def token_require(request): name = request.GET.get('app', '') service = Service.objects.filter(name=name).first() url = request.GET.get('url', '') dest = get_callback(request.user, service, url) alias = service.alias if service else url reason = 0 if request.user.is_superuser: reason = 1 elif name.startswith('sparcs') and not request.user.profile.sparcs_id: reason = 2 elif not dest: reason = 3 if reason: return render(request, 'api/denied.html', { 'reason': reason, 'alias': alias, 'dest': dest }) token = AccessToken.objects.filter(user=request.user, service=service).first() if token: logger.info('token.delete', {'r': request, 'hide': True}) token.delete() m = ServiceMap.objects.filter(user=request.user, service=service).first() if (not m or m.unregister_time) and service: result = reg_service(request.user, service) if result: profile_logger.info('register.success: app=%s' % service.name, {'r': request}) else: d = service.cooltime - (timezone.now() - m.unregister_time).days profile_logger.warning('register.fail: app=%s' % service.name, {'r': request}) return render(request, 'api/cooltime.html', { 'service': service, 'left': d }) while True: tokenid = os.urandom(10).encode('hex') if not AccessToken.objects.filter(tokenid=tokenid, service=service).count(): break token = AccessToken(tokenid=tokenid, user=request.user, service=service, expire_time=timezone.now() + timedelta(seconds=5)) token.save() logger.info('token.create: app=%s,url=%s' % (name, url), {'r': request}) args = {'tokenid': token.tokenid} return redirect(dest + '?' + urllib.urlencode(args))
def token_require(request): client_id = request.GET.get('client_id', '') state = request.GET.get('state', '') service = Service.objects.filter(name=client_id).first() if not service: raise SuspiciousOperation('INVALID_SERVICE') if len(state) < 8: raise SuspiciousOperation('INVALID_STATE') user = request.user profile = user.profile flags = user.profile.flags reason = 0 if flags['sysop']: reason = 1 elif service.scope == 'SPARCS' and not flags['sparcs']: reason = 2 elif service.scope == 'TEST' and not flags['test']: reason = 3 elif service.scope != 'TEST' and flags['test-only']: reason = 4 elif not (profile.email_authed or profile.facebook_id or profile.twitter_id or profile.kaist_id): reason = 5 if reason: return render(request, 'api/denied.html', { 'reason': reason, 'alias': service.alias, }) AccessToken.objects.filter(user=user, service=service).delete() m = ServiceMap.objects.filter(user=user, service=service).first() if not m or m.unregister_time: m_new = service_register(user, service) log_msg = 'success' if m_new else 'fail' logger.warning( f'register.{log_msg}', { 'r': request, 'extra': [ ('app', service.name), ('sid', m_new.sid if m_new else ''), ], }) if not m_new: left = service.cooltime - (timezone.now() - m.unregister_time).days return render(request, 'api/cooltime.html', { 'service': service, 'left': left, }) while True: tokenid = token_hex(10) if not AccessToken.objects.filter(tokenid=tokenid).count(): break token = AccessToken( tokenid=tokenid, user=user, service=service, expire_time=timezone.now() + timedelta(seconds=TIMEOUT), ) token.save() logger.info('login.try', { 'r': request, 'hide': True, 'extra': [('app', client_id)], }) return redirect(service.login_callback_url + '?' + urlencode({ 'code': token.tokenid, 'state': state, }))
def token_require(request): client_id = request.GET.get('client_id', '') state = request.GET.get('state', '') if len(state) < 8: raise SuspiciousOperation() service = Service.objects.filter(name=client_id).first() if not service: raise SuspiciousOperation() user = request.user profile = user.profile flags = user.profile.flags reason = 0 if flags['sysop']: reason = 1 elif service.scope == 'SPARCS' and not flags['sparcs']: reason = 2 elif service.scope == 'TEST' and not flags['test']: reason = 3 elif service.scope != 'TEST' and flags['test-only']: reason = 4 elif not (profile.email_authed or profile.facebook_id or profile.twitter_id or profile.kaist_id): reason = 5 if reason: return render(request, 'api/denied.html', { 'reason': reason, 'alias': service.alias }) token = AccessToken.objects.filter(user=user, service=service).first() if token: logger.info('token.delete', {'r': request, 'hide': True}) token.delete() m = ServiceMap.objects.filter(user=user, service=service).first() if not m or m.unregister_time: result = reg_service(user, service) if result: profile_logger.info('register.success: app=%s' % service.name, {'r': request}) else: d = service.cooltime - (timezone.now() - m.unregister_time).days profile_logger.warning('register.fail: app=%s' % service.name, {'r': request}) return render(request, 'api/cooltime.html', { 'service': service, 'left': d }) while True: tokenid = token_hex(10) if not AccessToken.objects.filter(tokenid=tokenid, service=service).count(): break token = AccessToken(tokenid=tokenid, user=user, service=service, expire_time=timezone.now() + timedelta(seconds=10)) token.save() logger.info('token.create: app=%s' % client_id, {'r': request}) args = {'code': token.tokenid, 'state': state} return redirect(service.login_callback_url + '?' + urlencode(args))