Ejemplo n.º 1
0
    def _make_token_with_timestamp(self, user, timestamp):
        # timestamp is number of days since 2001-1-1.  Converted to
        # base 36, this gives us a 3 digit string until about 2121
        ts_b36 = int_to_base36(timestamp)

        # By hashing on the internal state of the user and using state
        # that is sure to change (the password salt will change as soon as
        # the password is set, at least for current Django auth, and
        # last_login will also change), we produce a hash that will be
        # invalid as soon as it is used.
        # We limit the hash to 20 chars to keep URL short
        key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"

        # Ensure results are consistent across DB backends
        user_last_login = UserLastLogin.objects.get_by_username(user.username)
        if user_last_login is None:
            from seahub.utils.timeutils import dt
            login_dt = dt(user.ctime)
        else:
            login_dt = user_last_login.last_login
        login_timestamp = login_dt.replace(microsecond=0, tzinfo=None)

        value = (six.text_type(user.id) + user.enc_password +
                 six.text_type(login_timestamp) + six.text_type(timestamp))
        hash = salted_hmac(key_salt, value).hexdigest()[::2]
        return "%s-%s" % (ts_b36, hash)
Ejemplo n.º 2
0
    def _make_token_with_timestamp(self, user, timestamp):
        # timestamp is number of days since 2001-1-1.  Converted to
        # base 36, this gives us a 3 digit string until about 2121
        ts_b36 = int_to_base36(timestamp)

        # By hashing on the internal state of the user and using state
        # that is sure to change (the password salt will change as soon as
        # the password is set, at least for current Django auth, and
        # last_login will also change), we produce a hash that will be
        # invalid as soon as it is used.
        # We limit the hash to 20 chars to keep URL short
        key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"

        # Ensure results are consistent across DB backends
        user_last_login = UserLastLogin.objects.get_by_username(user.username)
        if user_last_login is None:
            from seahub.utils.timeutils import dt
            login_dt = dt(user.ctime)
        else:
            login_dt = user_last_login.last_login
        login_timestamp = login_dt.replace(microsecond=0, tzinfo=None)

        value = (six.text_type(user.id) + user.enc_password +
                 six.text_type(login_timestamp) + six.text_type(timestamp))
        hash = salted_hmac(key_salt, value).hexdigest()[::2]
        return "%s-%s" % (ts_b36, hash)
Ejemplo n.º 3
0
def get_group_info(request, group_id, avatar_size=GROUP_AVATAR_DEFAULT_SIZE):
    group = seaserv.get_group(group_id)
    try:
        avatar_url, is_default, date_uploaded = api_grp_avatar_url(
            group.id, avatar_size)
    except Exception as e:
        logger.error(e)
        avatar_url = get_default_group_avatar_url()

    val = utc_to_local(dt(group.timestamp))
    group_info = {
        "id":
        group.id,
        "name":
        group.group_name,
        "owner":
        group.creator_name,
        "created_at":
        val.strftime("%Y-%m-%dT%H:%M:%S") + DateFormat(val).format('O'),
        "avatar_url":
        request.build_absolute_uri(avatar_url),
        "admins":
        get_group_admins(group.id),
    }

    return group_info
Ejemplo n.º 4
0
    def post(self, request):
        """ Create a group
        """
        if not self._can_add_group(request):
            error_msg = _(u'You do not have permission to create group.')
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

        username = request.user.username
        group_name = request.data.get('group_name', '')
        group_name = group_name.strip()

        # Check whether group name is validate.
        if not validate_group_name(group_name):
            error_msg = _(u'Group name can only contain letters, numbers, blank, hyphen or underscore')
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        # Check whether group name is duplicated.
        if check_group_name_conflict(request, group_name):
            error_msg = _(u'There is already a group with that name.')
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        # Group name is valid, create that group.
        try:
            group_id = seaserv.ccnet_threaded_rpc.create_group(group_name, username)
        except SearpcError as e:
            logger.error(e)
            error_msg = _(u'Failed')
            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)

        try:
            size = int(request.data.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE))
        except ValueError:
            size = GROUP_AVATAR_DEFAULT_SIZE

        g = seaserv.get_group(group_id)
        try:
            avatar_url, is_default, date_uploaded = api_grp_avatar_url(g.id, size)
        except Exception as e:
            logger.error(e)
            avatar_url = get_default_group_avatar_url()

        val = utc_to_local(dt(g.timestamp))
        new_group = {
            "id": g.id,
            "name": g.group_name,
            "creator": g.creator_name,
            "created_at": val.strftime("%Y-%m-%dT%H:%M:%S") + DateFormat(val).format('O'),
            "avatar_url": request.build_absolute_uri(avatar_url),
            "admins": self._get_group_admins(g.id),
        }
        return Response(new_group, status=status.HTTP_201_CREATED)
Ejemplo n.º 5
0
def get_group_info(request, group_id, avatar_size=GROUP_AVATAR_DEFAULT_SIZE):
    group = seaserv.get_group(group_id)
    try:
        avatar_url, is_default, date_uploaded = api_grp_avatar_url(group.id, avatar_size)
    except Exception as e:
        logger.error(e)
        avatar_url = get_default_group_avatar_url()

    val = utc_to_local(dt(group.timestamp))
    group_info = {
        "id": group.id,
        "name": group.group_name,
        "creator": group.creator_name,
        "created_at": val.strftime("%Y-%m-%dT%H:%M:%S") + DateFormat(val).format('O'),
        "avatar_url": request.build_absolute_uri(avatar_url),
        "admins": get_group_admins(group.id),
    }

    return group_info
Ejemplo n.º 6
0
    def test_add(self):
        wiki = Wiki.objects.add('new wiki', self.user.username)

        assert wiki is not None
        assert wiki.created_at.replace(microsecond=0) <= dt(wiki.updated_at)
Ejemplo n.º 7
0
    def get(self, request):
        """ List all groups.
        """

        org_id = None
        username = request.user.username
        if is_org_context(request):
            org_id = request.user.org.org_id
            user_groups = seaserv.get_org_groups_by_user(org_id, username)
        else:
            user_groups = seaserv.get_personal_groups_by_user(username)

        try:
            size = int(request.GET.get('avatar_size', GROUP_AVATAR_DEFAULT_SIZE))
        except ValueError:
            size = GROUP_AVATAR_DEFAULT_SIZE

        with_repos = request.GET.get('with_repos')
        with_repos = True if with_repos == '1' else False

        groups = []
        for g in user_groups:
            try:
                avatar_url, is_default, date_uploaded = api_grp_avatar_url(g.id, size)
            except Exception as e:
                logger.error(e)
                avatar_url = get_default_group_avatar_url()

            val = utc_to_local(dt(g.timestamp))
            group = {
                "id": g.id,
                "name": g.group_name,
                "creator": g.creator_name,
                "created_at": val.strftime("%Y-%m-%dT%H:%M:%S") + DateFormat(val).format('O'),
                "avatar_url": request.build_absolute_uri(avatar_url),
                "admins": self._get_group_admins(g.id),
            }

            if with_repos:
                if org_id:
                    group_repos = seafile_api.get_org_group_repos(org_id, g.id)
                else:
                    group_repos = seafile_api.get_repos_by_group(g.id)

                repos = []
                for r in group_repos:
                    repo = {
                        "id": r.id,
                        "name": r.name,
                        "desc": r.desc,
                        "size": r.size,
                        "size_formatted": filesizeformat(r.size),
                        "mtime": r.last_modified,
                        "mtime_relative": translate_seahub_time(r.last_modified),
                        "encrypted": r.encrypted,
                        "permission": r.permission,
                        "owner": r.user,
                        "owner_nickname": email2nickname(r.user),
                        "share_from_me": True if username == r.user else False,
                    }
                    repos.append(repo)

                group['repos'] = repos

            groups.append(group)

        return Response(groups)