def maskurl(given_url, *args, **kwargs):
"""
Probable usage:
- {% url 'main' %} ->
{% maskurl 'main' %}
- {% url 'list' 4 %} ->
{% maskurl 'main' 4 %}
- {% url 'list' 'blah' %} ->
{% maskurl 'main' 'blah' %}
- {% url 'list' object.id %} ->
{% maskurl 'main' object.id %}
- {% url 'list' obj1.id obj2.id %} ->
{% maskurl 'main' obj1.id obj2.id %}
- {% url 'list' obj1.name|title obj2.id|lower %} ->
{% maskurl 'main' obj1.id|title obj2.id|lower %}
- {{ reversed_url }} ->
{% maskurl reversed_url %}
After Django 1.7.0 version url built in
templatetag returns quoted paths
"""
maskedurl = ""
match = given_url.find("/") == -1
if match:
reversed_url = url_reverse(given_url, args=args, kwargs=kwargs)
resolved_url = urlunquote(reversed_url)
maskedurl = dumps(resolved_url.lstrip('/'))
else:
maskedurl = dumps(given_url.lstrip('/'))
if DJANGO_VERSION >= 170:
maskedurl = urlquote(maskedurl)
return '/%s' % maskedurl
def add_key(request):
"""
Add key. Get data and save it in database.
:param request: object, POST (user_salt, ssh_key_pub, ssh_key_privat, description)
:return: 'SSHKeyStoreApp/add_key.html', form
"""
if request.method == 'POST':
form = ProfileAddEditForm(request.POST)
if form.is_valid():
user_salt = form.cleaned_data['user_salt']
ssh_key_pub = form.cleaned_data['ssh_key_pub']
ssh_key_privat = form.cleaned_data['ssh_key_privat']
description = form.cleaned_data['description']
store = SSHStore()
user = User.objects.get(pk=request.user.id)
store.user_link = user
store.user_salt = user_salt
value_pub = signing.dumps((ssh_key_pub,), key=settings.SECRET_KEY, salt=user_salt)
store.ssh_key_pub = value_pub
if ssh_key_privat:
value_private = signing.dumps((ssh_key_privat,), key=settings.SECRET_KEY, salt=user_salt)
store.ssh_key_privat = value_private
store.description = description
store.save()
return HttpResponseRedirect(reverse('profile:user'))
else:
form = ProfileAddEditForm()
return render(request, 'SSHKeyStoreApp/add_key.html', {'form': form})
def openvas_details(request):
with open(openvas_data, 'r+') as f:
data = json.load(f)
ov_user = data['open_vas_user']
ov_pass = data['open_vas_pass']
ov_ip = data['open_vas_ip']
lod_ov_user = signing.loads(ov_user)
lod_ov_pass = signing.loads(ov_pass)
lod_ov_ip = signing.loads(ov_ip)
if request.method == 'POST':
scan_host = request.POST.get("scan_host", )
openvas_user = request.POST.get("openvas_user", )
openvas_password = request.POST.get("openvas_password", )
else:
scan_host = lod_ov_user
openvas_user = lod_ov_pass
openvas_password = lod_ov_ip
with open(openvas_data, 'r+') as f:
sig_ov_user = signing.dumps(openvas_user)
sig_ov_pass = signing.dumps(openvas_password)
sig_ov_ip = signing.dumps(scan_host)
data = json.load(f)
data['open_vas_user'] = sig_ov_user
data['open_vas_pass'] = sig_ov_pass
data['open_vas_ip'] = sig_ov_ip
f.seek(0)
json.dump(data, f, indent=4)
f.truncate()
messages.add_message(request, messages.SUCCESS, 'Openvas Setting Updated ')
return render(request, 'setting_form.html', )
def edit_key(request, code):
"""
Edit data and save it in database.
:param request: object, POST (user_salt, ssh_key_pub, ssh_key_privat, description)
:param code: models.SSHStore.id
:return: Http404 or redirect to views.profile() or "SSHKeyStoreApp/edit_key.html" with
form, code
"""
data = SSHStore.objects.filter(user_link=request.user.id).filter(id=code).values('user_salt',
'ssh_key_pub',
'ssh_key_privat',
'description')
if not data:
raise Http404("Key error")
if request.method == "POST":
form = ProfileAddEditForm(request.POST)
if form.is_valid():
user_salt = form.cleaned_data['user_salt']
ssh_key_pub = form.cleaned_data['ssh_key_pub']
ssh_key_privat = form.cleaned_data['ssh_key_privat']
description = form.cleaned_data['description']
value_pub = signing.dumps((ssh_key_pub,), key=settings.SECRET_KEY, salt=user_salt)
value_private = signing.dumps((ssh_key_privat,), key=settings.SECRET_KEY, salt=user_salt)
store = SSHStore.objects.filter(user_link=request.user.id).filter(id=code)[0]
store.user_salt = user_salt
store.ssh_key_pub = value_pub
store.ssh_key_privat = value_private
store.description = description
store.save()
return HttpResponseRedirect(reverse('profile:user'))
else:
data = forming_data(data)
form = ProfileAddEditForm(data[0])
return render(request, "SSHKeyStoreApp/edit_key.html", {'form': form, 'code': code})
def test_dumps_loads(self):
"dumps and loads be reversible for any JSON serializable object"
objects = [["a", "list"], "a unicode string \u2019", {"a": "dictionary"}]
if six.PY2:
objects.append(b"a byte string")
for o in objects:
self.assertNotEqual(o, signing.dumps(o))
self.assertEqual(o, signing.loads(signing.dumps(o)))
self.assertNotEqual(o, signing.dumps(o, compress=True))
self.assertEqual(o, signing.loads(signing.dumps(o, compress=True)))
def test_dumps_loads(self):
"dumps and loads be reversible for any JSON serializable object"
objects = (
['a', 'list'],
'a string',
u'a unicode string \u2019',
{'a': 'dictionary'},
)
for o in objects:
self.assertNotEqual(o, signing.dumps(o))
self.assertEqual(o, signing.loads(signing.dumps(o)))
def jira_setting(request):
if request.method == 'POST':
jira_url = request.POST.get('jira_url')
jira_username = request.POST.get('jira_username')
jira_password = request.POST.get('jira_password')
username = signing.dumps(jira_username)
password = signing.dumps(jira_password)
save_data = jirasetting(jira_server=jira_url,
jira_username=username,
jira_password=password)
save_data.save()
return render(request, 'jira_setting_form.html')
def test_dumps_loads(self):
"dumps and loads be reversible for any JSON serializable object"
objects = [
['a', 'list'],
'a unicode string \u2019',
{'a': 'dictionary'},
]
if six.PY2:
objects.append(b'a byte string')
for o in objects:
self.assertNotEqual(o, signing.dumps(o))
self.assertEqual(o, signing.loads(signing.dumps(o)))
self.assertNotEqual(o, signing.dumps(o, compress=True))
self.assertEqual(o, signing.loads(signing.dumps(o, compress=True)))
def form_valid(self, form):
self.user = form.cleaned_data['user']
self.search_fields[0] == 'username'
email = self.user.username
self.mail_signature = signing.dumps(email, salt=self.url_salt)
context = {
'site': RequestSite(self.request),
'user': self.user,
'token': signing.dumps(self.user.pk, salt=self.salt),
'secure': self.request.is_secure(),
}
return render(self.request,
'password_reset/password_reset_message.html',
{'context': context}
)
def make_request(self, request):
"""
We need this to be a method and not a function, since we need to have
a reference to the shop interface
"""
order = self.shop.get_order(request)
base_url = '%s://%s' % ('https' if request.is_secure() else 'http', request.get_host())
signed_order = signing.dumps({'order_id': order.pk})
xml_request = render_to_string('shop_sofortpayment/xml/new_transaction.xml', {
'project_id': settings.SHOP_SOFORT_PROJECT_ID,
'language_code': get_language(),
'interface_version': 'django-shop-sofortpayment-' + __version__,
'amount': order.order_total,
'currency': settings.SHOP_SOFORT_CURRENCY,
'order_number': order.pk,
'user_name': order.billing_address_text,
'success_url': '%s%s?s=%s' % (base_url, reverse('sofort_success'), signed_order),
'notification_url': '%s%s?s=%s' % (base_url, reverse('sofort_notify'), signed_order),
'abort_url': base_url + reverse('cart'),
'customer_protection': '1' if settings.SHOP_SOFORT_ENABLE_CUSTOMER_PROTECTION else '0',
})
response = requests.post(
settings.SHOP_SOFORT_API_ENDPOINT,
data=xml_request.encode('utf-8'),
headers={'Content-Type': 'application/xml; charset=UTF-8'},
auth=(settings.SHOP_SOFORT_CUSTOMER_NUMBER, settings.SHOP_SOFORT_API_KEY),
)
if response.status_code == 200:
doc = xmltodict.parse(response.content)
transaction = SofortTransaction.objects.create(
order=order,
transaction_number=doc['new_transaction']['transaction'],
)
return HttpResponseRedirect(doc['new_transaction']['payment_url'])
return render_to_response("shop_sofortpayment/payment.html", context)
def _get_action_url(url_name, user):
token = signing.dumps(user.pk, salt=settings.URL_ENCODE_SECRET_KEY)
# remove teh token; because signing creates a token with datetime invlved
# and tometimes out tests woudl fail because of the time diff involved in
# the testing process; so simply generate teh url but remove the token so
# at least we guarantee that the url is in the body
return ABSOLUTE_BASE_URL(reverse(url_name, kwargs={'token': token})).replace(token, '')
def function_wrapper(request, *args, **kwargs):
# Check if the key for the LinkedIn session is in the user's session
# and deletes it if it is present.
if SESSION_KEY in request.session:
del request.session[SESSION_KEY]
# Tries to create a LinkedIn client for the current user.
try:
client = LinkedInClient(request.user.linkedinoauthprofile)
except:
client = None
# If the client for this user was successfully created and the
# user's data is not retrieved yet from LinkedIn: checks the
# validity of the current access token, if the token is valid
# retrieves the data from LinkedIn, if the token is invalid then
# requests a new token.
if client and SESSION_KEY not in request.COOKIES:
if not client.debug_access_token():
return HttpResponseRedirect(reverse(
'socialnetworks:linkedin:login'))
else:
# Retrieves the data from LinkedIn.
data = client.get('people/~:(%s)' % SESSION_FIELDS)
# Protects the user potentially sensible data.
data = signing.dumps(data)
# Stores the retrieved data temporarily in the user session
# if required to access it in the view.
request.session[SESSION_KEY] = data
# Creates the response object and stores the retrieved data
# in a signed cookie that its valid only for the seconds
# specified in settings.
response = function(request, *args, **kwargs)
response.set_signed_cookie(
SESSION_KEY, value=data,
httponly=True, max_age=COOKIE_MAX_AGE
)
return response
# If there is no client for the current user but it has data stored
# in its session (when a user disconnects its profile), removes
# the data from its cookies.
elif not client and SESSION_KEY in request.COOKIES:
# Stores temporarily a empty data for the session, this way
# we can check quickly in the view if the user has disconnected
# its profile.
request.session[SESSION_KEY] = None
# Creates the response object and deletes the cookie from it.
response = function(request, *args, **kwargs)
response.delete_cookie(SESSION_KEY)
return response
return function(request, *args, **kwargs)
def charge(self, data):
if self._capture:
params = self._prepare_sale(data)
else:
params = self._prepare_preauth(data)
response = self._make_request(params)
self.payment.attrs.capture = self._capture
self.payment.transaction_id = response.requestID
if response.reasonCode == AUTHENTICATE_REQUIRED:
xid = response.payerAuthEnrollReply.xid
self.payment.attrs.xid = xid
self.payment.change_status(
'waiting',
message=_('3-D Secure verification in progress'))
action = response.payerAuthEnrollReply.acsURL
cc_data = dict(data)
expiration = cc_data.pop('expiration')
cc_data['expiration'] = {
'month': expiration.month,
'year': expiration.year}
cc_data = signing.dumps(cc_data)
payload = {
'PaReq': response.payerAuthEnrollReply.paReq,
'TermUrl': self.get_return_url({'token': cc_data}),
'MD': xid}
form = BaseForm(data=payload, action=action, autosubmit=True)
raise ExternalPostNeeded(form)
else:
self._set_proper_payment_status_from_reason_code(
response.reasonCode)
def get_token_for_user(user):
"""
Generate a new signed token containing
a specified user.
"""
data = {"user_id": user.id}
return signing.dumps(data)
def confirm_user(id, username):
token = signing.dumps({'user_id': id})
url = reverse('user:confirm', kwargs={'token': token})
subject = '{}, 激活你的帐户'.format(username)
message = render_to_string('user/confirm.tpl', {'url': url})
mail_sent = send_mail(subject, message, settings.EMAIL_HOST_USER, ['*****@*****.**'])
return mail_sent
def test_activation_signal(self):
self.client.post(
reverse('registration_register'),
data=self.valid_data
)
activation_key = signing.dumps(
obj=self.valid_data[self.user_model.USERNAME_FIELD],
salt=REGISTRATION_SALT
)
with self.assertSignalSent(signals.user_activated,
required_kwargs=['user', 'request']) as cm:
self.client.get(
reverse(
'registration_activate',
args=(),
kwargs={'activation_key': activation_key}
)
)
self.assertEqual(
getattr(cm.received_kwargs['user'],
self.user_model.USERNAME_FIELD),
self.valid_data[self.user_model.USERNAME_FIELD]
)
self.assertTrue(
isinstance(cm.received_kwargs['request'], HttpRequest)
)
def test_activation(self):
"""
Activation of an account functions properly.
"""
resp = self.client.post(
reverse('registration_register'),
data=self.valid_data
)
activation_key = signing.dumps(
obj=self.valid_data[self.user_model.USERNAME_FIELD],
salt=REGISTRATION_SALT
)
with self.assertSignalSent(signals.user_activated):
resp = self.client.get(
reverse(
'registration_activate',
args=(),
kwargs={'activation_key': activation_key}
)
)
self.assertRedirects(resp, reverse('registration_activation_complete'))
def form_valid(self, form):
email = form.cleaned_data['email']
token = signing.dumps({
'email': email,
'user_pk': self.request.user.pk,
})
link = '{0}?token={1}'.format(
reverse('email-change-verify'),
token)
link = self.request.build_absolute_uri(link)
ctx = {'email': email,
'user': self.request.user,
'link': link,
'domain': self.request.get_host(),
}
subject = render_to_string(self.subject_template, ctx).strip()
body = render_to_string(self.body_template, ctx)
mail.EmailMessage(subject=subject, body=body, to=[email]).send()
messages.info(self.request,
_('Your request for changing your email '
'is received. An email of validation '
'was sent to you. Please click on the '
'link contained inside.'))
logging.getLogger(__name__).info('email change request by %s',
self.request.user)
return super(EmailChangeView, self).form_valid(form)
def test_nonexistent_activation(self):
"""
A nonexistent username in an activation key will fail to
activate.
"""
activation_key = signing.dumps(
obj='parrot',
salt=REGISTRATION_SALT
)
with self.assertSignalNotSent(signals.user_activated):
resp = self.client.get(
reverse(
'registration_activate',
args=(),
kwargs={'activation_key': activation_key}
)
)
self.assertEqual(200, resp.status_code)
self.assertTemplateUsed(resp, 'registration/activate.html')
self.assertTrue('activation_error' in resp.context)
self.assertEqual(
resp.context['activation_error'],
{'message': ActivationView.BAD_USERNAME_MESSAGE,
'code': 'bad_username',
'params': None}
)
def get(self, *args, **kwargs):
data = signing.dumps(self.get_data(self.request))
response = super(SwitchAccount, self).get(*args, **kwargs)
response.set_cookie('switch_account', data)
return response
def send_registration_mail(request, email, template_names, next_url=None,
ctx=None, **kwargs):
'''Send a registration mail to an user. All given kwargs will be used
to completed the user model.
Can raise an smtplib.SMTPException
'''
if isinstance(template_names, basestring):
template_names = [template_names]
# signed token
data = kwargs.copy()
data['email'] = email
data[REDIRECT_FIELD_NAME] = next_url
registration_token = signing.dumps(data)
activate_url = request.build_absolute_uri(reverse('registration_activate',
kwargs={'registration_token': registration_token}))
# ctx for rendering the templates
ctx = ctx.copy()
ctx.update({
'registration_url': activate_url,
'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS,
'email': email,
'request': request,
'site': request.get_host()
})
send_templated_mail(email, template_names, ctx)
def register_view(request):
form = UserRegistrationForm(request.POST or None, request.FILES or None)
if request.user.is_authenticated():
return redirect('login_view')
if request.method == 'POST':
if form.is_valid():
form.save()
email = form.cleaned_data['email']
password = form.cleaned_data['password1']
activation_key = signing.dumps({'email': email})
user = User.objects.get(email=email)
UserActivation.objects.filter(user=user).delete()
new_activation = UserActivation(user=user, activation_key=activation_key,
request_time=timezone.now())
new_activation.save()
mailing.confirm_email(email, activation_key)
notification = Notification(user=user,
text='Пожалуйста, активируйте ваш профиль, перейдя по ссылке в письме на вашем почтовом ящике')
notification.save()
user = auth.authenticate(username=email, password=password)
auth.login(request, user)
return redirect('index_view')
else:
messages.warning(request, "Здесь есть неверно заполненные поля!")
return render(request, 'reg.html', {'form': form})
return render(request, 'reg.html', {'form': form})
def generate_api_token(user):
"""Generate a new API token for a given user."""
data = {
'auth_hash': user.get_session_auth_hash(),
'user_id': user.pk,
}
return signing.dumps(data, salt=WebTokenAuthentication.salt)
def sendmail(self, payment):
__dir__ = os.path.dirname(os.path.abspath(__file__))
if payment.status == 'success':
mailfile = "mailsuccess.txt"
status = "оплачен"
if payment.status == 'waitAccept':
mailfile = "mailpending.txt"
status = "в обработке"
if payment.status == 'canceled':
mailfile = "mailcancel.txt"
status = "отменен"
signer = Signer()
value = signing.dumps({"id": payment.paymentid})
link = 'http://biblio.land/payment/' + value
with open(os.path.join(__dir__, mailfile), "r") as myfile:
message = myfile.read().format(
link, payment.email, payment.paymentid)
send_mail('Магазин электронных книг Библиоленд. Заказ №{0} {1}.'.format(
payment.paymentid, status), message, '*****@*****.**', (payment.email,))
def test_provider_redirects_on_success_preauth_payment(
self, mocked_request, mocked_redirect):
provider = CyberSourceProvider(
merchant_id=MERCHANT_ID, password=PASSWORD, org_id=ORG_ID,
capture=False)
transaction_id = 1234
xid = 'abc'
self.payment.attrs.xid = xid
response = MagicMock()
response.requestID = transaction_id
response.reasonCode = ACCEPTED
mocked_request.return_value = response
request = MagicMock()
request.POST = {'MD': xid}
request.GET = {'token': signing.dumps({
'expiration': {'year': 2020, 'month': 9},
'name': 'John Doe',
'number': '371449635398431',
'cvv2': '123'
})}
provider.process_data(self.payment, request)
self.assertEqual(self.payment.status, 'preauth')
self.assertEqual(self.payment.captured_amount, 0)
self.assertEqual(self.payment.transaction_id, transaction_id)
def start(request):
if request.method == 'POST':
# no_bans = bool(request.POST.get('no_bans'))
# picks_first = bool(request.POST.get('picks_first'))
first_user = PickUser()
second_user = PickUser()
first_user.battle_tag = request.POST.get('battle_tag')
second_user.battle_tag = request.POST.get('opponent_battle_tag')
first_user.save()
second_user.save()
new_pick = Pick(first_user=first_user, second_user=second_user)
# new_pick.no_bans = no_bans
# new_pick.picks_first = picks_first
# if no_bans:
# new_pick.picks_first = True
# new_pick.first_bans_finished = True
# new_pick.second_bans_finished = True
new_pick.save()
# Create urlsafe sha1 signed base64 string
data_container = dict() # Contains info about database object and user role
data_container['pk'] = new_pick.pk
data_container['role'] = 'first'
first_link = signing.dumps(data_container)
return redirect(reverse('classpicker:main', kwargs={'code': first_link}))
pick_start_form = PickStartForm
return render(request, 'classpicker/start.html', {'pick_start_form': pick_start_form})
def test_no_auth_hash_in_payload(self):
data = {
'user_id': self.user.pk,
}
token = signing.dumps(data, salt=WebTokenAuthentication.salt)
with self.assertRaises(AuthenticationFailed):
self._authenticate(token)
def form_valid(self, form, formset):
# We allow users to preview their purchase.
# We serialize all form data into one json object that is then
# signed using django.core.signing
self.stage = 'preview'
serialized_data = self.serialize(form, formset)
signed_data = signing.dumps(serialized_data, salt=self.salt, compress=True)
purchase = form.cleaned_data
tickets = []
payment_total = 0.0
for tform in formset.changed_forms:
t = tform.cleaned_data
# Copy for template access
t['ticket_type'] = t['ticket_type_id']
t['user'] = t['user_id']
t['sponsor'] = t['sponsor_id']
payment_total += t['ticket_type_id'].fee
tickets.append(t)
purchase['payment_total'] = payment_total
ctx = self.get_context_data(signed_data=signed_data,
purchase=purchase,
tickets=tickets)
return self.render_to_response(ctx)
def get_token_for_user(user, scope):
"""
Generate a new signed token containing
a specified user limited for a scope (identified as a string).
"""
data = {"user_%s_id" % (scope): user.id}
return signing.dumps(data)
def forget_password(self, request, **kwargs):
try:
self.method_check(request, allowed=('post',))
data = self.deserialize(request, request.body, format=request.META.get('CONTENT_TYPE', 'application/json'))
user = User.objects(email=data.get('email')).first()
if user is None:
return self.create_response(request, {'error_message': 'email error'}, HttpBadRequest)
token = signing.dumps(user.id, key=SECRET_KEY)
PwdRstToken.objects(user=user).update_one(
set__token = token,
set__generated_at = datetime.utcnow(),
set__expires = 10,
set__validated = False,
upsert = True
)
if DEBUG:
link = reverse('api_reset_password', kwargs={'resource_name': self._meta.resource_name, 'api_name': 'v1', 'user_id': user.id})
else:
link = u'http://{}/{}/api/v1/user/{}/rstpwd/'.format(HOST, APP_NAME, user.id)
url = u'{}?token={}&format=json'.format(request.build_absolute_uri(link), token)
c = Context({'user': user, 'APP_NAME': APP_NAME, 'url': url})
html_content = loader.get_template('fgtpwd.html').render(c)
email = EmailMultiAlternatives(u'验证登录邮箱【{}安全中心 】'.format(APP_NAME), '', EMAIL_HOST_USER, [user.email])
email.attach_alternative(html_content, "text/html")
email.send()
return self.create_response(request, {'success': True})
except:
traceback.print_exc()
raise
def sign_submission_metadata(data):
return signing.dumps(data, salt=SUBMISSION_RECEIVED_SALT, compress=True)
def generate_token(user_id: int, **kwargs):
j = dict(user_id=user_id)
j.update(kwargs)
value = signing.dumps(j, salt=settings.SECRET_KEY)
return value
def make_local_part(conversation, user):
signed_part = signing.dumps([conversation.id, user.id])
signed_part = signed_part.encode('utf8')
encoded = b64encode(signed_part)
return encoded.decode('utf8')
def _get_activation_key(phone_number):
return signing.dumps(obj={'phone_number': str(phone_number)},
salt=SALT)
def user_secret_switch_key(self):
return signing.dumps({settings.SWITCH_HASH_KEY: self.pk})
def function_wrapper(request, *args, **kwargs):
# Check if the key for the Moves app session is in the user's session
# and deletes it if it is present.
if SESSION_KEY in request.session:
del request.session[SESSION_KEY]
# Tries to create a Moves app client for the current user.
try:
client = MovesAppClient(request.user.movesappoauthprofile)
except:
client = None
# If the client for this user was successfully created and the
# user's data is not retrieved yet from Moves app: checks the
# validity of the current access token, if the token is valid
# retrieves the data from Moves app, if the token is invalid then
# requests a new token.
if client and SESSION_KEY not in request.COOKIES:
if not client.debug_access_token():
return HttpResponseRedirect(
reverse('socialnetworks:moves-app:login'))
else:
# Retrieves the data from Moves app.
data = client.get('user/profile')
# Protects the user potentially sensible data.
data = signing.dumps(data)
# Stores the retrieved data temporarily in the user session
# if required to access it in the view.
request.session[SESSION_KEY] = data
# Creates the response object and stores the retrieved data
# in a signed cookie that its valid only for the seconds
# specified in settings.
response = function(request, *args, **kwargs)
response.set_signed_cookie(SESSION_KEY,
value=data,
httponly=True,
max_age=COOKIE_MAX_AGE)
return response
# If there is no client for the current user but it has data stored
# in its session (when a user disconnects its profile), removes
# the data from its cookies.
elif not client and SESSION_KEY in request.COOKIES:
# Stores temporarily a empty data for the session, this way
# we can check quickly in the view if the user has disconnected
# its profile.
request.session[SESSION_KEY] = None
# Creates the response object and deletes the cookie from it.
response = function(request, *args, **kwargs)
response.delete_cookie(SESSION_KEY)
return response
return function(request, *args, **kwargs)
def get(self, request):
user = request.user
thing_to_sign = {'u': user.id, 'what': 'export'}
signature = signing.dumps(thing_to_sign)
export_url = reverse('export', kwargs={'signature': signature})
return Response({'url': export_url})
def sign(self) -> None:
self._signed_data = signing.dumps(self._body)
def generate_sign(self):
return signing.dumps(self.pk)
def handleRequest(request):
form = request.POST
response_dict = dict()
checksum = ""
for i in form.keys():
response_dict[i] = form[i]
if i == "CHECKSUMHASH":
checksum = form[i]
verify = Checksum.verify_checksum(response_dict, MERCHANT_KEY, checksum)
if verify:
if response_dict["RESPCODE"] == "01":
messages.success(request, "Payment Successful ")
email = response_dict["ORDERID"][:-16]
print("----email----", email)
mail_dict = {
'email': email,
'response_dict': response_dict,
'STATUS': response_dict["STATUS"]
}
print(mail_dict)
subject = "XpressXerox:- Order Placed"
html_message = render_to_string('action/Transaction_Mail.html',
mail_dict)
message = 'strip_tags(html_message)'
sender = EMAIL_HOST_USER
receiver = email
send_mail(subject=subject,
message=message,
from_email=sender,
recipient_list=[receiver],
html_message=html_message)
print("transaction is completed and , Mail has been send")
trans = response_dict["ORDERID"].replace("@", "-") + currentTime()
print("------trans------", trans)
trans = signing.dumps(trans,
key="secreat_key_for_url",
salt="more_encryption_@9160")
url = "https://xpressxerox.pythonanywhere.com/action/userDashboard/?tran=" + trans
return HttpResponsePermanentRedirect(url)
elif response_dict["RESPCODE"] == "400" or response_dict[
"RESPCODE"] == "402":
messages.error(request, "Payment is Pending ")
email = response_dict["ORDERID"][:-16]
print("----email----", email)
mail_dict = {
'email': email,
'response_dict': response_dict,
'STATUS': response_dict["STATUS"]
}
print(mail_dict)
subject = "XpressXerox:- Transaction is Pending"
html_message = render_to_string('action/Transaction_Mail.html',
mail_dict)
message = 'strip_tags(html_message)'
sender = EMAIL_HOST_USER
receiver = email
send_mail(subject=subject,
message=message,
from_email=sender,
recipient_list=[receiver],
html_message=html_message)
print("transaction is Pending and , Mail has been send")
url = "https://xpressxerox.pythonanywhere.com/action/userDashboard/?tran=pending&OID={}".format(
response_dict["ORDERID"])
return HttpResponsePermanentRedirect(url)
else:
messages.error(request, response_dict['RESPMSG'])
return HttpResponsePermanentRedirect(
"https://xpressxerox.pythonanywhere.com/action/userDashboard/?tran=fail"
)
else:
return redirect("action:userDashboard")
def get_download_url(self):
from zentral.utils.api_views import API_SECRET
token = signing.dumps({"pk": self.pk}, salt="monolith", key=API_SECRET)
return "{}{}".format(
settings["api"]["tls_hostname"],
reverse("monolith:download_printer_ppd", args=(token, )))
def encrypt(data):
return signing.dumps(data)
def form_valid(self, form):
identifier = form.cleaned_data["email"]
# Identify user
user = None
if self.looks_like_email(identifier):
user = models.CoreUser.objects.filter(email=identifier).first()
if not user:
user = models.CoreUser.objects.filter(
username=identifier).first()
# Check reset method
if user:
# Check if this user has been locked out
if is_user_already_locked(user.username):
return lockout_response(self.request)
# Store the id of the user that we found in our search
self.request.session["lookup_user_id"] = str(user.id)
# Check if user has email or security questions.
if user.email:
form.cleaned_data["email"] = user.email
elif user.has_security_questions:
self.success_url = reverse("reset_password_security_questions")
else: # This should never be the case.
print("User %s cannot reset their password." % identifier)
elif not user:
client_id = utils.get_session_data(
self.request, constants.SessionKeys.CLIENT_ID
)
if client_id:
# Let it raise a DoesNotExist error. Something is very wrong
# if that is the case.
client = Client.objects.get(id=client_id)
try:
user = TemporaryMigrationUserStore.objects.get(
username=identifier, client_id=client.client_id
)
if not user.answer_one and not user.answer_two:
# If the user does not have a single answer, add a
# message and redirect back to the current view.
messages.warning(
self.request,
_("We are sorry, your account can not perform this action")
)
# Redirect to current url with entire querystring
# present.
return redirect(self.request.get_full_path())
token = signing.dumps(
user.id, salt="ge-migration-user-pwd-reset"
)
# TODO: Client will raise eventually, after pwd reset there
# is no way to enter back into login flow. Outside the
# scope of GE-1085 to add. That is the current expected
# behaviour.
#querystring = urllib.parse.quote_plus(
# self.request.GET.get("persist_query", "")
#)
url = reverse(
"user_migration:question_gate", kwargs={
"token": token
}
)
return redirect(url)
except TemporaryMigrationUserStore.DoesNotExist:
pass
return HttpResponseRedirect(reverse("password_reset_done"))
return super(ResetPasswordView, self).form_valid(form)
def get_activation_key(user):
return signing.dumps(obj=getattr(user, user.USERNAME_FIELD),
salt=SIGNUP_SALT)
def encryption(self, *args, **kwargs):
time_stamp = TimestampSigner()
data = signing.dumps(kwargs)
data = time_stamp.sign(data)
return data
def Encrypt(value):
data = signing.dumps(value)
data = signing.b64_encode(data.encode()).decode()
return data
def get_activation_key(self, user):
return signing.dumps(obj=user.get_username(), salt=REGISTRATION_SALT)
def get_renewal_link(self):
return reverse('members:corporate-members-renew', kwargs={'token': signing.dumps(self.pk)})
def post(self, request, **kwargs):
"""
---
parameters:
- name: slug
type: string
paramType: path
description: The slug of the issuer whose roles to modify.
required: true
- name: action
type: string
paramType: form
description: The action to perform on the user. Must be one of 'add', 'modify', or 'remove'.
required: true
- name: username
type: string
paramType: form
description: The username of the user to add or remove from this role.
required: false
- name: email
type: string
paramType: form
description: A verified email address of the user to add or remove from this role.
required: false
- name: role
type: string
paramType: form
description: Role to set user as. One of 'owner', 'editor', or 'staff'
defaultValue: staff
required: false
"""
# validate POST data
serializer = IssuerRoleActionSerializerV1(data=request.data)
if not serializer.is_valid():
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
current_issuer = self.get_object(request, **kwargs)
if not self.has_object_permissions(request, current_issuer):
return Response(
"Issuer not found. Authenticated user must be Issuer's owner to modify user permissions.",
status=status.HTTP_404_NOT_FOUND)
if not request.user.is_superuser and request.user not in current_issuer.owners:
raise PermissionDenied(
"Must be an owner of an issuer profile to modify permissions")
try:
if serializer.validated_data.get('username'):
user_id = serializer.validated_data.get('username')
user_to_modify = get_user_model().objects.get(username=user_id)
else:
user_id = serializer.validated_data.get('email')
matching_email = [
email for email in CachedEmailAddress.objects.filter(
email=user_id, verified=True)
if email.user.has_surf_conext_social_account()
]
if not matching_email:
raise CachedEmailAddress.DoesNotExist
user_to_modify = matching_email[0].user
except (
get_user_model().DoesNotExist,
CachedEmailAddress.DoesNotExist,
):
error_text = "User not found. Email must be verified and correspond to an existing user with a teacher account."
if user_id is None:
error_text = 'User not found. Neither email address or username was provided.'
return Response(error_text, status=status.HTTP_404_NOT_FOUND)
if user_to_modify == request.user:
return Response(
"Cannot modify your own permissions on an issuer profile",
status=status.HTTP_400_BAD_REQUEST)
action = serializer.validated_data.get('action')
if action == 'add':
role = serializer.validated_data.get('role')
if IssuerStaff.objects.filter(user=user_to_modify,
issuer=current_issuer,
role=role).exists():
raise ValidationError(
"Could not add user to staff list. User already in staff list."
)
else:
value = json_dumps({
'issuer_pk': current_issuer.pk,
'staff_pk': user_to_modify.pk,
'role': role
})
code = signing.dumps(obj=value,
salt=getattr(settings, 'ACCOUNT_SALT',
'salty_stuff'))
url = urljoin(
user_to_modify.get_badgr_app().public_pages_redirect,
'/accept-staff-membership/' + code)
message = EmailMessageMaker.create_staff_member_addition_email(
url,
current_issuer,
role,
expiration=settings.STAFF_MEMBER_CONFIRMATION_EXPIRE_DAYS)
user_to_modify.email_user(
subject='You have been added to an Issuer',
message=message)
return Response(
"Succesfully invited user to become staff member.",
status=status.HTTP_200_OK)
elif action == 'modify':
role = serializer.validated_data.get('role')
try:
staff_instance = IssuerStaff.objects.get(user=user_to_modify,
issuer=current_issuer)
staff_instance.role = role
staff_instance.save(update_fields=('role', ))
except IssuerStaff.DoesNotExist:
raise ValidationError(
"Cannot modify staff record. Matching staff record does not exist."
)
elif action == 'remove':
staff_instance = IssuerStaff.objects.get(user=user_to_modify,
issuer=current_issuer)
if staff_instance.is_signer:
raise ValidationError(
"Cannot remove staff member who is a signer.")
staff_instance.delete()
if not user_to_modify.staff_memberships():
user_to_modify.loses_permission('view_issuer_tab', BadgeUser)
user_to_modify.save()
current_issuer.publish()
user_to_modify.publish()
return Response("User %s has been removed from %s staff." %
(user_to_modify.username, current_issuer.name),
status=status.HTTP_200_OK)
# update cached issuers and badgeclasses for user
user_to_modify.save()
return Response(IssuerStaffSerializerV1(staff_instance).data)
def timestamp_sign(string):
# double signing because the timestamp signer leaves the plaintext string prefixing its output
return signing.dumps(dict(timestamped_username=TimestampSigner().sign(string)))
import json
from unittest.mock import Mock, patch
from django.contrib.auth import get_user_model
from django.core.signing import dumps
from django.urls import reverse
from microsoft_auth.views import AuthenticateCallbackView
from . import TestCase
TOKEN = "e4675ea8d28a41b8b416fe9ed1fb52b1e4675ea8d28a41b8b416fe9ed1fb52b1"
STATE = dumps({"token": TOKEN}, salt="microsoft_auth")
EXPIRED_STATE = (
"e4675ea8d28a41b8b416fe9ed1fb52b1e4675ea8d28a41b8b416fe9ed1fb52b1:"
"1h5CgL:G-QiLZ3hetUPgrdpJlvAfXkZ2RQ")
TEST_ERROR = "test"
TEST_ERROR_DESCRIPTION = "some_error"
class ViewsTests(TestCase):
def setUp(self):
super().setUp()
User = get_user_model()
self.user = User.objects.create(username="******")
def test_authenticate_callback_bad_method(self):
response = self.client.get(reverse("microsoft_auth:auth-callback"))
def get_answers(request, form_id):
d_form = Discourse_form.objects.get(id=form_id)
text = d_form.text
clean_text = clean_spaces(text.splitlines())
if request.method == 'POST':
form = TeacherDiscourseForm(request.POST)
if form.is_valid():
# save form answer
email = form.cleaned_data['email']
dialogic_list = form.cleaned_data['dialogic']
ans_form, created = Form_answer.objects.get_or_create(form=d_form,
user=email)
ans_form.dialogic = "-".join(dialogic_list)
if created:
ans_form.save()
else:
# delete all subjects related to ans_form
Answered_subject.objects.filter(ans_form=ans_form).delete()
# delete all copus code with this stuff
Answered_copus_code.objects.filter(ans_form=ans_form).delete()
# delete all copus code with this stuff
Answered_dialogic_phrases.objects.filter(
ans_form=ans_form).delete()
#
ans_form.done = False
ans_form.save()
# save subject
subject = form.cleaned_data['subject']
subject_NA = False
for s in subject:
if str(s) == 'Ninguna de las anteriores':
subject_NA = True
ans_sub = Answered_subject(ans_form=ans_form, subject=s)
ans_sub.save()
# save copus codes
copus_codes = form.cleaned_data['copus_code']
for code in copus_codes:
ans_copus = Answered_copus_code(ans_form=ans_form,
copus_code=code)
ans_copus.save()
cc_phrases_name = 'input_id_copus_code_' + str(
ans_copus.copus_code.pk - 1)
for key, value in request.POST.items():
if key.startswith(cc_phrases_name):
if type(value) == list:
for element in value:
index_phrases = clean_text.index(element) + 1
ans_phrases = Answered_copus_phrases(
copus=ans_copus,
ans_form=ans_form,
phrases=element,
code=index_phrases)
ans_phrases.save()
else:
index_phrases = clean_text.index(value) + 1
ans_phrases = Answered_copus_phrases(
copus=ans_copus,
ans_form=ans_form,
phrases=value,
code=index_phrases)
ans_phrases.save()
if not 'NA' in dialogic_list:
for dialogic in dialogic_list:
if dialogic.startswith('A'):
dialogic_id = 0
else:
dialogic_id = 1
d_phrases_name = 'input_id_dialogic_' + str(dialogic_id)
print(d_phrases_name)
for key, value in request.POST.items():
if key.startswith(d_phrases_name):
if type(value) == list:
for element in value:
index_phrases = clean_text.index(
element) + 1
ans_phrases = Answered_dialogic_phrases(
dialogic=dialogic,
ans_form=ans_form,
phrases=element,
code=index_phrases)
ans_phrases.save()
else:
index_phrases = clean_text.index(value) + 1
ans_phrases = Answered_dialogic_phrases(
dialogic=dialogic,
ans_form=ans_form,
phrases=value,
code=index_phrases)
ans_phrases.save()
# redirect to next form
crypted_mail = signing.dumps(email)
if subject_NA: # Ningun subject
ans_form.done = True
ans_form.save()
return HttpResponseRedirect(reverse('discourse_form:thanks'))
return HttpResponseRedirect(
reverse('discourse_form:question_2',
kwargs={
'form_id': form_id,
'user': crypted_mail
}))
# if a GET (or any other method) we'll create a blank form
else:
form = TeacherDiscourseForm()
return render(request, 'formulario.html', {
'form': form,
'text': clean_text,
'form_id': form_id
}) #[x if x!=" " else "-" for x in text.splitlines()]})
def test_user_absent_wrong_token(client):
token = signing.dumps({"user_id": 1, "event_id": 2}, salt="unknown")
resp = client.get(reverse("event:user_absent", args=[token]))
assert resp.status_code == 302
assert resp["Location"] == reverse("event:list")
def generate_validation_token(self):
"""Generate user token for account validation."""
data = {'email': self.email}
return signing.dumps(data)
def generate_confirm_token(self):
'''生成用户确认签名'''
token = signing.dumps({'confirm': self.id})
return token
def _get_pk_val(self):
if self.xtd_comment:
return self.xtd_comment._get_pk_val()
else:
content_type = "%s.%s" % self.content_type.natural_key()
return signing.dumps("%s:%s" % (content_type, self.object_pk))
def mutate(root, info, auth):
user = User.objects.filter(username=auth.username).first()
if not user or not user.check_password(auth.password):
raise GraphQLError('username or password is invalid.')
return CreateToken(token=signing.dumps(user.id))
import os
from django.core import signing
# 引入环境变量DjangoTest2.settings
os.environ['DJANGO_SETTINGS_MODULE'] = 'DjangoTest2.settings'
value = signing.dumps({"foo": "bar"})
src = signing.loads(value)
print(value)
print(src)
print(type(src))
def get_verification_key(self):
key = signing.dumps(
obj=getattr(self, self.USERNAME_FIELD),
salt=settings.SECRET_KEY,
)
return key
def key(self):
return signing.dumps(obj=self.email_address.pk, salt='~28cUebFxB!FUiei')
