quay/endpoints/common.py

import logging
import os
import base64

from flask import request, abort, session, make_response
from flask.ext.login import login_user, UserMixin
from flask.ext.principal import identity_changed

from data import model
from app import app, login_manager
from auth.permissions import QuayDeferredPermissionUser


logger = logging.getLogger(__name__)


def truthy_param(param):
  return param not in {False, 'false', 'False', '0', 'FALSE', '', 'null'}


@login_manager.user_loader
def load_user(username):
  logger.debug('Loading user: %s' % username)
  return _LoginWrappedDBUser(username)

class _LoginWrappedDBUser(UserMixin):
  def __init__(self, db_username, db_user=None):

    self._db_username = db_username
    self._db_user = db_user

  def db_user(self):
    if not self._db_user:
      self._db_user = model.get_user(self._db_username)
    return self._db_user

  def is_authenticated(self):
    return self.db_user() is not None

  def is_active(self):
    return self.db_user().verified

  def get_id(self):
    return unicode(self._db_username)


def common_login(db_user):
  if login_user(_LoginWrappedDBUser(db_user.username, db_user)):
    logger.debug('Successfully signed in as: %s' % db_user.username)
    new_identity = QuayDeferredPermissionUser(db_user.username, 'username')
    identity_changed.send(app, identity=new_identity)
    return True
  else:
    logger.debug('User could not be logged in, inactive?.')
    return False


@app.errorhandler(model.DataModelException)
def handle_dme(ex):
  logger.exception(ex)
  return make_response(ex.message, 400)


@app.errorhandler(KeyError)
def handle_dme_key_error(ex):
  logger.exception(ex)
  return make_response('Invalid key: %s' % ex.message, 400)


def generate_csrf_token():
  if '_csrf_token' not in session:
    session['_csrf_token'] = base64.b64encode(os.urandom(48))

  return session['_csrf_token']

app.jinja_env.globals['csrf_token'] = generate_csrf_token
Embed the discovery information directly into the page 2013-12-27 22:19:14 +00:00			`import logging`
Add CSRF protection to every API call 2013-12-28 19:07:44 +00:00			`import os`
			`import base64`
Embed the discovery information directly into the page 2013-12-27 22:19:14 +00:00
Fix all non-test url_for’s 2014-01-30 22:23:21 +00:00			`from flask import request, abort, session, make_response`
Fix the imports when separating out the new common.py file. 2013-12-27 23:01:44 +00:00			`from flask.ext.login import login_user, UserMixin`
Embed the discovery information directly into the page 2013-12-27 22:19:14 +00:00			`from flask.ext.principal import identity_changed`

			`from data import model`
			`from app import app, login_manager`
Fix the imports when separating out the new common.py file. 2013-12-27 23:01:44 +00:00			`from auth.permissions import QuayDeferredPermissionUser`
Embed the discovery information directly into the page 2013-12-27 22:19:14 +00:00

			`logger = logging.getLogger(__name__)`


Fix the tests and the one bug that it highlighted. 2014-02-16 23:59:24 +00:00			`def truthy_param(param):`
			`return param not in {False, 'false', 'False', '0', 'FALSE', '', 'null'}`


Embed the discovery information directly into the page 2013-12-27 22:19:14 +00:00			`@login_manager.user_loader`
			`def load_user(username):`
			`logger.debug('Loading user: %s' % username)`
			`return _LoginWrappedDBUser(username)`

			`class _LoginWrappedDBUser(UserMixin):`
			`def __init__(self, db_username, db_user=None):`

			`self._db_username = db_username`
			`self._db_user = db_user`

			`def db_user(self):`
			`if not self._db_user:`
			`self._db_user = model.get_user(self._db_username)`
			`return self._db_user`

			`def is_authenticated(self):`
			`return self.db_user() is not None`

			`def is_active(self):`
			`return self.db_user().verified`

			`def get_id(self):`
			`return unicode(self._db_username)`


			`def common_login(db_user):`
			`if login_user(_LoginWrappedDBUser(db_user.username, db_user)):`
			`logger.debug('Successfully signed in as: %s' % db_user.username)`
			`new_identity = QuayDeferredPermissionUser(db_user.username, 'username')`
			`identity_changed.send(app, identity=new_identity)`
			`return True`
			`else:`
			`logger.debug('User could not be logged in, inactive?.')`
			`return False`
Add CSRF protection to every API call 2013-12-28 19:07:44 +00:00

Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 22:05:27 +00:00			`@app.errorhandler(model.DataModelException)`
			`def handle_dme(ex):`
Allow exception tracebacks to get logged to the log file. 2014-02-25 21:54:49 +00:00			`logger.exception(ex)`
Leave ISEs as 400s, but log exceptions and have slightly improved error messages. 2014-02-25 22:19:02 +00:00			`return make_response(ex.message, 400)`
Move each flask module into a Blueprint and have CSRF protection only on the API blueprint 2013-12-30 22:05:27 +00:00

			`@app.errorhandler(KeyError)`
			`def handle_dme_key_error(ex):`
Allow exception tracebacks to get logged to the log file. 2014-02-25 21:54:49 +00:00			`logger.exception(ex)`
Leave ISEs as 400s, but log exceptions and have slightly improved error messages. 2014-02-25 22:19:02 +00:00			`return make_response('Invalid key: %s' % ex.message, 400)`
Add CSRF protection to every API call 2013-12-28 19:07:44 +00:00

			`def generate_csrf_token():`
Style fixes 2013-12-29 00:56:23 +00:00			`if '_csrf_token' not in session:`
			`session['_csrf_token'] = base64.b64encode(os.urandom(48))`

			`return session['_csrf_token']`
Add CSRF protection to every API call 2013-12-28 19:07:44 +00:00
			`app.jinja_env.globals['csrf_token'] = generate_csrf_token`