2013-09-25 20:46:28 +00:00
|
|
|
import logging
|
|
|
|
|
2014-02-18 20:50:15 +00:00
|
|
|
from flask import (abort, redirect, request, url_for, make_response, Response,
|
2015-02-04 20:29:24 +00:00
|
|
|
Blueprint, send_from_directory, jsonify, send_file)
|
2014-11-25 00:25:13 +00:00
|
|
|
|
|
|
|
from avatar_generator import Avatar
|
2014-02-18 20:50:15 +00:00
|
|
|
from flask.ext.login import current_user
|
2013-11-19 00:17:58 +00:00
|
|
|
from urlparse import urlparse
|
2015-01-20 21:53:05 +00:00
|
|
|
from health.healthcheck import get_healthchecker
|
2013-09-25 16:45:12 +00:00
|
|
|
|
|
|
|
from data import model
|
2014-03-12 16:37:06 +00:00
|
|
|
from data.model.oauth import DatabaseAuthorizationProvider
|
2015-02-04 20:29:24 +00:00
|
|
|
from app import app, billing as stripe, build_logs, avatar, signer
|
2014-11-20 20:12:37 +00:00
|
|
|
from auth.auth import require_session_login, process_oauth
|
2014-12-23 19:01:00 +00:00
|
|
|
from auth.permissions import (AdministerOrganizationPermission, ReadRepositoryPermission,
|
|
|
|
SuperUserPermission)
|
|
|
|
|
2013-11-18 19:49:54 +00:00
|
|
|
from util.invoice import renderInvoiceToPdf
|
2013-11-18 23:42:27 +00:00
|
|
|
from util.seo import render_snapshot
|
2014-01-02 23:01:34 +00:00
|
|
|
from util.cache import no_cache
|
2014-07-21 19:09:31 +00:00
|
|
|
from endpoints.common import common_login, render_page_template, route_show_if, param_required
|
2014-12-23 19:01:00 +00:00
|
|
|
from endpoints.csrf import csrf_protect, generate_csrf_token, verify_csrf
|
2014-11-26 15:54:16 +00:00
|
|
|
from endpoints.registry import set_cache_headers
|
2014-12-18 21:01:59 +00:00
|
|
|
from util.names import parse_repository_name, parse_repository_name_and_tag
|
2014-09-05 23:57:33 +00:00
|
|
|
from util.useremails import send_email_changed
|
2014-12-23 19:01:00 +00:00
|
|
|
from util.systemlogs import build_logs_archive
|
2014-03-14 22:57:28 +00:00
|
|
|
from auth import scopes
|
2013-11-19 00:17:58 +00:00
|
|
|
|
2014-04-06 04:36:19 +00:00
|
|
|
import features
|
|
|
|
|
2013-09-25 20:46:28 +00:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
2015-01-17 03:41:54 +00:00
|
|
|
# Capture the unverified SSL errors.
|
|
|
|
logging.captureWarnings(True)
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
web = Blueprint('web', __name__)
|
|
|
|
|
2014-03-05 19:35:11 +00:00
|
|
|
STATUS_TAGS = app.config['STATUS_TAGS']
|
2013-09-25 20:46:28 +00:00
|
|
|
|
2014-03-10 21:01:36 +00:00
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/', methods=['GET'], defaults={'path': ''})
|
|
|
|
@web.route('/organization/<path:path>', methods=['GET'])
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2014-08-18 21:24:00 +00:00
|
|
|
def index(path, **kwargs):
|
|
|
|
return render_page_template('index.html', **kwargs)
|
2013-09-25 16:45:12 +00:00
|
|
|
|
|
|
|
|
2014-03-10 21:01:36 +00:00
|
|
|
@web.route('/500', methods=['GET'])
|
|
|
|
def internal_error_display():
|
|
|
|
return render_page_template('500.html')
|
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/snapshot', methods=['GET'])
|
|
|
|
@web.route('/snapshot/', methods=['GET'])
|
|
|
|
@web.route('/snapshot/<path:path>', methods=['GET'])
|
2013-11-18 22:11:06 +00:00
|
|
|
def snapshot(path = ''):
|
2013-11-19 00:17:58 +00:00
|
|
|
parsed = urlparse(request.url)
|
|
|
|
final_url = '%s://%s/%s' % (parsed.scheme, 'localhost', path)
|
|
|
|
result = render_snapshot(final_url)
|
2013-11-18 22:11:06 +00:00
|
|
|
if result:
|
|
|
|
return result
|
|
|
|
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
|
2015-02-04 20:29:24 +00:00
|
|
|
@web.route('/aci-signing-key')
|
|
|
|
@no_cache
|
|
|
|
def aci_signing_key():
|
|
|
|
if not signer.name:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
return send_file(signer.public_key_path)
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/plans/')
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2014-04-06 04:36:19 +00:00
|
|
|
@route_show_if(features.BILLING)
|
2013-10-14 02:06:31 +00:00
|
|
|
def plans():
|
|
|
|
return index('')
|
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/guide/')
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2013-10-14 02:06:31 +00:00
|
|
|
def guide():
|
|
|
|
return index('')
|
|
|
|
|
|
|
|
|
2014-04-29 04:45:42 +00:00
|
|
|
@web.route('/tour/')
|
|
|
|
@web.route('/tour/<path:path>')
|
|
|
|
@no_cache
|
|
|
|
def tour(path = ''):
|
|
|
|
return index('')
|
|
|
|
|
|
|
|
|
2014-02-06 02:00:04 +00:00
|
|
|
@web.route('/tutorial/')
|
|
|
|
@no_cache
|
|
|
|
def tutorial():
|
|
|
|
return index('')
|
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/organizations/')
|
|
|
|
@web.route('/organizations/new/')
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2013-11-07 06:48:58 +00:00
|
|
|
def organizations():
|
|
|
|
return index('')
|
|
|
|
|
2013-12-27 23:01:44 +00:00
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/user/')
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2013-10-14 02:06:31 +00:00
|
|
|
def user():
|
|
|
|
return index('')
|
|
|
|
|
2015-01-23 22:19:15 +00:00
|
|
|
|
2014-04-10 04:26:55 +00:00
|
|
|
@web.route('/superuser/')
|
|
|
|
@no_cache
|
|
|
|
@route_show_if(features.SUPER_USERS)
|
|
|
|
def superuser():
|
|
|
|
return index('')
|
2015-01-23 22:19:15 +00:00
|
|
|
|
|
|
|
|
|
|
|
@web.route('/setup/')
|
|
|
|
@no_cache
|
|
|
|
@route_show_if(features.SUPER_USERS)
|
|
|
|
def setup():
|
|
|
|
return index('')
|
2014-04-10 04:26:55 +00:00
|
|
|
|
2013-10-14 02:06:31 +00:00
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/signin/')
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2014-08-18 21:24:00 +00:00
|
|
|
def signin(redirect=None):
|
2013-10-14 21:50:07 +00:00
|
|
|
return index('')
|
|
|
|
|
|
|
|
|
2014-01-23 19:51:43 +00:00
|
|
|
@web.route('/contact/')
|
|
|
|
@no_cache
|
2013-12-17 22:02:37 +00:00
|
|
|
def contact():
|
|
|
|
return index('')
|
|
|
|
|
|
|
|
|
2014-02-07 00:20:19 +00:00
|
|
|
@web.route('/about/')
|
|
|
|
@no_cache
|
|
|
|
def about():
|
|
|
|
return index('')
|
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/new/')
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2013-10-24 21:41:55 +00:00
|
|
|
def new():
|
|
|
|
return index('')
|
|
|
|
|
|
|
|
|
2014-08-18 21:24:00 +00:00
|
|
|
@web.route('/confirminvite')
|
|
|
|
@no_cache
|
|
|
|
def confirm_invite():
|
|
|
|
code = request.values['code']
|
|
|
|
return index('', code=code)
|
|
|
|
|
|
|
|
|
2014-02-18 20:50:15 +00:00
|
|
|
@web.route('/repository/', defaults={'path': ''})
|
|
|
|
@web.route('/repository/<path:path>', methods=['GET'])
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2014-02-18 20:50:15 +00:00
|
|
|
def repository(path):
|
2013-10-16 01:50:14 +00:00
|
|
|
return index('')
|
|
|
|
|
2013-11-22 20:54:23 +00:00
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/security/')
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2013-11-22 20:54:23 +00:00
|
|
|
def security():
|
|
|
|
return index('')
|
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/v1')
|
|
|
|
@web.route('/v1/')
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2013-10-17 21:45:08 +00:00
|
|
|
def v1():
|
|
|
|
return index('')
|
2013-10-16 01:50:14 +00:00
|
|
|
|
2013-11-22 20:54:23 +00:00
|
|
|
|
2015-01-20 21:58:29 +00:00
|
|
|
# TODO(jschorr): Remove this mirrored endpoint once we migrate ELB.
|
2014-11-02 20:06:17 +00:00
|
|
|
@web.route('/health', methods=['GET'])
|
2015-01-20 21:53:05 +00:00
|
|
|
@web.route('/health/instance', methods=['GET'])
|
2014-11-02 20:06:17 +00:00
|
|
|
@no_cache
|
2015-01-20 21:53:05 +00:00
|
|
|
def instance_health():
|
|
|
|
checker = get_healthchecker(app)
|
|
|
|
(data, status_code) = checker.check_instance()
|
|
|
|
response = jsonify(dict(data=data, status_code=status_code))
|
|
|
|
response.status_code = status_code
|
2014-11-02 20:06:17 +00:00
|
|
|
return response
|
|
|
|
|
|
|
|
|
2015-01-20 21:58:29 +00:00
|
|
|
# TODO(jschorr): Remove this mirrored endpoint once we migrate pingdom.
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/status', methods=['GET'])
|
2015-01-20 21:53:05 +00:00
|
|
|
@web.route('/health/endtoend', methods=['GET'])
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2015-01-20 21:53:05 +00:00
|
|
|
def endtoend_health():
|
|
|
|
checker = get_healthchecker(app)
|
|
|
|
(data, status_code) = checker.check_endtoend()
|
|
|
|
response = jsonify(dict(data=data, status_code=status_code))
|
|
|
|
response.status_code = status_code
|
2014-05-13 22:53:42 +00:00
|
|
|
return response
|
2013-10-02 18:35:21 +00:00
|
|
|
|
|
|
|
|
2014-11-25 00:25:13 +00:00
|
|
|
@app.route("/avatar/<avatar_hash>")
|
2014-11-26 15:54:16 +00:00
|
|
|
@set_cache_headers
|
|
|
|
def render_avatar(avatar_hash, headers):
|
2014-11-25 00:25:13 +00:00
|
|
|
try:
|
|
|
|
size = int(request.args.get('size', 16))
|
|
|
|
except ValueError:
|
|
|
|
size = 16
|
|
|
|
|
2014-11-26 21:52:24 +00:00
|
|
|
generated = Avatar.generate(size, avatar_hash, "PNG")
|
2014-11-26 15:54:16 +00:00
|
|
|
resp = make_response(generated, 200, {'Content-Type': 'image/png'})
|
|
|
|
resp.headers.extend(headers)
|
|
|
|
return resp
|
2014-11-25 00:25:13 +00:00
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/tos', methods=['GET'])
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2013-10-01 21:44:13 +00:00
|
|
|
def tos():
|
2013-12-27 22:19:14 +00:00
|
|
|
return render_page_template('tos.html')
|
2013-10-01 21:44:13 +00:00
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/disclaimer', methods=['GET'])
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2013-11-22 17:32:05 +00:00
|
|
|
def disclaimer():
|
2013-12-27 22:19:14 +00:00
|
|
|
return render_page_template('disclaimer.html')
|
2013-11-22 17:32:05 +00:00
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/privacy', methods=['GET'])
|
2014-01-02 23:01:34 +00:00
|
|
|
@no_cache
|
2013-10-01 21:44:13 +00:00
|
|
|
def privacy():
|
2013-12-27 22:19:14 +00:00
|
|
|
return render_page_template('privacy.html')
|
2013-10-01 21:44:13 +00:00
|
|
|
|
|
|
|
|
2014-04-21 23:46:00 +00:00
|
|
|
@web.route('/robots.txt', methods=['GET'])
|
|
|
|
@no_cache
|
|
|
|
def robots():
|
|
|
|
return send_from_directory('static', 'robots.txt')
|
|
|
|
|
|
|
|
|
2014-11-20 20:12:37 +00:00
|
|
|
@web.route('/<path:repository>')
|
|
|
|
@no_cache
|
|
|
|
@process_oauth
|
2014-12-18 21:01:59 +00:00
|
|
|
@parse_repository_name_and_tag
|
|
|
|
def redirect_to_repository(namespace, reponame, tag):
|
2014-11-20 20:12:37 +00:00
|
|
|
permission = ReadRepositoryPermission(namespace, reponame)
|
|
|
|
is_public = model.repository_is_public(namespace, reponame)
|
|
|
|
|
|
|
|
if permission.can() or is_public:
|
|
|
|
repository_name = '/'.join([namespace, reponame])
|
2014-12-18 21:01:59 +00:00
|
|
|
return redirect(url_for('web.repository', path=repository_name, tag=tag))
|
2014-11-20 20:12:37 +00:00
|
|
|
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/receipt', methods=['GET'])
|
2014-04-06 04:36:19 +00:00
|
|
|
@route_show_if(features.BILLING)
|
2014-04-04 07:01:48 +00:00
|
|
|
@require_session_login
|
2013-11-18 19:49:54 +00:00
|
|
|
def receipt():
|
2013-12-21 03:38:53 +00:00
|
|
|
if not current_user.is_authenticated():
|
|
|
|
abort(401)
|
|
|
|
return
|
|
|
|
|
2014-07-21 19:09:31 +00:00
|
|
|
invoice_id = request.args.get('id')
|
|
|
|
if invoice_id:
|
|
|
|
invoice = stripe.Invoice.retrieve(invoice_id)
|
2013-11-18 19:49:54 +00:00
|
|
|
if invoice:
|
2013-12-21 03:38:53 +00:00
|
|
|
user_or_org = model.get_user_or_org_by_customer_id(invoice.customer)
|
2014-11-26 15:54:16 +00:00
|
|
|
|
2013-12-21 03:38:53 +00:00
|
|
|
if user_or_org:
|
|
|
|
if user_or_org.organization:
|
|
|
|
admin_org = AdministerOrganizationPermission(user_or_org.username)
|
|
|
|
if not admin_org.can():
|
|
|
|
abort(404)
|
|
|
|
return
|
|
|
|
else:
|
|
|
|
if not user_or_org.username == current_user.db_user().username:
|
|
|
|
abort(404)
|
2014-11-26 15:54:16 +00:00
|
|
|
return
|
2013-12-21 03:38:53 +00:00
|
|
|
|
2014-11-26 15:54:16 +00:00
|
|
|
file_data = renderInvoiceToPdf(invoice, user_or_org)
|
2013-12-21 03:38:53 +00:00
|
|
|
return Response(file_data,
|
|
|
|
mimetype="application/pdf",
|
|
|
|
headers={"Content-Disposition": "attachment;filename=receipt.pdf"})
|
2013-11-18 19:49:54 +00:00
|
|
|
abort(404)
|
|
|
|
|
2013-09-27 23:55:04 +00:00
|
|
|
|
2014-07-28 18:58:12 +00:00
|
|
|
@web.route('/authrepoemail', methods=['GET'])
|
2014-09-22 23:11:48 +00:00
|
|
|
@route_show_if(features.MAILING)
|
2014-07-28 18:58:12 +00:00
|
|
|
def confirm_repo_email():
|
|
|
|
code = request.values['code']
|
|
|
|
record = None
|
|
|
|
|
|
|
|
try:
|
|
|
|
record = model.confirm_email_authorization_for_repo(code)
|
|
|
|
except model.DataModelException as ex:
|
|
|
|
return render_page_template('confirmerror.html', error_message=ex.message)
|
2014-11-26 15:54:16 +00:00
|
|
|
|
2014-07-28 18:58:12 +00:00
|
|
|
message = """
|
|
|
|
Your E-mail address has been authorized to receive notifications for repository
|
|
|
|
<a href="%s://%s/repository/%s/%s">%s/%s</a>.
|
|
|
|
""" % (app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'],
|
2014-09-24 22:01:35 +00:00
|
|
|
record.repository.namespace_user.username, record.repository.name,
|
|
|
|
record.repository.namespace_user.username, record.repository.name)
|
2014-07-28 18:58:12 +00:00
|
|
|
|
|
|
|
return render_page_template('message.html', message=message)
|
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/confirm', methods=['GET'])
|
2014-09-22 23:11:48 +00:00
|
|
|
@route_show_if(features.MAILING)
|
2013-09-27 23:29:01 +00:00
|
|
|
def confirm_email():
|
2013-09-27 23:55:04 +00:00
|
|
|
code = request.values['code']
|
2014-01-17 22:23:52 +00:00
|
|
|
user = None
|
|
|
|
new_email = None
|
2013-12-19 00:47:42 +00:00
|
|
|
|
|
|
|
try:
|
2014-09-05 23:57:33 +00:00
|
|
|
user, new_email, old_email = model.confirm_user_email(code)
|
2013-12-19 00:47:42 +00:00
|
|
|
except model.DataModelException as ex:
|
2014-01-17 22:23:52 +00:00
|
|
|
return render_page_template('confirmerror.html', error_message=ex.message)
|
2014-11-26 15:54:16 +00:00
|
|
|
|
2014-09-05 23:57:33 +00:00
|
|
|
if new_email:
|
|
|
|
send_email_changed(user.username, old_email, new_email)
|
|
|
|
|
2014-01-17 22:23:52 +00:00
|
|
|
common_login(user)
|
2013-09-27 23:55:04 +00:00
|
|
|
|
2014-11-26 15:54:16 +00:00
|
|
|
return redirect(url_for('web.user', tab='email')
|
2014-01-30 22:23:14 +00:00
|
|
|
if new_email else url_for('web.index'))
|
2013-09-27 23:29:01 +00:00
|
|
|
|
|
|
|
|
2013-12-30 22:05:27 +00:00
|
|
|
@web.route('/recovery', methods=['GET'])
|
2013-10-14 21:50:07 +00:00
|
|
|
def confirm_recovery():
|
|
|
|
code = request.values['code']
|
|
|
|
user = model.validate_reset_code(code)
|
2013-09-27 23:29:01 +00:00
|
|
|
|
2013-10-14 21:50:07 +00:00
|
|
|
if user:
|
|
|
|
common_login(user)
|
2014-01-30 22:23:14 +00:00
|
|
|
return redirect(url_for('web.user'))
|
2013-10-14 21:50:07 +00:00
|
|
|
else:
|
|
|
|
abort(403)
|
2014-02-28 21:23:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
@web.route('/repository/<path:repository>/status', methods=['GET'])
|
|
|
|
@parse_repository_name
|
|
|
|
@no_cache
|
|
|
|
def build_status_badge(namespace, repository):
|
|
|
|
token = request.args.get('token', None)
|
|
|
|
is_public = model.repository_is_public(namespace, repository)
|
|
|
|
if not is_public:
|
|
|
|
repo = model.get_repository(namespace, repository)
|
|
|
|
if not repo or token != repo.badge_token:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
# Lookup the tags for the repository.
|
2014-03-05 19:57:14 +00:00
|
|
|
tags = model.list_repository_tags(namespace, repository)
|
|
|
|
is_empty = len(list(tags)) == 0
|
2014-02-28 21:23:36 +00:00
|
|
|
build = model.get_recent_repository_build(namespace, repository)
|
2014-03-05 19:57:14 +00:00
|
|
|
|
|
|
|
if not is_empty and (not build or build.phase == 'complete'):
|
|
|
|
status_name = 'ready'
|
|
|
|
elif build and build.phase == 'error':
|
|
|
|
status_name = 'failed'
|
2014-03-05 20:14:12 +00:00
|
|
|
elif build and build.phase != 'complete':
|
2014-03-05 19:57:14 +00:00
|
|
|
status_name = 'building'
|
2014-02-28 21:23:36 +00:00
|
|
|
else:
|
2014-03-05 19:57:14 +00:00
|
|
|
status_name = 'none'
|
2014-02-28 21:23:36 +00:00
|
|
|
|
2014-03-05 19:57:14 +00:00
|
|
|
response = make_response(STATUS_TAGS[status_name])
|
2014-02-28 21:23:36 +00:00
|
|
|
response.content_type = 'image/svg+xml'
|
|
|
|
return response
|
2014-03-12 16:37:06 +00:00
|
|
|
|
|
|
|
|
|
|
|
class FlaskAuthorizationProvider(DatabaseAuthorizationProvider):
|
|
|
|
def get_authorized_user(self):
|
|
|
|
return current_user.db_user()
|
|
|
|
|
|
|
|
def _make_response(self, body='', headers=None, status_code=200):
|
|
|
|
return make_response(body, status_code, headers)
|
|
|
|
|
|
|
|
|
2014-03-14 22:57:28 +00:00
|
|
|
@web.route('/oauth/authorizeapp', methods=['POST'])
|
2014-03-25 18:32:26 +00:00
|
|
|
@csrf_protect
|
2014-03-14 22:57:28 +00:00
|
|
|
def authorize_application():
|
|
|
|
if not current_user.is_authenticated():
|
|
|
|
abort(401)
|
|
|
|
return
|
|
|
|
|
|
|
|
provider = FlaskAuthorizationProvider()
|
|
|
|
client_id = request.form.get('client_id', None)
|
|
|
|
redirect_uri = request.form.get('redirect_uri', None)
|
|
|
|
scope = request.form.get('scope', None)
|
|
|
|
|
|
|
|
# Add the access token.
|
|
|
|
return provider.get_token_response('token', client_id, redirect_uri, scope=scope)
|
|
|
|
|
|
|
|
|
2014-03-24 22:30:22 +00:00
|
|
|
@web.route('/oauth/denyapp', methods=['POST'])
|
2014-03-25 18:32:26 +00:00
|
|
|
@csrf_protect
|
2014-03-24 22:30:22 +00:00
|
|
|
def deny_application():
|
|
|
|
if not current_user.is_authenticated():
|
|
|
|
abort(401)
|
|
|
|
return
|
|
|
|
|
|
|
|
provider = FlaskAuthorizationProvider()
|
|
|
|
client_id = request.form.get('client_id', None)
|
|
|
|
redirect_uri = request.form.get('redirect_uri', None)
|
|
|
|
scope = request.form.get('scope', None)
|
|
|
|
|
|
|
|
# Add the access token.
|
|
|
|
return provider.get_auth_denied_response('token', client_id, redirect_uri, scope=scope)
|
|
|
|
|
|
|
|
|
2014-03-12 16:37:06 +00:00
|
|
|
@web.route('/oauth/authorize', methods=['GET'])
|
|
|
|
@no_cache
|
2014-07-21 19:09:31 +00:00
|
|
|
@param_required('client_id')
|
|
|
|
@param_required('redirect_uri')
|
|
|
|
@param_required('scope')
|
2014-03-12 16:37:06 +00:00
|
|
|
def request_authorization_code():
|
|
|
|
provider = FlaskAuthorizationProvider()
|
|
|
|
response_type = request.args.get('response_type', 'code')
|
|
|
|
client_id = request.args.get('client_id', None)
|
|
|
|
redirect_uri = request.args.get('redirect_uri', None)
|
|
|
|
scope = request.args.get('scope', None)
|
|
|
|
|
2014-03-19 22:09:09 +00:00
|
|
|
if (not current_user.is_authenticated() or
|
|
|
|
not provider.validate_has_scopes(client_id, current_user.db_user().username, scope)):
|
2014-11-17 19:54:07 +00:00
|
|
|
if redirect_uri != 'display' and not provider.validate_redirect_uri(client_id, redirect_uri):
|
2014-03-26 20:45:11 +00:00
|
|
|
current_app = provider.get_application_for_client_id(client_id)
|
|
|
|
if not current_app:
|
|
|
|
abort(404)
|
|
|
|
|
2014-04-21 23:46:00 +00:00
|
|
|
return provider._make_redirect_error_response(current_app.redirect_uri,
|
|
|
|
'redirect_uri_mismatch')
|
2014-03-14 22:57:28 +00:00
|
|
|
|
|
|
|
# Load the scope information.
|
|
|
|
scope_info = scopes.get_scope_information(scope)
|
2014-03-18 21:05:27 +00:00
|
|
|
if not scope_info:
|
|
|
|
abort(404)
|
|
|
|
return
|
2014-03-14 22:57:28 +00:00
|
|
|
|
|
|
|
# Load the application information.
|
|
|
|
oauth_app = provider.get_application_for_client_id(client_id)
|
|
|
|
oauth_app_view = {
|
|
|
|
'name': oauth_app.name,
|
|
|
|
'description': oauth_app.description,
|
|
|
|
'url': oauth_app.application_uri,
|
2014-11-25 00:40:03 +00:00
|
|
|
'avatar': avatar.compute_hash(oauth_app.avatar_email, name=oauth_app.name),
|
2014-03-14 22:57:28 +00:00
|
|
|
'organization': {
|
|
|
|
'name': oauth_app.organization.username,
|
2014-11-25 00:25:13 +00:00
|
|
|
'avatar': avatar.compute_hash(oauth_app.organization.email,
|
2014-11-25 00:40:03 +00:00
|
|
|
name=oauth_app.organization.username)
|
2014-03-14 22:57:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
# Show the authorization page.
|
2014-08-06 22:51:04 +00:00
|
|
|
has_dangerous_scopes = any([check_scope['dangerous'] for check_scope in scope_info])
|
2014-08-06 01:21:22 +00:00
|
|
|
return render_page_template('oauthorize.html', scopes=scope_info,
|
|
|
|
has_dangerous_scopes=has_dangerous_scopes,
|
|
|
|
application=oauth_app_view,
|
2014-04-21 23:46:00 +00:00
|
|
|
enumerate=enumerate, client_id=client_id,
|
|
|
|
redirect_uri=redirect_uri, scope=scope,
|
|
|
|
csrf_token_val=generate_csrf_token())
|
2014-03-14 22:57:28 +00:00
|
|
|
|
2014-03-12 16:37:06 +00:00
|
|
|
if response_type == 'token':
|
|
|
|
return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope)
|
|
|
|
else:
|
|
|
|
return provider.get_authorization_code(response_type, client_id, redirect_uri, scope=scope)
|
2014-03-25 16:42:40 +00:00
|
|
|
|
|
|
|
@web.route('/oauth/access_token', methods=['POST'])
|
|
|
|
@no_cache
|
2014-07-21 19:09:31 +00:00
|
|
|
@param_required('grant_type')
|
|
|
|
@param_required('client_id')
|
|
|
|
@param_required('client_secret')
|
|
|
|
@param_required('redirect_uri')
|
|
|
|
@param_required('code')
|
|
|
|
@param_required('scope')
|
2014-03-25 16:42:40 +00:00
|
|
|
def exchange_code_for_token():
|
|
|
|
grant_type = request.form.get('grant_type', None)
|
|
|
|
client_id = request.form.get('client_id', None)
|
|
|
|
client_secret = request.form.get('client_secret', None)
|
|
|
|
redirect_uri = request.form.get('redirect_uri', None)
|
|
|
|
code = request.form.get('code', None)
|
|
|
|
scope = request.form.get('scope', None)
|
|
|
|
|
|
|
|
provider = FlaskAuthorizationProvider()
|
|
|
|
return provider.get_token(grant_type, client_id, client_secret, redirect_uri, code, scope=scope)
|
2014-12-23 19:01:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
@web.route('/systemlogsarchive', methods=['GET'])
|
|
|
|
@process_oauth
|
|
|
|
@route_show_if(features.SUPER_USERS)
|
|
|
|
@no_cache
|
|
|
|
def download_logs_archive():
|
|
|
|
# Note: We cannot use the decorator here because this is a GET method. That being said, this
|
|
|
|
# information is sensitive enough that we want the extra protection.
|
|
|
|
verify_csrf()
|
|
|
|
|
|
|
|
if SuperUserPermission().can():
|
|
|
|
archive_data = build_logs_archive(app)
|
|
|
|
return Response(archive_data,
|
|
|
|
mimetype="application/octet-stream",
|
|
|
|
headers={"Content-Disposition": "attachment;filename=erlogs.tar.gz"})
|
|
|
|
|
|
|
|
abort(403)
|