async def _authenticate_by_basic_auth(request, handler):
basic_auth_required = is_service_discovery(request)
if not basic_auth_required:
return await handler(request)
if "Authorization" not in request.headers:
return web.Response(status=401)
basic_auth_prefix = "Basic "
auth_value = (request.headers["Authorization"]
[len(basic_auth_prefix):].strip().encode("ascii"))
required_auth_value = base64.b64encode(
f"{basic_auth_user}:{basic_auth_password}".encode("ascii"))
if len(auth_value) != len(
required_auth_value) or not hmac.compare_digest(
auth_value, required_auth_value):
return web.Response(status=401)
request["logger"].info("Basic-authenticated: %s", basic_auth_user)
set_user({"id": basic_auth_user})
return await handler(request)
async def handler_with_sso_headers():
request["sso_profile_headers"] = (
("sso-profile-email", me_profile["email"]),
# The default value of '' should be able to be removed after the cached
# profile in Redis without contact_email has expired, i.e. 60 seconds after
# deployment of this change
("sso-profile-contact-email",
me_profile.get("contact_email", "")),
(
"sso-profile-related-emails",
",".join(me_profile.get("related_emails", [])),
),
("sso-profile-user-id", me_profile["user_id"]),
("sso-profile-first-name", me_profile["first_name"]),
("sso-profile-last-name", me_profile["last_name"]),
)
request["logger"].info(
"SSO-authenticated: %s %s %s",
me_profile["email"],
me_profile["user_id"],
request_url(request),
)
set_user({
"id": me_profile["user_id"],
"email": me_profile["email"]
})
return await handler(request)
def set_user(user_id):
"""Set the user to identify the event on a Sentry server
The algorithm is the following:
1. Calculate hash from `user_id`.
2. Generate fake user, based on the hash.
No real `user_id` will be used in Sentry.
Args:
user_id: Real user id.
Returns:
Generated user (dictionary: {id, username}).
"""
# calculate hash to keep real `user_id` in secret
user_id_hash = md5(user_id).hexdigest()
SentryReporter._logger.debug(f"Set user: {user_id_hash}")
Faker.seed(user_id_hash)
user_name = Faker().name()
user = {'id': user_id_hash, 'username': user_name}
sentry_sdk.set_user(user)
return user
async def save_id():
global user_id, user_bot
me = await bot.get_me()
user_id = me.id
user_bot = me.bot
if me.username is not None:
sentry_sdk.set_user({
"id": user_id,
"name": me.first_name,
"username": me.username,
"ip_address": "{{auto}}",
"bot": f"{user_bot}"
})
if allow_analytics:
analytics.identify(
user_id, {
'name': me.first_name,
'username': me.username,
'bot': f"{user_bot}"
})
else:
sentry_sdk.set_user({
"id": user_id,
"name": me.first_name,
"ip_address": "{{auto}}",
"bot": f"{user_bot}"
})
if allow_analytics:
analytics.identify(user_id, {
'name': me.first_name,
'bot': f"{user_bot}"
})
if user_bot:
user_bot = me.username
logs.info(f"{lang('save_id')} {me.first_name}({user_id})")
async def _authenticate_by_basic_auth(request, handler):
basic_auth_required = is_service_discovery(request)
if not basic_auth_required:
return await handler(request)
if 'Authorization' not in request.headers:
return web.Response(status=401)
basic_auth_prefix = 'Basic '
auth_value = (request.headers['Authorization']
[len(basic_auth_prefix):].strip().encode('ascii'))
required_auth_value = base64.b64encode(
f'{basic_auth_user}:{basic_auth_password}'.encode('ascii'))
if len(auth_value) != len(
required_auth_value) or not hmac.compare_digest(
auth_value, required_auth_value):
return web.Response(status=401)
request['logger'].info('Basic-authenticated: %s', basic_auth_user)
set_user({"id": basic_auth_user})
return await handler(request)
def authenticate(self, request, username=None, password=None, **kwargs):
try:
email = request.META["HTTP_SSO_PROFILE_EMAIL"]
contact_email = request.META["HTTP_SSO_PROFILE_CONTACT_EMAIL"]
related_emails = request.META["HTTP_SSO_PROFILE_RELATED_EMAILS"].split(",")
user_id = request.META["HTTP_SSO_PROFILE_USER_ID"]
first_name = request.META["HTTP_SSO_PROFILE_FIRST_NAME"]
last_name = request.META["HTTP_SSO_PROFILE_LAST_NAME"]
except KeyError:
return None
primary_email = contact_email if contact_email else email
emails = [email] + ([contact_email] if contact_email else []) + related_emails
user = create_user_from_sso(
user_id,
primary_email,
emails,
first_name,
last_name,
check_tools_access_if_user_exists=False,
)
set_user({"id": str(user.profile.sso_id), "email": user.email})
if user.profile.first_login is None:
user.profile.first_login = datetime.now()
user.profile.save()
return user
async def handler_with_sso_headers():
request['sso_profile_headers'] = (
('sso-profile-email', me_profile['email']),
# The default value of '' should be able to be removed after the cached
# profile in Redis without contact_email has expired, i.e. 60 seconds after
# deployment of this change
('sso-profile-contact-email',
me_profile.get('contact_email', '')),
(
'sso-profile-related-emails',
','.join(me_profile.get('related_emails', [])),
),
('sso-profile-user-id', me_profile['user_id']),
('sso-profile-first-name', me_profile['first_name']),
('sso-profile-last-name', me_profile['last_name']),
)
request['logger'].info(
'SSO-authenticated: %s %s %s',
me_profile['email'],
me_profile['user_id'],
request_url(request),
)
set_user({
"id": me_profile['user_id'],
"email": me_profile['email']
})
return await handler(request)
def email_notification_spot(email: str, secret: str, cities_free: Mapping):
sentry_sdk.set_user({"id": remove_pii(email)})
html = render_template("email/notification_spot.html.jinja2", secret=secret, cities_free=cities_free)
msg = Message("Voľné miesta na očkovanie", recipients=[email], html=html,
extra_headers={"List-Unsubscribe-Post": "List-Unsubscribe=One-Click",
"List-Unsubscribe": "<" + url_for("main.spot_unsubscribe", secret=secret) + ">"})
mail.send(msg)
def index():
if not oauth.github.token:
return oauth.github.authorize_redirect(
redirect_url=url_for('.callback', _external=True))
for key in ('expires_at', 'refresh_token_expires_at'):
timestamp = oauth.github.token.get(key)
logging.info(
'%s expires at %s',
key,
timestamp and datetime.fromtimestamp(
timestamp, UTC).astimezone(GMT_8).isoformat(),
)
user_info = oauth.github.userinfo() # also triggers token refresh
set_user({'email': user_info['email'], 'username': user_info['login']})
if request.method == 'POST':
return get().run_until_complete(
post(oauth.github.token['access_token']))
by_title = get_by_title(oauth.github.token['access_token'])
by_title_ids = {
title: [{
'repo': pr.repository.name,
'id': pr.id
} for pr in prs]
for title, prs in by_title.items()
}
return render_template('by_title.html',
by_title=by_title_ids,
user_info=user_info)
def send_printer_notifications(
printer_id: int,
notification_type: str,
notification_data: Dict,
print_id: Optional[int],
extra_context: Optional[Dict] = None,
plugin_names: Tuple[str, ...] = (),
**kwargs
) -> None:
extra_context = extra_context or {}
if print_id:
# FIXME any additional filter? User.is_active?
cur_print = Print.objects.all_with_deleted().select_related('printer', 'printer__user').get(
id=print_id, printer_id=printer_id)
printer = cur_print.printer
else:
cur_print = None
# FIXME any additional filter? User.is_active?
printer = Printer.objects.select_related('user').get(id=printer_id)
set_user({"id": printer.user_id})
handler.send_printer_notifications(
notification_type=notification_type,
notification_data=notification_data,
printer=printer,
print_=cur_print,
extra_context=extra_context,
plugin_names=plugin_names,
)
def main():
func = cli
kwargs = {
"prog_name": get_prog(),
"obj": {},
"max_content_width": 100,
}
# This variable is *only* set as part of direnv/.envrc, thus, we cannot affect production
if os.environ.get("SENTRY_DEVSERVICES_DSN"):
# We do this here because `configure_structlog` executes later
logging.basicConfig(format="%(levelname)s:%(message)s",
level=logging.INFO)
logger = logging.getLogger(__name__)
logger.info(
"The Sentry runner will report development issues to Sentry.io. "
"Use SENTRY_DEVENV_NO_REPORT to avoid reporting issues.")
try:
func(**kwargs)
except Exception as e:
# This reports errors sentry-devservices
with sentry_sdk.init(dsn=os.environ["SENTRY_DEVSERVICES_DSN"]):
if os.environ.get("USER"):
sentry_sdk.set_user({"username": os.environ.get("USER")})
sentry_sdk.capture_exception(e)
logger.info("We have reported the error below to Sentry")
raise e
else:
func(**kwargs)
def init(project: SentryProject) -> None:
# forks like to mess with this, so double check
comma_remote = is_comma_remote() and "commaai" in get_origin(default="")
if not comma_remote or not is_registered_device() or PC:
return
env = "release" if is_tested_branch() else "master"
dongle_id = Params().get("DongleId", encoding='utf-8')
integrations = []
if project == SentryProject.SELFDRIVE:
integrations.append(ThreadingIntegration(propagate_hub=True))
else:
sentry_sdk.utils.MAX_STRING_LENGTH = 8192
sentry_sdk.init(project.value,
default_integrations=False,
release=get_version(),
integrations=integrations,
traces_sample_rate=1.0,
environment=env)
sentry_sdk.set_user({"id": dongle_id})
sentry_sdk.set_tag("dirty", is_dirty())
sentry_sdk.set_tag("origin", get_origin())
sentry_sdk.set_tag("branch", get_branch())
sentry_sdk.set_tag("commit", get_commit())
sentry_sdk.set_tag("device", HARDWARE.get_device_type())
if project == SentryProject.SELFDRIVE:
sentry_sdk.Hub.current.start_session()
def main():
clear_apport_folder(
) # Clear apport folder on start, otherwise duplicate crashes won't register
initial_tombstones = set(get_tombstones())
sentry_sdk.utils.MAX_STRING_LENGTH = 8192
sentry_sdk.init(
"https://[email protected]/157615",
default_integrations=False,
release=get_version())
dongle_id = Params().get("DongleId", encoding='utf-8')
sentry_sdk.set_user({"id": dongle_id})
sentry_sdk.set_tag("dirty", get_dirty())
sentry_sdk.set_tag("origin", get_origin())
sentry_sdk.set_tag("branch", get_branch())
sentry_sdk.set_tag("commit", get_commit())
sentry_sdk.set_tag("device", HARDWARE.get_device_type())
while True:
now_tombstones = set(get_tombstones())
for fn, _ in (now_tombstones - initial_tombstones):
try:
cloudlog.info(f"reporting new tombstone {fn}")
if fn.endswith(".crash"):
report_tombstone_apport(fn)
else:
report_tombstone_android(fn)
except Exception:
cloudlog.exception(f"Error reporting tombstone {fn}")
initial_tombstones = now_tombstones
time.sleep(5)
async def save_id():
me = await bot.get_me()
if me.username is not None:
sentry_sdk.set_user({"id": me.id, "name": me.first_name, "username": me.username, "ip_address": "{{auto}}"})
else:
sentry_sdk.set_user({"id": me.id, "name": me.first_name, "ip_address": "{{auto}}"})
logs.info(lang('save_id'))
def before_request() -> None:
if current_user and current_user.is_authenticated:
sentry_sdk.set_user({
"id": current_user.id,
})
sentry_sdk.set_tag("correlation-id", get_or_set_correlation_id())
g.request_start = time.perf_counter()
def init_telemetry():
dsn = "https://*****:*****@sentry.io/152399"
from cellprofiler import __version__
sentry = sentry_sdk.init(dsn=dsn, release=__version__)
sentry_sdk.set_user({
"architecture":
platform.architecture(),
"machine":
platform.machine(),
"node":
platform.node(),
"processor":
platform.processor(),
"python_implementation":
platform.python_implementation(),
"python_version":
platform.python_version(),
"release":
platform.release(),
"system":
platform.system(),
"version":
platform.version(),
})
async def check_secret_key(secret_key: str = Query(...,
min_length=1,
max_length=32,
alias="secretKey",
description="密钥")):
result, user_id = await secret_keys.get_by_secret_key_to_user_id(secret_key
)
if not result:
code, message = Error.secret_key_error.unpack()
raise ApiHTTPException(message=message,
code=code,
status_code=status.HTTP_401_UNAUTHORIZED)
result, user = await users.get_by_id(user_id)
if not result:
code, message = Error.secret_key_error.unpack()
raise ApiHTTPException(message=message,
code=code,
status_code=status.HTTP_401_UNAUTHORIZED)
sentry_sdk.set_user({
"id": user.id,
"phone": user.phone,
"username": user.username,
})
CTX_USER.set(user)
def email_notification_group(email: str, secret: str, new_groups: List[str]):
sentry_sdk.set_user({"id": remove_pii(email)})
html = render_template("email/notification_group.html.jinja2", secret=secret, new_groups=new_groups)
msg = Message("Nová skupina na očkovanie", recipients=[email], html=html,
extra_headers={"List-Unsubscribe-Post": "List-Unsubscribe=One-Click",
"List-Unsubscribe": "<" + url_for("main.group_unsubscribe", secret=secret) + ">"})
mail.send(msg)
def main():
clear_apport_folder(
) # Clear apport folder on start, otherwise duplicate crashes won't register
initial_tombstones = set(get_tombstones())
sentry_sdk.utils.MAX_STRING_LENGTH = 8192
sentry_sdk.init(
"https://[email protected]/5861867",
default_integrations=False,
release=version)
dongle_id = Params().get("DongleId", encoding='utf-8')
sentry_sdk.set_user({"id": dongle_id})
sentry_sdk.set_tag("dirty", dirty)
sentry_sdk.set_tag("origin", origin)
sentry_sdk.set_tag("branch", branch)
sentry_sdk.set_tag("commit", commit)
sentry_sdk.set_tag("device", HARDWARE.get_device_type())
while True:
now_tombstones = set(get_tombstones())
for fn, _ in (now_tombstones - initial_tombstones):
try:
cloudlog.info(f"reporting new tombstone {fn}")
if fn.endswith(".crash"):
report_tombstone_apport(fn)
else:
report_tombstone_android(fn)
except Exception:
cloudlog.exception(f"Error reporting tombstone {fn}")
initial_tombstones = now_tombstones
time.sleep(5)
def readLog(setting):
path = getLogPath()
if path is None:
setting.isLorRunning = False
else:
setting.isLorRunning = True
try:
with open(path, 'r', encoding='utf-8') as lorLog:
for line in lorLog.readlines():
line = line.strip()
if '[TrySetShardDnsLive] setting dns data by affinity' in line:
setting.riotServer = str(line).split().pop()
if 'Server opened successfully at port: ' in line:
setting.port = str(line).split().pop()
if 'Using user-preferred language CultureInfo of ' in line:
setting.language = str(line).split().pop()
if '[CheckingForUpdates] StartCheckingForUpdates for user ' in line:
playerId = str(line).split(
"[CheckingForUpdates] StartCheckingForUpdates for user ",
1)[1]
if playerId != setting.playerId:
setting.playerId = playerId
sentry_sdk.set_user({
"id":
playerId,
"username":
playerId + ' ' + setting.riotServer,
"ip_address":
"{{auto}}"
})
sentry_sdk.set_context(
"info", {
"version": c.VERSION_NUM,
"riotLanguage": setting.language,
"sysLanguage": sysLanguage
})
sentry_sdk.capture_message(playerId + ' ' +
setting.riotServer)
try:
data = {}
data['riot_id'] = setting.playerId
data['server'] = setting.riotServer
data['riot_language'] = setting.language
data['sys_language'] = sysLanguage
url = "https://lmttest.herokuapp.com/login"
headers = {
'Content-type': 'application/json',
'Accept': 'text/plain'
}
response = requests.post(url,
data=json.dumps(data),
headers=headers)
print(response.text)
except requests.exceptions.HTTPError as e:
print('post error', e.response.text)
except IOError:
print('log file not accessible: ', path)
except Exception as e:
print('readLog error', e)
def init_sentry(self, sentry_dsn, balena_app_name, balena_device_uuid, variant, firmware_version):
sentry_sdk.init(
sentry_dsn,
environment=balena_app_name,
release=f"hm-config@{firmware_version}"
)
sentry_sdk.set_user({"id": balena_device_uuid})
sentry_sdk.set_context("variant", {variant})
def process_request(self, request):
if request.user and request.user.is_authenticated:
set_user(
{
"email": request.user.email,
"Screen Name": request.user.profile.screen_name,
}
)
def push_notification_group(subscription_info, secret: str,
new_groups: List[str]):
sentry_sdk.set_user({"id": remove_pii(subscription_info["endpoint"])})
text = "Vo formulári na registráciu na očkovanie"
if len(new_groups) > 1:
text += " pribudli nové skupiny"
else:
text += " pribudla nová skupina"
text += " ľudí na očkovanie: " + ", ".join(new_groups)
actions = [
{
"action": "register",
"title": "Zaregistrovať sa",
"icon": url_for("main.static",
filename="img/edit.svg",
_external=True)
},
{
"action":
"unsubsribe",
"title":
"Zrušiť odber",
"icon":
url_for("main.static",
filename="img/bell-slash.svg",
_external=True)
},
]
action_map = {
"register":
"https://www.old.korona.gov.sk/covid-19-vaccination-form.php",
"unsubscribe":
url_for("main.group_unsubscribe", secret=secret, _external=True)
}
try:
webpush(subscription_info=subscription_info,
data=json.dumps({
"action":
"notifyGroups",
"body":
text,
"icon":
url_for('main.static',
filename="img/virus.svg",
_external=True),
"actions":
actions,
"actionMap":
action_map
}),
vapid_private_key=vapid_privkey,
vapid_claims=dict(vapid_claims))
except WebPushException as e:
if e.response is not None and e.response.status_code == 410:
clear_db_push.delay(secret)
else:
logging.error(e)
def sentry_add_user():
from sentry_sdk import set_user
from flask_security import current_user
if current_user.is_authenticated:
set_user({
"id": current_user.id,
"username": current_user.name_or_email
})
async def on_pre_process_update(update: Update, _):
if (not update.message) and (not update.callback_query):
return
sentry_sdk.set_user({
'id': (update.message or update.callback_query).from_user.id,
'update':
update.to_python()
})
def init_sentry(sentry_key, balena_id, balena_app):
"""
Initialize sentry with balena_app as environment and
balenda_id as the user's id. If sentry_key is not set,
do nothing.
"""
if(sentry_key):
sentry_sdk.init(sentry_key, environment=balena_app)
sentry_sdk.set_user({"id": balena_id})
def set_sentry_user():
user_type, user_key = get_loggedin_user(session)
sentry_sdk.set_user(dict(username=user_key, user_type=user_type))
election_id = request.view_args.get("election_id")
if election_id:
sentry_sdk.set_tag("election_id", election_id)
election = Election.query.get(election_id)
sentry_sdk.set_tag("election_name", election and election.election_name)
sentry_sdk.set_tag("organization_name", election and election.organization.name)
def get_request_user():
"""Get the user associated with the current request.
This looks up the user using all ways of authentication that are
supported on the current endpoint. In most cases that's the user
from the active session (via a session cookie), but it may also be
set (or even overridden if there is a session as well) through other
means, such as:
- an OAuth token
- a signature for a persistent url
"""
if g.get('get_request_user_failed'):
# If getting the current user failed, we abort early in case something
# tries again since that code may be in logging or error handling, and
# we don't want that code to fail because of an invalid token in the URL
return None, None
current_exc = sys.exc_info()[1]
rh = type(g.rh) if 'rh' in g else None
oauth_scope_hint = getattr(rh, '_OAUTH_SCOPE', None)
allow_signed_url = getattr(rh, '_ALLOW_SIGNED_URL', False)
try:
user, source = _lookup_request_user(allow_signed_url, oauth_scope_hint)
user, source = _check_request_user(user, source)
except Exception as exc:
g.get_request_user_failed = True
if current_exc:
# If we got here while handling another exception, we silently ignore
# any failure related to authenticating the current user and pretend
# there is no user so we can continue handling the original exception.
# one case when this happens is passing a `user_token` arg to a page
# that 404s. of course the token is not valid there, but the 404 error
# is the more interesting one.
from indico.core.logger import Logger
Logger.get('auth').info(
'Discarding exception "%s" while authenticating request user during handling of '
'exception "%s"', exc, current_exc)
return None, None
raise
if user:
sentry_sdk.set_user({
'id': user.id,
'email': user.email,
'name': user.full_name,
'source': source
})
return user, source
def index():
users = ['*****@*****.**', '*****@*****.**']
set_user({'email': random.choice(users)})
variable = {'a': 1, 'b': 2}
logger.debug('This is debug')
logger.info('This is info')
logger.warning('This is warning')
logger.error('This is error')
logger.critical('This is critical')
1 / 0
raise RuntimeError('This is runtime error')
raise ValueError('This is my error')
def email_confirmation(email: str, secret: str, subscription_type: str):
sentry_sdk.set_user({"id": remove_pii(email)})
if subscription_type not in ("group", "spot", "both"):
raise ValueError
title_suffix = {
"group": " - Nová skupina",
"spot": " - Voľné miesta",
"both": ""
}
html = render_template("email/confirm.html.jinja2", secret=secret, type=subscription_type)
msg = Message("Potvrdenie odberu notifikácii" + title_suffix[subscription_type], recipients=[email], html=html,
extra_headers={"List-Unsubscribe-Post": "List-Unsubscribe=One-Click",
"List-Unsubscribe": "<" + url_for(f"main.{subscription_type}_unsubscribe", secret=secret) + ">"})
mail.send(msg)