From 919d4a43d3d386aa54c4b1186d4f3cd1efff15be Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Tue, 6 Jul 2021 16:23:31 +0200 Subject: [PATCH 1/3] return validating error --- ereuse_devicehub/resources/tradedocument/views.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ereuse_devicehub/resources/tradedocument/views.py b/ereuse_devicehub/resources/tradedocument/views.py index 4222eceb..a478da6f 100644 --- a/ereuse_devicehub/resources/tradedocument/views.py +++ b/ereuse_devicehub/resources/tradedocument/views.py @@ -2,6 +2,7 @@ import os import time from datetime import datetime from flask import current_app as app, request, g, Response +from marshmallow import ValidationError from teal.resource import View from ereuse_devicehub.db import db @@ -19,7 +20,11 @@ class TradeDocumentView(View): def post(self): """Add one document.""" - data = request.get_json(validate=True) + try: + data = request.get_json(validate=True) + except ValueError as err: + raise ValidationError(err) + hash3 = data['file_hash'] db_hash = ReportHash(hash3=hash3) db.session.add(db_hash) From eab0400124fbd4197a950615fa6447c327266002 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Wed, 7 Jul 2021 11:06:07 +0200 Subject: [PATCH 2/3] open of security --- ereuse_devicehub/resources/action/views/views.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/ereuse_devicehub/resources/action/views/views.py b/ereuse_devicehub/resources/action/views/views.py index 5e5d9945..23fdefc0 100644 --- a/ereuse_devicehub/resources/action/views/views.py +++ b/ereuse_devicehub/resources/action/views/views.py @@ -197,11 +197,16 @@ class ActionView(View): snapshot = SnapshotView(json, resource_def, self.schema) return snapshot.post() - if not 'data' in json: - txt = 'Invalid snapshot' - raise ValidationError(txt) + # TODO @cayop uncomment at four weeks + # if not 'data' in json: + # txt = 'Invalid snapshot' + # raise ValidationError(txt) - snapshot_data = decode_snapshot(json) + # snapshot_data = decode_snapshot(json) + + snapshot_data = json + if 'data' in json: + snapshot_data = decode_snapshot(json) if not snapshot_data: txt = 'Invalid snapshot' From c2745fa437e54dba011baa18f6a123d09117ce6a Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Wed, 7 Jul 2021 12:46:24 +0200 Subject: [PATCH 3/3] update changelog and versions --- CHANGELOG.md | 7 ++++--- ereuse_devicehub/__init__.py | 2 +- ereuse_devicehub/resources/action/schemas.py | 2 -- ereuse_devicehub/resources/action/views/snapshot.py | 1 - ereuse_devicehub/resources/action/views/trade.py | 2 -- ereuse_devicehub/resources/action/views/views.py | 1 - ereuse_devicehub/resources/lot/views.py | 3 --- tests/test_action.py | 7 ------- tests/test_snapshot.py | 1 - 9 files changed, 5 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 23e164fd..01024d2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,12 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ml). ## master - [1.0.6-beta] - -## testing [1.0.7-beta] +## testing + [1.0.8-beta] + ## [1.0.7-beta] +- [addend] #158 support for encrypted snapshots data - [addend] #135 adding trade system - [addend] #140 adding endpoint for download the settings for usb workbench diff --git a/ereuse_devicehub/__init__.py b/ereuse_devicehub/__init__.py index 65284dcc..811df9bd 100644 --- a/ereuse_devicehub/__init__.py +++ b/ereuse_devicehub/__init__.py @@ -1 +1 @@ -__version__ = "1.0.7-beta" +__version__ = "1.0.8-beta" diff --git a/ereuse_devicehub/resources/action/schemas.py b/ereuse_devicehub/resources/action/schemas.py index 37b0a8a0..087af53d 100644 --- a/ereuse_devicehub/resources/action/schemas.py +++ b/ereuse_devicehub/resources/action/schemas.py @@ -539,7 +539,6 @@ class ConfirmDocument(ActionWithMultipleDocuments): """If there are one device than have one confirmation, then remove the list this device of the list of devices of this action """ - # import pdb; pdb.set_trace() if data['documents'] == OrderedSet(): return @@ -567,7 +566,6 @@ class RevokeDocument(ActionWithMultipleDocuments): This is not checked in the view becouse the list of documents is inmutable """ - # import pdb; pdb.set_trace() if data['documents'] == OrderedSet(): return diff --git a/ereuse_devicehub/resources/action/views/snapshot.py b/ereuse_devicehub/resources/action/views/snapshot.py index f0fa35db..556211e3 100644 --- a/ereuse_devicehub/resources/action/views/snapshot.py +++ b/ereuse_devicehub/resources/action/views/snapshot.py @@ -69,7 +69,6 @@ class SnapshotView(): # snapshot, and we want to wait to flush snapshot at the end def __init__(self, snapshot_json: dict, resource_def, schema): - # import pdb; pdb.set_trace() self.schema = schema self.resource_def = resource_def self.tmp_snapshots = app.config['TMP_SNAPSHOTS'] diff --git a/ereuse_devicehub/resources/action/views/trade.py b/ereuse_devicehub/resources/action/views/trade.py index ef7c4efe..af44cedb 100644 --- a/ereuse_devicehub/resources/action/views/trade.py +++ b/ereuse_devicehub/resources/action/views/trade.py @@ -227,7 +227,6 @@ class RevokeView(ConfirmMixin): ids = {d.id for d in data['devices']} lot = data['action'].lot - # import pdb; pdb.set_trace() self.model = delete_from_trade(lot, ids) @@ -284,7 +283,6 @@ class ConfirmDocumentMixin(): Model = None def __init__(self, data, resource_def, schema): - # import pdb; pdb.set_trace() self.schema = schema a = resource_def.schema.load(data) self.validate(a) diff --git a/ereuse_devicehub/resources/action/views/views.py b/ereuse_devicehub/resources/action/views/views.py index 23fdefc0..e51a8e7a 100644 --- a/ereuse_devicehub/resources/action/views/views.py +++ b/ereuse_devicehub/resources/action/views/views.py @@ -250,7 +250,6 @@ class ActionView(View): confirm_revoke = trade_view.ConfirmRevokeDocumentView(json, resource_def, self.schema) return confirm_revoke.post() - # import pdb; pdb.set_trace() a = resource_def.schema.load(json) Model = db.Model._decl_class_registry.data[json['type']]() action = Model(**a) diff --git a/ereuse_devicehub/resources/lot/views.py b/ereuse_devicehub/resources/lot/views.py index 9bff204b..fcbca827 100644 --- a/ereuse_devicehub/resources/lot/views.py +++ b/ereuse_devicehub/resources/lot/views.py @@ -224,7 +224,6 @@ class LotDeviceView(LotBaseChildrenView): id = ma.fields.List(ma.fields.Integer()) def _post(self, lot: Lot, ids: Set[int]): - # import pdb; pdb.set_trace() # get only new devices ids -= {x.id for x in lot.devices} if not ids: @@ -249,7 +248,6 @@ class LotDeviceView(LotBaseChildrenView): if lot.trade: return delete_from_trade(lot, ids) - # import pdb; pdb.set_trace() if not g.user == lot.owner: txt = 'This is not your lot' raise ma.ValidationError(txt) @@ -267,7 +265,6 @@ def delete_from_trade(lot: Lot, ids: Set[int]): txt = 'This is not your trade' raise ma.ValidationError(txt) - # import pdb; pdb.set_trace() devices = set(Device.query.filter(Device.id.in_(ids)).filter( Device.owner_id.in_(users))) diff --git a/tests/test_action.py b/tests/test_action.py index 5c0af44f..547ab96d 100644 --- a/tests/test_action.py +++ b/tests/test_action.py @@ -293,7 +293,6 @@ def test_live(user: UserClient, client: Client, app: Devicehub): @pytest.mark.usefixtures(conftest.app_context.__name__) def test_live_example(user: UserClient, client: Client, app: Devicehub): """Tests inserting a Live into the database and GETting it.""" - # import pdb; pdb.set_trace() acer = file('snapshotLive') snapshot, _ = user.post(acer, res=models.Snapshot) device_id = snapshot['device']['id'] @@ -1244,7 +1243,6 @@ def test_usecase_confirmation(user: UserClient, user2: UserClient): res=Lot, item='{}/devices'.format(lot['id']), query=devices[-1:], status=200) - # import pdb; pdb.set_trace() assert len(trade.lot.devices) == len(trade.devices) == 10 assert device_10.actions[-1].t == 'Revoke' @@ -1302,7 +1300,6 @@ def test_usecase_confirmation(user: UserClient, user2: UserClient): snap10['device']['id'] ] } - # import pdb; pdb.set_trace() user2.post(res=models.Action, data=request_reconfirm) assert device_10.actions[-1].t == 'Confirm' assert device_10.actions[-1].user == trade.user_from @@ -1680,7 +1677,6 @@ def test_trade_case4(user: UserClient, user2: UserClient): # Normal revoke user2.post(res=models.Action, data=request_revoke) - # import pdb; pdb.set_trace() assert device1.actions[-2].t == 'Trade' assert device1.actions[-1].t == 'Confirm' assert device1.actions[-1].user == trade.user_to @@ -2222,7 +2218,6 @@ def test_trade_case12(user: UserClient, user2: UserClient): user.post(res=models.Action, data=request_post) trade = models.Trade.query.one() - # import pdb; pdb.set_trace() device1, device = trade.devices @@ -2296,7 +2291,6 @@ def test_trade_case13(user: UserClient, user2: UserClient): user.post(res=models.Action, data=request_post) trade = models.Trade.query.one() - # import pdb; pdb.set_trace() lot, _ = user2.post({}, res=Lot, @@ -2370,7 +2364,6 @@ def test_trade_case14(user: UserClient, user2: UserClient): user.post(res=models.Action, data=request_post) trade = models.Trade.query.one() - # import pdb; pdb.set_trace() lot, _ = user2.post({}, res=Lot, diff --git a/tests/test_snapshot.py b/tests/test_snapshot.py index 94b8f04f..eaeca85c 100644 --- a/tests/test_snapshot.py +++ b/tests/test_snapshot.py @@ -112,7 +112,6 @@ def test_snapshot_post(user: UserClient): @pytest.mark.mvp def test_same_device_tow_users(user: UserClient, user2: UserClient): """Two users can up the same snapshot and the system save 2 computers""" - # import pdb; pdb.set_trace() user.post(file('basic.snapshot'), res=Snapshot) i, _ = user.get(res=m.Device) pc = next(d for d in i['items'] if d['type'] == 'Desktop')