def get_action_token(self, request, obj):
plugin_id = force_text(obj.pk)
# salt is different for every user
signer = signing.Signer(salt=request.session.session_key)
return signer.sign(plugin_id)
def test_works_with_non_ascii_keys(self):
binary_key = b'\xe7' # Set some binary (non-ASCII key)
s = signing.Signer(binary_key)
self.assertEqual('foo:6NB0fssLW5RQvZ3Y-MTerq2rX7w', s.sign('foo'))
def test_valid_sep(self):
separators = ['/', '*sep*', ',']
for sep in separators:
signer = signing.Signer('predictable-secret', sep=sep)
self.assertEqual('foo%ssH9B01cZcJ9FoT_jEVkRkNULrl8' % sep,
signer.sign('foo'))
def office_convert_cluster_token(file_id):
from django.core import signing
s = '-'.join([file_id, datetime.now().strftime('%Y%m%d')])
return signing.Signer().sign(s)
def signer(self):
if self.max_age is None:
return signing.Signer(salt=self.salt)
else:
return signing.TimestampSigner(salt=self.salt)
class DropFileWidget(widgets.Widget):
signer = signing.Signer()
def __init__(self, area_label, fileupload_url, attrs=None):
self.area_label = area_label
self.fileupload_url = fileupload_url
super(DropFileWidget, self).__init__(attrs)
self.filetype = 'file'
def render(self, name, value, attrs=None, renderer=None):
from django.contrib.staticfiles.storage import staticfiles_storage
extra_attrs = dict(attrs)
extra_attrs.update({
'name':
name,
'class':
'djng-{}-uploader'.format(self.filetype),
'djng-fileupload-url':
self.fileupload_url,
'ngf-drop':
'uploadFile($file, "{0}", "{id}", "{ng-model}")'.format(
self.filetype, **attrs),
'ngf-select':
'uploadFile($file, "{0}", "{id}", "{ng-model}")'.format(
self.filetype, **attrs),
})
self.update_attributes(extra_attrs, value)
final_attrs = self.build_attrs(self.attrs, extra_attrs=extra_attrs)
elements = [
format_html('<textarea {}>{}</textarea>', flatatt(final_attrs),
self.area_label)
]
# add a spinnging wheel
spinner_attrs = {
'class': 'glyphicon glyphicon-refresh glyphicon-spin',
'ng-cloak': True,
}
elements.append(format_html('<span {}></span>',
flatatt(spinner_attrs)))
# add a delete icon
icon_attrs = {
'src':
staticfiles_storage.url('djng/icons/{}/trash.svg'.format(
self.filetype)),
'class':
'djng-btn-trash',
'title':
_("Delete File"),
'djng-fileupload-button ':
True,
'ng-click':
'deleteImage("{id}", "{ng-model}")'.format(**attrs),
'ng-cloak':
True,
}
elements.append(format_html('<img {} />', flatatt(icon_attrs)))
# add a download icon
if value:
download_attrs = {
'href': value.url,
'class': 'djng-btn-download',
'title': _("Download File"),
'download': True,
'ng-cloak': True,
}
download_icon = staticfiles_storage.url(
'djng/icons/{}/download.svg'.format(self.filetype))
elements.append(
format_html('<a {}><img src="{}" /></a>',
flatatt(download_attrs), download_icon))
return format_html('<div class="drop-box">{}</div>',
mark_safe(''.join(elements)))
def update_attributes(self, attrs, value):
if value:
try:
content_type, _ = mimetypes.guess_type(value.file.name)
extension = mimetypes.guess_extension(content_type)[1:]
except (IOError, IndexError, TypeError):
extension = '_blank'
background_url = staticfiles_storage.url(
'djng/icons/{}.png'.format(extension))
attrs.update({
'style':
'background-image: url({});'.format(background_url),
'current-file':
self.signer.sign(value.name)
})
class FileUploadTest(TestCase):
signer = signing.Signer()
storage = app_settings.upload_storage
def tearDown(self):
try:
os.remove(
os.path.join(settings.MEDIA_ROOT,
'upload_temp/sample-image.jpg'))
except:
pass
def upload_image(self):
client = Client()
upload_filename = os.path.join(os.path.dirname(__file__),
'sample-image.jpg')
with open(upload_filename, 'rb') as fp:
upload_url = reverse('fileupload')
response = client.post(upload_url, {
'file:0': fp,
'filetype': 'image'
})
self.assertEquals(response.status_code, 200)
return json.loads(response.content.decode('utf-8'))
def test_upload(self):
content = self.upload_image()
self.assertTrue('file:0' in content)
self.assertTrue(content['file:0']['url'].startswith(
'url(data:application/octet-stream;base64,/9j/4AAQSkZJRgABA'))
self.assertEquals(content['file:0']['file_name'], 'sample-image.jpg')
self.assertEquals(content['file:0']['content_type'], 'image/jpeg')
self.assertEquals(self.signer.unsign(content['file:0']['temp_name']),
'sample-image.jpg')
def test_render_widget(self):
form = TestUploadForm()
htmlsource = form.as_p()
dom = PyQuery(htmlsource)
textarea = dom('div.drop-box textarea')
self.assertEquals(textarea.attr('djng-fileupload-url'),
reverse('fileupload'))
self.assertEquals(
textarea.attr('ngf-drop'),
'uploadFile($file, "image", "id_avatar", "my_data[\'avatar\']")')
self.assertEquals(
textarea.attr('ngf-select'),
'uploadFile($file, "image", "id_avatar", "my_data[\'avatar\']")')
delete_button = dom('div.drop-box img.djng-btn-trash')
self.assertEquals(delete_button.attr('src'),
'/static/djng/icons/image/trash.svg')
self.assertEquals(delete_button.attr('djng-fileupload-button'), '')
self.assertEquals(delete_button.attr('ng-click'),
'deleteImage("id_avatar", "my_data[\'avatar\']")')
def test_receive_small_image(self):
content = self.upload_image()
content['file:0'].pop('url')
data = {'avatar': content['file:0']}
form = TestUploadForm(data=data)
self.assertTrue(form.is_valid())
self.assertIsInstance(form.cleaned_data['avatar'],
InMemoryUploadedFile)
self.assertEquals(form.cleaned_data['avatar'].name, "sample-image.jpg")
# TODO: delete this image again
# stored_image = self.storage.save('persisted.jpg', form.cleaned_data['avatar'].file)
# initial = {'avatar': stored_image}
# form = TestUploadForm(initial=initial)
# htmlsource = form.as_p()
@override_settings(FILE_UPLOAD_MAX_MEMORY_SIZE=50000)
def test_receive_large_image(self):
content = self.upload_image()
content['file:0'].pop('url')
data = {'avatar': content['file:0']}
form = TestUploadForm(data=data)
self.assertTrue(form.is_valid())
self.assertIsInstance(form.cleaned_data['avatar'],
TemporaryUploadedFile)
self.assertEquals(form.cleaned_data['avatar'].name, "sample-image.jpg")
def test_invalid_algorithm(self):
signer = signing.Signer('predictable-secret', algorithm='whatever')
msg = "'whatever' is not an algorithm accepted by the hashlib module."
with self.assertRaisesMessage(InvalidAlgorithm, msg):
signer.sign('hello')
def __init__(self, *args, **kwargs):
self.signer = signing.Signer()
# workaround modeltranslation patching Page.clean in an unpythonic way
# goo.gl/yYD4pw
self.clean = lambda: None
super().__init__(*args, **kwargs)
import os.path
from six.moves.urllib_parse import parse_qs, urlparse, urlunparse
from django.core.management import call_command
from django.core.management.base import BaseCommand
from django.conf import settings
from django.core import signing
from django.utils.crypto import get_random_string
try:
from django.urls import reverse
except ImportError:
from django.core.urlresolvers import reverse
signer = signing.Signer(salt='datadownloader')
class Command(BaseCommand):
def __init__(self, *args, **kw):
self._requests = kw.pop('requests', None)
super(Command, self).__init__(*args, **kw)
def add_arguments(self, parser):
super(Command, self).add_arguments(parser)
parser.add_argument('--media-only',
action='store_const',
const='media',
dest='components',
default='media+db')
parser.add_argument(
import binascii
import json
import re
import urllib.parse
from collections import namedtuple
from django.core import signing
SQL_SALT = "django_sql_dashboard:query"
signer = signing.Signer(salt=SQL_SALT)
def sign_sql(sql):
return signer.sign(sql)
def unsign_sql(signed_sql, try_object=False):
# Returns (sql, signature_verified)
# So we can handle broken signatures
# Usually this will be a regular string
try:
sql = signer.unsign(signed_sql)
return sql, True
except signing.BadSignature:
try:
value, bad_sig = signed_sql.rsplit(signer.sep, 1)
return value, False
except ValueError:
return signed_sql, False
from django.core.exceptions import PermissionDenied
from django import http
from django.utils.encoding import force_str, force_text
from easydjango.websockets.exceptions import WebSocketError, HandshakeError, UpgradeRequiredError
try:
# django >= 1.8 && python >= 2.7
# https://docs.djangoproject.com/en/1.8/releases/1.7/#django-utils-dictconfig-django-utils-importlib
from importlib import import_module
except ImportError:
# RemovedInDjango19Warning: django.utils.importlib will be removed in Django 1.9.
# noinspection PyUnresolvedReferences
from django.utils.importlib import import_module
logger = logging.getLogger('django.request')
signer = signing.Signer()
topic_serializer = import_string(settings.WS4REDIS_TOPIC_SERIALIZER)
signal_decoder = import_string(settings.WS4REDIS_SIGNAL_DECODER)
# noinspection PyCallingNonCallable
@lru_cache()
def _get_redis_connection():
return StrictRedis(**settings.WS4REDIS_CONNECTION)
def get_websocket_topics(request):
signed_token = request.GET.get('token', '')
try:
token = signer.unsign(signed_token)
except signing.BadSignature:
