def _make_token_with_timestamp(self, user, timestamp):
# timestamp is number of days since 2001-1-1. Converted to
# base 36, this gives us a 3 digit string until about 2121
ts_b36 = int_to_base36(timestamp)
# By hashing on the internal state of the user and using state
# that is sure to change (the password salt will change as soon as
# the password is set, at least for current Django auth, and
# last_login will also change), we produce a hash that will be
# invalid as soon as it is used.
# We limit the hash to 20 chars to keep URL short
key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
# Ensure results are consistent across DB backends
user_last_login = UserLastLogin.objects.get_by_username(user.username)
if user_last_login is None:
from seahub.utils.timeutils import dt
login_dt = dt(user.ctime)
else:
login_dt = user_last_login.last_login
login_timestamp = login_dt.replace(microsecond=0, tzinfo=None)
value = (six.text_type(user.id) + user.enc_password +
six.text_type(login_timestamp) + six.text_type(timestamp))
hash = salted_hmac(key_salt, value).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
def _make_token_with_timestamp(self, user, timestamp):
# timestamp is number of days since 2001-1-1. Converted to
# base 36, this gives us a 3 digit string until about 2121
ts_b36 = int_to_base36(timestamp)
# By hashing on the internal state of the user and using state
# that is sure to change (the password salt will change as soon as
# the password is set, at least for current Django auth, and
# last_login will also change), we produce a hash that will be
# invalid as soon as it is used.
# We limit the hash to 20 chars to keep URL short
key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
# Ensure results are consistent across DB backends
user_last_login = UserLastLogin.objects.get_by_username(user.username)
if user_last_login is None:
from seahub.utils.timeutils import dt
login_dt = dt(user.ctime)
else:
login_dt = user_last_login.last_login
login_timestamp = login_dt.replace(microsecond=0, tzinfo=None)
value = (six.text_type(user.id) + user.enc_password +
six.text_type(login_timestamp) + six.text_type(timestamp))
hash = salted_hmac(key_salt, value).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
def get_group_info(request, group_id, avatar_size=GROUP_AVATAR_DEFAULT_SIZE):
group = seaserv.get_group(group_id)
try:
avatar_url, is_default, date_uploaded = api_grp_avatar_url(
group.id, avatar_size)
except Exception as e:
logger.error(e)
avatar_url = get_default_group_avatar_url()
val = utc_to_local(dt(group.timestamp))
group_info = {
"id":
group.id,
"name":
group.group_name,
"owner":
group.creator_name,
"created_at":
val.strftime("%Y-%m-%dT%H:%M:%S") + DateFormat(val).format('O'),
"avatar_url":
request.build_absolute_uri(avatar_url),
"admins":
get_group_admins(group.id),
}
return group_info
def post(self, request):
""" Create a group
"""
if not self._can_add_group(request):
error_msg = _(u'You do not have permission to create group.')
return api_error(status.HTTP_403_FORBIDDEN, error_msg)
username = request.user.username
group_name = request.data.get('group_name', '')
group_name = group_name.strip()
# Check whether group name is validate.
if not validate_group_name(group_name):
error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Check whether group name is duplicated.
if check_group_name_conflict(request, group_name):
error_msg = _(u'There is already a group with that name.')
return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# Group name is valid, create that group.
try:
group_id = seaserv.ccnet_threaded_rpc.create_group(group_name, username)
except SearpcError as e:
logger.error(e)
error_msg = _(u'Failed')
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
try:
size = int(request.data.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE))
except ValueError:
size = GROUP_AVATAR_DEFAULT_SIZE
g = seaserv.get_group(group_id)
try:
avatar_url, is_default, date_uploaded = api_grp_avatar_url(g.id, size)
except Exception as e:
logger.error(e)
avatar_url = get_default_group_avatar_url()
val = utc_to_local(dt(g.timestamp))
new_group = {
"id": g.id,
"name": g.group_name,
"creator": g.creator_name,
"created_at": val.strftime("%Y-%m-%dT%H:%M:%S") + DateFormat(val).format('O'),
"avatar_url": request.build_absolute_uri(avatar_url),
"admins": self._get_group_admins(g.id),
}
return Response(new_group, status=status.HTTP_201_CREATED)
def get_group_info(request, group_id, avatar_size=GROUP_AVATAR_DEFAULT_SIZE):
group = seaserv.get_group(group_id)
try:
avatar_url, is_default, date_uploaded = api_grp_avatar_url(group.id, avatar_size)
except Exception as e:
logger.error(e)
avatar_url = get_default_group_avatar_url()
val = utc_to_local(dt(group.timestamp))
group_info = {
"id": group.id,
"name": group.group_name,
"creator": group.creator_name,
"created_at": val.strftime("%Y-%m-%dT%H:%M:%S") + DateFormat(val).format('O'),
"avatar_url": request.build_absolute_uri(avatar_url),
"admins": get_group_admins(group.id),
}
return group_info
def test_add(self):
wiki = Wiki.objects.add('new wiki', self.user.username)
assert wiki is not None
assert wiki.created_at.replace(microsecond=0) <= dt(wiki.updated_at)
def get(self, request):
""" List all groups.
"""
org_id = None
username = request.user.username
if is_org_context(request):
org_id = request.user.org.org_id
user_groups = seaserv.get_org_groups_by_user(org_id, username)
else:
user_groups = seaserv.get_personal_groups_by_user(username)
try:
size = int(request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE))
except ValueError:
size = GROUP_AVATAR_DEFAULT_SIZE
with_repos = request.GET.get('with_repos')
with_repos = True if with_repos == '1' else False
groups = []
for g in user_groups:
try:
avatar_url, is_default, date_uploaded = api_grp_avatar_url(g.id, size)
except Exception as e:
logger.error(e)
avatar_url = get_default_group_avatar_url()
val = utc_to_local(dt(g.timestamp))
group = {
"id": g.id,
"name": g.group_name,
"creator": g.creator_name,
"created_at": val.strftime("%Y-%m-%dT%H:%M:%S") + DateFormat(val).format('O'),
"avatar_url": request.build_absolute_uri(avatar_url),
"admins": self._get_group_admins(g.id),
}
if with_repos:
if org_id:
group_repos = seafile_api.get_org_group_repos(org_id, g.id)
else:
group_repos = seafile_api.get_repos_by_group(g.id)
repos = []
for r in group_repos:
repo = {
"id": r.id,
"name": r.name,
"desc": r.desc,
"size": r.size,
"size_formatted": filesizeformat(r.size),
"mtime": r.last_modified,
"mtime_relative": translate_seahub_time(r.last_modified),
"encrypted": r.encrypted,
"permission": r.permission,
"owner": r.user,
"owner_nickname": email2nickname(r.user),
"share_from_me": True if username == r.user else False,
}
repos.append(repo)
group['repos'] = repos
groups.append(group)
return Response(groups)