def _verify_upload_integrity(self, file, file_url):
"""Download the given file from the URL and compare the SHA1s.
:type file: :class:`cgi.FieldStorage`
:param file: A freshly uploaded file object, that has just been
sent to the FTP server.
:type file_url: str
:param file_url: A publicly accessible URL where the uploaded file
can be downloaded.
:returns: `True` if the integrity check succeeds or is disabled.
:raises FTPUploadError: If the file cannot be downloaded after
the max number of retries, or if the the downloaded file
doesn't match the original.
"""
max_tries = int(self._data[FTP_MAX_INTEGRITY_RETRIES])
if max_tries < 1:
return True
file.seek(0)
orig_hash = sha1(file.read()).hexdigest()
# Try to download the file. Increase the number of retries, or the
# timeout duration, if the server is particularly slow.
# eg: Akamai usually takes 3-15 seconds to make an uploaded file
# available over HTTP.
for i in xrange(max_tries):
try:
temp_file = urlopen(file_url)
dl_hash = sha1(temp_file.read()).hexdigest()
temp_file.close()
except HTTPError, http_err:
# Don't raise the exception now, wait until all attempts fail
time.sleep(3)
else:
# If the downloaded file matches, success! Otherwise, we can
# be pretty sure that it got corrupted during FTP transfer.
if orig_hash == dl_hash:
return True
else:
msg = _('The file transferred to your FTP server is '\
'corrupted. Please try again.')
raise FTPUploadError(msg, None, None)
def _verify_upload_integrity(self, file, file_url):
"""Download the given file from the URL and compare the SHA1s.
:type file: :class:`cgi.FieldStorage`
:param file: A freshly uploaded file object, that has just been
sent to the FTP server.
:type file_url: str
:param file_url: A publicly accessible URL where the uploaded file
can be downloaded.
:returns: `True` if the integrity check succeeds or is disabled.
:raises FTPUploadError: If the file cannot be downloaded after
the max number of retries, or if the the downloaded file
doesn't match the original.
"""
max_tries = int(self._data[FTP_MAX_INTEGRITY_RETRIES])
if max_tries < 1:
return True
file.seek(0)
orig_hash = sha1(file.read()).hexdigest()
# Try to download the file. Increase the number of retries, or the
# timeout duration, if the server is particularly slow.
# eg: Akamai usually takes 3-15 seconds to make an uploaded file
# available over HTTP.
for i in xrange(max_tries):
try:
temp_file = urlopen(file_url)
dl_hash = sha1(temp_file.read()).hexdigest()
temp_file.close()
except HTTPError, http_err:
# Don't raise the exception now, wait until all attempts fail
time.sleep(3)
else:
# If the downloaded file matches, success! Otherwise, we can
# be pretty sure that it got corrupted during FTP transfer.
if orig_hash == dl_hash:
return True
else:
msg = _('The file transferred to your FTP server is '\
'corrupted. Please try again.')
raise FTPUploadError(msg, None, None)
def _set_password(self, password):
"""Hash password on the fly."""
if isinstance(password, unicode):
password_8bit = password.encode('UTF-8')
else:
password_8bit = password
salt = sha1()
salt.update(os.urandom(60))
hash_ = sha1()
hash_.update(password_8bit + salt.hexdigest())
hashed_password = salt.hexdigest() + hash_.hexdigest()
# make sure the hashed password is an UTF-8 object at the end of the
# process because SQLAlchemy _wants_ a unicode object for Unicode columns
if not isinstance(hashed_password, unicode):
hashed_password = hashed_password.decode('UTF-8')
self._password = hashed_password
def _set_password(self, password):
"""Hash password on the fly."""
if isinstance(password, unicode):
password_8bit = password.encode('UTF-8')
else:
password_8bit = password
salt = sha1()
salt.update(os.urandom(60))
hash_ = sha1()
hash_.update(password_8bit + salt.hexdigest())
hashed_password = salt.hexdigest() + hash_.hexdigest()
# make sure the hashed password is an UTF-8 object at the end of the
# process because SQLAlchemy _wants_ a unicode object for Unicode columns
if not isinstance(hashed_password, unicode):
hashed_password = hashed_password.decode('UTF-8')
self._password = hashed_password
def _verify_ftp_upload_integrity(file, file_url):
"""Download the file and make sure that it matches the original.
Returns True on success, and raises a formencode.Invalid on failure
so that the error may be displayed to the user.
FIXME: Ideally we wouldn't have to download the whole file, we'd have
some better way of verifying the integrity of the upload.
"""
tries = 0
max_tries = int(app_globals.settings['ftp_upload_integrity_retries'])
if max_tries < 1:
return True
file.seek(0)
orig_hash = sha1(file.read()).hexdigest()
# Try to download the file. Increase the number of retries, or the
# timeout duration, if the server is particularly slow.
# eg: Akamai usually takes 3-15 seconds to make an uploaded file
# available over HTTP.
while tries < max_tries:
tries += 1
try:
temp_file = urllib2.urlopen(file_url)
new_hash = sha1(temp_file.read()).hexdigest()
temp_file.close()
# If the downloaded file matches, success! Otherwise, we can
# be pretty sure that it got corrupted during FTP transfer.
if orig_hash == new_hash:
return True
else:
msg = _('The file transferred to your FTP server is '\
'corrupted. Please try again.')
raise FTPUploadException(msg, None, None)
except urllib2.HTTPError, http_err:
# Don't raise the exception now, wait until all attempts fail
time.sleep(3)
def validate_password(self, password):
"""Check the password against existing credentials.
:param password: the password that was provided by the user to
try and authenticate. This is the clear text version that we will
need to match against the hashed one in the database.
:type password: unicode object.
:return: Whether the password is valid.
:rtype: bool
"""
hashed_pass = sha1()
hashed_pass.update(password + self.password[:40])
return self.password[40:] == hashed_pass.hexdigest()
def validate_password(self, password):
"""Check the password against existing credentials.
:param password: the password that was provided by the user to
try and authenticate. This is the clear text version that we will
need to match against the hashed one in the database.
:type password: unicode object.
:return: Whether the password is valid.
:rtype: bool
"""
hashed_pass = sha1()
hashed_pass.update(password + self.password[:40])
return self.password[40:] == hashed_pass.hexdigest()
def test_add_vimeo_video(self):
pylons.app_globals.settings['use_embed_thumbnails'] = 'true'
media = save_media_obj(
u'Fake Name',
u'*****@*****.**',
u'Python Code Swarm',
u'A visualization of all activity in the Python repository.',
u'',
None,
u'http://www.vimeo.com/1093745'
)
# XXX: The following values are based on the values provided by the
# remote site at the time this test was written. They may change
# in future.
assert media.duration == 282
thumbnail_path = thumb_path(media, 's', exists=True)
assert thumbnail_path is not None
img = open(thumbnail_path)
s = sha1(img.read()).hexdigest()
img.close()
assert s == '1eb9442b7864841e0f48270de7e3e871050b3876'
def test_add_google_video(self):
pylons.app_globals.settings['use_embed_thumbnails'] = 'true'
media = save_media_obj(
u'Fake Name',
u'*****@*****.**',
u'Pictures at an Exhibition',
u'A nice, long, production of the orchestrated Pictures...',
u'',
None,
u'http://video.google.com/videoplay?docid=8997593004077118819'
)
# XXX: The following values are based on the values provided by the
# remote site at the time this test was written. They may change
# in future.
assert media.duration == 1121
thumbnail_path = thumb_path(media, 's', exists=True)
assert thumbnail_path is not None
img = open(thumbnail_path)
s = sha1(img.read()).hexdigest()
img.close()
assert s == 'f8e84e4a487c9ff6ea69ac696c199ae6ac222e38'
def test_add_youtube_video(self):
pylons.app_globals.settings['use_embed_thumbnails'] = 'true'
media = save_media_obj(
u'Fake Name',
u'*****@*****.**',
u'Old Spice',
u'Isiah Mustafa stars in...',
u'',
None,
u'http://www.youtube.com/watch?v=uLTIowBF0kE'
)
# XXX: The following values are based on the values provided by the
# remote site at the time this test was written. They may change
# in future.
assert media.duration == 32
thumbnail_path = thumb_path(media, 's', exists=True)
assert thumbnail_path is not None
img = open(thumbnail_path)
s = sha1(img.read()).hexdigest()
img.close()
assert s == 'f0a3f5991fa032077faf2d3c698a6cf3e9dcadc1'
