def post(self, request):
form = self.form_class(request.POST)
if form.is_valid():
if request.user.is_authenticated():
billing = form.save(commit=False)
billing.user = request.user
_cryptor = self.default_cryptor(*gen_password(request.user.password))
try:
billing.sign = billing.sign[:70]
billing.sign = _cryptor.encrypt(billing.sign.encode('ascii'))
except Exception as ex:
return HttpResponseServerError(str(ex).encode('utf-8'))
billing.transaction_timestamp = timezone.now()
billing.save()
_validator = self.default_validator()
try:
trz_sign = _validator.invalidate(request.user.username, billing.sign)
except Exception as ex:
return HttpResponseServerError(str(ex).encode('utf-8'))
response = HttpResponseRedirect(self.success_url % request.user.id)
set_cookie(response, 'transaction_sign', trz_sign)
set_cookie(response, 'transaction_id', billing.sign)
return response
else:
form.add_error(None, "User must be logged in to create billings")
return render(request, self.template_name, {'form' : form })
def get(self, request, name):
user = User.objects.get(username__iexact=name)
transaction_id = request.COOKIES.get('transaction_id')
if transaction_id is not None:
passwd = gen_password(user.password)
_cryptor = self.default_cryptor(*passwd)
try:
sign = _cryptor.decrypt(transaction_id)
except Exception as ex:
return HttpResponseServerError(str(ex).encode('utf-8'))
if validate_permissions(request.user, name):
return HttpResponse(sign)
else:
raise Http404("User don't have permissions to check this transaction")
else:
raise Http404("Transaction id is empty")