def file_response(filename, response_prefix):
full_path = os.path.join(settings.SAVEDFILES_DIR, filename)
try:
full_file = open(full_path, 'r')
file_data = full_file.read()
except Exception as e:
return logWith404(logger,\
'file_response: exception reading file: %s' % e,\
level='error')
file_type = get_file_type(file_data)
if file_type == 'unknown':
return logWith404(logger,\
'GetStatementHandler: unknown statement file type',\
level='error')
elif file_type == 'pdf':
mimetype = 'application/pdf'
else:
mimetype = 'application/msword'
response = HttpResponse(file_data, mimetype=mimetype)
resp_filename = '%s.%s' % (\
response_prefix,\
file_type)
# response['Content-Disposition'] = 'attachment; filename=%s' % resp_filename
return response
def plt_login(request):
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
args = bcap.dataPostProcess(request.read())
if not args.has_key('username'):
return logWith404(logger, 'plt_login: post data missing username')
if not args.has_key('password'):
return logWith404(logger, 'plt_login: post data missing password')
username = args['username']
rawpassword = args['password']
credentials = PltCredentials.objects.filter(username=username)
if len(credentials) > 1:
return logWith404(logger, 'plt_login: fatal error: duplicate credentials', level='error')
if len(credentials) == 0:
return bcap.bcapResponse({'loggedIn' : False})
c = credentials[0]
hashed_password = get_hashed(rawpassword, c.salt)
if hashed_password != c.hashed_password:
return bcap.bcapResponse({'loggedIn' : False})
session_id = str(uuid.uuid4())
session = BelaySession(session_id=session_id, account=c.account)
session.save()
response = {
'station': bcap.Capability(c.account.station_url),
'makeStash': bcap.regrant('make-stash', c.account)
}
return bcap.bcapResponse(response)
def post_files(self, granted, args, files):
applicant = granted.applicant
statement = files['statement']
cid = int(args['comp'])
cts = applicant.getComponentTypeById(cid)
if len(cts) == 0:
return logWith404(logger, 'no component type by id = %s' % cid, level='error')
ct = cts[0]
try:
save_file(statement, get_statement_filename(applicant, ct))
except FileUploadException as e:
msg = str(e)
logger.info('submit-statement FileUploadException: %s' % msg)
return bcap.bcapResponse({'error' : msg})
except Exception as e:
return logWith404(logger, 'save_file exception: %s' % e)
components = applicant.getComponentByType(ct)
if len(components) > 0:
component = components[0]
else:
component = Component(applicant=applicant, type=ct, value='',\
department=applicant.department)
component.lastSubmitted = int(time.time())
component.value = statement.size
component.save()
app_info = applicant.cached_json()
resp = {'component' : ct.name, 'app' : app_info}
return bcap.bcapResponse(resp)
def post(self, grantable, args):
username = grantable.pendingaccount.email
rawpassword = args['password']
if len(username) > 200:
return logWith404(logger, 'create_plt_account: bad username')
if len(rawpassword) < 8:
return logWith404(logger, 'create_plt_account: bad password')
salt = str(uuid.uuid4())
hashed_password = get_hashed(rawpassword, salt)
station_cap = newStationCap()
account = BelayAccount(station_url=station_cap.serialize())
account.save()
credentials = PltCredentials(username=username, \
salt=salt, \
hashed_password=hashed_password, \
account=account)
credentials.save()
session_id = str(uuid.uuid4())
session = BelaySession(session_id=session_id, account=account)
session.save()
grantable.pendingaccount.delete()
response = {
'station': station_cap,
'makeStash': bcap.regrant('make-stash', account)
}
return bcap.bcapResponse(response)
def check_login(request):
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
args = bcap.dataPostProcess(request.read())
response = {}
if not ('session' in request.COOKIES):
response['loggedIn'] = False
return bcap.bcapResponse(response)
if not (args.has_key('sessionID')):
return logWith404(logger, "check_login: request didn't pass sessionID arg")
session_id = request.COOKIES['session']
req_session_id = args['sessionID']
if req_session_id != session_id:
return logWith404(logger, "check_login: request session_id %s didn't match cookie\
session_id %s" % (req_session_id, session_id))
sessions = BelaySession.objects.filter(session_id=session_id)
if len(sessions) > 1:
return logWith404(logger, "check_login: fatal error, duplicate BelaySessions", level='error')
response['loggedIn'] = (len(sessions) > 0)
return bcap.bcapResponse(response)
def get(self, granted):
component = granted.component
filename = get_statement_filename(component.applicant, component.type)
statement_path = os.path.join(settings.SAVEDFILES_DIR, filename)
try:
statement_file = open(statement_path, 'r')
statement_data = statement_file.read()
except Exception as e:
return logWith404(logger,\
'GetStatementHandler: exception reading file: %s' % e,\
level='error')
file_type = get_file_type(statement_data)
if file_type == 'unknown':
return logWith404(logger,\
'GetStatementHandler: unknown statement file type',\
level='error')
elif file_type == 'pdf':
mimetype = 'application/pdf'
else:
mimetype = 'application/msword'
response = HttpResponse(statement_data, mimetype=mimetype)
resp_filename = 'applicant_%s.%s' % (\
component.type.name.replace(' ', '_'),\
file_type)
# response['Content-Disposition'] = 'attachment; filename=%s' % resp_filename
return response
def post_files(self, granted, args, files):
reference = granted.reference
letter = files['letter']
filename = 'letter-%d-%d' % (reference.applicant.id, reference.id)
try:
save_file(letter, 'letter-%d-%d' % (reference.applicant.id, reference.id))
except FileUploadException as e:
msg = str(e)
logger.info('submit-reference FileUploadException: %s' % msg)
return bcap.bcapResponse({'error' : msg})
except Exception as e:
return logWith404(logger, 'save_file exception: %s' % e)
reference.submitted = int(time.time())
reference.filename = filename
reference.filesize = len(letter)
reference.save()
sendReferenceConfirmation(reference)
resp = reference.to_json()
resp['appname'] = reference.applicant.to_json()
return bcap.bcapResponse(resp)
def delete(self, grantable):
grants = Grant.objects.filter(db_entity=grantable)
if len(grants) == 0:
return logWith404(logger, 'UnverifiedUserDeleteHandler fatal error: no grant')
uu = grantable.unverifieduser
uu.delete()
return bcap.bcapNullResponse()
def delete(self, grantable):
grants = grantable.my_grants()
if len(grants) == 0:
return logWith404(logger, 'ARDeleteHandler fatal error: no grant')
area = grantable.area
area.delete()
return bcap.bcapNullResponse()
def delete(self, grantable):
grants = grantable.my_grants()
if len(grants) == 0:
return logWith404(logger, 'UnverifiedUserDeleteHandler fatal error: no grant')
uu = grantable.unverifieduser
uu.delete()
return bcap.bcapNullResponse()
def request_plt_account_silent(request):
"""Allows requests only from those listed in settings.REQUESTING_DOMAINS
Currently, used by Resume as a trusted channel to ask for new accounts
so that service isn't exposed to arbitrary clients, and can be controlled
through emails sent from Resume"""
logger.error('Reached request_account')
def request_allowed():
return request.META['REMOTE_ADDR'] in settings.REQUESTING_DOMAINS
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
args = bcap.dataPostProcess(request.read())
logger.error('Belay: got account request: %s' % args)
logger.error('Request is from: %s' % request.META['REMOTE_ADDR'])
if not request_allowed():
return logWith404(logger, 'request_silent: bad request %s' %\
request.META['REMOTE_ADDR'])
pa = PendingAccount(email = args['email'])
pa.save()
create_cap = bcap.grant('create-account', pa)
logger.error('Belay: successful create: %s' % create_cap.serialize())
return bcap.bcapResponse({'create': create_cap})
def delete(self, grantable):
grants = Grant.objects.filter(db_entity=grantable)
if len(grants) == 0:
return logWith404(logger, 'ARDeleteHandler fatal error: no grant')
area = grantable.area
area.delete()
return bcap.bcapNullResponse()
def glogin_landing(request):
if request.method == 'GET':
d = request.GET
else:
d = request.POST
maybe_client_key = check_pending(request.path_info)
if not maybe_client_key:
return logWith404(logger, "Bad pending: %s" % request.path_info, level='error')
# 11.4.2 Verifying directly with the OpenID Provider
# 11.4.2.1. Request Parameters
# . openid.mode
# Value: "check_authentication"
# . Exact copies of all fields from the authentication response, except
# for "openid.mode".
# http://openid.net/specs/openid-authentication-2_0.html#check_auth
verify = {}
for e in d:
verify[e] = d[e]
verify['openid.mode'] = 'check_authentication'
try:
f = urllib2.urlopen("https://www.google.com/accounts/o8/ud", urllib.urlencode(verify))
beginning = str(f.read()[0:13])
if(beginning != 'is_valid:true'):
return bcap.bcapResponse('fail')
except urllib2.HTTPError as e:
logger.error("ErrorResponse: %s" % e.read())
return bcap.bcapNullResponse()
identity = d['openid.identity']
email = d['openid.ext1.value.email']
q = GoogleCredentials.objects.filter(identity=identity)
if len(q) == 0:
station_cap = newStationCap()
account = BelayAccount(station_url=station_cap.serialize())
account.save()
gc = GoogleCredentials(account=account, identity=identity)
gc.save()
else:
account = q[0].account
session_id = str(uuid.uuid4())
session = BelaySession(account=account, session_id=session_id)
session.save()
response = render_to_response('glogin.html', {
'clientkey': maybe_client_key,
'station': account.station_url,
'make_stash': bcap.regrant('make-stash', account).serialize(),
'site_name': settings.SITE_NAME,
'email': email
})
return response
def get(self, granted):
applicant = granted.applicant
try:
from lib.py.combiner import get_combined_data
combined_data = get_combined_data(applicant)
response = HttpResponse(combined_data, mimetype='pdf')
response['Content-Disposition'] = 'attachment; filename=applicant_combined.pdf'
return response
except Exception as e:
return logWith404(logger, 'GetCombinedHandler: %s' % e, level='error')
def post(self, granted, args):
applicant = granted.applicant
id = args['id']
position = applicant.department.get_position_by_id(args['id'])
if position:
applicant.position = position
applicant.save()
return bcap.bcapResponse(applicant.to_json())
return logWith404(logger, 'SetPositionHandler: no position with id %s' % id,\
level='error')
def create_plt_account(request):
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
args = bcap.dataPostProcess(request.read())
if not args.has_key('username'):
return logWith404(logger, 'create_plt_account: post data missing username')
if not args.has_key('password'):
return logWith404(logger, 'create_plt_account: post data missing password')
username = args['username']
rawpassword = args['password']
if len(username) > 20:
return logWith404(logger, 'create_plt_account: bad username')
if len(rawpassword) < 8:
return logWith404(logger, 'create_plt_account: bad password')
salt = str(uuid.uuid4())
hashed_password = get_hashed(rawpassword, salt)
station_cap = newStationCap()
account = BelayAccount(station_url=station_cap.serialize())
account.save()
credentials = PltCredentials(username=username, \
salt=salt, \
hashed_password=hashed_password, \
account=account)
credentials.save()
session_id = str(uuid.uuid4())
session = BelaySession(session_id=session_id, account=account)
session.save()
response = {
'station': station_cap,
'makeStash': bcap.regrant('make-stash', account)
}
return bcap.bcapResponse(response)
def post(self, grantable, args):
email = args['email']
name = args['name']
role = args['role']
dept = grantable.department
uu = UnverifiedUser(email=email, name=name, role=role, department=dept)
try:
uu.save()
except:
resp = {'success' : False, 'message' : 'failed to create UnverifiedUser'}
return bcap.bcapResponse(resp)
create_belay = bcap.Capability(settings.BELAY_CREATE)
response = create_belay.post(bcap.dataPreProcess({'email': args['email']}))
logger.error('Successfully got response for account creation: %s' % response)
create_cap = response['create']
ub = UnverifiedBelayAccount(uu=uu, create=create_cap.serialize())
ub.save()
if role == 'admin': create_cap = bcap.grant('get-admin-email-and-create', uu)
elif role == 'reviewer': create_cap = bcap.grant('get-reviewer-email-and-create', uu)
else: return logWith404(logger, 'UnverifiedUserAddRevHandler: role type not allowed: %s' % role)
activate_url = '%s/new-account/#%s' % \
(bcap.this_server_url_prefix(), create_cap.serialize())
return_url = bcap.this_server_url_prefix()
emailstr = u"""Dear %s,
A new Resume account is being created for you. To activate it, visit:
%s
To regain access your account once it has been created, visit:
%s
"""
emailstr = emailstr % (name, activate_url, return_url)
fromaddr = fromAddr(dept)
emailResponse = sendLogEmail('[Resume] New Account', emailstr, email, fromaddr)
if emailResponse: return emailResponse
resp = {\
'success' : True,\
'email' : email,\
'name' : name,\
'role' : role,\
}
return bcap.bcapResponse(resp)
def contact_handler(request):
if request.method != 'GET':
return HttpResponseNotAllowed(['GET'])
try:
logger.info('Contact: %s' % dept_name)
dept = Department.departmentByName(dept_name)
except Exception as e:
return logWith404(logger, "Looked up bad department: %s, %s" % (dept_name, e), level='error')
return render_to_response('contact.html', {
'tech_contact': dept.techEmail,
'admin_name': dept.contactName,
'admin_email': dept.contactEmail
})
def index_handler(request):
if request.method != 'GET':
return HttpResponseNotAllowed(['GET'])
try:
logger.info('Dept: %s' % dept_name)
dept = Department.departmentByName(dept_name)
cap = bcap.grant('add-applicant', dept)
except Exception as e:
return logWith404(logger, "Looked up bad department: %s, %s" % (dept_name, e), level='error')
return render_to_response(index_file, {
'create_applicant': cap.serialize(),
'contact': dept.shortname
})
def post(self, granted, args):
applicant = granted.applicant
if args.has_key('firstname'):
applicant.firstname = args['firstname']
if args.has_key('lastname'):
applicant.lastname = args['lastname']
try:
applicant.save()
except IntegrityError:
return logWith404(logger, "failed to update applicant name: %s %s"\
% (applicant.firstname, applicant.lastname), level='error')
return bcap.bcapResponse({\
'firstname' : applicant.firstname,\
'lastname' : applicant.lastname,\
})
def post(self, grantable, args):
response = self.checkPostArgs(args)
if response != 'OK':
return response
email = args['email']
name = args['name']
role = args['role']
dept = grantable.department
uu = UnverifiedUser(email=email, name=name, role=role, department=dept)
try:
uu.save()
except:
resp = {'success' : False, 'message' : 'failed to create UnverifiedUser'}
return bcap.bcapResponse(resp)
if role == 'admin': create_cap = bcap.grant('add-admin', uu)
elif role == 'reviewer': create_cap = bcap.grant('add-reviewer', uu)
else: return logWith404(logger, 'UnverifiedUserAddRevHandler: role type not allowed: %s' % role)
activate_url = '%s/new-account/#%s' % \
(bcap.this_server_url_prefix(), create_cap.serialize())
return_url = bcap.this_server_url_prefix()
emailstr = u"""Dear %s,
A new Apply account is being created for you. To activate it, visit:
%s
To regain access your account once it has been created, visit:
%s
"""
emailstr = emailstr % (name, activate_url, return_url)
sendLogEmail(emailstr, email)
delCap = bcap.grant('unverifieduser-delete', uu)
resp = {\
'success' : True,\
'email' : email,\
'name' : name,\
'role' : role,\
}
return bcap.bcapResponse(resp)
def request_plt_account(request):
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
args = bcap.dataPostProcess(request.read())
logger.info('request: %s' % args)
if not args.has_key('email'):
return logWith404(logger, 'request_account: post data missing email')
pa = PendingAccount(email = args['email'])
pa.save()
create_cap = bcap.grant('create-account', pa)
message = """
Hi! You've requested an account with Resume at the Brown University Department of Computer Science.
Visit this link to get started:
%s/new-applicant/#%s
""" % (settings.APPURL, create_cap.serialize())
emailResponse = sendLogEmail('Resume Account Request', message, args['email'], 'Lauren Clarke <*****@*****.**>')
if emailResponse: return emailResponse
return bcap.bcapResponse({'success': True})
def handle(cap_id, method, args, files):
grants = get_cached_grant(cap_id)
if len(grants) == 0:
grants = Grant.objects.filter(cap_id=cap_id)
if len(grants) == 0:
response = HttpResponse()
return logWith404(logger, "Cap not found: %s" % cap_id)
content = dataPreProcess("proxyHandler: Cap not found: %s" % cap_id)
xhr_content(response, content, "text/plain;charset=UTF-8")
response.status_code = 404
return response
if len(grants) > 1:
# TODO([email protected]): appropriate error in response
raise BelayException('%s, %s' % (self.request.path_info, cap_id))
grant = grants[0]
handler_class = get_handler(str(grant.internal_path))
handler = handler_class(grant)
files_needed = handler.files_needed()
using_files = len(files_needed) > 0
if using_files:
files_granted = dict([(n, files[n]) for n in files_needed if files.has_key(n)])
item = grant.db_entity
handler_log = ""
handler_log += 'Handler: %s\n' % str(grant.internal_path)
handler_log += ' Time: %s\n' % datetime.datetime.now()
if files_needed > 1: handler_log += (' Files_needed: %s\n' % str(handler.files_needed()))
if args and (grant.internal_path != 'create-account'):
handler_log += (' Args: %s\n' % str(args))
try:
if method == 'GET':
response = handler.get(item)
elif method == 'PUT':
response = handler.put(item, args)
elif method == 'POST':
maybe_error_response = handler.checkPostArgs(args)
if maybe_error_response != 'OK':
logger.error("Post args check failed")
logger.error(handler_log)
return maybe_error_response
if using_files:
response = handler.post_files(item, args, files_granted)
else:
response = handler.post(item, args)
elif method == 'DELETE':
response = handler.delete(item)
else:
response = HttpResponse()
content = dataPreProcess("proxyHandler: Bad method: %s\n" % request.method)
xhr_content(response, content, "text/plain;charset=UTF-8")
response.status_code = 404
# Don't log file responses
if hasattr(response, 'Content-Disposition') and\
response['Content-Disposition'].find('attachment') != -1:
handler_log += ' Response: %s\n' % str(response)
logger.error(handler_log)
return response
except Exception as e:
logger.error(handler_log)
logger.error('BELAY: Uncaught handler exception: %s' % e)
raise e
def delete(self, grantable):
grants = Grant.objects.filter(db_entity=grantable)
if len(grants) == 0:
return logWith404(logger, 'ScoreCategoryDeleteHandler fatal error: no grant')
grantable.scorecategory.delete()
return bcap.bcapNullResponse()
def checkPostArgs(self, args):
for k in self.post_arg_names():
if not args.has_key(k):
return logWith404(logger, self.name_str() + ' error: post args missing ' + k)
return 'OK'
def checkPostArgs(classname, args, keys):
for k in keys:
if not args.has_key(k):
return logWith404(classname + ' error: post args missing ' + k)
return 'OK'
def get(self, granted): return logWith404(logger, 'GetCSVHandler NYI')
def post(self, granted, args): applicant = granted.applicant return logWith404(logger, 'UploadMaterialHandler NYI')
def delete(self, grantable):
grants = grantable.my_grants()
if len(grants) == 0:
return logWith404(logger, 'ScoreCategoryDeleteHandler fatal error: no grant')
grantable.scorecategory.delete()
return bcap.bcapNullResponse()
