Beispiel #1
0
def record_entry(request):
    authKey = request.POST.get("auth_key") #Such a hack, but I'm feeling lazy
    
    if authKey != "adrifgyseirufgjseor8gy89werhguysodfy78aeyrfg678yw489ghwerytfge":
        return JsonResponse({'authenticated': False, 'recorded': False})
    
    search_code = request.POST["entry_code"]

    recordListSlug= "Entry %s" % datetime.today().strftime("%Y-%m-%d")
    queryListSlug = "club-entry"
    
    queryList = QueryList.objects.get(slug=queryListSlug)
    person = autoPerson(codeSearch(search_code))
    
    queryListPeople = queryList.people
    
    if not person:
        return JsonResponse({'authenticated': True, 'recorded': False, 'found': False})
    
    if person in queryListPeople:
        entryList = autoList(recordListSlug, 'entry_list')
        
        if entryList.list_type != 'entry_list':
            log.warning("Entry record attempt into a non-entry list")
            return JsonResponse({'authenticated': True, 'recorded': False, 'found': True, 'first_name': person.first_name, 'last_name': person.last_name, 'error': 'Entry record attempt into a non-entry list'})
        
        entryList.people.add(person)
        entryList.save()
        log.info("Recording entry for %s into %s" % (person, entryList))
        return JsonResponse({'authenticated': True, 'recorded': True, 'found': True, 'first_name': person.first_name, 'last_name': person.last_name})

    else:
        return JsonResponse({'authenticated': True, 'recorded': False, 'first_name': person.first_name, 'last_name': person.last_name, 'error': '{first:} {last:} is not allowed into the ballroom'.format(first=person.first_name, last=person.last_name)})
Beispiel #2
0
def remoteScan(request, id):
    try:
        endpoint = RemoteScanEndpoint.objects.get(pk=id)
    except RemoteScanEndpoint.DoesNotExist:
        return JsonResponse({"alert": "Endpoint ID does not exist, please re-configure remote scanner", "remove": True})
    
    data = json.loads(request.body.decode("utf-8"))
    
    testSignature = data["uuid"] + data["timestamp"] + data["code"]
    
    remoteDigest = base64.decodebytes(data["signature"].encode())
    localDigest = hmac.new(endpoint.auth_key.encode(), testSignature.encode(), hashlib.sha256).digest()
    
    authPass = hmac.compare_digest(localDigest, remoteDigest)
    
    if not authPass:
        return JsonResponse({"alert_title": "Authentication Failure", "alert_message": "HMAC digest failure", "stop": True})
    
    person = autoPerson(codeSearch(data["code"]))
    
    if not person:
        return JsonResponse({"remove": 10, "alert_title": "Search Error", "alert_message": "Person not found with search code {code:}".format(code=data["code"])})
    
    if endpoint.allowed_list:
        checkList = endpoint.allowed_list
        checkPeople = endpoint.allowed_list.people
        
        if not person in checkPeople:
            return JsonResponse({"message": "Denied: {name:}".format(name=person.name), "remove": 10, "alert_title": "Entry Not Allowed", "alert_message": "{name} is not in {list}".format(name=person.name, list=endpoint.allowed_list.name)})
    
    with transaction.atomic():
        RemoteScanUUID(uuid=data["uuid"]).save()
        
        if endpoint.scan_list:
            scanList = endpoint.scan_list
        
        else:
            scanListSlug = "{prefix:} {date:}".format(prefix=endpoint.list_prefix, date=datetime.today().strftime("%Y-%m-%d"))
            scanList = autoList(scanListSlug, "entry_list")
        
        if person in scanList.people.all():
            duplicate = True
        else:
            duplicate = False
            scanList.people.add(person)
    
    params = {"remove": 3, "sound": "beep"}    
    if duplicate:
        params["message"] = "Duplicate: {name:}".format(name=person.name)
    else:
        params["message"] = "Allowed: {name:}".format(name=person.name)
    
    return JsonResponse(params)
Beispiel #3
0
def record_entry(request):
    authKey = request.POST.get("auth_key")  #Such a hack, but I'm feeling lazy

    if authKey != "adrifgyseirufgjseor8gy89werhguysodfy78aeyrfg678yw489ghwerytfge":
        return JsonResponse({'authenticated': False, 'recorded': False})

    search_code = request.POST["entry_code"]

    recordListSlug = "Entry %s" % datetime.today().strftime("%Y-%m-%d")
    queryListSlug = "club-entry"

    queryList = QueryList.objects.get(slug=queryListSlug)
    person = autoPerson(codeSearch(search_code))

    queryListPeople = queryList.people

    if not person:
        return JsonResponse({
            'authenticated': True,
            'recorded': False,
            'found': False
        })

    if person in queryListPeople:
        entryList = autoList(recordListSlug, 'entry_list')

        if entryList.list_type != 'entry_list':
            log.warning("Entry record attempt into a non-entry list")
            return JsonResponse({
                'authenticated':
                True,
                'recorded':
                False,
                'found':
                True,
                'first_name':
                person.first_name,
                'last_name':
                person.last_name,
                'error':
                'Entry record attempt into a non-entry list'
            })

        entryList.people.add(person)
        entryList.save()
        log.info("Recording entry for %s into %s" % (person, entryList))
        return JsonResponse({
            'authenticated': True,
            'recorded': True,
            'found': True,
            'first_name': person.first_name,
            'last_name': person.last_name
        })

    else:
        return JsonResponse({
            'authenticated':
            True,
            'recorded':
            False,
            'first_name':
            person.first_name,
            'last_name':
            person.last_name,
            'error':
            '{first:} {last:} is not allowed into the ballroom'.format(
                first=person.first_name, last=person.last_name)
        })
Beispiel #4
0
def remoteScan(request, id):
    try:
        endpoint = RemoteScanEndpoint.objects.get(pk=id)
    except RemoteScanEndpoint.DoesNotExist:
        return JsonResponse({
            "alert":
            "Endpoint ID does not exist, please re-configure remote scanner",
            "remove": True
        })

    data = json.loads(request.body.decode("utf-8"))

    testSignature = data["uuid"] + data["timestamp"] + data["code"]

    remoteDigest = base64.decodebytes(data["signature"].encode())
    localDigest = hmac.new(endpoint.auth_key.encode(), testSignature.encode(),
                           hashlib.sha256).digest()

    authPass = hmac.compare_digest(localDigest, remoteDigest)

    if not authPass:
        return JsonResponse({
            "alert_title": "Authentication Failure",
            "alert_message": "HMAC digest failure",
            "stop": True
        })

    person = autoPerson(codeSearch(data["code"]))

    if not person:
        return JsonResponse({
            "remove":
            10,
            "alert_title":
            "Search Error",
            "alert_message":
            "Person not found with search code {code:}".format(
                code=data["code"])
        })

    if endpoint.allowed_list:
        checkList = endpoint.allowed_list
        checkPeople = endpoint.allowed_list.people

        if not person in checkPeople:
            return JsonResponse({
                "message":
                "Denied: {name:}".format(name=person.name),
                "remove":
                10,
                "alert_title":
                "Entry Not Allowed",
                "alert_message":
                "{name} is not in {list}".format(
                    name=person.name, list=endpoint.allowed_list.name)
            })

    with transaction.atomic():
        RemoteScanUUID(uuid=data["uuid"]).save()

        if endpoint.scan_list:
            scanList = endpoint.scan_list

        else:
            scanListSlug = "{prefix:} {date:}".format(
                prefix=endpoint.list_prefix,
                date=datetime.today().strftime("%Y-%m-%d"))
            scanList = autoList(scanListSlug, "entry_list")

        if person in scanList.people.all():
            duplicate = True
        else:
            duplicate = False
            scanList.people.add(person)

    params = {"remove": 3, "sound": "beep"}
    if duplicate:
        params["message"] = "Duplicate: {name:}".format(name=person.name)
    else:
        params["message"] = "Allowed: {name:}".format(name=person.name)

    return JsonResponse(params)