def system_versions_force_update_below_endpoint():
if not config.DEBUG:
limit_to_acl()
limit_to_password()
payload = request.get_json(silent=True)
os_type = payload.get('os_type', None)
app_version = payload.get('version', None)
set_force_update_below(os_type, app_version)
return jsonify(status='ok')
def user_set_captcha_endpoint():
if not config.DEBUG:
limit_to_acl()
limit_to_password()
try:
payload = request.get_json(silent=True)
user_ids = payload.get('user_ids')
should_show = payload.get('set_captcha', 0)
except Exception as e:
log.error('failed to process user-set-captcha')
else:
for user_id in user_ids:
print('user_set_captcha_endpoint: setting user_id %s to %s' %
(user_id, should_show))
set_should_solve_captcha(user_id, should_show)
return jsonify(status='ok')
def user_tx_report_endpoint():
"""returns a summary of the user's txs data"""
limit_to_acl()
limit_to_password()
try:
payload = request.get_json(silent=True)
user_id = payload.get('user_id', None)
user_phone = payload.get('phone', None)
if (user_id is None
and user_phone is None) or (user_id is not None
and user_phone is not None):
print('user_tx_report_endpoint: userid %s, user_phone %s' %
(user_id, user_phone))
raise InvalidUsage('bad-request')
except Exception as e:
print(e)
raise InvalidUsage('bad-request')
try: # sanitize user_id:
if user_id:
UUID(user_id)
except Exception as e:
log.error('cant generate tx report for user_id: %s ' % user_id)
return jsonify(error='invalid_userid')
if user_id:
if not user_exists(user_id):
print(
'user_tx_report_endpoint: user_id %s does not exist. aborting'
% user_id)
return jsonify(erorr='no_such_user')
else:
return jsonify(report=[get_user_tx_report(user_id)])
else: # user_phone
user_ids = get_all_user_id_by_phone(
user_phone) # there may be a few users with this phone
if not user_ids:
print(
'user_tx_report_endpoint: user_phone %s does not exist. aborting'
% user_phone)
return jsonify(erorr='no_such_phone')
else:
return jsonify(
report=[get_user_tx_report(user_id) for user_id in user_ids])
def blacklist_user_endpoint():
""""""
if not config.DEBUG:
limit_to_acl()
limit_to_password()
try:
payload = request.get_json(silent=True)
user_id = payload.get('user_id', None)
if user_id is None:
raise InvalidUsage('bad-request')
except Exception as e:
print(e)
raise InvalidUsage('bad-request')
else:
if blacklist_phone_by_user_id(user_id):
return jsonify(status='ok')
else:
return jsonify(status='error')
def add_pictures_endpoint():
"""used to add pictures to the db"""
if not config.DEBUG:
limit_to_acl()
limit_to_password()
payload = request.get_json(silent=True)
try:
pictures = payload.get('pictures', None)
except Exception as e:
print('exception: %s' % e)
raise InvalidUsage('bad-request')
for picture in pictures:
status = add_picture(picture)
if status is not True:
raise InvalidUsage(message='error',
payload={
'error field': str(status),
'picture': picture
})
return jsonify(status='ok')
def nuke_user_api():
"""internal endpoint used to nuke a user's task and tx data. use with care"""
if not config.DEBUG:
limit_to_acl()
limit_to_password()
try:
payload = request.get_json(silent=True)
phone_number = payload.get('phone_number', None)
nuke_all = payload.get('nuke_all', False) == True
if None in (phone_number, ):
raise InvalidUsage('bad-request')
except Exception as e:
print(e)
raise InvalidUsage('bad-request')
user_ids = nuke_user_data(phone_number, nuke_all)
if user_ids is None:
print('could not find any user with this number: %s' % phone_number)
return jsonify(status='error', reason='no_user')
else:
print('nuked users with phone number: %s and user_ids %s' %
(phone_number, user_ids))
return jsonify(status='ok', user_id=user_ids)
def set_user_phone_number_endpoint():
"""get the firebase id token and extract the phone number from it"""
payload = request.get_json(silent=True)
try:
user_id, auth_token = extract_headers(request)
token = payload.get('token', None)
unverified_phone_number = payload.get('phone_number',
None) # only used in tests
if None in (user_id, token):
raise InvalidUsage('bad-request')
except Exception as e:
print(e)
raise InvalidUsage('bad-request')
if not config.DEBUG:
print('extracting verified phone number fom firebase id token...')
verified_number = extract_phone_number_from_firebase_id_token(token)
if verified_number is None:
print('bad id-token: %s' % token)
return jsonify(status='error',
reason='bad_token'), status.HTTP_404_NOT_FOUND
# reject blacklisted phone prefixes
for prefix in app.blocked_phone_prefixes:
if verified_number.find(prefix) == 0:
os_type = get_user_os_type(user_id)
print(
'found blocked phone prefix (%s) in verified phone number (%s), userid (%s), OS (%s): aborting'
% (prefix, verified_number, user_id, os_type))
abort(403)
phone = verified_number
else: #DEBUG
# for tests, you can use the unverified number if no token was given
if token:
phone = extract_phone_number_from_firebase_id_token(token)
if not phone:
print('using un-verified phone number in debug')
phone = unverified_phone_number.strip().replace('-', '')
if not phone:
print('could not extract phone in debug')
return jsonify(status='error', reason='no_phone_number')
# limit the number of registrations a single phone number can do, unless they come from the ACL
if not limit_to_acl(
return_bool=True) and count_registrations_for_phone_number(
phone) > int(config.MAX_NUM_REGISTRATIONS_PER_NUMBER) - 1:
print(
'rejecting registration from user_id %s and phone number %s - too many re-registrations'
% (user_id, phone))
increment_metric("reject-too-many_registrations")
abort(403)
print('updating phone number for user %s' % user_id)
set_user_phone_number(user_id, phone)
increment_metric('user-phone-verified')
# return success and the backup hint, if they exist
hints = get_backup_hints(user_id)
if config.DEBUG:
print('restore hints for user_id, phone: %s: %s: %s' %
(user_id, phone, hints))
return jsonify(status='ok', hints=hints)