updateNetworkRequest(
self.mRepositories[key]["QRequest"], authcfg.strip()):
msg = QCoreApplication.translate(
"QgsPluginInstaller",
"Update of network request with authentication "
"credentials FAILED for configuration '{0}'").format(authcfg)
iface.pluginManagerInterface().pushMessage(msg, Qgis.Warning)
self.mRepositories[key]["QRequest"] = None
return
self.mRepositories[key]["QRequest"].setAttribute(QNetworkRequest.User, key)
self.mRepositories[key]["xmlData"] = QgsNetworkAccessManager.instance().get(self.mRepositories[key]["QRequest"])
self.mRepositories[key]["xmlData"].setProperty('reposName', key)
self.mRepositories[key]["xmlData"].setProperty('redirectionCounter', redirectionCounter)
self.mRepositories[key]["xmlData"].downloadProgress.connect(self.mRepositories[key]["Relay"].dataReadProgress)
self.mRepositories[key]["xmlData"].finished.connect(self.xmlDownloaded)
def setUpAuth(cls):
"""Run before all tests and set up authentication"""
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'chains_subissuer-issuer-root_issuer2-root2.pem')
assert os.path.isfile(cls.sslrootcert_path)
os.chmod(cls.sslrootcert_path, stat.S_IRUSR)
cls.sslrootcert = QSslCertificate.fromPath(cls.sslrootcert_path)
assert cls.sslrootcert is not None
authm.storeCertAuthorities(cls.sslrootcert)
authm.rebuildCaCertsCache()
authm.rebuildTrustedCaCertsCache()
cls.server_cert = os.path.join(cls.certsdata_path, '127_0_0_1_ssl_cert.pem')
cls.server_key = os.path.join(cls.certsdata_path, '127_0_0_1_ssl_key.pem')
cls.server_rootcert = cls.sslrootcert_path
os.chmod(cls.server_cert, stat.S_IRUSR)
os.chmod(cls.server_key, stat.S_IRUSR)
os.chmod(cls.server_rootcert, stat.S_IRUSR)
os.environ['QGIS_SERVER_HOST'] = cls.hostname
os.environ['QGIS_SERVER_PORT'] = str(cls.port)
os.environ['QGIS_SERVER_OAUTH2_KEY'] = cls.server_key
os.environ['QGIS_SERVER_OAUTH2_CERTIFICATE'] = cls.server_cert
os.environ['QGIS_SERVER_OAUTH2_USERNAME'] = cls.username
os.environ['QGIS_SERVER_OAUTH2_PASSWORD'] = cls.password
os.environ['QGIS_SERVER_OAUTH2_AUTHORITY'] = cls.server_rootcert
# Set default token expiration to 2 seconds, note that this can be
# also controlled when issuing token requests by adding ttl=<int>
# to the query string
os.environ['QGIS_SERVER_OAUTH2_TOKEN_EXPIRES_IN'] = '2'
def _getLayer(cls, layer_name):
"""
Layer factory (return the backend layer), provider specific
"""
path = cls.testdata_path + layer_name + '.shp'
layer = QgsVectorLayer(path, layer_name, "ogr")
layer.setParent(QgsApplication.authManager())
assert layer.isValid()
return layer
def setUpClass(cls):
cls.authm = QgsApplication.authManager()
assert not cls.authm.isDisabled(), cls.authm.disabledMessage()
cls.mpass = '******' # master password
db1 = QFileInfo(cls.authm.authenticationDatabasePath()).canonicalFilePath()
db2 = QFileInfo(AUTHDBDIR + '/qgis-auth.db').canonicalFilePath()
msg = 'Auth db temp path does not match db path of manager'
assert db1 == db2, msg
def setUpAuth(cls):
"""Run before all tests and set up authentication"""
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
# Client side
cls.auth_config = QgsAuthMethodConfig("Basic")
cls.auth_config.setConfig('username', cls.username)
cls.auth_config.setConfig('password', cls.password)
cls.auth_config.setName('test_basic_auth_config')
assert (authm.storeAuthenticationConfig(cls.auth_config)[0])
assert cls.auth_config.isValid()
cls.authcfg = cls.auth_config.id()
def testProxyIsUpdated(self):
"""
Test that proxy is updated
"""
authm = QgsApplication.authManager()
nam = QgsNetworkAccessManager.instance()
proxy = nam.proxy()
self.assertEqual(proxy.password(), '')
self.assertEqual(proxy.user(), '')
self.assertTrue(authm.updateNetworkProxy(proxy, self.auth_config.id()))
self.assertEqual(proxy.user(), self.username)
self.assertEqual(proxy.password(), self.password)
def setup_oauth(username, password, token_uri, refresh_token_uri='', authcfg_id='oauth-2', authcfg_name='OAuth2 test configuration'):
"""Setup oauth configuration to access OAuth API,
return authcfg_id on success, None on failure
"""
cfgjson = {
"accessMethod": 0,
"apiKey": "",
"clientId": "",
"clientSecret": "",
"configType": 1,
"grantFlow": 2,
"password": password,
"persistToken": False,
"redirectPort": '7070',
"redirectUrl": "",
"refreshTokenUrl": refresh_token_uri,
"requestTimeout": '30',
"requestUrl": "",
"scope": "",
"state": "",
"tokenUrl": token_uri,
"username": username,
"version": 1
}
if authcfg_id not in QgsApplication.authManager().availableAuthMethodConfigs():
authConfig = QgsAuthMethodConfig('OAuth2')
authConfig.setId(authcfg_id)
authConfig.setName(authcfg_name)
authConfig.setConfig('oauth2config', json.dumps(cfgjson))
if QgsApplication.authManager().storeAuthenticationConfig(authConfig):
return authcfg_id
else:
authConfig = QgsAuthMethodConfig()
QgsApplication.authManager().loadAuthenticationConfig(authcfg_id, authConfig, True)
authConfig.setName(authcfg_name)
authConfig.setConfig('oauth2config', json.dumps(cfgjson))
if QgsApplication.authManager().updateAuthenticationConfig(authConfig):
return authcfg_id
return None
def setUpClass(cls):
"""Run before all tests:
Creates an auth configuration"""
# Enable auth
# os.environ['QGIS_AUTH_PASSWORD_FILE'] = QGIS_AUTH_PASSWORD_FILE
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.auth_config = QgsAuthMethodConfig('Basic')
cls.auth_config.setName('test_auth_config')
cls.username = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(6))
cls.password = cls.username[::-1] # reversed
cls.auth_config.setConfig('username', cls.username)
cls.auth_config.setConfig('password', cls.password)
assert (authm.storeAuthenticationConfig(cls.auth_config)[0])
def setUpAuth(cls):
"""Run before all tests and set up authentication"""
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.pg_conf = os.path.join(cls.tempfolder, 'postgresql.conf')
cls.pg_hba = os.path.join(cls.tempfolder, 'pg_hba.conf')
# Client side
cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'chains_subissuer-issuer-root_issuer2-root2.pem')
cls.sslcert = os.path.join(cls.certsdata_path, 'gerardus_cert.pem')
cls.sslkey = os.path.join(cls.certsdata_path, 'gerardus_key.pem')
assert os.path.isfile(cls.sslcert)
assert os.path.isfile(cls.sslkey)
assert os.path.isfile(cls.sslrootcert_path)
os.chmod(cls.sslcert, stat.S_IRUSR)
os.chmod(cls.sslkey, stat.S_IRUSR)
os.chmod(cls.sslrootcert_path, stat.S_IRUSR)
cls.auth_config = QgsAuthMethodConfig("PKI-Paths")
cls.auth_config.setConfig('certpath', cls.sslcert)
cls.auth_config.setConfig('keypath', cls.sslkey)
cls.auth_config.setName('test_pki_auth_config')
cls.username = '******'
cls.sslrootcert = QSslCertificate.fromPath(cls.sslrootcert_path)
assert cls.sslrootcert is not None
authm.storeCertAuthorities(cls.sslrootcert)
authm.rebuildCaCertsCache()
authm.rebuildTrustedCaCertsCache()
authm.rebuildCertTrustCache()
assert (authm.storeAuthenticationConfig(cls.auth_config)[0])
assert cls.auth_config.isValid()
# Server side
cls.server_cert = os.path.join(cls.certsdata_path, 'localhost_ssl_cert.pem')
cls.server_key = os.path.join(cls.certsdata_path, 'localhost_ssl_key.pem')
cls.server_rootcert = cls.sslrootcert_path
os.chmod(cls.server_cert, stat.S_IRUSR)
os.chmod(cls.server_key, stat.S_IRUSR)
os.chmod(cls.server_rootcert, stat.S_IRUSR)
# Place conf in the data folder
with open(cls.pg_conf, 'w+') as f:
f.write(QGIS_POSTGRES_CONF_TEMPLATE % {
'port': cls.port,
'tempfolder': cls.tempfolder,
'server_cert': cls.server_cert,
'server_key': cls.server_key,
'sslrootcert_path': cls.sslrootcert_path,
})
with open(cls.pg_hba, 'w+') as f:
f.write(QGIS_POSTGRES_HBA_TEMPLATE)
def requestDownloading(self):
self.request = QNetworkRequest(self.url)
authcfg = repositories.all()[self.plugin["zip_repository"]]["authcfg"]
if authcfg and isinstance(authcfg, str):
if not QgsApplication.authManager().updateNetworkRequest(
self.request, authcfg.strip()):
self.mResult = self.tr(
"Update of network request with authentication "
"credentials FAILED for configuration '{0}'").format(authcfg)
self.request = None
if self.request is not None:
self.reply = QgsNetworkAccessManager.instance().get(self.request)
self.reply.downloadProgress.connect(self.readProgress)
self.reply.finished.connect(self.requestFinished)
self.stateChanged(4)
def getDbCursor(self):
"""
Creates a psycopg2 connection based on the selected
connection and returns a cursor.
"""
# Determine our current preference
s = QSettings()
selectedConnection = str(s.value("constraintchecker/postgisConnection", ''))
if len(selectedConnection) == 0:
# We have not yet specified a connection
raise Exception('No PostGIS connection has been nominated for performing constraints queries. \n\n'
'Please select a PostGIS connection using Plugins > Constraint Checker > Edit Configuration'
' \n\nPostGIS connections can be created in the Add PostGIS Table(s) dialog.')
host = str(s.value("PostgreSQL/connections/%s/host" % selectedConnection, ''))
if len(host) == 0:
# Looks like the preferred connection could not be found
raise Exception('The preferred PostGIS connection, '
'%s could not be found, please check your Constrain Checker settings')
database = str(s.value("PostgreSQL/connections/%s/database" % selectedConnection, ''))
user = str(s.value("PostgreSQL/connections/%s/username" % selectedConnection, ''))
password = str(s.value("PostgreSQL/connections/%s/password" % selectedConnection, ''))
port = int(s.value("PostgreSQL/connections/%s/port" % selectedConnection, 5432))
auth_manager = QgsApplication.authManager()
conf = QgsAuthMethodConfig()
configs = {v.name(): k for k, v in auth_manager.availableAuthMethodConfigs().items()}
# name of config in auth must match the name of selected connection
try:
auth_manager.loadAuthenticationConfig(configs[selectedConnection], conf, True)
if conf.id():
user = conf.config('username', '')
password = conf.config('password', '')
except KeyError:
pass
dbConn = psycopg2.connect(database=database,
user=user,
password=password,
host=host,
port=port)
dbConn.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT)
return dbConn.cursor()
def setUpAuth(cls):
"""Run before all tests and set up authentication"""
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.sslrootcert_path = os.path.join(
cls.certsdata_path,
'chains_subissuer-issuer-root_issuer2-root2.pem')
cls.sslcert = os.path.join(cls.certsdata_path, 'gerardus_cert.pem')
cls.sslkey = os.path.join(cls.certsdata_path, 'gerardus_key.pem')
assert os.path.isfile(cls.sslcert)
assert os.path.isfile(cls.sslkey)
assert os.path.isfile(cls.sslrootcert_path)
os.chmod(cls.sslcert, stat.S_IRUSR)
os.chmod(cls.sslkey, stat.S_IRUSR)
os.chmod(cls.sslrootcert_path, stat.S_IRUSR)
cls.auth_config = QgsAuthMethodConfig("PKI-Paths")
cls.auth_config.setConfig('certpath', cls.sslcert)
cls.auth_config.setConfig('keypath', cls.sslkey)
cls.auth_config.setName('test_pki_auth_config')
cls.username = '******'
cls.sslrootcert = QSslCertificate.fromPath(cls.sslrootcert_path)
assert cls.sslrootcert is not None
authm.storeCertAuthorities(cls.sslrootcert)
authm.rebuildCaCertsCache()
authm.rebuildTrustedCaCertsCache()
assert (authm.storeAuthenticationConfig(cls.auth_config)[0])
assert cls.auth_config.isValid()
# cls.server_cert = os.path.join(cls.certsdata_path, 'localhost_ssl_cert.pem')
cls.server_cert = os.path.join(cls.certsdata_path,
'127_0_0_1_ssl_cert.pem')
# cls.server_key = os.path.join(cls.certsdata_path, 'localhost_ssl_key.pem')
cls.server_key = os.path.join(cls.certsdata_path,
'127_0_0_1_ssl_key.pem')
cls.server_rootcert = cls.sslrootcert_path
os.chmod(cls.server_cert, stat.S_IRUSR)
os.chmod(cls.server_key, stat.S_IRUSR)
os.chmod(cls.server_rootcert, stat.S_IRUSR)
os.environ['QGIS_SERVER_HOST'] = cls.hostname
os.environ['QGIS_SERVER_PORT'] = str(cls.port)
os.environ['QGIS_SERVER_PKI_KEY'] = cls.server_key
os.environ['QGIS_SERVER_PKI_CERTIFICATE'] = cls.server_cert
os.environ['QGIS_SERVER_PKI_USERNAME'] = cls.username
os.environ['QGIS_SERVER_PKI_AUTHORITY'] = cls.server_rootcert
def requestDownloading(self):
self.request = QNetworkRequest(self.url)
self.request.setAttribute(QNetworkRequest.Attribute(QgsNetworkRequestParameters.AttributeInitiatorClass), "QgsPluginInstallerInstallingDialog")
authcfg = repositories.all()[self.plugin["zip_repository"]]["authcfg"]
if authcfg and isinstance(authcfg, str):
if not QgsApplication.authManager().updateNetworkRequest(
self.request, authcfg.strip()):
self.mResult = self.tr(
"Update of network request with authentication "
"credentials FAILED for configuration '{0}'").format(authcfg)
self.request = None
if self.request is not None:
self.reply = QgsNetworkAccessManager.instance().get(self.request)
self.reply.downloadProgress.connect(self.readProgress)
self.reply.finished.connect(self.requestFinished)
self.stateChanged(4)
def setUpAuth(cls):
"""Run before all tests and set up authentication"""
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.pg_conf = os.path.join(cls.tempfolder, 'postgresql.conf')
cls.pg_hba = os.path.join(cls.tempfolder, 'pg_hba.conf')
# Client side
cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'chains_subissuer-issuer-root_issuer2-root2.pem')
assert os.path.isfile(cls.sslrootcert_path)
os.chmod(cls.sslrootcert_path, stat.S_IRUSR)
cls.auth_config = QgsAuthMethodConfig("Basic")
cls.auth_config.setConfig('username', cls.username)
cls.auth_config.setConfig('password', cls.password)
cls.auth_config.setName('test_basic_auth_config')
cls.sslrootcert = QSslCertificate.fromPath(cls.sslrootcert_path)
assert cls.sslrootcert is not None
authm.storeCertAuthorities(cls.sslrootcert)
authm.rebuildCaCertsCache()
authm.rebuildTrustedCaCertsCache()
authm.rebuildCertTrustCache()
assert (authm.storeAuthenticationConfig(cls.auth_config)[0])
assert cls.auth_config.isValid()
cls.authcfg = cls.auth_config.id()
# Server side
cls.server_cert = os.path.join(cls.certsdata_path, 'localhost_ssl_cert.pem')
cls.server_key = os.path.join(cls.certsdata_path, 'localhost_ssl_key.pem')
cls.server_rootcert = cls.sslrootcert_path
os.chmod(cls.server_cert, stat.S_IRUSR)
os.chmod(cls.server_key, stat.S_IRUSR)
os.chmod(cls.server_rootcert, stat.S_IRUSR)
# Place conf in the data folder
with open(cls.pg_conf, 'w+') as f:
f.write(QGIS_POSTGRES_CONF_TEMPLATE % {
'port': cls.port,
'tempfolder': cls.tempfolder,
'server_cert': cls.server_cert,
'server_key': cls.server_key,
'sslrootcert_path': cls.sslrootcert_path,
})
with open(cls.pg_hba, 'w+') as f:
f.write(QGIS_POSTGRES_HBA_TEMPLATE)
def getConfig(self, auth_method_id):
auth_cfg = QgsAuthMethodConfig()
auth_mgr = QgsApplication.authManager()
auth_mgr.loadAuthenticationConfig(auth_method_id, auth_cfg, True)
# Default values
username = None,
password = None,
url = "https://openapi-test.kartverket.no/v1/"
if auth_cfg.id():
username = auth_cfg.config('username', '')
password = auth_cfg.config('password', '')
if auth_cfg.uri():
url = auth_cfg.uri()
return url, username, password
def setUpClass(cls):
"""Run before all tests:
Creates an auth configuration"""
cls.port = QGIS_SERVER_ENDPOINT_PORT
# Clean env just to be sure
env_vars = ['QUERY_STRING', 'QGIS_PROJECT_FILE']
for ev in env_vars:
try:
del os.environ[ev]
except KeyError:
pass
cls.testdata_path = unitTestDataPath('qgis_server') + '/'
cls.project_path = cls.testdata_path + "test_project.qgs"
# Enable auth
# os.environ['QGIS_AUTH_PASSWORD_FILE'] = QGIS_AUTH_PASSWORD_FILE
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.auth_config = QgsAuthMethodConfig('Basic')
cls.auth_config.setName('test_auth_config')
cls.username = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(6))
cls.password = cls.username[::-1] # reversed
cls.auth_config.setConfig('username', cls.username)
cls.auth_config.setConfig('password', cls.password)
assert (authm.storeAuthenticationConfig(cls.auth_config)[0])
cls.hostname = '127.0.0.1'
cls.protocol = 'http'
os.environ['QGIS_SERVER_HTTP_BASIC_AUTH'] = '1'
os.environ['QGIS_SERVER_USERNAME'] = cls.username
os.environ['QGIS_SERVER_PASSWORD'] = cls.password
os.environ['QGIS_SERVER_PORT'] = str(cls.port)
os.environ['QGIS_SERVER_HOST'] = cls.hostname
server_path = os.path.dirname(os.path.realpath(__file__)) + \
'/qgis_wrapped_server.py'
cls.server = subprocess.Popen([sys.executable, server_path],
env=os.environ, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
line = cls.server.stdout.readline()
cls.port = int(re.findall(b':(\d+)', line)[0])
assert cls.port != 0
# Wait for the server process to start
assert waitServer('%s://%s:%s' % (cls.protocol, cls.hostname, cls.port)), "Server is not responding! %s://%s:%s" % (cls.protocol, cls.hostname, cls.port)
def setUpClass(cls):
"""Run before all tests:
Creates an auth configuration"""
cls.port = QGIS_SERVER_ENDPOINT_PORT
# Clean env just to be sure
env_vars = ['QUERY_STRING', 'QGIS_PROJECT_FILE']
for ev in env_vars:
try:
del os.environ[ev]
except KeyError:
pass
cls.testdata_path = unitTestDataPath('qgis_server') + '/'
cls.project_path = cls.testdata_path + "test_project.qgs"
# Enable auth
# os.environ['QGIS_AUTH_PASSWORD_FILE'] = QGIS_AUTH_PASSWORD_FILE
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.auth_config = QgsAuthMethodConfig('Basic')
cls.auth_config.setName('test_auth_config')
cls.username = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(6))
cls.password = cls.username[::-1] # reversed
cls.auth_config.setConfig('username', cls.username)
cls.auth_config.setConfig('password', cls.password)
assert (authm.storeAuthenticationConfig(cls.auth_config)[0])
cls.hostname = '127.0.0.1'
cls.protocol = 'http'
os.environ['QGIS_SERVER_HTTP_BASIC_AUTH'] = '1'
os.environ['QGIS_SERVER_USERNAME'] = cls.username
os.environ['QGIS_SERVER_PASSWORD'] = cls.password
os.environ['QGIS_SERVER_PORT'] = str(cls.port)
os.environ['QGIS_SERVER_HOST'] = cls.hostname
server_path = os.path.dirname(os.path.realpath(__file__)) + \
'/qgis_wrapped_server.py'
cls.server = subprocess.Popen([sys.executable, server_path],
env=os.environ, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
line = cls.server.stdout.readline()
cls.port = int(re.findall(b':(\d+)', line)[0])
assert cls.port != 0
# Wait for the server process to start
assert waitServer('%s://%s:%s' % (cls.protocol, cls.hostname, cls.port)), "Server is not responding! %s://%s:%s" % (cls.protocol, cls.hostname, cls.port)
def setUpClass(cls):
"""Run before all tests:
Creates an auth configuration"""
cls.port = QGIS_SERVER_ENDPOINT_PORT
# Clean env just to be sure
env_vars = ['QUERY_STRING', 'QGIS_PROJECT_FILE']
for ev in env_vars:
try:
del os.environ[ev]
except KeyError:
pass
cls.testdata_path = unitTestDataPath('qgis_server')
cls.certsdata_path = os.path.join(unitTestDataPath('auth_system'), 'certs_keys')
cls.project_path = os.path.join(cls.testdata_path, "test_project.qgs")
# cls.hostname = 'localhost'
cls.protocol = 'https'
cls.hostname = '127.0.0.1'
cls.username = '******'
cls.password = '******'
cls.setUpAuth()
server_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),
'qgis_wrapped_server.py')
cls.server = subprocess.Popen([sys.executable, server_path],
env=os.environ, stdout=subprocess.PIPE)
line = cls.server.stdout.readline()
cls.port = int(re.findall(b':(\d+)', line)[0])
assert cls.port != 0
# We need a valid port before we setup the oauth configuration
cls.token_uri = '%s://%s:%s/token' % (cls.protocol, cls.hostname, cls.port)
cls.refresh_token_uri = '%s://%s:%s/refresh' % (cls.protocol, cls.hostname, cls.port)
# Need a random authcfg or the cache will bites us back!
cls.authcfg_id = setup_oauth(cls.username, cls.password, cls.token_uri, cls.refresh_token_uri, str(random.randint(0, 10000000)))
# This is to test wrong credentials
cls.wrong_authcfg_id = setup_oauth('wrong', 'wrong', cls.token_uri, cls.refresh_token_uri, str(random.randint(0, 10000000)))
# Get the authentication configuration instance:
cls.auth_config = QgsApplication.authManager().availableAuthMethodConfigs()[cls.authcfg_id]
assert cls.auth_config.isValid()
# Wait for the server process to start
assert waitServer('%s://%s:%s' % (cls.protocol, cls.hostname, cls.port)), "Server is not responding! %s://%s:%s" % (cls.protocol, cls.hostname, cls.port)
def setUpClass(cls):
"""Run before all tests:
Creates an auth configuration"""
cls.port = QGIS_SERVER_ENDPOINT_PORT
# Clean env just to be sure
env_vars = ['QUERY_STRING', 'QGIS_PROJECT_FILE']
for ev in env_vars:
try:
del os.environ[ev]
except KeyError:
pass
cls.testdata_path = unitTestDataPath('qgis_server')
cls.certsdata_path = os.path.join(unitTestDataPath('auth_system'), 'certs_keys')
cls.project_path = os.path.join(cls.testdata_path, "test_project.qgs")
# cls.hostname = 'localhost'
cls.protocol = 'https'
cls.hostname = '127.0.0.1'
cls.username = '******'
cls.password = '******'
cls.setUpAuth()
server_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),
'qgis_wrapped_server.py')
cls.server = subprocess.Popen([sys.executable, server_path],
env=os.environ, stdout=subprocess.PIPE)
line = cls.server.stdout.readline()
cls.port = int(re.findall(b':(\d+)', line)[0])
assert cls.port != 0
# We need a valid port before we setup the oauth configuration
cls.token_uri = '%s://%s:%s/token' % (cls.protocol, cls.hostname, cls.port)
cls.refresh_token_uri = '%s://%s:%s/refresh' % (cls.protocol, cls.hostname, cls.port)
# Need a random authcfg or the cache will bites us back!
cls.authcfg_id = setup_oauth(cls.username, cls.password, cls.token_uri, cls.refresh_token_uri, str(random.randint(0, 10000000)))
# This is to test wrong credentials
cls.wrong_authcfg_id = setup_oauth('wrong', 'wrong', cls.token_uri, cls.refresh_token_uri, str(random.randint(0, 10000000)))
# Get the authentication configuration instance:
cls.auth_config = QgsApplication.authManager().availableAuthMethodConfigs()[cls.authcfg_id]
assert cls.auth_config.isValid()
# Wait for the server process to start
assert waitServer('%s://%s:%s' % (cls.protocol, cls.hostname, cls.port)), "Server is not responding! %s://%s:%s" % (cls.protocol, cls.hostname, cls.port)
def set_3di_auth(personal_api_key, username="******"):
"""Setting 3Di credentials in the QGIS Authorization Manager."""
settings = QSettings()
authcfg = settings.value("threedi/authcfg", None)
cfg = QgsAuthMethodConfig()
auth_manager = QgsApplication.authManager()
auth_manager.setMasterPassword()
auth_manager.loadAuthenticationConfig(authcfg, cfg, True)
if cfg.id():
cfg.setConfig("username", username)
cfg.setConfig("password", personal_api_key)
auth_manager.updateAuthenticationConfig(cfg)
else:
cfg.setMethod("Basic")
cfg.setName("3Di Personal Api Key")
cfg.setConfig("username", username)
cfg.setConfig("password", personal_api_key)
auth_manager.storeAuthenticationConfig(cfg)
settings.setValue("threedi/authcfg", cfg.id())
def setUpAuth(cls):
"""Run before all tests and set up authentication"""
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'chains_subissuer-issuer-root_issuer2-root2.pem')
cls.sslcert = os.path.join(cls.certsdata_path, 'gerardus_cert.pem')
cls.sslkey = os.path.join(cls.certsdata_path, 'gerardus_key.pem')
assert os.path.isfile(cls.sslcert)
assert os.path.isfile(cls.sslkey)
assert os.path.isfile(cls.sslrootcert_path)
os.chmod(cls.sslcert, stat.S_IRUSR)
os.chmod(cls.sslkey, stat.S_IRUSR)
os.chmod(cls.sslrootcert_path, stat.S_IRUSR)
cls.auth_config = QgsAuthMethodConfig("PKI-Paths")
cls.auth_config.setConfig('certpath', cls.sslcert)
cls.auth_config.setConfig('keypath', cls.sslkey)
cls.auth_config.setName('test_pki_auth_config')
cls.username = '******'
cls.sslrootcert = QSslCertificate.fromPath(cls.sslrootcert_path)
assert cls.sslrootcert is not None
authm.storeCertAuthorities(cls.sslrootcert)
authm.rebuildCaCertsCache()
authm.rebuildTrustedCaCertsCache()
assert (authm.storeAuthenticationConfig(cls.auth_config)[0])
assert cls.auth_config.isValid()
# cls.server_cert = os.path.join(cls.certsdata_path, 'localhost_ssl_cert.pem')
cls.server_cert = os.path.join(cls.certsdata_path, '127_0_0_1_ssl_cert.pem')
# cls.server_key = os.path.join(cls.certsdata_path, 'localhost_ssl_key.pem')
cls.server_key = os.path.join(cls.certsdata_path, '127_0_0_1_ssl_key.pem')
cls.server_rootcert = cls.sslrootcert_path
os.chmod(cls.server_cert, stat.S_IRUSR)
os.chmod(cls.server_key, stat.S_IRUSR)
os.chmod(cls.server_rootcert, stat.S_IRUSR)
os.environ['QGIS_SERVER_HOST'] = cls.hostname
os.environ['QGIS_SERVER_PORT'] = str(cls.port)
os.environ['QGIS_SERVER_PKI_KEY'] = cls.server_key
os.environ['QGIS_SERVER_PKI_CERTIFICATE'] = cls.server_cert
os.environ['QGIS_SERVER_PKI_USERNAME'] = cls.username
os.environ['QGIS_SERVER_PKI_AUTHORITY'] = cls.server_rootcert
def readDatabaseParamsFromSettings(self, usedDatabaseConnectionName):
settings = QSettings()
settings.beginGroup(YleiskaavaSettings.PG_CONNECTIONS + "/" +
usedDatabaseConnectionName)
params = {}
auth_cfg_id = parse_value(settings.value("authcfg"))
username_saved = parse_value(settings.value("saveUsername"))
pwd_saved = parse_value(settings.value("savePassword"))
for qgs_key, psyc_key in YleiskaavaDatabase.QGS_SETTINGS_PSYCOPG2_PARAM_MAP.items(
):
params[psyc_key] = parse_value(settings.value(qgs_key))
settings.endGroup()
# username or password might have to be asked separately
if not username_saved:
params["user"] = None
if not pwd_saved:
params["password"] = None
if auth_cfg_id is not None and auth_cfg_id != "":
# LOGGER.info(f"Auth cfg: {auth_cfg_id}")
# Auth config is being used to store the username and password
auth_config = QgsAuthMethodConfig()
authMgr = QgsApplication.authManager()
authMgr.loadAuthenticationConfig(auth_cfg_id, auth_config, True)
if auth_config.isValid():
params["user"] = auth_config.configMap().get("username")
params["password"] = auth_config.configMap().get("password")
else:
raise QaavaAuthConfigException()
# LOGGER.info(f"PR{params} {username_saved} {pwd_saved}")
return params
def _getOnlineLayer(self, type_name, layer_name=None):
"""
Return a new WFS layer, overriding the WFS cache
"""
if layer_name is None:
layer_name = 'wfs_' + type_name
parms = {
'srsname': 'EPSG:4326',
'typename': type_name,
'url': 'http://127.0.0.1:%s/%s/?map=%s' % (self.port,
self.counter,
self.project_path),
'version': 'auto',
'table': '',
#'sql': '',
}
self.counter += 1
uri = ' '.join([("%s='%s'" % (k, v)) for k, v in list(parms.items())])
wfs_layer = QgsVectorLayer(uri, layer_name, 'WFS')
wfs_layer.setParent(QgsApplication.authManager())
assert wfs_layer.isValid()
return wfs_layer
def _getOnlineLayer(self, type_name, layer_name=None):
"""
Return a new WFS layer, overriding the WFS cache
"""
if layer_name is None:
layer_name = 'wfs_' + type_name
parms = {
'srsname': 'EPSG:4326',
'typename': type_name,
'url': 'http://127.0.0.1:%s/%s/?map=%s' % (self.port,
self.counter,
self.project_path),
'version': 'auto',
'table': '',
#'sql': '',
}
self.counter += 1
uri = ' '.join([("%s='%s'" % (k, v)) for k, v in list(parms.items())])
wfs_layer = QgsVectorLayer(uri, layer_name, 'WFS')
wfs_layer.setParent(QgsApplication.authManager())
assert wfs_layer.isValid()
return wfs_layer
def set_mergin_auth(url, username, password):
settings = QSettings()
authcfg = settings.value('Mergin/authcfg', None)
cfg = QgsAuthMethodConfig()
auth_manager = QgsApplication.authManager()
auth_manager.setMasterPassword()
auth_manager.loadAuthenticationConfig(authcfg, cfg, True)
if cfg.id():
cfg.setUri(url)
cfg.setConfig("username", username)
cfg.setConfig("password", password)
auth_manager.updateAuthenticationConfig(cfg)
else:
cfg.setMethod("Basic")
cfg.setName("mergin")
cfg.setUri(url)
cfg.setConfig("username", username)
cfg.setConfig("password", password)
auth_manager.storeAuthenticationConfig(cfg)
settings.setValue('Mergin/authcfg', cfg.id())
settings.setValue('Mergin/server', url)
def setUpClass(cls):
"""Run before all tests:"""
QCoreApplication.setOrganizationName("QGIS_Test")
QCoreApplication.setOrganizationDomain(cls.__name__)
QCoreApplication.setApplicationName(cls.__name__)
start_app()
cls.authm = QgsApplication.authManager()
assert (cls.authm.setMasterPassword('masterpassword', True))
assert not cls.authm.isDisabled(), cls.authm.disabledMessage()
cls.auth_config = QgsAuthMethodConfig("Basic")
cls.auth_config.setConfig('username', "qgis")
cls.auth_config.setConfig('password', "myPasswd!")
cls.auth_config.setName('test_basic_auth_config')
assert(cls.authm.storeAuthenticationConfig(cls.auth_config)[0])
assert cls.auth_config.isValid()
registry = QgsApplication.instance().externalStorageRegistry()
assert registry
cls.storage = registry.externalStorageFromType(cls.storageType)
assert cls.storage
def setUpClass(cls):
"""Run before all tests:
Creates an auth configuration"""
cls.username = '******'
cls.password = '******'
cls.dbname = 'qgis_test'
cls.hostname = 'postgres'
cls.port = '5432'
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.certsdata_path = os.path.join(unitTestDataPath('auth_system'),
'certs_keys')
cls.sslrootcert_path = os.path.join(
cls.certsdata_path,
'chains_subissuer-issuer-root_issuer2-root2.pem')
def printMessage(tag, msg, level):
with open('/tmp/fmt.log', 'a') as f:
f.write('{}: {}'.format(tag, msg))
QgsApplication.instance().messageLog().messageReceived.connect(
printMessage)
def requestFetching(self, key, url=None, redirectionCounter=0):
""" start fetching the repository given by key """
self.mRepositories[key]["state"] = 1
if not url:
url = QUrl(self.mRepositories[key]["url"] + self.urlParams())
# v=str(Qgis.QGIS_VERSION_INT)
# url.addQueryItem('qgis', '.'.join([str(int(s)) for s in [v[0], v[1:3]]]) ) # don't include the bugfix version!
self.mRepositories[key]["QRequest"] = QNetworkRequest(url)
self.mRepositories[key]["QRequest"].setAttribute(
QNetworkRequest.Attribute(
QgsNetworkRequestParameters.AttributeInitiatorClass), "Relay")
self.mRepositories[key]["QRequest"].setAttribute(
QNetworkRequest.FollowRedirectsAttribute, True)
authcfg = self.mRepositories[key]["authcfg"]
if authcfg and isinstance(authcfg, str):
if not QgsApplication.authManager().updateNetworkRequest(
self.mRepositories[key]["QRequest"], authcfg.strip()):
msg = QCoreApplication.translate(
"QgsPluginInstaller",
"Update of network request with authentication "
"credentials FAILED for configuration '{0}'").format(
authcfg)
iface.pluginManagerInterface().pushMessage(msg, Qgis.Warning)
self.mRepositories[key]["QRequest"] = None
return
self.mRepositories[key]["QRequest"].setAttribute(
QNetworkRequest.User, key)
self.mRepositories[key]["xmlData"] = QgsNetworkAccessManager.instance(
).get(self.mRepositories[key]["QRequest"])
self.mRepositories[key]["xmlData"].setProperty('reposName', key)
self.mRepositories[key]["xmlData"].setProperty('redirectionCounter',
redirectionCounter)
self.mRepositories[key]["xmlData"].downloadProgress.connect(
self.mRepositories[key]["Relay"].dataReadProgress)
self.mRepositories[key]["xmlDataFinished"] = self.mRepositories[key][
"xmlData"].finished.connect(self.xmlDownloaded)
def setUpAuth(cls):
"""Run before all tests and set up authentication"""
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.sslrootcert_path = os.path.join(
cls.certsdata_path,
'chains_subissuer-issuer-root_issuer2-root2.pem')
assert os.path.isfile(cls.sslrootcert_path)
os.chmod(cls.sslrootcert_path, stat.S_IRUSR)
cls.sslrootcert = QSslCertificate.fromPath(cls.sslrootcert_path)
assert cls.sslrootcert is not None
authm.storeCertAuthorities(cls.sslrootcert)
authm.rebuildCaCertsCache()
authm.rebuildTrustedCaCertsCache()
cls.server_cert = os.path.join(cls.certsdata_path,
'127_0_0_1_ssl_cert.pem')
cls.server_key = os.path.join(cls.certsdata_path,
'127_0_0_1_ssl_key.pem')
cls.server_rootcert = cls.sslrootcert_path
os.chmod(cls.server_cert, stat.S_IRUSR)
os.chmod(cls.server_key, stat.S_IRUSR)
os.chmod(cls.server_rootcert, stat.S_IRUSR)
os.environ['QGIS_SERVER_HOST'] = cls.hostname
os.environ['QGIS_SERVER_PORT'] = str(cls.port)
os.environ['QGIS_SERVER_OAUTH2_KEY'] = cls.server_key
os.environ['QGIS_SERVER_OAUTH2_CERTIFICATE'] = cls.server_cert
os.environ['QGIS_SERVER_OAUTH2_USERNAME'] = cls.username
os.environ['QGIS_SERVER_OAUTH2_PASSWORD'] = cls.password
os.environ['QGIS_SERVER_OAUTH2_AUTHORITY'] = cls.server_rootcert
# Set default token expiration to 2 seconds, note that this can be
# also controlled when issuing token requests by adding ttl=<int>
# to the query string
os.environ['QGIS_SERVER_OAUTH2_TOKEN_EXPIRES_IN'] = '2'
def run(self):
QgsMessageLog.logMessage(f"GeoRectifyTask.run, process: %s" %
self.name,
tag="OAW",
level=Qgis.Info)
try:
self.set_status('running', 'started')
input_tif = os.path.join(self.options["staging_folder"],
self.name + ".tif")
scripts_folder = os.path.join(QgsApplication.prefixPath(), "..",
"Python37/Scripts")
geo_rectify = GeoRectifyFactory.create(
input=input_tif,
qgis_scripts=scripts_folder,
min_points=self.options["min_points"],
gdal_threads=self.options["gdal_threads"])
geo_rectify.on_progress += self.on_progress
geo_rectify.process()
auth_id = self.options["remote_authid"]
auth_manager = QgsApplication.authManager()
auth_cfg = QgsAuthMethodConfig()
auth_manager.loadAuthenticationConfig(auth_id, auth_cfg, True)
if auth_cfg.id():
username = auth_cfg.config('username', '')
password = auth_cfg.config('password', '')
uri = auth_cfg.uri()
# call FTP task
QgsMessageLog.logMessage(f"GeoRectifyTask.run, URI: %s" %
str(uri),
tag="OAW",
level=Qgis.Info)
QgsMessageLog.logMessage(f"GeoRectifyTask.run, username: %s" %
str(username),
tag="OAW",
level=Qgis.Info)
QgsMessageLog.logMessage(f"GeoRectifyTask.run, password: %s" %
"***********",
tag="OAW",
level=Qgis.Info)
# upload file via SFTP
output_tif = input_tif.replace(".tif", "_grf_fin.tif")
remote_folder = self.options[
"remote_folder"] if "remote_folder" in self.options else "public"
cnopts = pysftp.CnOpts()
cnopts.hostkeys = None
with pysftp.Connection(uri,
username=username,
password=password,
cnopts=cnopts) as sftp:
with sftp.cd(remote_folder):
sftp.put(output_tif, remotepath=self.name + ".tif")
# Remove intermediate file (if requested)
if self.options["remove_file_after"] == Qt.Checked:
os.remove(output_tif)
QgsMessageLog.logMessage(
f"GeoRectifyTask.run, removing intermediate file: %s" %
output_tif,
tag="OAW",
level=Qgis.Info)
else:
raise Exception(
"Failed to extract information from the QGIS authentication manager using authid: %s"
% auth_id)
self.set_status('completed', 'done')
except Exception as e:
self.exception = e
self.set_status('failed', str(e))
QgsMessageLog.logMessage(f"GeoRectifyTask.run, exception: %s" %
str(e),
tag="OAW",
level=Qgis.Warning)
self.handlers["on_completed"](self)
QgsMessageLog.logMessage(f"GeoRectifyTask.run, result: %s" %
self.status,
tag="OAW",
level=Qgis.Info)
return self.status == 'completed'
def auth_token(self):
return QgsApplication.authManager().authSetting("gmf_admin_auth_token",
"",
decrypt=True)
def load_work_layers(self):
def check_conn(host, port, database, user, password):
try:
conn = psycopg2.connect(host=host,port=port, database=database, user=user, password=password, connect_timeout=1)
conn.close()
#self.iface.messageBar().pushMessage(self.tr('Povezava uspešna'))
return True
except:
#self.iface.messageBar().pushMessage(self.tr('Povezava neuspešna, napačen uporabnik ali geslo!'))
return False
host = parameters(self)[0]
database = parameters(self)[1]
port = parameters(self)[4]
table = get_work_layers(self)
uri = QgsDataSourceUri()
root = QgsProject.instance().layerTreeRoot()
self.host = parameters(self)[0]
self.database = parameters(self)[1]
self.port = parameters(self)[4]
#Input authentication
authcfg = self.dlg.mAuthConfigSelect.configId()
auth_mgr = QgsApplication.authManager()
auth_cfg = QgsAuthMethodConfig()
auth_mgr.loadAuthenticationConfig(authcfg, auth_cfg, True)
auth = auth_cfg.configMap()
# Input Username, password
user = self.dlg.user_input.text()
password = self.dlg.pass_input.text()
def auth_text(user, password):
authMgr = QgsApplication.authManager()
cfg = QgsAuthMethodConfig()
cfg.setName(user)
cfg.setMethod('Basic')
cfg.setConfig('username', user)
cfg.setConfig('password', password)
authMgr.storeAuthenticationConfig(cfg)
return(cfg)
aut_meth = 0
if user:
check_conn(host, port, database, user, password)
authentication = auth_text(user, password)
aut_meth = 1
elif auth_mgr:
try:
check_conn(host, port, database, auth["username"], auth["password"])
authentication = auth_cfg
except:
pass
else:
self.iface.messageBar().pushMessage(self.tr("Napačen uporabnik ali geslo."), self.tr("Potrdi za javni dostop."), level=Qgis.Critical)
text = self.tr('Uporabljam javni dostop:')
uri.setConnection(host, port, database, None, None)
(success, user, passwd) = QgsCredentials.instance().get(text, parameters(self)[3], parameters(self)[2])
if success:
if check_conn(host, port, database, user, passwd):
user = user
password = passwd
else:
check_conn(host, port, database, user, passwd)
self.iface.messageBar().pushMessage(self.tr('Povezava neuspešna, napačen uporabnik ali geslo!'))
#List of groups and layers
w_layers = [r[1] for r in table.getFeatures()]
groups = [self.tr('Delovni sloji')]
def load_wl(shema, table, geom, sql, fid):
if geom == '':
geom = None
uri.setConnection(self.host, self.port, self.database, "", "", QgsDataSourceUri.SslDisable,"")
uri.setAuthConfigId(authentication.id())
uri.setDataSource(shema, table, geom, sql, fid)
layer=QgsVectorLayer (uri .uri(False), table, "postgres")
return layer
#Attribute form config for layer ZLS Int
def field_to_value_relation(layer):
fields = layer.fields()
pattern = re.compile(r'Vrsta')
fields_vrsta = [field for field in fields if pattern.match(field.name())]
if len(fields_vrsta) > 0:
config = {'AllowMulti': False,
'AllowNull': False,
'FilterExpression': 'Sloj = current_value(\'Sloj\') and \"Opombe\" =\'kategorije\'',
'Key': 'Vrsta',
'Layer': layer.id(),
'NofColumns': 1,
'OrderByValue': False,
'UseCompleter': False,
'Value': 'Vrsta'}
for field in fields_vrsta:
field_idx = fields.indexOf(field.name())
if field_idx >= 0:
try:
widget_setup = QgsEditorWidgetSetup('ValueRelation',config)
layer.setEditorWidgetSetup(field_idx, widget_setup)
except:
pass
else:
return False
else:
return False
return True
#Join fields function
def field_join(t_layer, s_layer, t_field, s_field):
joinObject = QgsVectorLayerJoinInfo()
joinObject.setJoinFieldName(s_field)
joinObject.setTargetFieldName(t_field)
joinObject.setJoinLayerId(s_layer.id())
joinObject.setUsingMemoryCache(True)
joinObject.setJoinLayer(s_layer)
t_layer.addJoin(joinObject)
#Populate list of accessible layers
layers_list = []
for f in table.getFeatures():
if f[3] != 'admin':
print(f[2])
try:
layer = load_wl(f[2], f[1], f[4], "", f[5])
if layer.isValid():
layers_list.append(layer)
except:
continue
if not root.findGroup(self.tr('Delovni sloji')) and len(layers_list) != 0:
w_group = root.addGroup(self.tr('Delovni sloji'))
else:
w_group = root.findGroup(self.tr('Delovni sloji'))
# load layers
for current, layer in enumerate(layers_list):
QgsProject.instance().addMapLayer(layer, False)
w_group.insertChildNode(current, QgsLayerTreeLayer(layer))
myLayerNode = root.findLayer(layer.id())
myLayerNode.setExpanded(False)
if layer.name() == 'ZLS Interpretacija_delovno':
field_to_value_relation(layer)
if aut_meth == 1:
authMgr = QgsApplication.authManager()
authMgr.removeAuthenticationConfig(authentication.id())
def connChanged(self, conn_name='', schema_name=''):
# close any existing connection to a river database
if self.rdb:
self.addInfo("Closing existing connection to {0}@{1} river database".format(self.rdb.dbname, self.rdb.host))
self.rdb.disconnect_pg()
self.rdb = None
else:
pass
s = QSettings()
s.beginGroup('/PostgreSQL/connections')
connsNames = s.childGroups()
if conn_name in connsNames:
self.curConnName = conn_name
else:
self.curConnName = self.ui.connsCbo.currentText()
self.ui.connsCbo.clear()
self.ui.connsCbo.addItem('')
for conn in connsNames:
self.ui.connsCbo.addItem(conn)
try:
i = connsNames.index(self.curConnName) + 1
except ValueError:
i = 0
self.ui.connsCbo.setCurrentIndex(i)
if self.ui.connsCbo.currentIndex() == 0:
self.ui.schemasCbo.clear()
self.ui.schemasCbo.addItem('')
self.disableActions()
return
connName = self.ui.connsCbo.currentText()
s.endGroup()
s.beginGroup('/PostgreSQL/connections/{0}'.format(connName))
# first try to get the credentials from AuthManager, then from the basic settings
authconf = s.value('authcfg', None)
if authconf:
auth_manager = QgsApplication.authManager()
conf = QgsAuthMethodConfig()
auth_manager.loadAuthenticationConfig(authconf, conf, True)
if conf.id():
self.user = conf.config('username', '')
self.passwd = conf.config('password', '')
else:
self.user = s.value('username')
self.passwd = s.value('password')
self.host = s.value('host')
self.port = s.value('port')
self.database = s.value('database')
s.endGroup()
# create a new connection to river database
self.rdb = rivdb.RiverDatabase(self, self.database, self.host, self.port, self.user, self.passwd)
self.rdb.SRID = int(self.crs.postgisSrid())
if self.rdb.connect_pg():
self.addInfo('Created connection to river database: {0}@{1}'.format(self.rdb.dbname, self.rdb.host))
self.rdb.last_conn = connName
else:
info = 'Couldn\'t connect to river database: {0}@{1}'.format(self.rdb.dbname, self.rdb.host)
info += '\nPlease, check you database connection settings!'
self.addInfo(info)
self.ui.schemasCbo.clear()
return
# refresh schemas combo
schemaName = self.ui.schemasCbo.currentText()
qry = "SELECT nspname FROM pg_namespace WHERE nspname !~ '^pg_' AND nspname != 'information_schema' ORDER BY nspname"
schemas = self.rdb.run_query(qry, fetch=True)
self.ui.schemasCbo.clear()
self.ui.schemasCbo.addItem('')
if not schemas:
schemas = []
for schema in schemas:
self.ui.schemasCbo.addItem(schema[0])
if schema_name:
schemaExists = self.ui.schemasCbo.findText(schema_name)
else:
schemaExists = self.ui.schemasCbo.findText(schemaName)
if schemaExists:
self.ui.schemasCbo.setCurrentIndex(schemaExists)
self.enableDBActions()
self.schemaChanged()
def test_validate_pki_bundle(self):
"""Text the pki bundle validation"""
# Valid bundle:
bundle = self.mkPEMBundle('fra_cert.pem', 'fra_key.pem', 'password',
'chain_subissuer-issuer-root.pem')
# Test valid bundle with intermediates and without trusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), [
'The root certificate of the certificate chain is self-signed, and untrusted'
])
# Test valid without intermediates
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), [
'The issuer certificate of a locally looked up certificate could not be found',
'No certificates could be verified'
])
# Test valid with intermediates and trusted root
self.assertEqual(
QgsAuthCertUtils.validatePKIBundle(bundle, True, True), [])
# Wrong chain
bundle = self.mkPEMBundle('fra_cert.pem', 'fra_key.pem', 'password',
'chain_issuer2-root2.pem')
# Test invalid bundle with intermediates and without trusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), [
'The issuer certificate of a locally looked up certificate could not be found',
'No certificates could be verified'
])
# Test valid without intermediates
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), [
'The issuer certificate of a locally looked up certificate could not be found',
'No certificates could be verified'
])
# Test valid with intermediates and trusted root
self.assertEqual(
QgsAuthCertUtils.validatePKIBundle(bundle, True, True), [
'The issuer certificate of a locally looked up certificate could not be found',
'No certificates could be verified'
])
# Wrong key
bundle = self.mkPEMBundle('fra_cert.pem', 'ptolemy_key.pem',
'password',
'chain_subissuer-issuer-root.pem')
# Test invalid bundle with intermediates and without trusted root
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), [
'The root certificate of the certificate chain is self-signed, and untrusted',
'Private key does not match client certificate public key.'
])
# Test invalid without intermediates
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), [
'The issuer certificate of a locally looked up certificate could not be found',
'No certificates could be verified',
'Private key does not match client certificate public key.'
])
# Test invalid with intermediates and trusted root
self.assertEqual(
QgsAuthCertUtils.validatePKIBundle(bundle, True, True),
['Private key does not match client certificate public key.'])
# Expired root CA
bundle = self.mkPEMBundle('piri_cert.pem', 'piri_key.pem', 'password',
'chain_issuer3-root3-EXPIRED.pem')
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), [
'The root certificate of the certificate chain is self-signed, and untrusted',
'The certificate has expired'
])
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), [
'The issuer certificate of a locally looked up certificate could not be found',
'No certificates could be verified'
])
self.assertEqual(
QgsAuthCertUtils.validatePKIBundle(bundle, True, True), [
'The root certificate of the certificate chain is self-signed, and untrusted',
'The certificate has expired'
])
# Expired intermediate CA
bundle = self.mkPEMBundle('marinus_cert-EXPIRED.pem',
'marinus_key_w-pass.pem', 'password',
'chain_issuer2-root2.pem')
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), [
'The root certificate of the certificate chain is self-signed, and untrusted',
'The certificate has expired'
])
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), [
'The issuer certificate of a locally looked up certificate could not be found',
'No certificates could be verified'
])
self.assertEqual(
QgsAuthCertUtils.validatePKIBundle(bundle, True, True),
['The certificate has expired'])
# Expired client cert
bundle = self.mkPEMBundle('henricus_cert.pem',
'henricus_key_w-pass.pem', 'password',
'chain_issuer4-EXPIRED-root2.pem')
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle), [
'The root certificate of the certificate chain is self-signed, and untrusted',
'The certificate has expired'
])
self.assertEqual(QgsAuthCertUtils.validatePKIBundle(bundle, False), [
'The issuer certificate of a locally looked up certificate could not be found',
'No certificates could be verified'
])
self.assertEqual(
QgsAuthCertUtils.validatePKIBundle(bundle, True, True),
['The certificate has expired'])
# Untrusted root, positive test before untrust is applied
bundle = self.mkPEMBundle('nicholas_cert.pem', 'nicholas_key.pem',
'password', 'chain_issuer2-root2.pem')
# Test valid with intermediates and trusted root
self.assertEqual(
QgsAuthCertUtils.validatePKIBundle(bundle, True, True), [])
# Untrust this root
root2 = QgsAuthCertUtils.certFromFile(PKIDATA + '/' +
'root2_ca_cert.pem')
QgsApplication.authManager().storeCertAuthority(root2)
self.assertTrue(QgsApplication.authManager().storeCertTrustPolicy(
root2, QgsAuthCertUtils.Untrusted))
QgsApplication.authManager().rebuildCaCertsCache()
# Test valid with intermediates and untrusted root
self.assertEqual(
QgsAuthCertUtils.validatePKIBundle(bundle, True, True), [
'The issuer certificate of a locally looked up certificate could not be found'
])
def __init__(self, parent=None, iface=None, visible=False):
super(PlanetExplorerDockWidget, self).__init__(parent)
# Set up the user interface from Designer.
# After setupUI you can access any designer object by doing
# self.<objectname>, and you can use autoconnect slots - see
# http://doc.qt.io/qt-5/designer-using-a-ui-file.html
# #widgets-and-dialogs-with-auto-connect
self.setupUi(self)
self.setVisible(visible)
self._iface = iface
# noinspection PyArgumentList
self._auth_man = QgsApplication.authManager()
self.p_client = None
self.api_key = None
self._save_creds = bool(
pluginSetting(SAVE_CREDS_KEY,
namespace=SETTINGS_NAMESPACE,
typ='bool'))
self.leUser.addAction(
QIcon(':/plugins/planet_explorer/envelope-gray.svg'),
QLineEdit.LeadingPosition)
self.lblSignUp.linkActivated[str].connect(
lambda: self._open_link_with_browser(SIGNUP_URL))
self.lblTermsOfService.linkActivated[str].connect(
lambda: self._open_link_with_browser(TOS_URL))
self.lblForgotPass.linkActivated[str].connect(
lambda: self._open_link_with_browser(FORGOT_PASS_URL))
self.btn_ok = self.buttonBoxLogin.button(QDialogButtonBox.Ok)
self.btn_ok.setText('Sign In')
self.btn_api_key = self.buttonBoxLogin.button(QDialogButtonBox.Abort)
""":type: QPushButton"""
self.btn_api_key.setText('Use API key')
self.btn_api_key.hide()
self.buttonBoxLogin.accepted.connect(self.login)
self.buttonBoxLogin.rejected.connect(self.api_key_login)
self._setup_group_type_selector()
self.cmbBoxItemGroupType.currentIndexChanged[int].connect(
self._item_group_changed)
self._toggle_search_highlight(True)
self.btnSearch.clicked[bool].connect(self.perform_search)
# Collected sources/filters, upon search request
self._sources = None
self._sort_order = None
self._filters = None
self._request = None
# Set up the mosaics widget
self._setup_mosaics_panel()
# Set up AOI, date-range and text filters
self._setup_main_filters()
# Non-main, per-item-group control widget filters
self._filter_widget_registry = {}
self._setup_filter_widgets()
# Set default group type and filter widget
self.cmbBoxItemGroupType.setCurrentIndex(0)
self.stckdWidgetFilters.setCurrentIndex(0)
# Set up tabbed widget
self.tabWidgetResults.tabCloseRequested[int].connect(
self.tab_close_requested)
# Set up lower button bar
self.btnOrder.clicked.connect(self.order_checked)
self._setup_cog_button()
# noinspection PyTypeChecker
self._user_act = None
# noinspection PyTypeChecker
self._terms_browser = None
self._setup_info_button()
self.msg_log = QgsMessageLog()
# Local QgsMessageBar
self.msgBar.hide()
self.frameResults.setStyleSheet(RESULTS_BKGRD_PE)
self._checked_queue_set_count = 0
self._checked_queue_set = set()
self._checked_item_type_nodes = {}
def testHTTPRequestsOverrider(self):
"""
Test that GDAL curl network requests are redirected through QGIS networking
"""
with mockedwebserver.install_http_server() as port:
handler = mockedwebserver.SequentialHandler()
# Check failed network requests
# Check that the driver requested Accept header is well propagated
handler.add('GET',
'/collections/foo',
404,
expected_headers={'Accept': 'application/json'})
with mockedwebserver.install_http_handler(handler):
QgsVectorLayer(
"OAPIF:http://127.0.0.1:%d/collections/foo" % port, 'test',
'ogr')
# Error coming from Qt network stack, not GDAL/CURL one
assert 'server replied: Not Found' in gdal.GetLastErrorMsg()
# Test a nominal case
handler = mockedwebserver.SequentialHandler()
handler.add('GET', '/collections/foo', 200,
{'Content-Type': 'application/json'},
'{ "id": "foo" }')
handler.add('GET', '/collections/foo/items?limit=10', 200,
{'Content-Type': 'application/geo+json'},
'{ "type": "FeatureCollection", "features": [] }')
handler.add('GET', '/collections/foo/items?limit=10', 200,
{'Content-Type': 'application/geo+json'},
'{ "type": "FeatureCollection", "features": [] }')
handler.add('GET', '/collections/foo/items?limit=10', 200,
{'Content-Type': 'application/geo+json'},
'{ "type": "FeatureCollection", "features": [] }')
with mockedwebserver.install_http_handler(handler):
vl = QgsVectorLayer(
"OAPIF:http://127.0.0.1:%d/collections/foo" % port, 'test',
'ogr')
assert vl.isValid()
# More complicated test using an anthentication configuration
config = QgsAuthMethodConfig()
config.setName('Basic')
config.setMethod('Basic')
config.setConfig('username', 'username')
config.setConfig('password', 'password')
QgsApplication.authManager().storeAuthenticationConfig(config)
handler = mockedwebserver.SequentialHandler()
# Check that the authcfg gets expanded during the network request !
handler.add('GET',
'/collections/foo',
404,
expected_headers={
'Authorization': 'Basic dXNlcm5hbWU6cGFzc3dvcmQ='
})
with mockedwebserver.install_http_handler(handler):
QgsVectorLayer(
"OAPIF:http://127.0.0.1:%d/collections/foo authcfg='%s'" %
(port, config.id()), 'test', 'ogr')
def execute_request(self, url, **kwargs):
"""
Uses QgsNetworkAccessManager and QgsAuthManager.
"""
method = kwargs.get('http_method', 'get')
headers = kwargs.get('headers', {})
# This fixes a weird error with compressed content not being correctly
# inflated.
# If you set the header on the QNetworkRequest you are basically telling
# QNetworkAccessManager "I know what I'm doing, please don't do any content
# encoding processing".
# See: https://bugs.webkit.org/show_bug.cgi?id=63696#c1
try:
del headers[b'Accept-Encoding']
except KeyError as ke:
# only debugging here as after 1st remove it isn't there anymore
self.util.msg_log_debug(
u'unexpected error deleting request header: {}'.format(ke))
pass
# Avoid double quoting form QUrl
url = unquote(url)
self.util.msg_log_debug(u'http_call request: {} {}'.format(
method, url))
class Response:
status_code = 200
status_message = 'OK'
text = ''
ok = True
headers = {}
reason = ''
exception = None
def iter_content(self, _):
return [self.text]
self.http_call_result = Response()
url = self.util.remove_newline(url)
req = QNetworkRequest()
req.setUrl(QUrl(url))
req.setAttribute(QNetworkRequest.FollowRedirectsAttribute, True)
for k, v in headers.items():
self.util.msg_log_debug("%s: %s" % (k, v))
try:
req.setRawHeader(k, v)
except:
self.util.msg_log_error(
u'FAILED to set header: {} => {}'.format(k, v))
self.util.msg_log_last_exception()
if self.settings.authcfg:
self.util.msg_log_debug(u'before updateNetworkRequest')
QgsApplication.authManager().updateNetworkRequest(
req, self.settings.authcfg)
self.util.msg_log_debug(u'before updateNetworkRequest')
if self.reply is not None and self.reply.isRunning():
self.reply.close()
self.util.msg_log_debug(u'getting QgsNetworkAccessManager.instance()')
#func = getattr(QgsNetworkAccessManager.instance(), method)
#func = QgsNetworkAccessManager().get(req)
#manager = QNetworkAccessManager()
#event = QEventLoop()
#response = manager.get(QNetworkRequest(QUrl(url)))
#response.downloadProgress.connect(self.download_progress)
#response.finished.connect(event.quit)
#event.exec()
#response_msg = response.readAll()
##response_msg = str(response_msg)
#response_msg = str(response_msg, encoding='utf-8')
##response_msg = response_msg.decode('utf-8')
#response.deleteLater()
#self.util.msg_log_debug(u'response message:\n{} ...'.format(response_msg[:255]))
#self.http_call_result.text = response_msg # in Python3 all strings are unicode, so QString is not defined
#return self.http_call_result
# Calling the server ...
self.util.msg_log_debug('before self.reply = func(req)')
#self.reply = func(req)
#self.reply = QgsNetworkAccessManager.instance().get(req)
method_call = getattr(QgsNetworkAccessManager.instance(), method)
self.reply = method_call(req)
#self.reply.setReadBufferSize(1024*1024*1024)
#self.reply.setReadBufferSize(1024 * 1024 * 1024 * 1024)
self.reply.setReadBufferSize(0)
self.util.msg_log_debug('after self.reply = func(req)')
# Let's log the whole call for debugging purposes:
if self.settings.debug:
self.util.msg_log_debug("\nSending %s request to %s" %
(method.upper(), req.url().toString()))
headers = {
str(h): str(req.rawHeader(h))
for h in req.rawHeaderList()
}
for k, v in headers.items():
try:
self.util.msg_log_debug("%s: %s" % (k, v))
except:
self.util.msg_log_debug('error logging headers')
if self.settings.authcfg:
self.util.msg_log_debug("update reply w/ authcfg: {0}".format(
self.settings.authcfg))
QgsApplication.authManager().updateNetworkReply(
self.reply, self.settings.authcfg)
self.util.msg_log_debug('before connecting to events')
# connect downloadProgress event
try:
self.reply.downloadProgress.connect(self.download_progress)
#pass
except:
self.util.msg_log_error(
'error connecting "downloadProgress" event')
self.util.msg_log_last_exception()
# connect reply finished event
try:
self.reply.finished.connect(self.reply_finished)
#pass
except:
self.util.msg_log_error(
'error connecting reply "finished" progress event')
self.util.msg_log_last_exception()
self.util.msg_log_debug('after connecting to events')
# Call and block
self.event_loop = QEventLoop()
try:
self.reply.finished.connect(self.event_loop.quit)
except:
self.util.msg_log_error(
'error connecting reply "finished" progress event to event loop quit'
)
self.util.msg_log_last_exception()
self.mb_downloaded = 0
# Catch all exceptions (and clean up requests)
self.event_loop.exec()
# Let's log the whole response for debugging purposes:
if self.settings.debug:
self.util.msg_log_debug(
u'\nGot response [{}/{}] ({} bytes) from:\n{}\nexception:{}'.
format(self.http_call_result.status_code,
self.http_call_result.status_message,
len(self.http_call_result.text),
self.reply.url().toString(),
self.http_call_result.exception))
headers = {
str(h): str(self.reply.rawHeader(h))
for h in self.reply.rawHeaderList()
}
for k, v in headers.items():
self.util.msg_log_debug("%s: %s" % (k, v))
self.util.msg_log_debug("Payload :\n%s ......" %
self.http_call_result.text[:255])
self.reply.close()
self.util.msg_log_debug("Deleting reply ...")
try:
self.reply.deleteLater()
except:
self.util.msg_log_error('unexpected error deleting QNetworkReply')
self.util.msg_log_last_exception()
self.reply = None
if self.http_call_result.exception is not None:
self.util.msg_log_error('http_call_result.exception is not None')
self.http_call_result.ok = False
# raise self.http_call_result.exception
return self.http_call_result
def testAuthManager(self):
self.assertTrue(QgsApplication.authManager())
def run(plugin):
"""Import intermediate certs and return True on success"""
if QgsApplication.authManager().isDisabled():
plugin.log(QgsApplication.authManager().disabledMessage())
return False
ca_pems = dict()
with wincertstore.CertSystemStore("CA") as store:
for cert in store.itercerts(usage=None):
# plugin.log(cert.get_name())
# plugin.log(cert.enhanced_keyusage_names())
ca_pems[cert.get_name()] = cert.get_pem()
plugin.log(
plugin.tr("Number of possible CAs found: {0}").format(len(ca_pems)))
if not ca_pems:
return False
ca_certs = []
trusted_cas = QgsApplication.authManager().trustedCaCertsCache()
for ca_cn, ca_pem in ca_pems.items():
try:
ca_bytes = ca_pem.encode('ASCII')
except UnicodeEncodeError:
continue
pem_ba = QByteArray(ca_bytes)
cas = QSslCertificate.fromData(pem_ba)
# plugin.log("Converted PEM to QSslCertificate {0}: ".format(ca_cn))
if not cas:
plugin.log(
plugin.tr("Could not convert PEM to QSslCertificate: {0}").
format(ca_cn))
continue
ca = cas[0]
# noinspection PyArgumentList
if not QgsAuthCertUtils.certIsViable(cert=ca):
plugin.log(plugin.tr(" cert not viable: {0}").format(ca_cn))
continue
# noinspection PyArgumentList
if not QgsAuthCertUtils.certificateIsAuthority(cert=ca):
plugin.log(plugin.tr(" cert not a CA: {0}").format(ca_cn))
continue
if ca in trusted_cas:
plugin.log(
plugin.tr(" cert already in trusted CA cache: {0}").format(
ca_cn))
continue
plugin.log(plugin.tr(" found CA to add: {0}").format(ca_cn))
ca_certs.append(ca)
if ca_certs:
plugin.log(plugin.tr("Storing CAs in auth system db"))
if not QgsApplication.authManager().storeCertAuthorities(ca_certs):
plugin.log(plugin.tr(" FAILED"))
return False
plugin.log(plugin.tr(" SUCCESS"))
plugin.log(plugin.tr("Reinitializing auth system SSL caches"))
QgsApplication.authManager().initSslCaches()
return True
else:
plugin.log(plugin.tr("No CAs found to store in auth system db"))
return True
def testAuthManager(self):
self.assertTrue(QgsApplication.authManager())
def get_authconfig_map(authconfigid):
# to get username and password from the authconfig
auth_mgr = QgsApplication.authManager()
auth_cfg = QgsAuthMethodConfig()
auth_mgr.loadAuthenticationConfig(authconfigid, auth_cfg, True)
return auth_cfg.configMap()
def getCredentials(self):
authConfig = QgsAuthMethodConfig()
QgsApplication.authManager().loadAuthenticationConfig(self.authid, authConfig, True)
username = authConfig.config('username')
password = authConfig.config('password')
return username, password
def request(self, url, method="GET", body=None, headers=None, redirections=DEFAULT_MAX_REDIRECTS, connection_type=None, blocking=True):
"""
Make a network request by calling QgsNetworkAccessManager.
redirections argument is ignored and is here only for httplib2 compatibility.
"""
self.msg_log(u'http_call request: {0}'.format(url))
self.blocking_mode = blocking
req = QNetworkRequest()
# Avoid double quoting form QUrl
url = urllib.parse.unquote(url)
req.setUrl(QUrl(url))
if headers is not None:
# This fixes a wierd error with compressed content not being correctly
# inflated.
# If you set the header on the QNetworkRequest you are basically telling
# QNetworkAccessManager "I know what I'm doing, please don't do any content
# encoding processing".
# See: https://bugs.webkit.org/show_bug.cgi?id=63696#c1
try:
del headers['Accept-Encoding']
except KeyError:
pass
for k, v in list(headers.items()):
self.msg_log("Setting header %s to %s" % (k, v))
req.setRawHeader(k, v)
if self.authid:
self.msg_log("Update request w/ authid: {0}".format(self.authid))
QgsApplication.authManager().updateNetworkRequest(req, self.authid)
if self.reply is not None and self.reply.isRunning():
self.reply.close()
if method.lower() == 'delete':
func = getattr(QgsNetworkAccessManager.instance(),
'deleteResource')
else:
func = getattr(QgsNetworkAccessManager.instance(), method.lower())
# Calling the server ...
# Let's log the whole call for debugging purposes:
self.msg_log("Sending %s request to %s" %
(method.upper(), req.url().toString()))
if body and headers.get(b'Content-Type', False) == b'application/json':
self.msg_log("Sending JSON payload: %s" % body)
self.on_abort = False
headers = {h: req.rawHeader(h) for h in req.rawHeaderList()}
for k, v in list(headers.items()):
self.msg_log("%s: %s" % (k, v))
if method.lower() in ['post', 'put']:
if isinstance(body, IOBase):
body = body.read()
self.reply = func(req, body)
else:
self.reply = func(req)
if self.authid:
self.msg_log("Update reply w/ authid: {0}".format(self.authid))
QgsApplication.authManager().updateNetworkReply(self.reply, self.authid)
# necessary to trap local timout manage by QgsNetworkAccessManager
# calling QgsNetworkAccessManager::abortRequest
QgsNetworkAccessManager.instance().requestTimedOut.connect(self.requestTimedOut)
self.reply.sslErrors.connect(self.sslErrors)
self.reply.finished.connect(self.replyFinished)
self.reply.downloadProgress.connect(self.downloadProgress)
# block if blocking mode otherwise return immediatly
# it's up to the caller to manage listeners in case of no blocking mode
if not self.blocking_mode:
return (None, None)
# Call and block
self.el = QEventLoop()
self.reply.finished.connect(self.el.quit)
# Catch all exceptions (and clean up requests)
try:
self.el.exec_(QEventLoop.ExcludeUserInputEvents)
except Exception as e:
raise e
if self.reply:
self.reply.finished.disconnect(self.el.quit)
# emit exception in case of error
if not self.http_call_result.ok:
if self.http_call_result.exception and not self.exception_class:
raise self.http_call_result.exception
else:
raise self.exception_class(self.http_call_result.reason)
return (self.http_call_result, self.http_call_result.content)
def auth_manager(self):
return QgsApplication.authManager()
def old_version_import() -> Service:
settings = QgsSettings()
if settings.contains('plugins/geomapfsih_locator_plugin/geomapfish_url'):
definition = dict()
definition['name'] = settings.value(
'plugins/geomapfsih_locator_plugin/filter_name',
'geomapfish',
type=str)
definition['url'] = settings.value(
'plugins/geomapfsih_locator_plugin/geomapfish_url', '', type=str)
definition['crs'] = settings.value(
'plugins/geomapfsih_locator_plugin/geomapfish_crs', '', type=str)
definition['remove_leading_digits'] = settings.value(
'plugins/geomapfsih_locator_plugin/remove_leading_digits',
True,
type=bool)
definition['replace_underscore'] = settings.value(
'plugins/geomapfsih_locator_plugin/replace_underscore',
True,
type=bool)
definition['break_camelcase'] = settings.value(
'plugins/geomapfsih_locator_plugin/break_camelcase',
True,
type=bool)
definition['category_limit'] = settings.value(
'plugins/geomapfsih_locator_plugin/category_limit', 8, type=int)
definition['total_limit'] = settings.value(
'plugins/geomapfsih_locator_plugin/total_limit', 50, type=int)
user = settings.value(
'plugins/geomapfsih_locator_plugin/geomapfish_user', '', type=str)
pwd = settings.value(
'plugins/geomapfsih_locator_plugin/geomapfish_pass', '', type=str)
info("importing old service: {}".format(definition))
if user:
reply = QMessageBox.question(
None, "Geomapfish Locator",
QCoreApplication.translate(
"Geomapfish Locator",
"User and password were saved in clear text in former Geomapfish plugin. "
"Would you like to use QGIS authentication to store these credentials? "
"If not, they will be removed."))
if reply == QMessageBox.Yes:
config = QgsAuthMethodConfig('Basic')
config.setName('geomapfish_{}'.format(definition['name']))
config.setConfig('username', user)
config.setConfig('password', pwd)
QgsApplication.authManager().storeAuthenticationConfig(config)
definition['authid'] = config.id()
dbg_info("created new auth id: {}".format(config.id()))
else:
drop_keys()
return None
drop_keys()
return Service(definition)
else:
return None