示例#1
0
 def on_auth(self, auth):
     if not isinstance(auth, dict):
         try:
             auth = json.loads(auth)
         except: # pylint: disable=bare-except
             emit("info", "invalid json", namespace=NS)
             return
     if "api_key" not in auth:
         emit("info", "'api_key' param missing", namespace=NS)
         return
     if "nonce" not in auth:
         emit("info", "'nonce' param missing", namespace=NS)
         return
     if "signature" not in auth:
         emit("info", "'signature' param missing", namespace=NS)
         return
     # check auth
     res, reason, api_key = check_auth(db.session, auth["api_key"], auth["nonce"], auth["signature"], str(auth["nonce"]))
     if res:
         emit("info", "authenticated!", namespace=NS)
         # join room and store user
         logger.info("join room for email: %s", api_key.user.email)
         join_room(api_key.user.email)
         # store sid -> email map
         ws_sids[request.sid] = api_key.user.email
     else:
         api_key = auth["api_key"]
         emit("info", f"failed authentication ({api_key}): {reason}", namespace=NS)
         logger.info("failed authentication (%s): %s", api_key, reason)
示例#2
0
 def on_auth(self, auth):
     # check auth
     res, reason, api_key = check_auth(db.session, auth["api_key"],
                                       auth["nonce"], auth["signature"],
                                       str(auth["nonce"]))
     if res:
         emit("info", "authenticated!", namespace=NS)
         # join room and store user
         logger.info("join room for email: %s", api_key.user.email)
         join_room(api_key.user.email)
         # store sid -> email map
         ws_sids[request.sid] = api_key.user.email
     else:
         logger.info("failed authentication (%s): %s", auth["api_key"],
                     reason)
示例#3
0
def user_update_photo():
    sig = request_get_signature()
    content = request.get_json(force=True)
    if content is None:
        return bad_request(web_utils.INVALID_JSON)
    params, err_response = get_json_params(
        content, ["api_key", "nonce", "photo", "photo_type"])
    if err_response:
        return err_response
    api_key, nonce, photo, photo_type = params
    res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
                                      request.data)
    if not res:
        return bad_request(reason)
    user = api_key.user
    user.photo = photo
    user.photo_type = photo_type
    db.session.add(user)
    db.session.commit()
    return jsonify(dict(photo=user.photo, photo_type=user.photo_type))
示例#4
0
def transaction_create():
    sig = request_get_signature()
    content = request.get_json(force=True)
    if content is None:
        return bad_request(web_utils.INVALID_JSON)
    params, err_response = get_json_params(
        content,
        ["api_key", "nonce", "action", "recipient", "amount", "attachment"])
    if err_response:
        return err_response
    api_key, nonce, action, recipient, amount, attachment = params
    res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
                                      request.data)
    if not res:
        return bad_request(reason)
    tx, error = paydb_core.tx_create_and_play(db.session, api_key, action,
                                              recipient, amount, attachment)
    if not tx:
        return bad_request(error)
    tx_event(tx)
    return jsonify(dict(tx=tx.to_json()))
示例#5
0
def reward_categories():
    sig = request_get_signature()
    content = request.get_json(force=True)
    if content is None:
        return bad_request(web_utils.INVALID_JSON)
    params, err_response = get_json_params(content, ["api_key", "nonce"])
    if err_response:
        return err_response
    api_key, nonce = params
    res, auth_fail_reason, api_key = check_auth(db.session, api_key, nonce,
                                                sig, request.data)
    if not res:
        return bad_request(auth_fail_reason)
    if not api_key.user.has_role(
            Role.ROLE_ADMIN) and not api_key.user.has_role(
                Role.ROLE_AUTHORIZER):
        return bad_request(web_utils.UNAUTHORIZED)
    # pylint: disable=no-member
    cats = db.session.query(Category).all()
    cats = [cat.name for cat in cats]
    return jsonify(dict(categories=cats))
示例#6
0
def user_transactions():
    sig = request_get_signature()
    content = request.get_json(force=True)
    if content is None:
        return bad_request(web_utils.INVALID_JSON)
    params, err_response = get_json_params(
        content, ["api_key", "nonce", "offset", "limit"])
    if err_response:
        return err_response
    api_key, nonce, offset, limit = params
    if limit > 1000:
        return bad_request(web_utils.LIMIT_TOO_LARGE)
    res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
                                      request.data)
    if not res:
        return bad_request(reason)
    if not api_key.has_permission(Permission.PERMISSION_HISTORY):
        return bad_request(web_utils.UNAUTHORIZED)
    txs = PayDbTransaction.related_to_user(db.session, api_key.user, offset,
                                           limit)
    txs = [tx.to_json() for tx in txs]
    return jsonify(dict(txs=txs))
示例#7
0
def reward_create():
    sig = request_get_signature()
    content = request.get_json(force=True)
    if content is None:
        return bad_request(web_utils.INVALID_JSON)
    params, err_response = get_json_params(content, [
        "api_key", "nonce", "reason", "category", "recipient", "amount",
        "message"
    ])
    if err_response:
        return err_response
    api_key, nonce, reason, category, recipient, amount, message = params
    res, auth_fail_reason, api_key = check_auth(db.session, api_key, nonce,
                                                sig, request.data)
    if not res:
        return bad_request(auth_fail_reason)
    if not api_key.user.has_role(
            Role.ROLE_ADMIN) and not api_key.user.has_role(
                Role.ROLE_AUTHORIZER):
        return bad_request(web_utils.UNAUTHORIZED)
    cat = Category.from_name(db.session, category)
    if not cat:
        return bad_request(web_utils.INVALID_CATEGORY)
    if amount <= 0:
        return bad_request(web_utils.INVALID_AMOUNT)
    proposal, payment = _reward_create(api_key.user, reason, cat, recipient,
                                       amount, message)
    db.session.commit()
    return jsonify(
        dict(proposal=dict(reason=reason,
                           category=category,
                           status=proposal.status,
                           payment=dict(amount=amount,
                                        email=payment.email,
                                        mobile=payment.mobile,
                                        address=payment.recipient,
                                        message=message,
                                        status=payment.status))))
示例#8
0
def user_update_password():
    sig = request_get_signature()
    content = request.get_json(force=True)
    if content is None:
        return bad_request(web_utils.INVALID_JSON)
    params, err_response = get_json_params(
        content, ["api_key", "nonce", "current_password", "new_password"])
    if err_response:
        return err_response
    api_key, nonce, current_password, new_password = params
    res, reason, api_key = check_auth(db.session, api_key, nonce, sig,
                                      request.data)
    if not res:
        return bad_request(reason)
    user = api_key.user
    verified_password = verify_password(current_password, user.password)
    if not verified_password:
        return bad_request(web_utils.INCORRECT_PASSWORD)
    ### set the new_password:
    user.password = encrypt_password(new_password)
    db.session.add(user)
    db.session.commit()
    return 'password changed.'