我们从Python开源项目中,提取了以下48个代码示例,用于说明如何使用pyramid.httpexceptions.HTTPBadRequest()。
def process_interstitial(request: Request, choices: t.List[Choice], *args, **kwargs): """Check if user pressed any of the buttons on form and the choice accordingly. For example use case see :py:class:`websauna.system.crud.views.Delete`. :param args: Passed to choice callback :param kwargs: Passed to choice callback :return: HTTP response given by a choice callback """ assert request.method == "POST" # Force CSRF check always check_csrf_token(request) for c in choices: if c.id in request.POST: return c.callback(*args, **kwargs) raise HTTPBadRequest("Unknown choice made")
def process_model(request): mongohost = request.registry.settings['MONGOHOST'] domain = request.matchdict.get('domain').replace(' ', '_') modelName = domain + '_mdl' gfsm = GridFSModel(modelName=modelName, host=mongohost, port=27017, logger=logger) model = gfsm.getModelFromGridFS() if model is None: raise exc.HTTPBadRequest(explanation="The domain {} does not have a domain model loaded.".format(domain)) w2vmodel = M(modelName=modelName, model=model, logger=logger, verbose=True) log.info("Created W2VModel:" + modelName) terms = request.matchdict.get('terms', -1) w2vmodel.setTerms(terms) most_similar_terms = w2vmodel.process() log.info("Processing Terms :" + str(w2vmodel.getTerms())) return most_similar_terms
def test_it_rejects_invalid_or_missing_urls(self): invalid_urls = [None, # Unsupported protocols. 'ftp://foo.bar', 'doi:10.1.2/345', 'file://foo.bar', # Malformed URLs. 'http://goo\[g'] for url in invalid_urls: request = mock_request() request.GET['url'] = url with pytest.raises(httpexceptions.HTTPBadRequest): views.goto_url(request)
def __call__(self): searchers = [] for param_name, param in self.params.items(): if hasattr(PackagesSearchParams, param_name): param_method = getattr(PackagesSearchParams, param_name) if (not hasattr(param_method, '_no_param') and (len(param) == 0 or param[0] == '')): raise HTTPBadRequest( detail=Messages.no_values % param_name) if hasattr(param_method, '_only_one'): if len(param) > 1: raise HTTPBadRequest( detail=Messages.too_many_values % (1, len(param),)) else: param = param[0] search = param_method(param) searchers.append(search) else: raise HTTPBadRequest( detail=Messages.bad_search_param % param_name) self.searchers = searchers return searchers
def delete_plugin(request): """ Delete A plugin """ plugin_id = request.matchdict['plugin_id'] user = request.user query = request.db_session.query(LedPlugin).filter(LedPlugin.id == plugin_id) plugin = query.first() if plugin is None: raise exc.HTTPBadRequest('No such plugin') if user != plugin.user and not user.admin: raise exc.HTTPForbidden("You don't have access to do that") request.db_session.query(LedSchedule).filter(LedSchedule.led_plugin_id == plugin_id).delete() request.db_session.query(LedPluginProposed).filter(LedPluginProposed.led_plugin_id == plugin_id).delete() query.delete() log(request, 'Deleted plugin ' + plugin.name) return exc.HTTPFound(location='/plugin')
def add_group_users(request): # make sure the users are in the group: # only a site admin or group admin can do this gid = request.matchdict['group_id'] can_modify_group(request, gid) users = request.POST.get('users', None) # print request.POST if users is None: raise exc.HTTPBadRequest('Please specify users to add to the group') new_users = [] for user in request.POST.values(): group_user = LedGroupUser(led_group_id=gid, led_user_id=user) try: request.db_session.add(group_user) new_users.append(get_user_by_id(request, user).email) except sql_exc.DatabaseError as e: print group_user, "already in group" log(request, 'Added users to <a href="/group/{0}">group {0}</a>: {1}'.format(gid, ', '.join(new_users))) return exc.HTTPFound(location='/group/' + gid)
def user_delete(request): """ Deletes a user and their group memberships Their plugins will be handed over to the user that deleted them :param request: :return: """ # make sure the user actually exists user_id = request.matchdict['user_id'] query = request.db_session.query(LedUser).filter(LedUser.id == user_id) user = query.first() if user is None: return exc.HTTPBadRequest("No such user exists") logged_in_user = request.user for plugin in request.db_session.query(LedPlugin).filter(LedPlugin.user == user).all(): plugin.user_id = logged_in_user.id request.db_session.query(LedGroupUser).filter(LedGroupUser.led_user == user).delete() query.delete() log(request, 'Deleted user '+user.email) return exc.HTTPFound(location='/users')
def check_url_or_none(self, url): if url == '': url = None if url is not None: from urllib.parse import urlparse parsed_url = urlparse(url) from pyramid.httpexceptions import HTTPBadRequest if not parsed_url.scheme: raise HTTPBadRequest( "The homepage url does not have a scheme. Must be either http or https" ) if parsed_url.scheme not in (u'http', u'https'): raise HTTPBadRequest( "The url has an incorrect scheme. Only http and https are accepted for homepage url" ) return url
def delete_idea(request): idea_id = request.matchdict['id'] idea = Idea.get_instance(idea_id) if not idea: raise HTTPNotFound("Idea with id '%s' not found." % idea_id) if isinstance(idea, RootIdea): raise HTTPBadRequest("Cannot delete root idea.") num_childrens = len(idea.children) if num_childrens > 0: raise HTTPBadRequest("Idea cannot be deleted because it still has %d child ideas." % num_childrens) num_extracts = len(idea.extracts) if num_extracts > 0: raise HTTPBadRequest("Idea cannot be deleted because it still has %d extracts." % num_extracts) for link in idea.source_links: link.is_tombstone = True idea.is_tombstone = True # Maybe return tombstone() ? request.response.status = HTTPNoContent.code return HTTPNoContent()
def put_roles(request): session = Role.default_db try: data = json.loads(request.body) except Exception as e: raise HTTPBadRequest("Malformed Json") if not isinstance(data, list): raise HTTPBadRequest("Not a list") if data and frozenset((type(x) for x in data)) != frozenset((str,)): raise HTTPBadRequest("not strings") data = set(data) known_roles = session.query(Role).all() roles_by_name = {r.name: r for r in known_roles} role_names = set(roles_by_name.keys()) # new roles for name in data - role_names: session.add(Role(name=name)) # delete non-system roles. for name in role_names - data - SYSTEM_ROLES: session.delete(roles_by_name[name]) return {"added": list(data - role_names), "removed": list(role_names - data - SYSTEM_ROLES)}
def save_synthesis(request): synthesis_id = request.matchdict['id'] discussion = request.context if synthesis_id == 'next_synthesis': synthesis = discussion.get_next_synthesis() else: synthesis = Synthesis.get_instance(synthesis_id) if not synthesis: raise HTTPBadRequest("Synthesis with id '%s' not found." % synthesis_id) synthesis_data = json.loads(request.body) synthesis.subject = synthesis_data.get('subject') synthesis.introduction = synthesis_data.get('introduction') synthesis.conclusion = synthesis_data.get('conclusion') Synthesis.default_db.add(synthesis) Synthesis.default_db.flush() return {'ok': True, 'id': synthesis.uri()}
def authorize_post_(request): form = request.web_input(credentials='', username='', password='', remember_me='', mobile='', not_me='') try: credentials = json.loads(form.credentials) except ValueError: raise HTTPBadRequest() scopes = credentials.pop('scopes') error = None if form.not_me and form.username: userid, error = login.authenticate_bcrypt(form.username, form.password, bool(form.remember_me)) if error: error = errorcode.login_errors.get(error, 'Unknown error.') elif not request.userid: error = "You must specify a username and password." else: userid = request.userid if error: return Response(render_form(request, scopes, credentials, bool(form.mobile), error, form.username, form.password, bool(form.remember_me), bool(form.not_me))) credentials['userid'] = userid response_attrs = server.create_authorization_response( *(extract_params(request) + (scopes, credentials))) return OAuthResponse(*response_attrs)
def prepare_search_term(request): from antlr4 import IllegalStateException from lucenequery.prefixfields import prefixfields from lucenequery import dialects search_term = request.params.get('searchTerm', '').strip() or '*' if search_term == '*': return search_term # avoid interpreting slashes as regular expressions search_term = search_term.replace('/', r'\/') # elasticsearch uses : as field delimiter, but we use it as namespace designator # if you need to search fields you have to use @type:field # if you need to search fields where the field contains ":", you will have to escape it # yourself if search_term.find("@type") < 0: search_term = search_term.replace(':', '\:') try: query = prefixfields('embedded.', search_term, dialects.elasticsearch) except (IllegalStateException): msg = "Invalid query: {}".format(search_term) raise HTTPBadRequest(explanation=msg) else: return query.getText()
def process_record(self, new, old=None): new = super(Subscription, self).process_record(new, old) try: WebPusher(new) except WebPushException as e: raise http_error(HTTPBadRequest(), errno=ERRORS.INVALID_PARAMETERS, message='Invalid subscription: %s' % e) return new
def portier_verify(request): """Helper to redirect client towards Portier login form.""" broker_uri = portier_conf(request, 'broker_uri') token = request.validated['body']['id_token'] # Get the data from the config because the request might only # have local network information and not the public facing ones. audience = '{scheme}://{host}'.format(scheme=request.registry.settings['http_scheme'], host=request.registry.settings['http_host']) try: email, stored_redirect = get_verified_email( broker_url=broker_uri, token=token, audience=audience, issuer=broker_uri, cache=request.registry.cache) except ValueError as exc: error_details = 'Portier token validation failed: %s' % exc return http_error(httpexceptions.HTTPBadRequest(), errno=ERRORS.INVALID_AUTH_TOKEN, error='Invalid Auth Token', message=error_details) # Generate a random token user_token = codecs.encode(os.urandom(32), 'hex').decode('utf-8') # Encrypt the email with the token encrypted_email = encrypt(email, user_token) # Generate a user ID from the token hmac_secret = request.registry.settings['userid_hmac_secret'] userID = utils.hmac_digest(hmac_secret, user_token) # Store the encrypted user ID with the token session_ttl = portier_conf(request, 'session_ttl_seconds') request.registry.cache.set('portier:' + userID, encrypted_email, session_ttl) location = '%s%s' % (stored_redirect, user_token) return httpexceptions.HTTPFound(location=location)
def test_add_existing_report_to_db(): """ This should not add a new report to the database session as the one already exists. """ with mock.patch('annotran.languages.models.Language') as language: language.get_by_public_language_id = MagicMock(return_value=language) with mock.patch('annotran.pages.models.Page') as page: page.get_by_uri = MagicMock(return_value=page) with mock.patch('h.groups.models.Group') as group: group.get_by_pubid = MagicMock(return_value=group) with mock.patch('h.models.User') as user: user.get_by_username = MagicMock(return_value=user) with mock.patch('annotran.translations.models.Translation') as translation: translation.get_translation = MagicMock(return_value=translation) with mock.patch('annotran.reports.models.Report') as report: report.get_report = MagicMock(return_value=report) request = _mock_request(authenticated_user=mock.Mock(username="test"), matchdict={'public_language_id': '12345', 'public_group_id': '12345', 'user_id': '12345', 'page_uri': 'http://www.annotran_test.com/'}) result = views.add_report(request) assert not request.db.add.called assert isinstance(result, exc.HTTPBadRequest)
def gettaxonomy_for_domain(request): mongohost = request.registry.settings['MONGOHOST'] domain = request.matchdict.get('domain') log.info('Getting Taxonomy for Domain : domain:' + domain ) ma = MA(host=mongohost, port=27017, logger=logger, db='KnowledgeModelTaxonomy', collection=domain.replace(' ', '_')) record = ma.getRecord({"domain" : domain}) if record is None: raise exc.HTTPBadRequest(explanation="The domain {} does not have a taxonomy in the database.".format(domain)) return record
def devices_details_view(request): device_id = request.matchdict["device_id"] logger.debug("Getting details for device with ID=%s", device_id) device_list_path = request.registry.settings['devices_path'] device = get_device(device_list_path, device_id) # Only Philips Hue has device details at the moment # TODO: In the future, each single Philips Hue light should be returned as a regular # device. Philips Hue bridges should be flagged with `virtual: True` since they # are not controlled by the user. However, all its lights should be returned as # well when requesting `/devices`. if device['type'] != 'philips_hue': return {} homeassistant_data_path = request.registry.settings["homeassistant_data_path"] phue_bridge_config = os.path.join(homeassistant_data_path, '{}.conf'.format(device["id"])) config = read_json(phue_bridge_config, {}) username = config.get(device["ip"], {}).get("username") try: bridge = PhilipsHueBridgeApiClient(device["ip"], username) return bridge.get_lights() # TODO create a tween to handle exceptions for all views except UnauthenticatedDeviceError as e: raise HTTPBadRequest(e.message) except UpstreamError as e: raise HTTPBadGateway(e.message)
def test_check_list_of_strs(self): from hel.utils.query import check_list_of_strs try: check_list_of_strs(['test', 555], 'test') except HTTPBadRequest as e: self.assertEqual(e.detail, 'test') else: raise AssertionError() check_list_of_strs(['test', 'test2'])
def param(name): def wrap(func): def f(self): tests = func(self) # Zero values: should fail with self.subTest(test='0 values'): try: PackagesSearcher({ name: [] })() except HTTPBadRequest as e: if e.detail == Messages.no_values % name: # Expected exception pass else: raise e else: raise AssertionError() for test_case in tests: with self.subTest(test=test_case): values, expected = test_case searcher = PackagesSearcher({ name: values }) searcher() packages = [x for x in self.db['packages'].find({})] search_result = searcher.search(packages) for num, doc in enumerate(search_result): if '_id' in search_result[num]: del search_result[num]['_id'] self.assertTrue(are_equal(search_result, expected)) return f return wrap
def test_bad_search_param(self): try: PackagesSearcher({'hi': ['test']})() except HTTPBadRequest as e: self.assertEqual(e.detail, Messages.bad_search_param % 'hi') else: raise AssertionError()
def check_list_of_strs(value, message=None): check(value, list, message) for item in value: if type(item) != str: raise HTTPBadRequest(detail=message) return value
def parse_url(url): try: matches = rfc3987.parse(url, rule='URI') except ValueError: raise HTTPBadRequest(detail=Messages.invalid_uri) if matches['scheme'] not in ['http', 'https']: raise HTTPBadRequest(detail=Messages.invalid_uri) matches['path'] = matches['path'] or '/' matches['fragment'] = None return rfc3987.compose(**matches)
def check_path(path): if path[-1] == '/': raise HTTPBadRequest(detail=Messages.bad_path) return True
def check_filename(name): if name.find('/') != -1: raise HTTPBadRequest(detail=Messages.bad_path) return True
def update(request): 'Update an OData entity' odata_tablename, etag, odata_dict = common.django_to_odata(request) odata_metadata = request.registry.settings['odata_metadata'] odata_table = odata_metadata.tables[odata_tablename] ident = odata_dict.pop(etl_utils.primary_key(odata_table), None) if ident is None: raise http_exc.HTTPBadRequest('No identifier provided; pass `id` key') cdms_client = request.registry.settings['cdms_client'] response = cdms_client.update( odata_tablename, etag, fmt_guid(ident), odata_dict ) return common.odata_to_django(odata_tablename, response)
def django_to_odata(request): 'Transform request into spec for “onwards” request to OData service' django_tablename, odata_tablename = request_tablenames(request) try: etag, odata_dict = transform.django_to_odata( django_tablename, request.json_body ) except json.JSONDecodeError as exc: raise http_exc.HTTPBadRequest('Invalid JSON') return odata_tablename, etag, odata_dict
def approve_plugin_update(request): plugin_id = request.matchdict['plugin_id'] plugin_update_query = request.db_session.query(LedPluginProposed).filter(LedPluginProposed.led_plugin_id == plugin_id) plugin_update = plugin_update_query.first() if plugin_update is None: raise exc.HTTPBadRequest("No such plugin to update") plugin = request.db_session.query(LedPlugin).filter(LedPlugin.id == plugin_id).first() plugin.code = plugin_update.code plugin_update_query.delete() log(request, 'Approved updates to plugin <a href="/plugin/{}">{}</a>'.format(plugin.id, plugin.name)) return exc.HTTPFound(location='/plugin_approve')
def reject_plugin_update(request): plugin_id = request.matchdict['plugin_id'] plugin_query = request.db_session.query(LedPluginProposed).filter(LedPluginProposed.led_plugin_id == plugin_id) plugin_update = plugin_query.first() if plugin_update is None: raise exc.HTTPBadRequest("No proposal for this plugin") plugin = plugin_update.led_plugin plugin_query.delete() log(request, 'Rejected updates to plugin <a href="/plugin/{}">{}</a>'.format(plugin.id, plugin.name)) return exc.HTTPFound(location='/plugin_approve')
def update_plugin(request): # make sure the plugin id exists plugin_id = request.matchdict['plugin_id'] plugin = request.db_session.query(LedPlugin).filter(LedPlugin.id == plugin_id).first() if not plugin: raise exc.HTTPBadRequest("No such plugin") else: # only a site admin or plugin owner can edit # a non-admin plugin owner can suggest changes user = request.user if user != plugin.user and not user.admin: raise exc.HTTPForbidden("You don't have access to do that") POST = {k: to_null(v) for k, v in request.POST.items()} if not user.admin: if 'code' not in POST: raise exc.HTTPBadRequest("Please provide the code") plugin_update = request.db_session.query(LedPluginProposed).filter(LedPluginProposed.led_plugin_id == plugin_id).first() if plugin_update is not None: plugin_update.code = POST['code'] else: request.db_session.add(LedPluginProposed(led_plugin_id=plugin_id, code=POST['code'])) log(request, "Proposed changes to plugin <a href='/plugin/{}'>{}</a>".format(plugin.id, plugin.name)) return { 'msg': 'Your update is now awaiting approval' } else: if POST['code']: plugin.code = POST['code'] if 'name' in POST and POST['name']: plugin.name = POST['name'] log(request, 'Updated <a href="/plugin/{0}">plugin {1}</a>: '.format(plugin_id, plugin.name, )) return { 'msg': 'Updated code' }
def create_group(request): # create a group name = request.POST.get('name', None) if name is None: raise exc.HTTPBadRequest('Please specify a group name') group = LedGroup(name=name, default=False, enabled=False) request.db_session.add(group) request.db_session.flush() request.db_session.add(LedGroupUser( led_group_id=group.id, led_user=request.user, access_level=2)) print("Made group", group) log(request, 'Created group <a href="/group/{0}">{1}</a>'.format(group.id, group.name)) return exc.HTTPFound(location='/group/'+str(group.id))
def _do_update_from_json( self, json, parse_def, ctx, duplicate_handling=None, object_importer=None): user_id = ctx.get_user_id() json_user_id = json.get('user', None) if json_user_id is None: json_user_id = user_id else: json_user_id = User.get_database_id(json_user_id) # Do not allow changing user if self.user_id is not None and json_user_id != self.user_id: raise HTTPBadRequest() self.user_id = json_user_id role_name = json.get("role", None) if not (role_name or self.role_id): role_name = R_PARTICIPANT if role_name: role = self.db.query(Role).filter_by(name=role_name).first() if not role: raise HTTPBadRequest("Invalid role name:"+role_name) self.role = role json_discussion_id = json.get('discussion', None) if json_discussion_id: from .discussion import Discussion json_discussion_id = Discussion.get_database_id(json_discussion_id) # Do not allow change of discussion if self.discussion_id is not None \ and json_discussion_id != self.discussion_id: raise HTTPBadRequest() self.discussion_id = json_discussion_id else: if not self.discussion_id: raise HTTPBadRequest() return self
def add_post_json(request): if has_moderation(request.json): raise HTTPBadRequest("Cannot moderate at post creation") # TODO: apply guess_languages return collection_add_json(request)
def check_password_token(request): token = request.matchdict.get('token', None) user, validity = verify_password_change_token(token) if validity != Validity.VALID: raise HTTPBadRequest(validity.name) return {"user": user.uri()}
def put_permissions_for_role(request): discussion = request.context role_name = request.matchdict['role_name'] session = Discussion.default_db role = Role.get_by(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name,)) try: data = json.loads(request.body) except Exception as e: raise HTTPBadRequest("Malformed Json") if not isinstance(data, list): raise HTTPBadRequest("Not a list") if data and frozenset((type(x) for x in data)) != frozenset((str,)): raise HTTPBadRequest("not strings") permissions = set(session.query(Permission).filter(Permission.name.in_(data)).all()) data = set(data) if len(permissions) != len(data): raise HTTPBadRequest("Not valid permissions: %s" % (repr( data - set((p.name for p in permissions))),)) known_dp = session.query(DiscussionPermission).join(Permission).filter( role=role, discussion=discussion).all() dp_by_permission = {dp.permission.name: dp for dp in known_dp} known_permissions = set(dp_by_permission.keys()) for permission in known_permissions - permissions: session.delete(dp_by_permission[permission]) for permission in permissions - known_permissions: session.add(DiscussionPermission( role=role, permission=permission, discussion=discussion)) return {"added": list(permissions - known_permissions), "removed": list(known_permissions - permissions)}
def put_discussion_roles_for_user(request): discussion = request.context user_id = request.matchdict['user_id'] user = User.get_instance(user_id) if not user: raise HTTPNotFound("User id %d does not exist" % (user_id,)) try: data = json.loads(request.body) except Exception as e: raise HTTPBadRequest("Malformed Json") session = Discussion.default_db if not isinstance(data, list): raise HTTPBadRequest("Not a list") if data and frozenset((type(x) for x in data)) != frozenset((str,)): raise HTTPBadRequest("not strings") roles = set(session.query(Role).filter(Role.name.in_(data)).all()) data = set(data) if len(roles) != len(data): raise HTTPBadRequest("Not valid roles: %s" % (repr( data - set((p.name for p in roles))),)) known_lu_roles = session.query(LocalUserRole).join(Role).filter( user=user, discussion=discussion).all() lur_by_role = {lur.role.name: lur for lur in known_lu_roles} known_roles = set(lur_by_role.keys()) for role in known_roles - roles: session.query.delete(lur_by_role[role]) for role in roles - known_roles: session.add(LocalUserRole( user=user, role=role, discussion=discussion)) return {"added": list(roles - known_roles), "removed": list(known_roles - roles)}
def mime_type(request): url = request.params.get('url', None) if not url: raise HTTPBadRequest("Missing 'url' parameter") parsed = urlparse(url) if not parsed or parsed.scheme not in ('http', 'https'): raise HTTPBadRequest("Wrong scheme") if parsed.netloc.split(":")[0] == config.get('public_hostname'): # is it one of our own documents? # If so, detect it and shortcut to avoid the pyramid handler calling # another pyramid handler, as this exhausts pyramid threads rapidly # and can deadlock the whole application r = re.match( r'^https?://[\w\.]+(?:\:\d+)?/data/.*/documents/(\d+)/data(?:\?.*)?$', url) if r: document_id = r.groups(0)[0] from sqlalchemy.sql.functions import func mimetype, create_date, size = File.default_db.query( File.mime_type, File.creation_date, func.length(File.data) ).filter_by(id=int(document_id)).first() return Response( body=None, content_type=str(mimetype), content_length=size, last_modified=create_date) try: result = requests.head(url, timeout=15) except requests.ConnectionError: return Response( status=503, location=url) return Response( content_type=result.headers.get('Content-Type', None), status=result.status_code, location=result.url)
def authorize_get_(request): form = request.web_input(mobile='') try: scopes, credentials = server.validate_authorization_request(*extract_params(request)) except FatalClientError: raise HTTPBadRequest() except OAuth2Error as e: return HTTPFound(location=e.in_uri(e.redirect_uri)) del credentials['request'] return Response(render_form(request, scopes, credentials, bool(form.mobile)))
def search_view(request, **kwargs): bucket_id = request.matchdict['bucket_id'] collection_id = request.matchdict['collection_id'] # Limit the number of results to return, based on existing Kinto settings. paginate_by = request.registry.settings.get("paginate_by") max_fetch_size = request.registry.settings["storage_max_fetch_size"] if paginate_by is None or paginate_by <= 0: paginate_by = max_fetch_size configured = min(paginate_by, max_fetch_size) # If the size is specified in query, ignore it if larger than setting. specified = None if "body" in kwargs: try: body = json.loads(kwargs["body"].decode("utf-8")) specified = body.get("size") except json.decoder.JSONDecodeError: pass if specified is None or specified > configured: kwargs.setdefault("size", configured) # Access indexer from views using registry. indexer = request.registry.indexer try: results = indexer.search(bucket_id, collection_id, **kwargs) except elasticsearch.NotFoundError as e: # If plugin was enabled after the creation of the collection. indexer.create_index(bucket_id, collection_id) results = indexer.search(bucket_id, collection_id, **kwargs) except elasticsearch.RequestError as e: # Malformed query. if isinstance(e.info["error"], dict): message = e.info["error"]["reason"] details = e.info["error"]["root_cause"][0] else: message = e.info["error"] details = None response = http_error(httpexceptions.HTTPBadRequest(), errno=ERRORS.INVALID_PARAMETERS, message=message, details=details) raise response except elasticsearch.ElasticsearchException as e: # General failure. logger.exception("Index query failed.") results = {} return results
def add_report(request): """ Add an abuse report to the database :param request: a request object :return: a redirect to the abuse reports page """ if request.authenticated_userid is None: raise exc.HTTPNotFound() reporter = request.authenticated_user if reporter is None: raise exc.HTTPNotFound() public_language_id = request.matchdict["public_language_id"] page_url = urllib.unquote(urllib.unquote(request.matchdict["page_uri"])) public_group_id = request.matchdict['public_group_id'] user_id = request.matchdict['user_id'] page = annotran.pages.models.Page.get_by_uri(page_url) author = h.models.User.get_by_username(user_id) reporter = h.models.User.get_by_username(request.authenticated_user.username) group = h.groups.models.Group.get_by_pubid(public_group_id) language = annotran.languages.models.Language.get_by_public_language_id(public_language_id) if page is None or author is None or reporter is None or group is None or language is None: raise exc.HTTPNotFound() translation = annotran.translations.models.Translation.get_translation(page, language, group) if translation is None: raise exc.HTTPNotFound() report = annotran.reports.models.Report.get_report(translation, author, reporter) # if already in a database, it means it was reported previously if report: return exc.HTTPBadRequest() report = annotran.reports.models.Report(translation, author, reporter) request.db.add(report) request.db.flush() reports = request.route_url('admin_reports') body_text = u'Hello,\n\nA new abuse report has been filed. ' \ u'Please see <a href="{0}">{0}</a>.\n\nAnnotran'.format(reports) annotran.mailer.send(request, subject=u'A new abuse report has been filed', recipients=[annotran.views.Shared.support_address], body=body_text) return {}
def get_changes(self): # this method is called from all replica servers # and either returns changelog entry content for {serial} or, # if it points to the "next" serial, will block and wait # until that serial is committed. However, after # MAX_REPLICA_BLOCK_TIME, we return 202 Accepted to indicate # the replica should try again. The latter has two benefits: # - nginx' timeout would otherwise return 504 (Gateway Timeout) # - if the replica is not waiting anymore we would otherwise # never time out here, leading to more and more threads # if no commits happen. if not self.xom.is_master(): raise HTTPForbidden("Replication protocol disabled") expected_uuid = self.request.headers.get(H_EXPECTED_MASTER_ID, None) master_uuid = self.xom.config.get_master_uuid() # we require the header but it is allowed to be empty # (during initialization) if expected_uuid is None: msg = "replica sent no %s header" % H_EXPECTED_MASTER_ID threadlog.error(msg) raise HTTPBadRequest(msg) if expected_uuid and expected_uuid != master_uuid: threadlog.error("expected %r as master_uuid, replica sent %r", master_uuid, expected_uuid) raise HTTPBadRequest("expected %s as master_uuid, replica sent %s" % (master_uuid, expected_uuid)) serial = self.request.matchdict["serial"] with self.update_replica_status(serial): keyfs = self.xom.keyfs if serial.lower() == "nop": raw_entry = b"" else: try: serial = int(serial) except ValueError: raise HTTPNotFound("serial needs to be int") raw_entry = self._wait_for_entry(serial) devpi_serial = keyfs.get_current_serial() r = Response(body=raw_entry, status=200, headers={ str("Content-Type"): str("application/octet-stream"), str("X-DEVPI-SERIAL"): str(devpi_serial), }) return r
def goto_url(request): """ View that takes the user to a URL with the annotation layer enabled. Optional configuration for the client may be specified via additional query params: "q" - Initial query for the filter input in the client. """ settings = request.registry.settings url = request.params.get('url') if url is None: raise httpexceptions.HTTPBadRequest('"url" parameter is missing') if not _is_valid_http_url(url): raise httpexceptions.HTTPBadRequest( _('Sorry, but this service can only show annotations on ' 'valid HTTP or HTTPs URLs.')) # Remove any existing #fragment identifier from the URI before we # append our own. url = parse.urldefrag(url)[0] query = parse.quote(request.params.get('q', '')) via_url = '{via_base_url}/{url}#annotations:query:{query}'.format( via_base_url=settings['via_base_url'], url=url, query=query) extension_url = '{url}#annotations:query:{query}'.format( url=url, query=query) pretty_url = util.get_pretty_url(url) return { 'data': json.dumps({ 'chromeExtensionId': settings['chrome_extension_id'], 'viaUrl': via_url, 'extensionUrl': extension_url, }), 'pretty_url': pretty_url }
def one_value_param(name): def wrap(func): def f(self): tests = func(self) # 0 values: should fail with self.subTest(test='0 values'): try: PackagesSearcher({ name: [] })() except HTTPBadRequest as e: if e.detail == Messages.no_values % name: # Expected exception pass else: raise e else: raise AssertionError() # 2, 3 values: should fail for i in range(2, 4): with self.subTest(test='%s values' % i): try: PackagesSearcher({ name: ['hel'] * i })() except HTTPBadRequest as e: if e.detail == Messages.too_many_values % (1, i): # Expected exception pass else: raise e else: raise AssertionError() for test_case in tests: with self.subTest(test=test_case): value, expected = test_case searcher = PackagesSearcher({ name: [value] }) searcher() packages = [x for x in self.db['packages'].find({})] search_result = searcher.search(packages) for num, doc in enumerate(search_result): if '_id' in search_result[num]: del search_result[num]['_id'] self.assertTrue(are_equal(search_result, expected)) return f return wrap
def update_group_plugins(request): # make sure the plugin id exists group_id = request.matchdict['group_id'] can_modify_group(request, group_id) group = request.db_session.query(LedGroup).filter(LedGroup.id == group_id).first() if not group: raise exc.HTTPBadRequest("No such plugin") else: def to_null(val): if val == '': return None return val POST = {k: to_null(v) for k, v in request.POST.items()} time_from, time_to = sorted([request.POST['time_from'], request.POST['time_to']]) fmt_24 = "%H%M" fmt_date = "%d/%m/%Y" if (not time_from and time_to) or (not time_to and time_from): raise exc.HTTPBadRequest('If you want a time range, please specify a time from and time to') if time_from: time_from = datetime.datetime.strptime(time_from, fmt_24) time_to = datetime.datetime.strptime(time_to, fmt_24) group.time_to = time_to group.time_from = time_from else: group.time_from = None group.time_to = None if POST['date_from']: date_from = datetime.datetime.strptime(POST['date_from'], fmt_date) group.date_from = date_from else: group.date_from = None if POST['days']: days = POST['days'][:7] if not re.match("[0|1]{7}", days): raise exc.HTTPBadRequest("Days must have 7 valid days") # print "Setting days", days if "1" in days: group.days_of_week = days else: group.days_of_week = None else: group.days_of_week = None if POST['repeats']: repeats = int(POST['repeats']) group.repeats = max(0, repeats) else: group.repeats = None if POST['enabled']: group.enabled = POST['enabled'] == 'true' log(request, "Updated scheduling for <a href='/group/{}'>{}</a>".format(group.id, group.name)) return {'success': True}
def _do_update_from_json( self, json, parse_def, ctx, duplicate_handling=None, object_importer=None): from ..auth.util import user_has_permission user_id = ctx.get_user_id() target_user_id = user_id user = ctx.get_instance_of_class(User) if user: target_user_id = user.id if self.user_id: if target_user_id != self.user_id: if not user_has_permission(self.discussion_id, user_id, P_ADMIN_DISC): raise HTTPUnauthorized() # For now, do not allow changing user, it's way too complicated. if 'user' in json and User.get_database_id(json['user']) != self.user_id: raise HTTPBadRequest() else: json_user_id = json.get('user', None) if json_user_id is None: json_user_id = target_user_id else: json_user_id = User.get_database_id(json_user_id) if json_user_id != user_id and not user_has_permission(self.discussion_id, user_id, P_ADMIN_DISC): raise HTTPUnauthorized() self.user_id = json_user_id if self.discussion_id: if 'discussion_id' in json and Discussion.get_database_id(json['discussion_id']) != self.discussion_id: raise HTTPBadRequest() else: discussion_id = json.get('discussion', None) or ctx.get_discussion_id() if discussion_id is None: raise HTTPBadRequest() self.discussion_id = Discussion.get_database_id(discussion_id) new_type = json.get('@type', self.type) if self.external_typename() != new_type: polymap = inspect(self.__class__).polymorphic_identity if new_type not in polymap: raise HTTPBadRequest() new_type = polymap[new_type].class_ new_instance = self.change_class(new_type) return new_instance._do_update_from_json( json, parse_def, ctx, DuplicateHandling.USE_ORIGINAL, object_importer) creation_origin = json.get('creation_origin', "USER_REQUESTED") if creation_origin is not None: self.creation_origin = NotificationCreationOrigin.from_string(creation_origin) if json.get('parent_subscription', None) is not None: self.parent_subscription_id = self.get_database_id(json['parent_subscription']) status = json.get('status', None) if status: status = NotificationSubscriptionStatus.from_string(status) if status != self.status: self.status = status self.last_status_change_date = datetime.utcnow() return self
def _create_subobject_from_json( self, json, target_cls, parse_def, context, accessor_name, object_importer=None): instance = None target_type = json.get('@type', None) if target_type: new_target_cls = get_named_class(target_type) if new_target_cls: if target_cls is not None and \ not issubclass(new_target_cls, target_cls): raise HTTPBadRequest( "Type %s was assigned to %s.%s" % ( target_type, self.__class__.__name__, accessor_name)) target_cls = new_target_cls if not target_cls: # Not an instance return None target_id = json.get('@id', None) if target_id is not None: if isinstance(target_id, string_types): instance = self._json_is_known_instance(target_id, object_importer) if instance is not None and object_importer: object_importer.associate(target_id, instance) if instance is not None: # Interesting that it works here and not upstream sub_context = instance.get_instance_context(context) log.info("Chaining context from %s -> %s" % (context, sub_context)) # NOTE: Here we could tombstone the instance if tombstonable. instance = instance._do_update_from_json( json, parse_def, sub_context, DuplicateHandling.USE_ORIGINAL, object_importer) instance = instance.handle_duplication( json, parse_def, sub_context, DuplicateHandling.USE_ORIGINAL, object_importer) else: instance_ctx = target_cls._do_create_from_json( json, parse_def, context, DuplicateHandling.USE_ORIGINAL, object_importer) if instance_ctx is None: raise HTTPBadRequest( "Could not find or create object %s" % ( dumps(json),)) if instance_ctx._instance: context.on_new_instance(instance_ctx._instance) if (target_id is not None and object_importer and instance_ctx._instance is not None): object_importer.associate(target_id, instance_ctx._instance) return instance_ctx # If a duplicate is created, do we use the original? (Error otherwise)
def _assign_subobject_list(self, instances, accessor): # only known case yet is Langstring.entries if isinstance(accessor, RelationshipProperty): if not accessor.back_populates: # Try the brutal approach setattr(self, accessor.key, instances) else: from ..lib.history_mixin import TombstonableMixin current_instances = getattr(self, accessor.key) missing = set(instances) - set(current_instances) if missing: # Maybe tombstones missing = filter( lambda a: not isinstance(a, TombstonableMixin) or not a.is_tombstone, missing) assert not missing, "what's wrong with back_populates?" extra = set(current_instances) - set(instances) if extra: remote_columns = list(accessor.remote_side) if len(accessor.remote_side) > 1: if issubclass(accessor.mapper.class_, TombstonableMixin): remote_columns = filter(lambda c: c.name != 'tombstone_date', remote_columns) assert len(remote_columns) == 1 remote = remote_columns[0] if remote.nullable: # TODO: check update permissions on that object. for inst in missing: setattr(inst, remote.key, None) else: for inst in extra: if not inst.user_can( user_id, CrudPermissions.DELETE, permissions): raise HTTPUnauthorized( "Cannot delete object %s", inst.uri()) else: if isinstance(inst, TombstonableMixin): inst.is_tombstone = True else: self.db.delete(inst) elif isinstance(accessor, property): # Note: Does not happen yet. property.fset(self, instances) elif isinstance(accessor, Column): raise HTTPBadRequest( "%s cannot have multiple values" % (accessor.key, )) elif isinstance(accessor, AssociationProxy): # Also never happens current_instances = accessor.__get__(self, self.__class__) missing = set(instances) - set(current_instances) extra = set(current_instances) - set(instances) for inst in missing: accessor.add(inst) for inst in extra: accessor.remove(inst) else: assert False, "we should not get here"
def report(context, request): doc_types = request.params.getall('type') if len(doc_types) != 1: msg = 'Report view requires specifying a single type.' raise HTTPBadRequest(explanation=msg) # schemas for all types types = request.registry[TYPES] # Get the subtypes of the requested type try: sub_types = types[doc_types[0]].subtypes except KeyError: # Raise an error for an invalid type msg = "Invalid type: " + doc_types[0] raise HTTPBadRequest(explanation=msg) # Raise an error if the requested type has subtypes. if len(sub_types) > 1: msg = 'Report view requires a type with no child types.' raise HTTPBadRequest(explanation=msg) # Ignore large limits, which make `search` return a Response # -- UNLESS we're being embedded by the download_report view from_, size = get_pagination(request) if ('limit' in request.GET and request.__parent__ is None and (size is None or size > 1000)): del request.GET['limit'] # Reuse search view res = search(context, request) # change @id, @type, and views res['views'][0] = { 'href': res['@id'], 'title': 'View results as list', 'icon': 'list-alt', } search_base = normalize_query(request) res['@id'] = '/report/' + search_base # TODO add this back one day # res['download_tsv'] = request.route_path('report_download') + search_base res['title'] = 'Report' res['@type'] = ['Report'] return res
