def index(request): limited = getattr(request, 'limited', False) if limited: return HttpResponseRedirect(reverse('rate_limited')) error_message = None reset_request = ResetRequestForm(request.POST or None) email_response = False try: if reset_request.is_valid(): if reset_request.cleaned_data['email'] != '': user_data = ContactInformation.objects.get(alternate_email=reset_request.cleaned_data['email']) email_response = True else: user_data = ContactInformation.objects.get(cell_phone=reset_request.cleaned_data['cell']) signer = TimestampSigner() token = signer.sign(user_data.psu_uuid) if email_response is True: r = password_reset_email(user_data.psu_uuid, user_data.alternate_email, token) else: short_code = TextMessageShortCode() short_code.token = token short_code.save() r = password_reset_sms(user_data.cell_phone, short_code.code) if r is not True: raise APIException("Reset code not sent. Email? " + str(email_response)) logger.info( "service=myinfo page=passwordreset action=reset_request status=success email={0} cell={1}".format( reset_request.cleaned_data['email'], reset_request.cleaned_data['cell'])) return HttpResponseRedirect(reverse("PasswordReset:reset_notoken")) except (ContactInformation.DoesNotExist, ContactInformation.MultipleObjectsReturned) as e: # Either we couldn't find it or we couldn't uniquely identify it. if isinstance(e, ContactInformation.DoesNotExist): status = "id_not_found" else: status = "multiple_matches" logger.info( "service=myinfo page=passwordreset action=reset_request status={0} email={1} cell={2}".format( status, reset_request.cleaned_data['email'], reset_request.cleaned_data['cell'])) error_message = ("We could not uniquely identify a user with this information. " "Ensure this information is correct and please try again. " "If you continue to have difficulty, contact the Helpdesk (503-725-4357) for assistance.") except APIException: logger.info( "service=myinfo page=passwordreset action=reset_request status=code_not_sent email={0} cell={1}".format( reset_request.cleaned_data['email'], reset_request.cleaned_data['cell'])) error_message = "Sorry, we were unable to send a reset code. Please try again later." return render(request, 'PasswordReset/index.html', {'form': reset_request, 'error': error_message, })
def confirmar_permiso(request): """ ## Confirma un permiso enviado por la url Estado=Aprobado http://127.0.0.1:8000/confirmar/permiso/?token=4:1ay4mm:xeXW4JDTQqU3JYtVC-l_He1gT08&estado=1 Estado=No Aprobado http://127.0.0.1:8000/confirmar/permiso/?token=4:1ay4mm:xeXW4JDTQqU3JYtVC-l_He1gT08&estado=0 La utilidad de esta liibreria es para otorgar un permiso via email """ token_mail = request.GET.get("token") estado = True if request.GET.get("estado") == "1" else False print estado print token_mail signer = TimestampSigner(salt="4g3t1c") try: pk_dpermiso = signer.unsign(token_mail, max_age=3600*1) designacion_permiso = DesignacionPermiso.objects.filter(pk=pk_dpermiso, token_mail=token_mail, token_confirmation_date__isnull=True) if designacion_permiso: designacion_permiso.update(aprobado=estado, token_confirmation_date=timezone.now()) return HttpResponse("El permiso fue aprobado satisfactoriamente") else: return HttpResponse("El permiso ya fue confirmado") except signing.SignatureExpired: return HttpResponse("La clave del mensaje a expirado") except signing.BadSignature: return HttpResponse("Firma de Mensaje Incorrecto")
def send_restore_password(self): signer = TimestampSigner() value = signer.sign(self.user.username) x = value.index(':') key = value[x+1:] self.password_restore_key = key self.save() sender = '*****@*****.**' msg = {} msg['subject'] = 'Восстановление пароля' magic_url = 'http://draftwatcher.pythonanywhere.com/' msg['body'] = ''' Вы запросили восстановление пароля. Если Вы хотите сбросить пароль, перейдите по ссылке: {url}. Ссылка будет активна в течение пяти минут. Если вы не иницировали отправление этого сообщения, просто проигнорируйте его. '''.format( url=''.join( (magic_url,'restore_password/', key))) send_mail(msg['subject'], msg['body'], sender, [self.user.email], fail_silently=False) return key
def check_token(request, answer, token): payload = hashlib.sha1('{}:{}'.format(request.session.session_key, answer.pk).encode()).hexdigest() signer = TimestampSigner() try: return payload == signer.unsign(token, max_age=3600 * 24) except BadSignature: return False
def politician_hansard_subscribe(request, signed_key): ctx = { 'key_error': False } try: key = TimestampSigner(salt='alerts_pol_subscribe').unsign(signed_key, max_age=60*60*24*14) politician_id, _, email = key.partition(',') pol = get_object_or_404(Politician, id=politician_id) if not pol.current_member: raise Http404 user, created = User.objects.get_or_create(email=email) sub, created = Subscription.objects.get_or_create_by_query( _generate_query_for_politician(pol), user) if not sub.active: sub.active = True sub.save() ctx.update( pol=pol, title=u'Email alerts for %s' % pol.name ) except BadSignature: ctx['key_error'] = True return render(request, 'alerts/activate.html', ctx)
def find(request, token): try: signer = TimestampSigner(key=request.session.session_key, sep=':') id = b64_decode(signer.unsign(token, max_age=86400).encode('utf-8')) return AsyncResult(id) except: return None
def lookup(self, signed): if signed is None: raise NonceException("No nonce was provided.") signer = TimestampSigner() try: payload = signer.unsign(signed, max_age=NONCE_MAX_AGE) except BadSignature: raise NonceException("The nonce signature was invalid.") except SignatureExpired: raise NonceException("The nonce has expired.") nonce, user_id = payload.split(":") User = get_user_model() user = User.objects.get(pk=user_id) if user_id else None nonce_list = list(Nonce.objects.filter(key=nonce)[:1]) if nonce_list: nonce_obj = nonce_list[0] if nonce_obj.user == user: return nonce_obj else: raise NonceException("The current user does not have access to the specified nonce.") else: return Nonce(key=nonce, user=user)
def provision(self, prefix="", user=None): nonce = self.random_nonce(prefix) user_id = user.pk if user else "" payload = "%s:%s" % (nonce, user_id) signer = TimestampSigner() return signer.sign(payload)
def index(request): error_message = None reset_request = ResetRequestForm(request.POST or None) email_response = False try: if reset_request.is_valid(): if reset_request.cleaned_data['email'] != '': user_data = ContactInformation.objects.get(alternate_email=reset_request.cleaned_data['email']) email_response = True else: user_data = ContactInformation.objects.get(cell_phone=reset_request.cleaned_data['cell']) signer = TimestampSigner() token = signer.sign(user_data.psu_uuid) if email_response == True: password_reset_email(user_data.psu_uuid, user_data.alternate_email, token) else: shortcode = TextMessageShortCode() shortcode.token = token shortcode.save() password_reset_sms(user_data.cell_phone, shortcode.code) return HttpResponseRedirect(reverse("PasswordReset:reset_notoken")) except (ContactInformation.DoesNotExist, ContactInformation.MultipleObjectsReturned): # Either we couldn't find it or we couldn't uniquely identify it. logger.info("service=myinfo email=" + reset_request.cleaned_data['email'] + " cell=" + reset_request.cleaned_data['cell'] + "error = \"Unable to identify.\"") error_message = "We were unable to find an identity that matched your information." return render(request, 'PasswordReset/index.html', {'form' : reset_request, 'error' : error_message,})
def find(request, token): try: signer = TimestampSigner(key=request.session.session_key, sep=':') id = b64_decode(signer.unsign(token, max_age=Task.TIMEOUT).encode('utf-8')) return Task.status(id) except: return None
def post(self, request, *args, **kwargs): try: data = confirm(request) except PaymentError as e: messages.error(self.request, str(e)) self.restore_frozen_basket() logger.exception(e) return TemplateResponse(request, 'worldpay/worldpay_response.html', {'url': self.request.build_absolute_uri(reverse("worldpay-fail") + "?error=%s" % str(e))}) basket = Basket.objects.get(pk=data['M_basket']) basket.strategy = Selector().strategy() if data['M_user'] == 'None': user = AnonymousUser() else: user = User.objects.get(pk=data['M_user']) # Fetch submission data out of session order_number = data['cartId'] total = Decimal(data['amount']) # Record payment source source_type, is_created = SourceType.objects.get_or_create(name='WorldPay') source = Source(source_type=source_type, currency=data['currency'], amount_allocated=total, amount_debited=total, reference=data['transId']) self.add_payment_source(source) self.add_payment_event('paid', total, reference=data['transId']) shipping_address = ShippingAddress.objects.get(pk=data['M_shipping_address']) if data['M_billing_address'] == 'None': billing_address = None else: billing_address = BillingAddress.objects.get(pk=data['M_billing_address']) shipping_methods = Repository().get_shipping_methods(basket, user=user, shipping_addr=shipping_address) shipping_method = [method for method in shipping_methods if method.code == data['M_shipping_method']][0] order_kwargs = json.loads(data['M_order_kwargs']) # Place order calc_total = self.get_order_totals(basket, shipping_method.calculate(basket)) self.handle_order_placement( order_number, user, basket, shipping_address, shipping_method, shipping_method.calculate(basket), billing_address, calc_total, **order_kwargs ) signer = TimestampSigner() order_number = signer.sign(order_number) success_url = self.request.build_absolute_uri(reverse("worldpay-success") + '?order_number=%s' % (order_number)) return TemplateResponse(request, 'worldpay/worldpay_response.html', {'url': success_url})
def _build_hook_signature(self, method, url, body): signer = TimestampSigner(settings.WATERCOOLER_SECRET) value = '{method}:{url}:{body}'.format( method=method.lower(), url=url, body=hashlib.sha256(body or b'').hexdigest() ) return signer.sign(value)
def make_token(self): """ Make timestamped token. :return string: token """ key = TimestampSigner().sign(self.username) return key.split(":", 1)[1]
def find_temporary_file(token): signer = TimestampSigner(sep=':') filename, attachment_filename, mimetype = b64_decode(signer.unsign( token, max_age=TEMPORARY_FILE_TTL).encode('utf-8')).split(',') return ( secure_join(settings.MEDIA_ROOT, 'temporary', filename), attachment_filename, mimetype, )
def generate_api_token(user, expiry_seconds=EXPIRY_SECONDS): signer = TimestampSigner() token = signer.sign(user.username) api_token = ApiToken(user=user, expiry_seconds=expiry_seconds, token=token) api_token.save() return api_token
def unsign_user_id(b64_user_id, max_age=None): try: id_signer = TimestampSigner() unencoded_user_id = base64.urlsafe_b64decode(b64_user_id.encode('utf-8')).decode('utf-8') signed = id_signer.unsign(unencoded_user_id, max_age) return signed.split(':', 1)[0] except Exception as e: print(e) return None
def restore_password(self, inp): key = self.user.username + ":" + inp signer = TimestampSigner() try: x = signer.unsign(key, max_age=60*5) if x == self.user.username: return True except (SignatureExpired, BadSignature): pass return False
def reset(request, token=None): error_message = None signer = TimestampSigner() reset_token_form = ResetTokenForm(request.POST or None) # Token not passed through URL parameter. if token is None and reset_token_form.is_valid(): token = reset_token_form.cleaned_data['token'] if token is not None: encrypted_token = None # The token might be a shortcode. First try to look up a matching shortcode. try: shortcode = TextMessageShortCode.objects.get(code=token) encrypted_token = shortcode.token except TextMessageShortCode.DoesNotExist: encrypted_token = token try: # max_age is in seconds, so 1 hr. psu_uuid = signer.unsign(encrypted_token, max_age=60*60) # Verify psu_uuid, authenticate user, redirect to "new student" version of MyInfo. user = auth.authenticate(psu_uuid = psu_uuid, request=request) if user is not None: auth.login(request, user) # Now they need to reset their password. (oam_status, _) = OAMStatusTracker.objects.get_or_create(psu_uuid = request.session['identity']['PSU_UUID']) oam_status.set_password = False oam_status.save() return HttpResponseRedirect(reverse('AccountPickup:next_step')) logger.error("service=myinfo psu_uuid={0} error=\"Password token decrypted succesfully but unable to authenticate.\"".format(psu_uuid)) error_message = "There was an internal error. Please contact the helpdesk for support." except SignatureExpired: udc_id = signer.unsign(token) # Too slow! logger.info("service=myinfo psu_uuid={0} error=password_timeout".format(udc_id)) error_message = "The password reset expired. Please try again." except BadSignature: logger.info("service=myinfo token={0} error=\"An invalid reset token was passed to OAM PasswordReset\"") error_message = "There was an internal error. Please contact the helpdesk for support." # Something went wrong, forward them back to the password reset link page. if error_message is None: error_message = "There was an internal error. Please contact the helpdesk for support." logger.debug("Reached end of key signing attempt without an error message for token: {0}".format(token)) return render(request, 'PasswordReset/verification.html', {'form' : reset_token_form, 'error' : error_message,})
def get(self, request, *args, **kwargs): signer = TimestampSigner() try: ad_pk = signer.unsign(kwargs["ad_identifier"]) except BadSignature: raise Http404 advert = get_object_or_404(Advertisement, pk=ad_pk) advert.clicked() return HttpResponseRedirect(advert.url)
def get_links(self, obj): request = self.context['request'] signer = TimestampSigner(settings.WEBSOCKET_SECRET) channel = signer.sign(obj.pk) return { 'self': reverse('sprint-detail', kwargs={'pk': obj.pk}, request=request), 'tasks': reverse('task-list', request=request) + '?sprint={}'.format(obj.pk), 'channel': '{proto}://{server}/socket?channel={channel}'.format( proto='wss' if settings.WEBSOCKET_SECURE else 'ws', server=settings.WEBSOCKET_SERVER, channel=channel), }
def form_valid(self, form): ''' ''' user = get_object_or_404(UserProfile, username=form.cleaned_data['username']) signer = TimestampSigner() recovery_key = signer.sign(str(user)) self.send_recovery_mail(user) messages.success(self.request, _('An email has been sent to your email account.')) response = super(PasswordRecovery, self).form_valid(form) response.set_signed_cookie('recovery_key', recovery_key, max_age=1200) return response
def advanced_click_register(request, ad_identifier): signer = TimestampSigner() try: ad_pk = signer.unsign(ad_identifier) except BadSignature: raise Http404 advert = get_object_or_404(Advertisement, pk=ad_pk) advert.clicked() return HttpResponseRedirect(advert.url)
def dispatch(self, request, *args, **kwargs): ''' ''' signer = TimestampSigner() try: value = request.get_signed_cookie('recovery_key') self.value = signer.unsign(value, max_age=self.max_age) except: return HttpResponseForbidden('This page is expired') else: return super(SetNewPassword, self).dispatch(request, *args, **kwargs)
def save(self, *args, **kwargs): # COLOCAR AQUI CONSUMIR EL REST DE ORGANIGRAMA # Envio un uid y me devuelve el uid del jefe, si este esta inactivo me devuelve la del superior self.jefe = User.objects.get(pk=1) # Crear un Token Para confirmacion de Permiso mediante correo, por temas de la url cambio el separador por - from django.core.signing import TimestampSigner signer = TimestampSigner(salt="4g3t1c") self.token_mail = signer.sign(self.pk) super(DesignacionPermiso, self).save(*args, **kwargs)
def get_context_data(self, **kwargs): context = super(IndexView, self).get_context_data(**kwargs) signer = TimestampSigner(settings.SOCKET_SECRET) channel = signer.sign(1) # el 1 deberia ser el ID de la empresa url = '{protocol}://{server}/socket?channel={channel}'.format( protocol = 'wss' if settings.SOCKET_SECURE else 'ws', server = settings.SOCKET_SERVER, channel = channel ) context.update(socket_url=url) return context
def is_valid(self): if self.force_expiry: return False signer = TimestampSigner() try: username = signer.unsign(self.token, max_age=self.expiry_seconds) except (BadSignature, SignatureExpired): return False return username == self.user.username
def send_password_reset_email(self, request, user): signer = TimestampSigner() reset_token = signer.sign(user.get_username()) context = { "request": request, "user": user, "project_name": get_configuration("QS_PROJECT_NAME"), "project_url": get_configuration("QS_PROJECT_URL"), "reset_token": reset_token, } mails = template_mail.MagicMailBuilder() email = mails.password_reset(user, context) email.send()
def get_links(self, obj): request = self.context["request"] signer = TimestampSigner(settings.WATERCOOLER_SECRET) channel = signer.sign(obj.pk) return { "self": reverse("sprint-detail", kwargs={"pk": obj.pk}, request=request), "tasks": reverse("task-list", request=request) + "?sprint={}".format(obj.pk), "channel": "{proto}://{server}/socket?channel={channel}".format( proto="wss" if settings.WATERCOOLER_SECURE else "ws", server=settings.WATERCOOLER_SERVER, channel=channel, ), }
def get_absolute_file_url(self, authenticated=False): if not self.name: return '' url = reverse('foirequest-auth_message_attachment', kwargs={ 'message_id': self.belongs_to_id, 'attachment_name': self.name }) if settings.FOI_MEDIA_TOKENS and authenticated: signer = TimestampSigner() value = signer.sign(url).split(':', 1)[1] return '%s?token=%s' % (url, value) return url
def check_token(self, request): token = request.GET.get('token') if token is None: return None original = '%s:%s' % (self.get_absolute_file_url(), token) signer = TimestampSigner() try: signer.unsign(original, max_age=settings.FOI_MEDIA_TOKEN_EXPIRY) except SignatureExpired: return None except BadSignature: return False return True
def __init__(self, **kwargs): route = [ (r'/(?P<sprint>[0-9]+)', SprintHandler), (r'/(?P<model>task|sprint|user)/(?P<pk>[0-9]+)', UpdateHandler), ] super().__init__(route, **kwargs) # self.subscriptions = defaultdict(list) self.subscriber = RedisSubscriber(Client()) self.publisher = Redis() self._key = os.environ.get( 'WATERCOOLER_SECRET', 'pTyz1dzMeVUGrb0Su4QXsP984qTlvQRHpFnnlHuH') ###随机设置一个共享密令 self.signer = TimestampSigner(self._key)
def politician_hansard_subscribe(request, signed_key): ctx = {'key_error': False} try: key = TimestampSigner(salt='alerts_pol_subscribe').unsign(signed_key, max_age=60 * 60 * 24 * 90) politician_id, _, email = key.partition(',') pol = get_object_or_404(Politician, id=politician_id) if not pol.current_member: raise Http404 user, created = User.objects.get_or_create(email=email) sub, created = Subscription.objects.get_or_create_by_query( _generate_query_for_politician(pol), user) if not sub.active: sub.active = True sub.save() ctx.update(pol=pol, title=u'Email alerts for %s' % pol.name) except BadSignature: ctx['key_error'] = True return render(request, 'alerts/activate.html', ctx)
def form_valid(self, form): updated_email = form.cleaned_data['email'] name = form.cleaned_data['full_name'] slack = form.cleaned_data.get('slack') user = get_object_or_404(User, id=self.request.user.id) if updated_email and updated_email != user.email: base_url = reverse('users:email_change_confirm_password') query_dict = { 'updated_email': updated_email, 'name': name, 'slack': slack } signer = TimestampSigner() signed_value = signer.sign(dumps(query_dict)) # Using session variables for redirect validation token_signer = Signer() self.request.session['signed_token'] = token_signer.sign( user.email) return redirect('{}?{}'.format(base_url, urlencode({'value': signed_value}))) return super(AccountView, self).form_valid(form)
def returned_wrapper(request, *args, **kwargs): if request.method == "POST": code = request.POST.get('code', None) if code is None: code = request.GET.get('code', None) else: code = request.GET.get('code', None) if code: value = base64.b64decode(code) signer = TimestampSigner() try: username = signer.unsign(value, ONE_DAY) INFO_LOG.info( gen_info_msg(request, action='链接正常', code_url=request.path, valid=True, username=username)) return func(request, *args, **kwargs) except (SignatureExpired, BadSignature, TypeError), e: username = signer.unsign(value) if isinstance(e, SignatureExpired): messages.error(request, '链接已失效') INFO_LOG.info( gen_info_msg(request, action=u'链接已失效', code_url=request.path, valid=False, username=username)) elif isinstance(e, BadSignature): messages.error(request, '链接被篡改') INFO_LOG.info( gen_info_msg(request, action=u'链接被篡改', code_url=request.path, valid=False, username=username)) return HttpResponseRedirect(settings.LOGIN_URL)
def microsoft(request): """ Adds global template variables for microsoft_auth """ login_type = None if config.MICROSOFT_AUTH_LOGIN_TYPE == LOGIN_TYPE_XBL: login_type = _("Xbox Live") else: login_type = _("Microsoft") if config.DEBUG: # pragma: no branch try: current_domain = Site.objects.get_current(request).domain except Site.DoesNotExist: logger.warning( "\nWARNING:\nThe domain configured for the sites framework " "does not match the domain you are accessing Django with. " "Microsoft authentication may not work.\n" ) else: do_warning = get_scheme( request ) == "http" and not current_domain.startswith("localhost") if do_warning: # pragma: no branch logger.warning( "\nWARNING:\nYou are not using HTTPS. Microsoft " "authentication only works over HTTPS unless the hostname " "for your `redirect_uri` is `localhost`\n" ) # initialize Microsoft client using CSRF token as state variable signer = TimestampSigner() state = signer.sign(get_token(request)) microsoft = MicrosoftClient(state=state, request=request) auth_url = microsoft.authorization_url()[0] return { "microsoft_login_enabled": config.MICROSOFT_AUTH_LOGIN_ENABLED, "microsoft_authorization_url": mark_safe(auth_url), # nosec "microsoft_login_type_text": login_type, }
def test_valid_signature_required(self): """ A valid signature should log the user in """ user = make(get_user_model()) with patch("django.conf.settings.LOGIN_REDIRECT_URL", "/foo"): response = self.client.get(reverse( login, args=[TimestampSigner().sign(str(user.pk))]), follow=False) self.assertRedirects(response, "/foo", target_status_code=404) self.assertEqual(user.pk, self.client.session['_auth_user_id']) self.assertEqual('django.contrib.auth.backends.ModelBackend', self.client.session['_auth_user_backend'])
def weixin_qrconnect_url(request): """微信扫码登录 URL""" from urllib import parse from django.core.signing import TimestampSigner callback_url = getattr(settings, 'WEIXIN_WEB_REDIRECT_URI', None) or '' appid = getattr(settings, 'WEIXIN_WEB_APPID', None) or '' auth_url = ('https://open.weixin.qq.com/connect/qrconnect?' 'appid={0}' '&redirect_uri={1}' '&response_type=code&scope={2}' '&state={3}' '#wechat_redirect') signer = TimestampSigner() state = signer.sign('web') callback_url = parse.quote_plus(callback_url) scope = 'snsapi_login' _url = auth_url.format(appid, callback_url, scope, state) return Response(dict(url=_url))
def activate(request, key): try: signer = TimestampSigner() user_id = signer.unsign(key, max_age=timedelta(days=2)) user = User.objects.get(id=user_id) if user.is_active == False: user.is_active = True user.save() return render( request, 'message.html', { 'message': 'Your account has been succesfully activated! Please login.' }) else: return render(request, 'message.html', {'message': "The user has already been activated!"}) except SignatureExpired: return render(request, 'message.html', {'message': "The activation link has been expired"}) except signing.BadSignature: raise Http404("Invalid activation link")
def get(self, request, activation_key, *args, **kwargs): signer = TimestampSigner() expiration = get_configuration("QS_SIGNUP_TOKEN_EXPIRATION_DAYS") try: username = signer.unsign(activation_key, max_age=expiration * SECONDS_IN_DAY) except (BadSignature, SignatureExpired): return super().get(request, *args, **kwargs) user_model = get_user_model() try: user = user_model.objects.activate(username) except user_model.DoesNotExist: return super().get(request, *args, **kwargs) if user.is_active: user_activated.send(sender=self.__class__, user=user, request=request) if get_configuration("QS_SIGNUP_AUTO_LOGIN"): self._login_user(request, user) return redirect(self.get_success_url())
def testActivationLink(self): """Ensure that following the activation link makes the TcsUser instance active.""" user = TcsUser.objects.create_user(self.user_data['email'], self.user_data['password']) self.assertFalse(user.is_active) # The new registrant is inactivate usercode = TimestampSigner().sign(user.email) # User creation should trigger sending an activation e-mail via a listener self.checkMail() # This GET request should activate the new TcsUser instance. response = Client().get(reverse('tcsuser_activate', args=(usercode, ))) user = TcsUser.objects.get( pk=user.id) # Syncronize the variable with the database self.assertTrue(user.is_active)
def final(self, request, pk): id = pk order = Order.objects.get(id=id, client__user=request.user) status = "waiting" if order.status == Order.STATUS_VALIDATED: status = "validated" elif order.status >= Order.STATUS_REJECTED: status = "rejected" tickets = request.build_absolute_uri( urls.reverse('ticket-print', args=[TimestampSigner().sign(id)])) return Response({'status': status, 'url': tickets})
def send_change_email_link(self, new_email): payload = { "u": self.user.username, "t": self.prepare_token(), "e": new_email, } signed_payload = TimestampSigner().sign_object(payload) path = reverse("hc-change-email-verify", args=[signed_payload]) ctx = { "button_text": "Sign In", "button_url": settings.SITE_ROOT + path, } emails.login(new_email, ctx)
def token_decoder2(token_B, _err_code=None): """ decoder for token_B :Parameters: token_B : (str) _err_code : (str) :Returns: user : User object token : (str) """ signer = TimestampSigner(salt=SECRET_SALT) try: uid = force_text(urlsafe_base64_decode(token_B)) except DjangoUnicodeDecodeError: raise ValidationError(_err_code) except (ValueError): # This is for the unhandled exceptions raise ValidationError(_err_code) _id = uid.split(':')[0] _hash = ':'.join(uid.split(':')[1:]) token = signer.unsign(_hash, max_age=timedelta(days=1)) user = User.objects.get(uuid=_id) return user, token
def test_event_endpoint(self, ping_mock): url = reverse_ns('sponsored-shelf-event') # no data response = self.client.post(url) assert response.status_code == 400 ping_mock.assert_not_called() # bad data response = self.client.post( url, {'type': 'conversion', 'data': 'r?dfdfd:3434'}) assert response.status_code == 400 ping_mock.assert_not_called() # good data signer = TimestampSigner() raw_data = 'sdwwdw' data = signer.sign(raw_data) response = self.client.post(url, {'type': 'conversion', 'data': data}) assert response.status_code == 202, response.content ping_mock.assert_called_with( f'https://e-10521.adzerk.net/{raw_data}', type='conversion') assert response.content == b'' # good data but bad type ping_mock.reset_mock() response = self.client.post(url, {'type': 'foo', 'data': data}) assert response.status_code == 400 ping_mock.assert_not_called() # good data but stale with freeze_time('2020-01-01') as freezer: data = signer.sign(raw_data) freezer.tick(delta=timedelta(days=1, minutes=1)) response = self.client.post( url, {'type': 'conversion', 'data': raw_data}) assert response.status_code == 400 ping_mock.assert_not_called()
def setUp(self): super(TaskMemberResumeTest, self).setUp() self.init_projects() self.some_user = BlueBottleUserFactory.create() self.some_token = "JWT {0}".format(self.some_user.get_jwt_token()) self.another_user = BlueBottleUserFactory.create() self.another_token = "JWT {0}".format( self.another_user.get_jwt_token()) self.task = TaskFactory.create( project=ProjectFactory.create(owner=self.some_user), ) self.member = TaskMemberFactory.create( task=self.task, member=self.another_user, resume='private/tasks/resume/test.jpg') self.signer = TimestampSigner() self.resume_url = reverse('task-member-resume', args=(self.member.id, )) self.task_member_url = reverse('task-member-detail', args=(self.member.id, ))
def get_messenger_id(request): # generate messenger id token random_key = ''.join([ random.SystemRandom().choice( 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-') for i in range(MESSENGERID_KEY_LENGTH) ]) hash = hashlib.sha1() hash.update(random_key.encode('utf-8')) digest = hash.hexdigest() signer = TimestampSigner() messengerid = signer.sign(digest) messenger_module = module_manager.get_module('messenger') messenger_module.tcp_client.message( COMMAND_AUTH_SESSION, { 'username': request.user.username, 'messengerid': messengerid, 'validity': request.session.get_expiry_age() }) if messenger_module.tcp_client.is_ready(): results = { 'alive': True, 'messengerid': messengerid, 'host': get_setting('messenger', 'messenger_host'), 'port': get_setting('messenger', 'messenger_port'), 'path': get_setting('messenger', 'messenger_path') } else: results = {'alive': False} return HttpResponseRest(request, results)
def verify_password(self, code, password): if code: signer = TimestampSigner() try: code = code.encode('utf-8') max_age = datetime.timedelta( days=settings.VERIFICATION_CODE_EXPIRED).total_seconds() code = force_bytes(code) code = b64_decode(code) code = code.decode() email = signer.unsign(code, max_age=max_age) user = StdUser.objects.get(**{StdUser.USERNAME_FIELD: email}) user.set_password(password) user.code = 'None code' user.save() return True except (BadSignature, AttributeError, StdUser.DoesNotExist, TypeError, UnicodeDecodeError): raise ValueError('Error') return False, ( 'Activation link is incorrect, please resend request') else: raise ValueError('No code')
def linked_form_field_model(model_form, field): model_class = model_form._meta.model model_field = model_class._meta.fields_by_name[field.name] related_model = model_field.related_model # 'related_app' : related_model._meta.app_label, # 'related_class' : related_model._meta.object_name, data_url = [{ 'referencing_app' : model_class._meta.app_label, 'referencing_class' : model_class._meta.object_name, 'referencing_field' : field.name, 'referencing_instance' : model_form.instance.pk, 'current_value' : field.value() }] from fedoralink.views import ModelViewRegistry link_view = ModelViewRegistry.get_view(related_model, 'link') data_url = base64.b64encode(zlib.compress(json.dumps(data_url).encode('utf-8'))) signer = TimestampSigner(salt='linked_form_field_model') data_url = signer.sign(data_url) return reverse(link_view, kwargs={'parametry': ''}) + '?linking=' + data_url
def forgetPw(request): if request.method == 'GET': return render(request, 'mainApp/account/forgetPw.html') elif request.method == "POST": if (request.POST['username'] != ""): username = request.POST['username'] user = User.objects.filter(username=username) if (user.exists()): emailGateway( "resetPw", user[0].email, request.get_host() + "/main/retrievePw?token=" + TimestampSigner().sign(username).split(":", maxsplit=1)[1]) return HttpResponseRedirect('/main/login?message=l_fp') elif (request.POST['email'] != ""): email = request.POST['email'] user = User.objects.filter(email=email) if (user.exists()): emailGateway( "resetPw", user[0].email, request.get_host() + "/main/retrievePw?token=" + TimestampSigner().sign(user[0].username).split( ":", maxsplit=1)[1]) return HttpResponseRedirect('/main/login?message=l_fp') return HttpResponseRedirect('/main/login?message=l_fpfail')
def get_user_from_token(token): try: user = UserModel.objects.get(email=token.split(':', 1)[0]) except UserModel.DoesNotExist: return None try: TimestampSigner(salt=user.password).unsign( token, max_age=60 * 60 * 24, ) except BadSignature: return None return user
def test_update_email_post_valid_form_w_no_pref(self): pref = ProfilePreferences.objects.get(profile=self.profile) pref.delete() self.url = create_unsubscribe_link( self.profile.user_object.email ) + "?email_disable=send_schedule_change_notifications" response = self.client.post(self.url, follow=True, data={ 'token': TimestampSigner().sign(self.profile.user_object.email), 'send_daily_schedule': True, 'send_bid_notifications': False, 'send_role_notifications': False, 'send_schedule_change_notifications': True}) site = Site.objects.get_current() self.assertRedirects(response, "http://%s" % site.domain) assert_alert_exists( response, 'success', 'Success', default_update_profile_msg)
class User(AbstractUser): signer = TimestampSigner(salt='Hello World!') is_email_verified = models.BooleanField(default=False) initial_secret_key = models.CharField(null=True, max_length=256) verification_email_sent_at = models.DateTimeField(null=True) is_student = models.BooleanField(default=False) grade = models.PositiveSmallIntegerField(null=True) subgrade = models.CharField(max_length=1) is_locked = models.BooleanField(default=False) # def get_active_test_suite(self): # return self.test_suites.get( # is_active=True # ) def get_initial_key(self): initial_key = "".join(random.sample(APHABET, 256)) self.initial_secret_key = initial_key self.save() return initial_key def get_signed_key(self): initial_key = self.initial_secret_key hashed_key = md5(bytes(initial_key, encoding='ascii')).hexdigest() signed_key = self.signer.sign(hashed_key) encoded_key = base64.b64encode(signed_key) return encoded_key def get_verification_link(self): self.get_initial_key() host = settings.HOST_NAME key = self.get_signed_key() link = f"{host}/verify-email?key={key}" return link def check_key(self, secret_key): decoded_key = base64.b64decode(secret_key) unsigned_key = self.signer.unsign( decoded_key, max_age=timedelta(days=1) ) initial_key = self.initial_secret_key hashed_key = md5(bytes(initial_key, encoding='ascii')).hexdigest() return unsigned_key == hashed_key
def test_adzerk_returns_none_sponsored(self): self.populate_es() signer = TimestampSigner() log_msg = ( 'Addon id [%s] returned from Adzerk, but not in a valid Promoted ' 'group [%s]') log_groups = 'Sponsored; Verified; By Firefox' with mock.patch('olympia.shelves.views.get_addons_from_adzerk') as get: get.return_value = { str(self.sponsored_ext.id): { 'impression': '123456', 'click': 'abcdef' }, str(self.sponsored_theme.id): { 'impression': '012345', 'click': 'bcdefg', }, str(self.verified_ext.id): { 'impression': '55656', 'click': 'efef' }, str(self.recommended_ext.id): { 'impression': '9494', 'click': '4839' }, str(self.not_promoted.id): { 'impression': '735754', 'click': 'jydh' }, '0': { 'impression': '', 'click': '' }, } with mock.patch('django_statsd.clients.statsd.incr') as incr_mock: with mock.patch('olympia.shelves.views.log.error') as log_mock: data = self.perform_search() incr_mock.assert_any_call('services.adzerk.elasticsearch_miss', 3) log_mock.assert_has_calls(( mock.call(log_msg, str(self.recommended_ext.id), log_groups), mock.call(log_msg, str(self.not_promoted.id), log_groups), mock.call(log_msg, '0', log_groups), )) get.assert_called_with(6) # non .can_be_returned_from_azerk are ignored assert data['count'] == 3 assert len(data['results']) == 3 assert data['impression_data'] == signer.sign('123456,012345,55656') assert {(itm['id'], itm['click_data']) for itm in data['results']} == { (self.sponsored_ext.pk, signer.sign('abcdef')), (self.sponsored_theme.pk, signer.sign('bcdefg')), (self.verified_ext.pk, signer.sign('efef')), }
def sendActivationLink(sender, created, instance, **kwargs): """ E-mail an activation link to new registrant. The e-mail sender is the setting DEFAULT_FROM_EMAIL. The activation link is a remote procedure call to tcsuser.views.activateUser. """ if created: signed_email = TimestampSigner().sign(instance.email) # Test server; for development only. For production, use settings.ALLOWED_HOSTS. link = 'http://localhost:8000' link += reverse('tcsuser_activate', args=(signed_email,)) try: send_mail('Activate your account', link, settings.DEFAULT_FROM_EMAIL, [instance.email]) except SMTPRecipientsRefused: print "Failed to send activation link. Invalid e-mail recipients." except gaierror: print "Failed to send activation link. No network connection?"
def send_registration_mail(self, request, queryset): current_site = get_current_site(request) _user_failed = "" success = True mail_subject = "Activate your account." for user in queryset: message = render_to_string( "authentication/email/acc_activate_email.html", { "user": user.username, "domain": current_site.domain, "uid": base64.urlsafe_b64encode(force_bytes(user.pk)).decode( "utf-8" ), "token": TimestampSigner().sign( default_token_generator.make_token(user) ), }, ) plain_message = strip_tags(message) to_email = user.email if ( mail.send_mail( mail_subject, plain_message, settings.EMAIL_HOST_USER, [to_email], html_message=message, ) == 0 ): success = False _user_failed += f"{user.username}, " user.verification_email_sent_date = timezone.now() if success: self.message_user( request, "E-mail was send successfully for all user(s)", messages.SUCCESS, ) else: self.message_user( request, f"Send the e-mail failed for the following user(s): {_user_failed}", messages.ERROR, )
def tcsuserActivate(request, usercode): """ This handles a remote procedure call for activating a TcsUser. "usercode" is an e-mail address signed with a TimestampSigner. If the signature is valid and less than or equal to 2 hours old, activate the TcsUser. """ try: name = TimestampSigner().unsign(usercode, max_age=7200) # 2 hours except BadSignature: return HttpResponse("Invalid activation link.") except SignatureExpired: return HttpResponse("The activation link expired.") new_user = get_user_model().objects.get(email=name) new_user.is_active = True new_user.save() messages.success(request, "Thank you for activating your account.") return HttpResponseRedirect(reverse('login'))
def validate_token(token): """ Validate token. returns MeetingInvitation or None """ try: # Valid in 7 days valid_in = 60 * 60 * 24 * 7 data = signing.loads(TimestampSigner().unsign(token, max_age=valid_in)) return MeetingInvitation.objects.filter( user=int(data["user_id"]), meeting=int(data["meeting_id"]) )[0] except (BadSignature, SignatureExpired): return None
def test_update_email_post_valid_form_logged_in(self): login_as(self.profile.user_object, self) self.url = create_unsubscribe_link( self.profile.user_object.email ) + "?email_disable=send_schedule_change_notifications" response = self.client.post(self.url, follow=True, data={ 'token': TimestampSigner().sign(self.profile.user_object.email), 'send_daily_schedule': True, 'send_bid_notifications': False, 'send_role_notifications': False, 'send_schedule_change_notifications': True}) self.assertRedirects(response, reverse('home', urlconf='gbe.urls')) preferences = ProfilePreferences.objects.get(profile=self.profile) self.assertTrue(preferences.send_daily_schedule) self.assertFalse(preferences.send_bid_notifications) assert_alert_exists( response, 'success', 'Success', default_update_profile_msg)
def get_context(self, change=None, subscription=None, extracontext=None, changes=None): """Return context for rendering mail.""" result = { "LANGUAGE_CODE": get_language(), "LANGUAGE_BIDI": get_language_bidi(), "current_site_url": get_site_url(), "site_title": settings.SITE_TITLE, "notification_name": self.verbose, } if changes is not None: result["changes"] = changes if subscription is not None: result["unsubscribe_nonce"] = TimestampSigner().sign( subscription.pk) if extracontext: result.update(extracontext) if change: result["change"] = change # Extract change attributes attribs = ( "unit", "translation", "component", "project", "glossary_term", "comment", "suggestion", "announcement", "alert", "user", "target", "old", "details", ) for attrib in attribs: result[attrib] = getattr(change, attrib) if result.get("translation"): result["translation_url"] = get_site_url( result["translation"].get_absolute_url()) return result
class User(AbstractUser): signer = TimestampSigner(salt='Hello') email_verification_link = models.CharField( null=True, max_length=1024 ) is_email_verified = models.BooleanField(default=False) verification_email_sent_at = models.DateTimeField(null=True) incorrect_attempts = models.PositiveSmallIntegerField(default=0) is_seller = models.BooleanField(default=False) initial_secret_key = models.CharField(max_length=256) def generate_key(self): key = "".join( random.sample(ALPHABET, 256) ) self.initial_secret_key = key self.save() signed_key = self.signer.sign(key) encoded_key = base64.b64encode(bytes(signed_key, encoding='ascii')).decode('utf-8') return encoded_key def verify_email(self): encoded_key = self.generate_key() url = "http://127.0.0.1:8000/verify?key={}".format( urllib.parse.quote(encoded_key) ) self.verification_email_sent_at = timezone.now() self.save() self.email_user( "Verification Link", "<a href={}>Подтвердить почтовый адрес</a>".format(url), "*****@*****.**" ) def check_key(self, key): signed_key = base64.b64decode(key).decode('utf-8') initial_key = self.signer.unsign(signed_key, max_age=timedelta(days=1)) return self.initial_secret_key == initial_key