pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Format project

Browse Source
This commit is contained in:
richard-dds
2018-08-23 16:25:36 -04:00
parent e9fa4d9ecb
commit daa8634cb4
48 changed files with 415 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
atst/domain/auth.py
View File

@@ -3,7 +3,14 @@ from flask import g, redirect, url_for, session, request
from atst.domain.users import Users
UNPROTECTED_ROUTES = ["atst.root", "dev.login_dev", "atst.login_redirect", "atst.unauthorized", "static"]
UNPROTECTED_ROUTES = [
"atst.root",
"dev.login_dev",
"atst.login_redirect",
"atst.unauthorized",
"static",
]
def apply_authentication(app):
@app.before_request
@@ -26,7 +33,7 @@ def get_current_user():
else:
return False
def _unprotected_route(request):
if request.endpoint in UNPROTECTED_ROUTES:
return True

3
atst/domain/authnid/__init__.py
View File

@@ -4,8 +4,7 @@ from .utils import parse_sdn, email_from_certificate
from .crl import CRLRevocationException
class AuthenticationContext():
class AuthenticationContext:
def __init__(self, crl_cache, auth_status, sdn, cert):
if None in locals().values():
raise UnauthenticatedError(

18
atst/domain/authnid/crl/__init__.py
View File

@@ -9,14 +9,16 @@ class CRLRevocationException(Exception):
pass
class CRLCache():
class CRLCache:
_PEM_RE = re.compile(
b"-----BEGIN CERTIFICATE-----\r?.+?\r?-----END CERTIFICATE-----\r?\n?",
re.DOTALL,
)
def __init__(self, root_location, crl_locations=[], store_class=crypto.X509Store, logger=None):
def __init__(
self, root_location, crl_locations=[], store_class=crypto.X509Store, logger=None
):
self.store_class = store_class
self.certificate_authorities = {}
self._load_roots(root_location)
@@ -57,7 +59,11 @@ class CRLCache():
with open(crl_location, "rb") as crl_file:
crl = crypto.load_crl(crypto.FILETYPE_ASN1, crl_file.read())
store.add_crl(crl)
self.log_info("STORE ID: {}. Adding CRL with issuer {}".format(id(store), crl.get_issuer()))
self.log_info(
"STORE ID: {}. Adding CRL with issuer {}".format(
id(store), crl.get_issuer()
)
)
store = self._add_certificate_chain_to_store(store, crl.get_issuer())
return store
@@ -75,7 +81,11 @@ class CRLCache():
def _add_certificate_chain_to_store(self, store, issuer):
ca = self.certificate_authorities.get(issuer.der())
store.add_cert(ca)
self.log_info("STORE ID: {}. Adding CA with subject {}".format(id(store), ca.get_subject()))
self.log_info(
"STORE ID: {}. Adding CA with subject {}".format(
id(store), ca.get_subject()
)
)
if issuer == ca.get_issuer():
# i.e., it is the root CA and we are at the end of the chain

12
atst/domain/authnid/utils.py
View File

@@ -25,7 +25,15 @@ def email_from_certificate(cert_file):
return email[0]
else:
raise ValueError("No email available for certificate with serial {}".format(cert.serial_number))
raise ValueError(
"No email available for certificate with serial {}".format(
cert.serial_number
)
)
except x509.extensions.ExtensionNotFound:
raise ValueError("No subjectAltName available for certificate with serial {}".format(cert.serial_number))
raise ValueError(
"No subjectAltName available for certificate with serial {}".format(
cert.serial_number
)
)

1
atst/domain/pe_numbers.py
View File

@@ -6,7 +6,6 @@ from .exceptions import NotFoundError
class PENumbers(object):
@classmethod
def get(cls, number):
pe_number = db.session.query(PENumber).get(number)

25
atst/domain/requests.py
View File

@@ -73,9 +73,10 @@ class Requests(object):
filters.append(Request.creator == creator)
requests = (
db.session.query(Request).filter(*filters).order_by(
Request.time_created.desc()
).all()
db.session.query(Request)
.filter(*filters)
.order_by(Request.time_created.desc())
.all()
)
return requests
@@ -113,9 +114,10 @@ class Requests(object):
# Query for request matching id, acquiring a row-level write lock.
# https://www.postgresql.org/docs/10/static/sql-select.html#SQL-FOR-UPDATE-SHARE
return (
db.session.query(Request).filter_by(id=request_id).with_for_update(
of=Request
).one()
db.session.query(Request)
.filter_by(id=request_id)
.with_for_update(of=Request)
.one()
)
except NoResultFound:
@@ -153,9 +155,7 @@ class Requests(object):
RequestStatus.STARTED: "mission_owner",
RequestStatus.PENDING_FINANCIAL_VERIFICATION: "mission_owner",
RequestStatus.PENDING_CCPO_APPROVAL: "ccpo",
}.get(
request.status
)
}.get(request.status)
@classmethod
def should_auto_approve(cls, request):
@@ -167,13 +167,16 @@ class Requests(object):
return dollar_value < cls.AUTO_APPROVE_THRESHOLD
_VALID_SUBMISSION_STATUSES = [
RequestStatus.STARTED, RequestStatus.CHANGES_REQUESTED
RequestStatus.STARTED,
RequestStatus.CHANGES_REQUESTED,
]
@classmethod
def should_allow_submission(cls, request):
all_request_sections = [
"details_of_use", "information_about_you", "primary_poc"
"details_of_use",
"information_about_you",
"primary_poc",
]
existing_request_sections = request.body.keys()
return request.status in Requests._VALID_SUBMISSION_STATUSES and all(

1
atst/domain/roles.py
View File

@@ -6,7 +6,6 @@ from .exceptions import NotFoundError
class Roles(object):
@classmethod
def get(cls, role_name):
try:

1
atst/domain/users.py
View File

@@ -9,7 +9,6 @@ from .exceptions import NotFoundError, AlreadyExistsError
class Users(object):
@classmethod
def get(cls, user_id):
try:

1
atst/domain/workspace_users.py
View File

@@ -11,7 +11,6 @@ from .exceptions import NotFoundError
class WorkspaceUsers(object):
@classmethod
def get(cls, workspace_id, user_id):
try:

4
atst/domain/workspaces.py
View File

@@ -64,8 +64,6 @@ class Workspaces(object):
@classmethod
def _create_workspace_role(cls, user, workspace, role_name):
role = Roles.get(role_name)
workspace_role = WorkspaceRole(
user=user, role=role, workspace=workspace
)
workspace_role = WorkspaceRole(user=user, role=role, workspace=workspace)
db.session.add(workspace_role)
return workspace_role