def delete(self, request, username, object_type, perm, object_id=0):
permission_required(request.user, 'ACL', 'delete')
u = get_object_or_404(User, username=username)
for acl in u.userdata.get_perms(object_type, perm, object_id):
acl.delete()
data = {'status': 'ok'}
return json_response(data)
def get(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
e = get_object_or_404(AuthEvent, pk=pk)
acls = ACL.objects.filter(object_type='AuthEvent',
perm='vote',
object_id=pk)
userids = []
object_list = []
users = {}
data = {}
for acl in acls:
userids.append(acl.user.pk)
users[acl.user.user.username] = acl.user.user.email
metadata = acl.user.serialize_data()
data[acl.user.user.username] = metadata
object_list.append({
"id": acl.user.pk,
"username": acl.user.user.username,
"metadata": metadata
})
jsondata = json.dumps({
'userids': userids,
'users': users,
'data': data,
'object_list': object_list
})
return HttpResponse(jsondata, content_type='application/json')
def post(self, request):
''' Edit user. Only can change password. '''
pk = request.user.pk
user = request.user
permission_required(user, 'UserData', 'edit', pk)
permission_required(user, 'AuthEvent', 'create')
try:
req = parse_json_request(request)
except:
return json_response(
status=400,
error_codename=ErrorCodes.BAD_REQUEST)
old_pwd = req.get('old_pwd', '')
new_pwd = req.get('new_pwd', '')
if not old_pwd or not new_pwd:
return json_response(
status=400,
error_codename=ErrorCodes.BAD_REQUEST)
if not user.check_password(old_pwd):
return json_response(
status=400,
error_codename="INVALID_OLD_PASSWORD")
user.set_password(new_pwd)
user.save()
data = {'status': 'ok'}
return json_response(data)
def post(self, request):
''' Edit user. Only can change password. '''
pk = request.user.pk
user = request.user
permission_required(user, 'UserData', 'edit', pk)
permission_required(user, 'AuthEvent', 'create')
try:
req = parse_json_request(request)
except:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
old_pwd = req.get('old_pwd', '')
new_pwd = req.get('new_pwd', '')
if not old_pwd or not new_pwd:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
if not user.check_password(old_pwd):
return json_response(status=400,
error_codename="INVALID_OLD_PASSWORD")
user.set_password(new_pwd)
user.save()
data = {'status': 'ok'}
return json_response(data)
def post(self, request):
permission_required(request.user, 'ACL', 'create')
data = {'status': 'ok'}
try:
req = parse_json_request(request)
user_id = req.get('userid', None)
assert (isinstance(user_id, int))
perms = req.get('perms', [])
assert (isinstance(perms, list))
except:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
u = User.objects.get(pk=req.get('userid', None))
for perm in perms:
user = get_object_or_404(UserData, user__username=perm['user'])
acl = ACL(user=user,
perm=perm['perm'],
object_type=perm['object_type'],
object_id=perm.get('object_id', 0))
acl.save()
return json_response(data)
def post(self, request):
''' Edit user. Only can change password. '''
pk = request.user.pk
user = request.user
permission_required(user, 'UserData', 'edit', pk)
permission_required(user, 'AuthEvent', 'create')
try:
req = json.loads(request.body.decode('utf-8'))
except:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
old_pwd = req.get('old_pwd')
new_pwd = req.get('new_pwd')
if not old_pwd or not new_pwd:
return json_response(status=400, message="")
if not user.check_password(old_pwd):
return json_response(status=400, message="Invalid old password")
user.set_password(new_pwd)
user.save()
data = {'status': 'ok'}
return json_response(data)
def post(self, request):
''' Edit user. Only can change password. '''
pk = request.user.pk
user = request.user
permission_required(user, 'UserData', 'edit', pk)
permission_required(user, 'AuthEvent', 'create')
try:
req = json.loads(request.body.decode('utf-8'))
except:
return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST)
old_pwd = req.get('old_pwd')
new_pwd = req.get('new_pwd')
if not old_pwd or not new_pwd:
return json_response(status=400, message="")
if not user.check_password(old_pwd):
return json_response(status=400, message="Invalid old password")
user.set_password(new_pwd)
user.save()
data = {'status': 'ok'}
return json_response(data)
def delete(self, request, username, object_type, perm, object_id=0):
permission_required(request.user, 'ACL', 'delete')
u = get_object_or_404(User, username=username)
for acl in u.userdata.get_perms(object_type, perm, object_id):
acl.delete()
data = {'status': 'ok'}
return json_response(data)
def delete(self, request, username, object_type, perm, object_id=0):
permission_required(request.user, 'ACL', 'delete')
u = get_object_or_404(User, username=username)
for acl in u.userdata.get_perms(object_type, perm, object_id):
acl.delete()
data = {'status': 'ok'}
jsondata = json.dumps(data)
return HttpResponse(jsondata, content_type='application/json')
def post(self, request, pk):
''' Send authentication emails to the whole census '''
permission_required(request.user, 'AuthEvent', ['edit', 'send-auth'], pk)
data = {'msg': 'Sent successful'}
# first, validate input
e = get_object_or_404(AuthEvent, pk=pk)
try:
req = parse_json_request(request)
except:
return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST)
userids = req.get("user-ids", None)
if userids is None:
permission_required(request.user, 'AuthEvent', ['edit', 'send-auth-all'], pk)
extra_req = req.get('extra', {})
auth_method = req.get("auth-method", None)
# force extra_req type to be a dict
if not isinstance(extra_req, dict):
return json_response(
status=400,
error_codename=ErrorCodes.BAD_REQUEST)
if req.get('msg', '') or req.get('subject', ''):
config = {}
if req.get('msg', ''):
config['msg'] = req.get('msg', '')
if req.get('subject', ''):
config['subject'] = req.get('subject', '')
else:
send_error = census_send_auth_task(
pk,
get_client_ip(request),
None,
userids,
auth_method,
request.user.id,
**extra_req)
if send_error:
return json_response(**send_error)
return json_response(data)
if config.get('msg', None) is not None:
if type(config.get('msg', '')) != str or len(config.get('msg', '')) > settings.MAX_AUTH_MSG_SIZE[e.auth_method]:
return json_response(
status=400,
error_codename=ErrorCodes.BAD_REQUEST)
send_error = census_send_auth_task(
pk,
get_client_ip(request),
config, userids,
auth_method,
request.user.id,
**extra_req)
if send_error:
return json_response(**send_error)
return json_response(data)
def get(self, request, username, object_type, perm, object_id=0):
permission_required(request.user, 'ACL', 'view')
data = {'status': 'ok'}
u = get_object_or_404(User, username=username)
if u.userdata.has_perms(object_type, perm, object_id):
data['perm'] = True
else:
data['perm'] = False
return json_response(data)
def get(self, request, pk, uid):
permission_required(request.user, 'AuthEvent', 'edit', pk)
ae = get_object_or_404(AuthEvent, pk=pk)
u = get_object_or_404(UserData, event__pk=pk, user__username=uid)
fname = u.user.username
path = os.path.join(settings.IMAGE_STORE_PATH, fname)
data = {'img': open(path).read()}
return json_response(data)
def get(self, request, pk, uid):
permission_required(request.user, 'AuthEvent', 'edit', pk)
ae = get_object_or_404(AuthEvent, pk=pk)
u = get_object_or_404(UserData, event__pk=pk, user__username=uid)
fname = u.user.username
path = os.path.join(settings.IMAGE_STORE_PATH, fname)
data = {'img': open(path).read()}
return json_response(data)
def get(self, request, username, object_type, perm, object_id=0):
permission_required(request.user, 'ACL', 'view')
data = {'status': 'ok'}
u = get_object_or_404(User, username=username)
if u.userdata.has_perms(object_type, perm, object_id):
data['perm'] = True
else:
data['perm'] = False
return json_response(data)
def get(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
e = get_object_or_404(AuthEvent, pk=pk)
filter_str = request.GET.get('filter', None)
query = ACL.objects.filter(object_type='AuthEvent', perm='vote', object_id=pk)
if filter_str is not None:
q = (Q(user__user__username__icontains=filter_str) |
Q(user__user__email__icontains=filter_str) |
Q(user__tlf__icontains=filter_str) |
Q(user__metadata__icontains=filter_str))
query = query.filter(q)
# filter, with constraints
query = filter_query(
filters=request.GET,
query=query,
constraints=dict(
filters=dict(
user__user__id=dict(
lt=int,
gt=int,
),
user__user__is_active=dict(
equals=bool
),
user__user__date_joined=dict(
lt=datetime,
gt=datetime
)
),
order_by=[
'user__user__id',
'user__user__is_active',
'user__user__date_joined']
),
prefix='census__',
contraints_policy='ignore_invalid')
def serializer(acl):
return {
"id": acl.user.user.pk,
"username": acl.user.user.username,
"active": acl.user.user.is_active,
"date_joined": acl.user.user.date_joined.isoformat(),
"metadata": acl.user.serialize_data()
}
acls = paginate(
request,
query,
serialize_method=serializer,
elements_name='object_list')
return json_response(acls)
def get(self, request, username, object_type, perm, object_id=0):
permission_required(request.user, 'ACL', 'view')
data = {'status': 'ok'}
u = get_object_or_404(User, username=username)
if u.userdata.has_perms(object_type, perm, object_id):
data['perm'] = True
else:
data['perm'] = False
jsondata = json.dumps(data)
return HttpResponse(jsondata, content_type='application/json')
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
ae = get_object_or_404(AuthEvent, pk=pk)
req = json.loads(request.body.decode('utf-8'))
for uid in req.get('user-ids'):
u = get_object_or_404(User, pk=uid, userdata__event=ae)
for acl in u.userdata.acls.all():
acl.delete()
u.delete()
return json_response()
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
ae = get_object_or_404(AuthEvent, pk=pk)
req = json.loads(request.body.decode('utf-8'))
for uid in req.get('user-ids'):
u = get_object_or_404(User, pk=uid, userdata__event=ae)
for acl in u.userdata.acls.all():
acl.delete()
u.delete()
return json_response()
def post(self, request, pk, status):
permission_required(request.user, 'AuthEvent', 'edit', pk)
e = get_object_or_404(AuthEvent, pk=pk)
if e.status != status:
e.status = status
e.save()
st = 200
else:
st = 400
return json_response(status=st, message='Authevent status: %s' % status)
def post(self, request, pk, status):
permission_required(request.user, 'AuthEvent', 'edit', pk)
e = get_object_or_404(AuthEvent, pk=pk)
if e.status != status:
e.status = status
e.save()
st = 200
else:
st = 400
return json_response(status=st,
message='Authevent status: %s' % status)
def delete(request, pk):
'''
Delete a auth-event.
delete_authevent permission required
'''
permission_required(request.user, 'AuthEvent', 'edit', pk)
ae = AuthEvent.objects.get(pk=pk)
ae.delete()
data = {'status': 'ok'}
return json_response(data)
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
ae = get_object_or_404(AuthEvent, pk=pk)
req = json.loads(request.body.decode('utf-8'))
for uid in req.get('user-ids'):
u = get_object_or_404(User, pk=uid, userdata__event=ae)
u.is_active = self.activate
u.save()
if self.activate:
send_codes.apply_async(args=[[u for u in req.get('user-ids')], get_client_ip(request)])
return json_response()
def delete(request, pk):
'''
Delete a auth-event.
delete_authevent permission required
'''
permission_required(request.user, 'AuthEvent', ['edit', 'delete'], pk)
ae = AuthEvent.objects.get(pk=pk)
ae.delete()
data = {'status': 'ok'}
return json_response(data)
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', ['edit', 'census-delete'], pk)
ae = get_object_or_404(AuthEvent, pk=pk)
req = parse_json_request(request)
user_ids = req.get('user-ids', [])
check_contract(CONTRACTS['list_of_ints'], user_ids)
for uid in user_ids:
u = get_object_or_404(User, pk=uid, userdata__event=ae)
for acl in u.userdata.acls.all():
acl.delete()
u.delete()
return json_response()
def delete(request, pk):
'''
Delete a auth-event.
delete_authevent permission required
'''
permission_required(request.user, 'AuthEvent', 'edit', pk)
ae = AuthEvent.objects.get(pk=pk)
ae.delete()
data = {'status': 'ok'}
jsondata = json.dumps(data)
return HttpResponse(jsondata, content_type='application/json')
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
ae = get_object_or_404(AuthEvent, pk=pk)
req = json.loads(request.body.decode('utf-8'))
for uid in req.get('user-ids'):
u = get_object_or_404(User, pk=uid, userdata__event=ae)
u.is_active = self.activate
u.save()
if self.activate:
send_codes.apply_async(args=[[u for u in req.get('user-ids')],
get_client_ip(request)])
return json_response()
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
e = get_object_or_404(AuthEvent, pk=pk)
try:
data = auth_census(e, request)
except:
bad_request = json.dumps({"error": "bad_request"})
return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST)
if data['status'] == 'ok':
return json_response(data)
else:
return json_response(status=400, message=data.get('msg'),
error_codename=data.get('error_codename'))
def post(self, request, pk, status):
permission_required(request.user, 'AuthEvent', 'edit', pk)
e = get_object_or_404(AuthEvent, pk=pk)
if e.status != status:
e.status = status
e.save()
st = 200
else:
st = 400
jsondata = json.dumps({'msg': 'Authevent status: %s' % status})
return HttpResponse(jsondata,
status=st,
content_type='application/json')
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
ae = get_object_or_404(AuthEvent, pk=pk)
req = parse_json_request(request)
user_ids = req.get('user-ids', [])
check_contract(CONTRACTS['list_of_ints'], user_ids)
for uid in user_ids:
u = get_object_or_404(User, pk=uid, userdata__event=ae)
for acl in u.userdata.acls.all():
acl.delete()
u.delete()
return json_response()
def get(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
e = get_object_or_404(AuthEvent, pk=pk)
filter_str = request.GET.get('filter', None)
query = ACL.objects.filter(object_type='AuthEvent',
perm='vote',
object_id=pk)
if filter_str is not None:
q = (Q(user__user__username__icontains=filter_str)
| Q(user__user__email__icontains=filter_str)
| Q(user__tlf__icontains=filter_str)
| Q(user__metadata__icontains=filter_str))
query = query.filter(q)
# filter, with constraints
query = filter_query(filters=request.GET,
query=query,
constraints=dict(filters=dict(
user__user__id=dict(
lt=int,
gt=int,
),
user__user__is_active=dict(equals=bool),
user__user__date_joined=dict(lt=datetime,
gt=datetime)),
order_by=[
'user__user__id',
'user__user__is_active',
'user__user__date_joined'
]),
prefix='census__',
contraints_policy='ignore_invalid')
def serializer(acl):
return {
"id": acl.user.user.pk,
"username": acl.user.user.username,
"active": acl.user.user.is_active,
"date_joined": acl.user.user.date_joined.isoformat(),
"metadata": acl.user.serialize_data()
}
acls = paginate(request,
query,
serialize_method=serializer,
elements_name='object_list')
return json_response(acls)
def post(self, request, pk, status):
alt = dict(
notstarted="notstarted",
started='start',
stopped='stop'
)[status]
permission_required(request.user, 'AuthEvent', ['edit', alt], pk)
e = get_object_or_404(AuthEvent, pk=pk)
if e.status != status:
e.status = status
e.save()
st = 200
else:
st = 400
return json_response(status=st, message='Authevent status: %s' % status)
def get(self, request, pk=None):
''' Get user info '''
userdata = None
if pk is None:
pk = request.user.pk
userdata = request.user.userdata
permission_required(request.user, 'UserData', 'edit', pk)
if userdata is None:
userdata = get_object_or_404(UserData, pk=pk)
data = userdata.serialize()
extend_info = plugins.call("extend_user_info", userdata.user)
if extend_info:
for info in extend_info:
data.update(info.serialize())
return json_response(data)
def get(self, request, pk=None):
''' Get user info '''
userdata = None
if pk is None:
pk = request.user.pk
userdata = request.user.userdata
permission_required(request.user, 'UserData', 'edit', pk)
if userdata is None:
userdata = get_object_or_404(UserData, pk=pk)
data = userdata.serialize()
extend_info = plugins.call("extend_user_info", userdata.user)
if extend_info:
for info in extend_info:
data.update(info.serialize())
return json_response(data)
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
e = get_object_or_404(AuthEvent, pk=pk)
try:
data = auth_census(e, request)
except:
bad_request = json.dumps({"error": "bad_request"})
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
if data['status'] == 'ok':
return json_response(data)
else:
return json_response(status=400,
message=data.get('msg'),
error_codename=data.get('error_codename'))
def get(self, request, pk=None):
'''
Lists all AuthEvents if not pk. If pk show the event with this pk
'''
data = {'status': 'ok'}
user, _, _ = get_login_user(request)
if pk:
e = AuthEvent.objects.get(pk=pk)
if (user is not None and user.is_authenticated() and
permission_required(
user,
'AuthEvent',
['edit', 'view'],
e.id,
return_bool=True)):
aes = e.serialize()
else:
aes = e.serialize_restrict()
extend_info = plugins.call("extend_ae_info", user, e)
if extend_info:
for info in extend_info:
aes.update(info.serialize())
data['events'] = aes
else:
events = AuthEvent.objects.all()
aes = paginate(request, events,
serialize_method='serialize_restrict',
elements_name='events')
data.update(aes)
return json_response(data)
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
e = get_object_or_404(AuthEvent, pk=pk)
error_kwargs = plugins.call("extend_add_census", e, request)
if error_kwargs:
return json_response(**error_kwargs[0])
try:
data = auth_census(e, request)
except:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
if data['status'] == 'ok':
return json_response(data)
else:
return json_response(status=400,
error_codename=data.get('error_codename'))
def post(self, request):
pk = request.user.pk
user = request.user
permission_required(user, 'UserData', 'edit', pk)
permission_required(user, 'AuthEvent', 'create')
new_pwd = random_code(8)
send_mail.apply_async(args=[
'Reset password',
'This is your new password: %s' % new_pwd, user.email
])
user.set_password(new_pwd)
user.save()
data = {'status': 'ok'}
return json_response(data)
def get(self, request, pk=None):
'''
Lists all AuthEvents if not pk. If pk show the event with this pk
'''
data = {'status': 'ok'}
user, _ = get_login_user(request)
if pk:
e = AuthEvent.objects.get(pk=pk)
if (user is not None and user.is_authenticated()
and permission_required(
user, 'AuthEvent', 'edit', e.id, return_bool=True)):
aes = e.serialize()
else:
aes = e.serialize_restrict()
extend_info = plugins.call("extend_ae_info", user, e)
if extend_info:
for info in extend_info:
aes.update(info.serialize())
data['events'] = aes
else:
events = AuthEvent.objects.all()
aes = paginate(request,
events,
serialize_method='serialize_restrict',
elements_name='events')
data.update(aes)
return json_response(data)
def post(self, request):
permission_required(request.user, 'ACL', 'create')
data = {'status': 'ok'}
try:
req = json.loads(request.body.decode('utf-8'))
except:
bad_request = json.dumps({"error": "bad_request"})
return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST)
u = User.objects.get(pk=req['userid'])
for perm in req['perms']:
user = get_object_or_404(UserData, user__username=perm['user'])
acl = ACL(user=user, perm=perm['perm'], object_type=perm['object_type'],
object_id=perm.get('object_id', 0))
acl.save()
return json_response(data)
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', ['edit', 'census-add'], pk)
e = get_object_or_404(AuthEvent, pk=pk)
error_kwargs = plugins.call("extend_add_census", e, request)
if error_kwargs:
return json_response(**error_kwargs[0])
try:
data = auth_census(e, request)
except:
return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST)
if data['status'] == 'ok':
return json_response(data)
else:
return json_response(
status=400,
error_codename=data.get('error_codename'))
def post(self, request):
pk = request.user.pk
user = request.user
permission_required(user, 'UserData', 'edit', pk)
permission_required(user, 'AuthEvent', 'create')
new_pwd = random_code(8)
send_mail.apply_async(args=[
'Reset password',
'This is your new password: %s' % new_pwd, user.email
])
user.set_password(new_pwd)
user.save()
jsondata = json.dumps({'status': 'ok'})
return HttpResponse(jsondata, content_type='application/json')
def post(self, request):
pk = request.user.pk
user = request.user
permission_required(user, 'UserData', 'edit', pk)
permission_required(user, 'AuthEvent', 'create')
new_pwd = random_code(8)
send_mail.apply_async(args=[
'Reset password',
'This is your new password: %s' % new_pwd,
user.email])
user.set_password(new_pwd)
user.save()
data = {'status': 'ok'}
return json_response(data)
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', 'edit', pk)
ae = get_object_or_404(AuthEvent, pk=pk)
req = parse_json_request(request)
user_ids = req.get('user-ids', [])
check_contract(CONTRACTS['list_of_ints'], user_ids)
for uid in user_ids:
u = get_object_or_404(User, pk=uid, userdata__event=ae)
u.is_active = self.activate
u.save()
if self.activate:
send_codes.apply_async(args=[[u for u in user_ids],
get_client_ip(request)])
return json_response()
def post(self, request, pk):
''' Send authentication emails to the whole census '''
permission_required(request.user, 'AuthEvent', 'edit', pk)
data = {'msg': 'Sent successful'}
# first, validate input
e = get_object_or_404(AuthEvent, pk=pk)
if e.status != 'started':
return json_response(status=400,
error_codename="AUTH_EVENT_NOT_STARTED")
try:
req = parse_json_request(request)
except:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
userids = req.get("user-ids", None)
extra_req = req.get('extra', {})
# force extra_req type to be a dict
if not isinstance(extra_req, dict):
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
if req.get('msg', '') or req.get('subject', ''):
config = {}
if req.get('msg', ''):
config['msg'] = req.get('msg', '')
if req.get('subject', ''):
config['subject'] = req.get('subject', '')
else:
send_error = census_send_auth_task(pk, get_client_ip(request),
None, userids, **extra_req)
if send_error:
return json_response(**send_error)
return json_response(data)
if config.get('msg', None) is not None:
if type(config.get('msg', '')) != str or len(config.get(
'msg', '')) > settings.MAX_AUTH_MSG_SIZE[e.auth_method]:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
send_error = census_send_auth_task(pk, get_client_ip(request), config,
userids, **extra_req)
if send_error:
return json_response(**send_error)
return json_response(data)
def post(self, request, pk):
''' Send authentication emails to the whole census '''
permission_required(request.user, 'AuthEvent', 'edit', pk)
data = {'msg': 'Sent successful'}
# first, validate input
e = get_object_or_404(AuthEvent, pk=pk)
if e.status != 'started':
return json_response(
status=400,
message='AuthEvent with id = %s has not started' % pk,
error_codename=ErrorCodes.BAD_REQUEST)
invalid_json = json.dumps({'error': "Invalid json"})
try:
req = json.loads(request.body.decode('utf-8'))
except:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
userids = req.get("user-ids", None)
if req.get('msg') or req.get('subject'):
config = {}
if req.get('msg'):
config['msg'] = req.get('msg')
if req.get('subject'):
config['subject'] = req.get('subject')
else:
msg = census_send_auth_task(pk, get_client_ip(request), None,
userids)
if msg:
data['msg'] = msg
return json_response(data)
if config.get('msg', None) is not None:
if type(config.get('msg')) != str or len(config.get(
'msg')) > settings.MAX_AUTH_MSG_SIZE[e.auth_method]:
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
msg = census_send_auth_task(pk, get_client_ip(request), config,
userids)
if msg:
data['msg'] = msg
return json_response(data)
def post(self, request, pk):
''' Send authentication emails to the whole census '''
permission_required(request.user, 'AuthEvent', 'edit', pk)
data = {'msg': 'Sent successful'}
# first, validate input
e = get_object_or_404(AuthEvent, pk=pk)
if e.status != 'started':
jsondata = json.dumps(
{'error': 'AuthEvent with id = %s has not started' % pk})
return HttpResponseBadRequest(jsondata,
content_type='application/json')
invalid_json = json.dumps({'error': "Invalid json"})
try:
req = json.loads(request.body.decode('utf-8'))
except:
return HttpResponseBadRequest(invalid_json,
content_type='application/json')
userids = req.get("user-ids", None)
if req.get('msg') or req.get('subject'):
config = {}
if req.get('msg'):
config['msg'] = req.get('msg')
if req.get('subject'):
config['subject'] = req.get('subject')
else:
msg = census_send_auth_task(pk, None, userids)
if msg:
data['msg'] = msg
return HttpResponse("", content_type='application/json')
if config.get('msg', None) is not None:
if type(config.get('msg')) != str or len(config.get(
'msg')) > settings.MAX_AUTH_MSG_SIZE[e.auth_method]:
return HttpResponseBadRequest(invalid_json,
content_type='application/json')
msg = census_send_auth_task(pk, config, userids)
if msg:
data['msg'] = msg
jsondata = json.dumps(data)
return HttpResponse(jsondata, content_type='application/json')
def post(self, request):
permission_required(request.user, 'ACL', 'create')
data = {'status': 'ok'}
try:
req = json.loads(request.body.decode('utf-8'))
except:
bad_request = json.dumps({"error": "bad_request"})
return json_response(status=400,
error_codename=ErrorCodes.BAD_REQUEST)
u = User.objects.get(pk=req['userid'])
for perm in req['perms']:
user = get_object_or_404(UserData, user__username=perm['user'])
acl = ACL(user=user,
perm=perm['perm'],
object_type=perm['object_type'],
object_id=perm.get('object_id', 0))
acl.save()
return json_response(data)
def post(self, request):
permission_required(request.user, 'ACL', 'create')
data = {'status': 'ok'}
try:
req = json.loads(request.body.decode('utf-8'))
except:
bad_request = json.dumps({"error": "bad_request"})
return HttpResponseBadRequest(bad_request,
content_type='application/json')
u = User.objects.get(pk=req['userid'])
for perm in req['perms']:
user = get_object_or_404(UserData, user__username=perm['user'])
acl = ACL(user=user,
perm=perm['perm'],
object_type=perm['object_type'],
object_id=perm.get('object_id', 0))
acl.save()
jsondata = json.dumps(data)
return HttpResponse(jsondata, content_type='application/json')
def post(self, request, pk):
permission_required(request.user, 'AuthEvent', ['edit', 'census-activation'], pk)
ae = get_object_or_404(AuthEvent, pk=pk)
req = parse_json_request(request)
user_ids = req.get('user-ids', [])
check_contract(CONTRACTS['list_of_ints'], user_ids)
for uid in user_ids:
u = get_object_or_404(User, pk=uid, userdata__event=ae)
u.is_active = self.activate
u.save()
if self.activate:
send_codes.apply_async(
args=[
[u for u in user_ids],
get_client_ip(request),
ae.auth_method
])
return json_response()
def post(self, request, pk):
''' Send authentication emails to the whole census '''
permission_required(request.user, 'AuthEvent', 'edit', pk)
data = {'msg': 'Sent successful'}
# first, validate input
e = get_object_or_404(AuthEvent, pk=pk)
if e.status != 'started':
return json_response(status=400,
message='AuthEvent with id = %s has not started' % pk,
error_codename=ErrorCodes.BAD_REQUEST)
invalid_json = json.dumps({'error': "Invalid json"})
try:
req = json.loads(request.body.decode('utf-8'))
except:
return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST)
userids = req.get("user-ids", None)
if req.get('msg') or req.get('subject'):
config = {}
if req.get('msg'):
config['msg'] = req.get('msg')
if req.get('subject'):
config['subject'] = req.get('subject')
else:
msg = census_send_auth_task(pk, get_client_ip(request), None, userids)
if msg:
data['msg'] = msg
return json_response(data)
if config.get('msg', None) is not None:
if type(config.get('msg')) != str or len(config.get('msg')) > settings.MAX_AUTH_MSG_SIZE[e.auth_method]:
return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST)
msg = census_send_auth_task(pk, get_client_ip(request), config, userids)
if msg:
data['msg'] = msg
return json_response(data)
def post(self, request):
permission_required(request.user, 'ACL', 'create')
data = {'status': 'ok'}
try:
req = parse_json_request(request)
user_id = req.get('userid', None)
assert(isinstance(user_id, int))
perms = req.get('perms', [])
assert(isinstance(perms, list))
except:
return json_response(
status=400,
error_codename=ErrorCodes.BAD_REQUEST)
u = User.objects.get(pk=req.get('userid', None))
for perm in perms:
user = get_object_or_404(UserData, user__username=perm['user'])
acl = ACL(user=user, perm=perm['perm'], object_type=perm['object_type'],
object_id=perm.get('object_id', 0))
acl.save()
return json_response(data)
def post(self, request):
''' Edit user. Only can change password. '''
pk = request.user.pk
user = request.user
permission_required(user, 'UserData', 'edit', pk)
permission_required(user, 'AuthEvent', 'create')
try:
req = json.loads(request.body.decode('utf-8'))
except:
bad_request = json.dumps({"error": "bad_request"})
return HttpResponseBadRequest(bad_request,
content_type='application/json')
old_pwd = req.get('old_pwd')
new_pwd = req.get('new_pwd')
if not old_pwd or not new_pwd:
jsondata = json.dumps({'status': 'nok'})
return HttpResponse(jsondata,
status=400,
content_type='application/json')
if not user.check_password(old_pwd):
jsondata = json.dumps({
'status': 'nok',
'msg': 'Invalid old password'
})
return HttpResponse(jsondata,
status=400,
content_type='application/json')
user.set_password(new_pwd)
user.save()
jsondata = json.dumps({'status': 'ok'})
return HttpResponse(jsondata, content_type='application/json')
def get(self, request, pk):
permission_required(request.user, 'AuthEvent', ['edit', 'view-census'], pk)
e = get_object_or_404(AuthEvent, pk=pk)
filter_str = request.GET.get('filter', None)
query = e.get_census_query()
if filter_str is not None:
if len(e.extra_fields):
filter_str = "%" + filter_str + "%"
raw_sql = '''
SELECT "api_acl"."id", "api_acl"."user_id", "api_acl"."perm",
"api_acl"."object_type", "api_acl"."object_id", "api_acl"."created",
"api_userdata"."id", "api_userdata"."user_id",
"api_userdata"."event_id", "api_userdata"."tlf",
"api_userdata"."metadata", "api_userdata"."status"
FROM "api_acl"
INNER JOIN "api_userdata"
ON ("api_acl"."user_id" = "api_userdata"."id")
INNER JOIN "auth_user"
ON ("api_userdata"."user_id" = "auth_user"."id")
WHERE
("api_acl"."object_id"::int = %s
AND "api_acl"."perm" = 'vote'
AND "api_acl"."object_type" = 'AuthEvent'
AND (UPPER("auth_user"."username"::text) LIKE UPPER(%s)
OR UPPER("auth_user"."email"::text) LIKE UPPER(%s)
OR UPPER("api_userdata"."tlf"::text) LIKE UPPER(%s)'''
params_array = [pk, filter_str, filter_str, filter_str]
for field in e.extra_fields:
raw_sql += '''
OR UPPER(api_userdata.metadata::jsonb->>%s) LIKE UPPER(%s)'''
params_array += [field['name'], filter_str]
raw_sql += '''
))'''
raw_query = ACL.objects.raw(raw_sql, params=params_array)
id_list = [obj.id for obj in raw_query]
query = query.filter(id__in=id_list)
else:
q = (Q(user__user__username__icontains=filter_str) |
Q(user__user__email__icontains=filter_str) |
Q(user__tlf__icontains=filter_str))
query = query.filter(q)
has_voted_str = request.GET.get('has_voted__equals', None)
if has_voted_str is not None:
if 'false' == has_voted_str:
query = query.annotate(logins=Count('user__successful_logins')).filter(logins__exact=0)
elif 'true' == has_voted_str:
query = query.annotate(logins=Count('user__successful_logins')).filter(logins__gt=0)
# filter, with constraints
query = filter_query(
filters=request.GET,
query=query,
constraints=dict(
filters=dict(
user__user__id=dict(
lt=int,
gt=int,
),
user__user__is_active=dict(
equals=bool
),
user__user__date_joined=dict(
lt=datetime,
gt=datetime
)
),
order_by=[
'user__user__id',
'user__user__is_active',
'user__user__date_joined']
),
prefix='census__',
contraints_policy='ignore_invalid')
def serializer(acl):
return {
"id": acl.user.user.pk,
"username": acl.user.user.username,
"active": acl.user.user.is_active,
"date_joined": acl.user.user.date_joined.isoformat(),
"metadata": acl.user.serialize_data()
}
acls = paginate(
request,
query,
serialize_method=serializer,
elements_name='object_list')
return json_response(acls)
def post(request, pk=None):
'''
Creates a new auth-event or edit auth_event
create_authevent permission required or
edit_authevent permission required
'''
try:
req = parse_json_request(request)
except:
return json_response(
status=400,
error_codename=ErrorCodes.BAD_REQUEST)
if pk is None: # create
real = req.get('real', False)
if real:
# requires create perm
permission_required(request.user, 'AuthEvent', 'create')
else:
# requires create or create-notreal
permission_required(request.user, 'AuthEvent', ['create', 'create-notreal'])
auth_method = req.get('auth_method', '')
msg = check_authmethod(auth_method)
if msg:
return json_response(status=400, message=msg)
auth_method_config = {
"config": METHODS.get(auth_method).CONFIG,
"pipeline": METHODS.get(auth_method).PIPELINES
}
config = req.get('auth_method_config', None)
if config:
msg += check_config(config, auth_method)
extra_fields = req.get('extra_fields', None)
if extra_fields:
msg += check_extra_fields(
extra_fields,
METHODS.get(auth_method).USED_TYPE_FIELDS)
slug_set = set()
for field in extra_fields:
if 'name' in field:
field['slug'] = slugify(field['name']).replace("-","_").upper()
slug_set.add(field['slug'])
else:
msg += "some extra_fields have no name\n"
if len(slug_set) != len(extra_fields):
msg += "some extra_fields may have repeated slug names\n"
census = req.get('census', '')
# check census mode
if not census in ('open', 'close'):
return json_response(
status=400,
error_codename="INVALID_CENSUS_TYPE")
error_kwargs = plugins.call("extend_type_census", census)
if error_kwargs:
return json_response(**error_kwargs[0])
based_in = req.get('based_in', None)
if based_in and not ACL.objects.filter(user=request.user.userdata, perm='edit',
object_type='AuthEvent', object_id=based_in):
msg += "Invalid id to based_in"
# Note that a login is only complete if a call has been received and
# accepted at /authevent/<ID>/successful_login
num_successful_logins_allowed = req.get(
'num_successful_logins_allowed', 0)
if type(num_successful_logins_allowed) is not int:
msg += "num_successful_logins_allowed invalid type"
if msg:
return json_response(
status=400,
message=msg,
error_codename=ErrorCodes.BAD_REQUEST)
if config:
auth_method_config.get('config').update(config)
ae = AuthEvent(auth_method=auth_method,
auth_method_config=auth_method_config,
extra_fields=extra_fields,
census=census,
real=real,
num_successful_logins_allowed=num_successful_logins_allowed,
based_in=based_in)
# Save before the acl creation to get the ae id
ae.save()
acl = ACL(user=request.user.userdata, perm='edit', object_type='AuthEvent',
object_id=ae.id)
acl.save()
acl = ACL(user=request.user.userdata, perm='create',
object_type='UserData', object_id=ae.id)
acl.save()
# if necessary, generate captchas
from authmethods.utils import have_captcha
if have_captcha(ae):
generate_captcha(settings.PREGENERATION_CAPTCHA)
else: # edit
permission_required(request.user, 'AuthEvent', 'edit', pk)
auth_method = req.get('auth_method', '')
msg = check_authmethod(auth_method)
if msg:
return json_response(status=400, message=msg)
config = req.get('auth_method_config', None)
if config:
msg += check_config(config, auth_method)
extra_fields = req.get('extra_fields', None)
if extra_fields:
msg += check_extra_fields(extra_fields)
if msg:
return json_response(status=400, message=msg)
ae = AuthEvent.objects.get(pk=pk)
ae.auth_method = auth_method
if config:
ae.auth_method_config.get('config').update(config)
if extra_fields:
ae.extra_fields = extra_fields
ae.save()
# TODO: Problem if object_id is None, change None by 0
acl = get_object_or_404(ACL, user=request.user.userdata,
perm='edit', object_type='AuthEvent', object_id=ae.pk)
data = {'status': 'ok', 'id': ae.pk, 'perm': acl.get_hmac()}
return json_response(data)
def post(request, pk=None):
'''
Creates a new auth-event or edit auth_event
create_authevent permission required or
edit_authevent permission required
'''
try:
req = json.loads(request.body.decode('utf-8'))
except:
return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST)
if pk is None: # create
permission_required(request.user, 'AuthEvent', 'create')
auth_method = req.get('auth_method', '')
msg = check_authmethod(auth_method)
if msg:
return json_response(status=400, message=msg)
auth_method_config = {
"config": METHODS.get(auth_method).CONFIG,
"pipeline": METHODS.get(auth_method).PIPELINES
}
config = req.get('auth_method_config', None)
if config:
msg += check_config(config, auth_method)
extra_fields = req.get('extra_fields', None)
if extra_fields:
msg += check_extra_fields(extra_fields, METHODS.get(auth_method).USED_TYPE_FIELDS)
census = req.get('census', '')
if not census in ('open', 'close'):
msg += "Invalid type of census\n"
if msg:
return json_response(status=400, message=msg)
if config:
auth_method_config.get('config').update(config)
ae = AuthEvent(auth_method=auth_method,
auth_method_config=auth_method_config,
extra_fields=extra_fields,
census=census)
# Save before the acl creation to get the ae id
ae.save()
acl = ACL(user=request.user.userdata, perm='edit', object_type='AuthEvent',
object_id=ae.id)
acl.save()
acl = ACL(user=request.user.userdata, perm='create',
object_type='UserData', object_id=ae.id)
acl.save()
# if necessary, generate captchas
from authmethods.utils import have_captcha
if have_captcha(ae):
generate_captcha(settings.PREGENERATION_CAPTCHA)
else: # edit
permission_required(request.user, 'AuthEvent', 'edit', pk)
auth_method = req.get('auth_method', '')
msg = check_authmethod(auth_method)
if msg:
return json_response(status=400, message=msg)
config = req.get('auth_method_config', None)
if config:
msg += check_config(config, auth_method)
extra_fields = req.get('extra_fields', None)
if extra_fields:
msg += check_extra_fields(extra_fields)
if msg:
return json_response(status=400, message=msg)
ae = AuthEvent.objects.get(pk=pk)
ae.auth_method = auth_method
if config:
ae.auth_method_config.get('config').update(config)
if extra_fields:
ae.extra_fields = extra_fields
ae.save()
# TODO: Problem if object_id is None, change None by 0
acl = get_object_or_404(ACL, user=request.user.userdata,
perm='edit', object_type='AuthEvent', object_id=ae.pk)
data = {'status': 'ok', 'id': ae.pk, 'perm': acl.get_hmac()}
return json_response(data)
