def index(request):
limited = getattr(request, 'limited', False)
if limited:
return HttpResponseRedirect(reverse('rate_limited'))
error_message = None
reset_request = ResetRequestForm(request.POST or None)
email_response = False
try:
if reset_request.is_valid():
if reset_request.cleaned_data['email'] != '':
user_data = ContactInformation.objects.get(alternate_email=reset_request.cleaned_data['email'])
email_response = True
else:
user_data = ContactInformation.objects.get(cell_phone=reset_request.cleaned_data['cell'])
signer = TimestampSigner()
token = signer.sign(user_data.psu_uuid)
if email_response is True:
r = password_reset_email(user_data.psu_uuid, user_data.alternate_email, token)
else:
short_code = TextMessageShortCode()
short_code.token = token
short_code.save()
r = password_reset_sms(user_data.cell_phone, short_code.code)
if r is not True:
raise APIException("Reset code not sent. Email? " + str(email_response))
logger.info(
"service=myinfo page=passwordreset action=reset_request status=success email={0} cell={1}".format(
reset_request.cleaned_data['email'], reset_request.cleaned_data['cell']))
return HttpResponseRedirect(reverse("PasswordReset:reset_notoken"))
except (ContactInformation.DoesNotExist, ContactInformation.MultipleObjectsReturned) as e:
# Either we couldn't find it or we couldn't uniquely identify it.
if isinstance(e, ContactInformation.DoesNotExist):
status = "id_not_found"
else:
status = "multiple_matches"
logger.info(
"service=myinfo page=passwordreset action=reset_request status={0} email={1} cell={2}".format(
status, reset_request.cleaned_data['email'], reset_request.cleaned_data['cell']))
error_message = ("We could not uniquely identify a user with this information. "
"Ensure this information is correct and please try again. "
"If you continue to have difficulty, contact the Helpdesk (503-725-4357) for assistance.")
except APIException:
logger.info(
"service=myinfo page=passwordreset action=reset_request status=code_not_sent email={0} cell={1}".format(
reset_request.cleaned_data['email'], reset_request.cleaned_data['cell']))
error_message = "Sorry, we were unable to send a reset code. Please try again later."
return render(request, 'PasswordReset/index.html', {'form': reset_request, 'error': error_message, })
def confirmar_permiso(request):
"""
## Confirma un permiso enviado por la url
Estado=Aprobado
http://127.0.0.1:8000/confirmar/permiso/?token=4:1ay4mm:xeXW4JDTQqU3JYtVC-l_He1gT08&estado=1
Estado=No Aprobado
http://127.0.0.1:8000/confirmar/permiso/?token=4:1ay4mm:xeXW4JDTQqU3JYtVC-l_He1gT08&estado=0
La utilidad de esta liibreria es para otorgar un permiso via email
"""
token_mail = request.GET.get("token")
estado = True if request.GET.get("estado") == "1" else False
print estado
print token_mail
signer = TimestampSigner(salt="4g3t1c")
try:
pk_dpermiso = signer.unsign(token_mail, max_age=3600*1)
designacion_permiso = DesignacionPermiso.objects.filter(pk=pk_dpermiso, token_mail=token_mail, token_confirmation_date__isnull=True)
if designacion_permiso:
designacion_permiso.update(aprobado=estado, token_confirmation_date=timezone.now())
return HttpResponse("El permiso fue aprobado satisfactoriamente")
else:
return HttpResponse("El permiso ya fue confirmado")
except signing.SignatureExpired:
return HttpResponse("La clave del mensaje a expirado")
except signing.BadSignature:
return HttpResponse("Firma de Mensaje Incorrecto")
def send_restore_password(self):
signer = TimestampSigner()
value = signer.sign(self.user.username)
x = value.index(':')
key = value[x+1:]
self.password_restore_key = key
self.save()
sender = '*****@*****.**'
msg = {}
msg['subject'] = 'Восстановление пароля'
magic_url = 'http://draftwatcher.pythonanywhere.com/'
msg['body'] = '''
Вы запросили восстановление пароля. Если Вы хотите
сбросить пароль, перейдите по ссылке:
{url}.
Ссылка будет активна в течение пяти минут.
Если вы не иницировали отправление этого сообщения,
просто проигнорируйте его.
'''.format(
url=''.join(
(magic_url,'restore_password/', key)))
send_mail(msg['subject'], msg['body'], sender,
[self.user.email], fail_silently=False)
return key
def check_token(request, answer, token):
payload = hashlib.sha1('{}:{}'.format(request.session.session_key, answer.pk).encode()).hexdigest()
signer = TimestampSigner()
try:
return payload == signer.unsign(token, max_age=3600 * 24)
except BadSignature:
return False
def politician_hansard_subscribe(request, signed_key):
ctx = {
'key_error': False
}
try:
key = TimestampSigner(salt='alerts_pol_subscribe').unsign(signed_key, max_age=60*60*24*14)
politician_id, _, email = key.partition(',')
pol = get_object_or_404(Politician, id=politician_id)
if not pol.current_member:
raise Http404
user, created = User.objects.get_or_create(email=email)
sub, created = Subscription.objects.get_or_create_by_query(
_generate_query_for_politician(pol), user)
if not sub.active:
sub.active = True
sub.save()
ctx.update(
pol=pol,
title=u'Email alerts for %s' % pol.name
)
except BadSignature:
ctx['key_error'] = True
return render(request, 'alerts/activate.html', ctx)
def find(request, token):
try:
signer = TimestampSigner(key=request.session.session_key, sep=':')
id = b64_decode(signer.unsign(token, max_age=86400).encode('utf-8'))
return AsyncResult(id)
except:
return None
def lookup(self, signed):
if signed is None:
raise NonceException("No nonce was provided.")
signer = TimestampSigner()
try:
payload = signer.unsign(signed, max_age=NONCE_MAX_AGE)
except BadSignature:
raise NonceException("The nonce signature was invalid.")
except SignatureExpired:
raise NonceException("The nonce has expired.")
nonce, user_id = payload.split(":")
User = get_user_model()
user = User.objects.get(pk=user_id) if user_id else None
nonce_list = list(Nonce.objects.filter(key=nonce)[:1])
if nonce_list:
nonce_obj = nonce_list[0]
if nonce_obj.user == user:
return nonce_obj
else:
raise NonceException("The current user does not have access to the specified nonce.")
else:
return Nonce(key=nonce, user=user)
def provision(self, prefix="", user=None):
nonce = self.random_nonce(prefix)
user_id = user.pk if user else ""
payload = "%s:%s" % (nonce, user_id)
signer = TimestampSigner()
return signer.sign(payload)
def index(request):
error_message = None
reset_request = ResetRequestForm(request.POST or None)
email_response = False
try:
if reset_request.is_valid():
if reset_request.cleaned_data['email'] != '':
user_data = ContactInformation.objects.get(alternate_email=reset_request.cleaned_data['email'])
email_response = True
else:
user_data = ContactInformation.objects.get(cell_phone=reset_request.cleaned_data['cell'])
signer = TimestampSigner()
token = signer.sign(user_data.psu_uuid)
if email_response == True:
password_reset_email(user_data.psu_uuid, user_data.alternate_email, token)
else:
shortcode = TextMessageShortCode()
shortcode.token = token
shortcode.save()
password_reset_sms(user_data.cell_phone, shortcode.code)
return HttpResponseRedirect(reverse("PasswordReset:reset_notoken"))
except (ContactInformation.DoesNotExist, ContactInformation.MultipleObjectsReturned):
# Either we couldn't find it or we couldn't uniquely identify it.
logger.info("service=myinfo email=" + reset_request.cleaned_data['email'] + " cell=" + reset_request.cleaned_data['cell'] + "error = \"Unable to identify.\"")
error_message = "We were unable to find an identity that matched your information."
return render(request, 'PasswordReset/index.html', {'form' : reset_request, 'error' : error_message,})
def find(request, token):
try:
signer = TimestampSigner(key=request.session.session_key, sep=':')
id = b64_decode(signer.unsign(token, max_age=Task.TIMEOUT).encode('utf-8'))
return Task.status(id)
except:
return None
def post(self, request, *args, **kwargs):
try:
data = confirm(request)
except PaymentError as e:
messages.error(self.request, str(e))
self.restore_frozen_basket()
logger.exception(e)
return TemplateResponse(request, 'worldpay/worldpay_response.html', {'url': self.request.build_absolute_uri(reverse("worldpay-fail") + "?error=%s" % str(e))})
basket = Basket.objects.get(pk=data['M_basket'])
basket.strategy = Selector().strategy()
if data['M_user'] == 'None':
user = AnonymousUser()
else:
user = User.objects.get(pk=data['M_user'])
# Fetch submission data out of session
order_number = data['cartId']
total = Decimal(data['amount'])
# Record payment source
source_type, is_created = SourceType.objects.get_or_create(name='WorldPay')
source = Source(source_type=source_type,
currency=data['currency'],
amount_allocated=total,
amount_debited=total,
reference=data['transId'])
self.add_payment_source(source)
self.add_payment_event('paid', total, reference=data['transId'])
shipping_address = ShippingAddress.objects.get(pk=data['M_shipping_address'])
if data['M_billing_address'] == 'None':
billing_address = None
else:
billing_address = BillingAddress.objects.get(pk=data['M_billing_address'])
shipping_methods = Repository().get_shipping_methods(basket, user=user, shipping_addr=shipping_address)
shipping_method = [method for method in shipping_methods if method.code == data['M_shipping_method']][0]
order_kwargs = json.loads(data['M_order_kwargs'])
# Place order
calc_total = self.get_order_totals(basket, shipping_method.calculate(basket))
self.handle_order_placement(
order_number,
user,
basket,
shipping_address,
shipping_method,
shipping_method.calculate(basket),
billing_address,
calc_total,
**order_kwargs
)
signer = TimestampSigner()
order_number = signer.sign(order_number)
success_url = self.request.build_absolute_uri(reverse("worldpay-success") + '?order_number=%s' % (order_number))
return TemplateResponse(request, 'worldpay/worldpay_response.html', {'url': success_url})
def _build_hook_signature(self, method, url, body):
signer = TimestampSigner(settings.WATERCOOLER_SECRET)
value = '{method}:{url}:{body}'.format(
method=method.lower(),
url=url,
body=hashlib.sha256(body or b'').hexdigest()
)
return signer.sign(value)
def make_token(self):
""" Make timestamped token.
:return string: token
"""
key = TimestampSigner().sign(self.username)
return key.split(":", 1)[1]
def find_temporary_file(token):
signer = TimestampSigner(sep=':')
filename, attachment_filename, mimetype = b64_decode(signer.unsign(
token, max_age=TEMPORARY_FILE_TTL).encode('utf-8')).split(',')
return (
secure_join(settings.MEDIA_ROOT, 'temporary', filename),
attachment_filename,
mimetype,
)
def generate_api_token(user, expiry_seconds=EXPIRY_SECONDS):
signer = TimestampSigner()
token = signer.sign(user.username)
api_token = ApiToken(user=user,
expiry_seconds=expiry_seconds,
token=token)
api_token.save()
return api_token
def unsign_user_id(b64_user_id, max_age=None):
try:
id_signer = TimestampSigner()
unencoded_user_id = base64.urlsafe_b64decode(b64_user_id.encode('utf-8')).decode('utf-8')
signed = id_signer.unsign(unencoded_user_id, max_age)
return signed.split(':', 1)[0]
except Exception as e:
print(e)
return None
def restore_password(self, inp):
key = self.user.username + ":" + inp
signer = TimestampSigner()
try:
x = signer.unsign(key, max_age=60*5)
if x == self.user.username:
return True
except (SignatureExpired, BadSignature):
pass
return False
def reset(request, token=None):
error_message = None
signer = TimestampSigner()
reset_token_form = ResetTokenForm(request.POST or None)
# Token not passed through URL parameter.
if token is None and reset_token_form.is_valid():
token = reset_token_form.cleaned_data['token']
if token is not None:
encrypted_token = None
# The token might be a shortcode. First try to look up a matching shortcode.
try:
shortcode = TextMessageShortCode.objects.get(code=token)
encrypted_token = shortcode.token
except TextMessageShortCode.DoesNotExist:
encrypted_token = token
try:
# max_age is in seconds, so 1 hr.
psu_uuid = signer.unsign(encrypted_token, max_age=60*60)
# Verify psu_uuid, authenticate user, redirect to "new student" version of MyInfo.
user = auth.authenticate(psu_uuid = psu_uuid, request=request)
if user is not None:
auth.login(request, user)
# Now they need to reset their password.
(oam_status, _) = OAMStatusTracker.objects.get_or_create(psu_uuid = request.session['identity']['PSU_UUID'])
oam_status.set_password = False
oam_status.save()
return HttpResponseRedirect(reverse('AccountPickup:next_step'))
logger.error("service=myinfo psu_uuid={0} error=\"Password token decrypted succesfully but unable to authenticate.\"".format(psu_uuid))
error_message = "There was an internal error. Please contact the helpdesk for support."
except SignatureExpired:
udc_id = signer.unsign(token)
# Too slow!
logger.info("service=myinfo psu_uuid={0} error=password_timeout".format(udc_id))
error_message = "The password reset expired. Please try again."
except BadSignature:
logger.info("service=myinfo token={0} error=\"An invalid reset token was passed to OAM PasswordReset\"")
error_message = "There was an internal error. Please contact the helpdesk for support."
# Something went wrong, forward them back to the password reset link page.
if error_message is None:
error_message = "There was an internal error. Please contact the helpdesk for support."
logger.debug("Reached end of key signing attempt without an error message for token: {0}".format(token))
return render(request, 'PasswordReset/verification.html', {'form' : reset_token_form, 'error' : error_message,})
def get(self, request, *args, **kwargs):
signer = TimestampSigner()
try:
ad_pk = signer.unsign(kwargs["ad_identifier"])
except BadSignature:
raise Http404
advert = get_object_or_404(Advertisement, pk=ad_pk)
advert.clicked()
return HttpResponseRedirect(advert.url)
def get_links(self, obj):
request = self.context['request']
signer = TimestampSigner(settings.WEBSOCKET_SECRET)
channel = signer.sign(obj.pk)
return {
'self': reverse('sprint-detail', kwargs={'pk': obj.pk}, request=request),
'tasks': reverse('task-list', request=request) + '?sprint={}'.format(obj.pk),
'channel': '{proto}://{server}/socket?channel={channel}'.format(
proto='wss' if settings.WEBSOCKET_SECURE else 'ws',
server=settings.WEBSOCKET_SERVER, channel=channel),
}
def form_valid(self, form):
'''
'''
user = get_object_or_404(UserProfile, username=form.cleaned_data['username'])
signer = TimestampSigner()
recovery_key = signer.sign(str(user))
self.send_recovery_mail(user)
messages.success(self.request, _('An email has been sent to your email account.'))
response = super(PasswordRecovery, self).form_valid(form)
response.set_signed_cookie('recovery_key', recovery_key, max_age=1200)
return response
def advanced_click_register(request, ad_identifier):
signer = TimestampSigner()
try:
ad_pk = signer.unsign(ad_identifier)
except BadSignature:
raise Http404
advert = get_object_or_404(Advertisement, pk=ad_pk)
advert.clicked()
return HttpResponseRedirect(advert.url)
def dispatch(self, request, *args, **kwargs):
'''
'''
signer = TimestampSigner()
try:
value = request.get_signed_cookie('recovery_key')
self.value = signer.unsign(value, max_age=self.max_age)
except:
return HttpResponseForbidden('This page is expired')
else:
return super(SetNewPassword, self).dispatch(request, *args, **kwargs)
def save(self, *args, **kwargs):
# COLOCAR AQUI CONSUMIR EL REST DE ORGANIGRAMA
# Envio un uid y me devuelve el uid del jefe, si este esta inactivo me devuelve la del superior
self.jefe = User.objects.get(pk=1)
# Crear un Token Para confirmacion de Permiso mediante correo, por temas de la url cambio el separador por -
from django.core.signing import TimestampSigner
signer = TimestampSigner(salt="4g3t1c")
self.token_mail = signer.sign(self.pk)
super(DesignacionPermiso, self).save(*args, **kwargs)
def get_context_data(self, **kwargs):
context = super(IndexView, self).get_context_data(**kwargs)
signer = TimestampSigner(settings.SOCKET_SECRET)
channel = signer.sign(1) # el 1 deberia ser el ID de la empresa
url = '{protocol}://{server}/socket?channel={channel}'.format(
protocol = 'wss' if settings.SOCKET_SECURE else 'ws',
server = settings.SOCKET_SERVER,
channel = channel
)
context.update(socket_url=url)
return context
def is_valid(self):
if self.force_expiry:
return False
signer = TimestampSigner()
try:
username = signer.unsign(self.token, max_age=self.expiry_seconds)
except (BadSignature, SignatureExpired):
return False
return username == self.user.username
def send_password_reset_email(self, request, user):
signer = TimestampSigner()
reset_token = signer.sign(user.get_username())
context = {
"request": request,
"user": user,
"project_name": get_configuration("QS_PROJECT_NAME"),
"project_url": get_configuration("QS_PROJECT_URL"),
"reset_token": reset_token,
}
mails = template_mail.MagicMailBuilder()
email = mails.password_reset(user, context)
email.send()
def get_links(self, obj):
request = self.context["request"]
signer = TimestampSigner(settings.WATERCOOLER_SECRET)
channel = signer.sign(obj.pk)
return {
"self": reverse("sprint-detail", kwargs={"pk": obj.pk}, request=request),
"tasks": reverse("task-list", request=request) + "?sprint={}".format(obj.pk),
"channel": "{proto}://{server}/socket?channel={channel}".format(
proto="wss" if settings.WATERCOOLER_SECURE else "ws",
server=settings.WATERCOOLER_SERVER,
channel=channel,
),
}
def get_absolute_file_url(self, authenticated=False):
if not self.name:
return ''
url = reverse('foirequest-auth_message_attachment',
kwargs={
'message_id': self.belongs_to_id,
'attachment_name': self.name
})
if settings.FOI_MEDIA_TOKENS and authenticated:
signer = TimestampSigner()
value = signer.sign(url).split(':', 1)[1]
return '%s?token=%s' % (url, value)
return url
def check_token(self, request):
token = request.GET.get('token')
if token is None:
return None
original = '%s:%s' % (self.get_absolute_file_url(), token)
signer = TimestampSigner()
try:
signer.unsign(original, max_age=settings.FOI_MEDIA_TOKEN_EXPIRY)
except SignatureExpired:
return None
except BadSignature:
return False
return True
def __init__(self, **kwargs):
route = [
(r'/(?P<sprint>[0-9]+)', SprintHandler),
(r'/(?P<model>task|sprint|user)/(?P<pk>[0-9]+)', UpdateHandler),
]
super().__init__(route, **kwargs)
# self.subscriptions = defaultdict(list)
self.subscriber = RedisSubscriber(Client())
self.publisher = Redis()
self._key = os.environ.get(
'WATERCOOLER_SECRET',
'pTyz1dzMeVUGrb0Su4QXsP984qTlvQRHpFnnlHuH') ###随机设置一个共享密令
self.signer = TimestampSigner(self._key)
def politician_hansard_subscribe(request, signed_key):
ctx = {'key_error': False}
try:
key = TimestampSigner(salt='alerts_pol_subscribe').unsign(signed_key,
max_age=60 *
60 * 24 * 90)
politician_id, _, email = key.partition(',')
pol = get_object_or_404(Politician, id=politician_id)
if not pol.current_member:
raise Http404
user, created = User.objects.get_or_create(email=email)
sub, created = Subscription.objects.get_or_create_by_query(
_generate_query_for_politician(pol), user)
if not sub.active:
sub.active = True
sub.save()
ctx.update(pol=pol, title=u'Email alerts for %s' % pol.name)
except BadSignature:
ctx['key_error'] = True
return render(request, 'alerts/activate.html', ctx)
def form_valid(self, form):
updated_email = form.cleaned_data['email']
name = form.cleaned_data['full_name']
slack = form.cleaned_data.get('slack')
user = get_object_or_404(User, id=self.request.user.id)
if updated_email and updated_email != user.email:
base_url = reverse('users:email_change_confirm_password')
query_dict = {
'updated_email': updated_email,
'name': name,
'slack': slack
}
signer = TimestampSigner()
signed_value = signer.sign(dumps(query_dict))
# Using session variables for redirect validation
token_signer = Signer()
self.request.session['signed_token'] = token_signer.sign(
user.email)
return redirect('{}?{}'.format(base_url,
urlencode({'value': signed_value})))
return super(AccountView, self).form_valid(form)
def returned_wrapper(request, *args, **kwargs):
if request.method == "POST":
code = request.POST.get('code', None)
if code is None:
code = request.GET.get('code', None)
else:
code = request.GET.get('code', None)
if code:
value = base64.b64decode(code)
signer = TimestampSigner()
try:
username = signer.unsign(value, ONE_DAY)
INFO_LOG.info(
gen_info_msg(request,
action='链接正常',
code_url=request.path,
valid=True,
username=username))
return func(request, *args, **kwargs)
except (SignatureExpired, BadSignature, TypeError), e:
username = signer.unsign(value)
if isinstance(e, SignatureExpired):
messages.error(request, '链接已失效')
INFO_LOG.info(
gen_info_msg(request,
action=u'链接已失效',
code_url=request.path,
valid=False,
username=username))
elif isinstance(e, BadSignature):
messages.error(request, '链接被篡改')
INFO_LOG.info(
gen_info_msg(request,
action=u'链接被篡改',
code_url=request.path,
valid=False,
username=username))
return HttpResponseRedirect(settings.LOGIN_URL)
def microsoft(request):
""" Adds global template variables for microsoft_auth """
login_type = None
if config.MICROSOFT_AUTH_LOGIN_TYPE == LOGIN_TYPE_XBL:
login_type = _("Xbox Live")
else:
login_type = _("Microsoft")
if config.DEBUG: # pragma: no branch
try:
current_domain = Site.objects.get_current(request).domain
except Site.DoesNotExist:
logger.warning(
"\nWARNING:\nThe domain configured for the sites framework "
"does not match the domain you are accessing Django with. "
"Microsoft authentication may not work.\n"
)
else:
do_warning = get_scheme(
request
) == "http" and not current_domain.startswith("localhost")
if do_warning: # pragma: no branch
logger.warning(
"\nWARNING:\nYou are not using HTTPS. Microsoft "
"authentication only works over HTTPS unless the hostname "
"for your `redirect_uri` is `localhost`\n"
)
# initialize Microsoft client using CSRF token as state variable
signer = TimestampSigner()
state = signer.sign(get_token(request))
microsoft = MicrosoftClient(state=state, request=request)
auth_url = microsoft.authorization_url()[0]
return {
"microsoft_login_enabled": config.MICROSOFT_AUTH_LOGIN_ENABLED,
"microsoft_authorization_url": mark_safe(auth_url), # nosec
"microsoft_login_type_text": login_type,
}
def test_valid_signature_required(self):
"""
A valid signature should log the user in
"""
user = make(get_user_model())
with patch("django.conf.settings.LOGIN_REDIRECT_URL", "/foo"):
response = self.client.get(reverse(
login, args=[TimestampSigner().sign(str(user.pk))]),
follow=False)
self.assertRedirects(response, "/foo", target_status_code=404)
self.assertEqual(user.pk, self.client.session['_auth_user_id'])
self.assertEqual('django.contrib.auth.backends.ModelBackend',
self.client.session['_auth_user_backend'])
def weixin_qrconnect_url(request):
"""微信扫码登录 URL"""
from urllib import parse
from django.core.signing import TimestampSigner
callback_url = getattr(settings, 'WEIXIN_WEB_REDIRECT_URI', None) or ''
appid = getattr(settings, 'WEIXIN_WEB_APPID', None) or ''
auth_url = ('https://open.weixin.qq.com/connect/qrconnect?'
'appid={0}'
'&redirect_uri={1}'
'&response_type=code&scope={2}'
'&state={3}'
'#wechat_redirect')
signer = TimestampSigner()
state = signer.sign('web')
callback_url = parse.quote_plus(callback_url)
scope = 'snsapi_login'
_url = auth_url.format(appid, callback_url, scope, state)
return Response(dict(url=_url))
def activate(request, key):
try:
signer = TimestampSigner()
user_id = signer.unsign(key, max_age=timedelta(days=2))
user = User.objects.get(id=user_id)
if user.is_active == False:
user.is_active = True
user.save()
return render(
request, 'message.html', {
'message':
'Your account has been succesfully activated! Please login.'
})
else:
return render(request, 'message.html',
{'message': "The user has already been activated!"})
except SignatureExpired:
return render(request, 'message.html',
{'message': "The activation link has been expired"})
except signing.BadSignature:
raise Http404("Invalid activation link")
def get(self, request, activation_key, *args, **kwargs):
signer = TimestampSigner()
expiration = get_configuration("QS_SIGNUP_TOKEN_EXPIRATION_DAYS")
try:
username = signer.unsign(activation_key,
max_age=expiration * SECONDS_IN_DAY)
except (BadSignature, SignatureExpired):
return super().get(request, *args, **kwargs)
user_model = get_user_model()
try:
user = user_model.objects.activate(username)
except user_model.DoesNotExist:
return super().get(request, *args, **kwargs)
if user.is_active:
user_activated.send(sender=self.__class__,
user=user,
request=request)
if get_configuration("QS_SIGNUP_AUTO_LOGIN"):
self._login_user(request, user)
return redirect(self.get_success_url())
def testActivationLink(self):
"""Ensure that following the activation link makes the TcsUser instance active."""
user = TcsUser.objects.create_user(self.user_data['email'],
self.user_data['password'])
self.assertFalse(user.is_active) # The new registrant is inactivate
usercode = TimestampSigner().sign(user.email)
# User creation should trigger sending an activation e-mail via a listener
self.checkMail()
# This GET request should activate the new TcsUser instance.
response = Client().get(reverse('tcsuser_activate', args=(usercode, )))
user = TcsUser.objects.get(
pk=user.id) # Syncronize the variable with the database
self.assertTrue(user.is_active)
def final(self, request, pk):
id = pk
order = Order.objects.get(id=id, client__user=request.user)
status = "waiting"
if order.status == Order.STATUS_VALIDATED:
status = "validated"
elif order.status >= Order.STATUS_REJECTED:
status = "rejected"
tickets = request.build_absolute_uri(
urls.reverse('ticket-print', args=[TimestampSigner().sign(id)]))
return Response({'status': status, 'url': tickets})
def send_change_email_link(self, new_email):
payload = {
"u": self.user.username,
"t": self.prepare_token(),
"e": new_email,
}
signed_payload = TimestampSigner().sign_object(payload)
path = reverse("hc-change-email-verify", args=[signed_payload])
ctx = {
"button_text": "Sign In",
"button_url": settings.SITE_ROOT + path,
}
emails.login(new_email, ctx)
def token_decoder2(token_B, _err_code=None):
"""
decoder for token_B
:Parameters:
token_B : (str)
_err_code : (str)
:Returns:
user : User object
token : (str)
"""
signer = TimestampSigner(salt=SECRET_SALT)
try:
uid = force_text(urlsafe_base64_decode(token_B))
except DjangoUnicodeDecodeError:
raise ValidationError(_err_code)
except (ValueError):
# This is for the unhandled exceptions
raise ValidationError(_err_code)
_id = uid.split(':')[0]
_hash = ':'.join(uid.split(':')[1:])
token = signer.unsign(_hash, max_age=timedelta(days=1))
user = User.objects.get(uuid=_id)
return user, token
def test_event_endpoint(self, ping_mock):
url = reverse_ns('sponsored-shelf-event')
# no data
response = self.client.post(url)
assert response.status_code == 400
ping_mock.assert_not_called()
# bad data
response = self.client.post(
url, {'type': 'conversion', 'data': 'r?dfdfd:3434'})
assert response.status_code == 400
ping_mock.assert_not_called()
# good data
signer = TimestampSigner()
raw_data = 'sdwwdw'
data = signer.sign(raw_data)
response = self.client.post(url, {'type': 'conversion', 'data': data})
assert response.status_code == 202, response.content
ping_mock.assert_called_with(
f'https://e-10521.adzerk.net/{raw_data}', type='conversion')
assert response.content == b''
# good data but bad type
ping_mock.reset_mock()
response = self.client.post(url, {'type': 'foo', 'data': data})
assert response.status_code == 400
ping_mock.assert_not_called()
# good data but stale
with freeze_time('2020-01-01') as freezer:
data = signer.sign(raw_data)
freezer.tick(delta=timedelta(days=1, minutes=1))
response = self.client.post(
url, {'type': 'conversion', 'data': raw_data})
assert response.status_code == 400
ping_mock.assert_not_called()
def setUp(self):
super(TaskMemberResumeTest, self).setUp()
self.init_projects()
self.some_user = BlueBottleUserFactory.create()
self.some_token = "JWT {0}".format(self.some_user.get_jwt_token())
self.another_user = BlueBottleUserFactory.create()
self.another_token = "JWT {0}".format(
self.another_user.get_jwt_token())
self.task = TaskFactory.create(
project=ProjectFactory.create(owner=self.some_user), )
self.member = TaskMemberFactory.create(
task=self.task,
member=self.another_user,
resume='private/tasks/resume/test.jpg')
self.signer = TimestampSigner()
self.resume_url = reverse('task-member-resume',
args=(self.member.id, ))
self.task_member_url = reverse('task-member-detail',
args=(self.member.id, ))
def get_messenger_id(request):
# generate messenger id token
random_key = ''.join([
random.SystemRandom().choice(
'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-')
for i in range(MESSENGERID_KEY_LENGTH)
])
hash = hashlib.sha1()
hash.update(random_key.encode('utf-8'))
digest = hash.hexdigest()
signer = TimestampSigner()
messengerid = signer.sign(digest)
messenger_module = module_manager.get_module('messenger')
messenger_module.tcp_client.message(
COMMAND_AUTH_SESSION, {
'username': request.user.username,
'messengerid': messengerid,
'validity': request.session.get_expiry_age()
})
if messenger_module.tcp_client.is_ready():
results = {
'alive': True,
'messengerid': messengerid,
'host': get_setting('messenger', 'messenger_host'),
'port': get_setting('messenger', 'messenger_port'),
'path': get_setting('messenger', 'messenger_path')
}
else:
results = {'alive': False}
return HttpResponseRest(request, results)
def verify_password(self, code, password):
if code:
signer = TimestampSigner()
try:
code = code.encode('utf-8')
max_age = datetime.timedelta(
days=settings.VERIFICATION_CODE_EXPIRED).total_seconds()
code = force_bytes(code)
code = b64_decode(code)
code = code.decode()
email = signer.unsign(code, max_age=max_age)
user = StdUser.objects.get(**{StdUser.USERNAME_FIELD: email})
user.set_password(password)
user.code = 'None code'
user.save()
return True
except (BadSignature, AttributeError, StdUser.DoesNotExist,
TypeError, UnicodeDecodeError):
raise ValueError('Error')
return False, (
'Activation link is incorrect, please resend request')
else:
raise ValueError('No code')
def linked_form_field_model(model_form, field):
model_class = model_form._meta.model
model_field = model_class._meta.fields_by_name[field.name]
related_model = model_field.related_model
# 'related_app' : related_model._meta.app_label,
# 'related_class' : related_model._meta.object_name,
data_url = [{
'referencing_app' : model_class._meta.app_label,
'referencing_class' : model_class._meta.object_name,
'referencing_field' : field.name,
'referencing_instance' : model_form.instance.pk,
'current_value' : field.value()
}]
from fedoralink.views import ModelViewRegistry
link_view = ModelViewRegistry.get_view(related_model, 'link')
data_url = base64.b64encode(zlib.compress(json.dumps(data_url).encode('utf-8')))
signer = TimestampSigner(salt='linked_form_field_model')
data_url = signer.sign(data_url)
return reverse(link_view, kwargs={'parametry': ''}) + '?linking=' + data_url
def forgetPw(request):
if request.method == 'GET':
return render(request, 'mainApp/account/forgetPw.html')
elif request.method == "POST":
if (request.POST['username'] != ""):
username = request.POST['username']
user = User.objects.filter(username=username)
if (user.exists()):
emailGateway(
"resetPw", user[0].email,
request.get_host() + "/main/retrievePw?token=" +
TimestampSigner().sign(username).split(":", maxsplit=1)[1])
return HttpResponseRedirect('/main/login?message=l_fp')
elif (request.POST['email'] != ""):
email = request.POST['email']
user = User.objects.filter(email=email)
if (user.exists()):
emailGateway(
"resetPw", user[0].email,
request.get_host() + "/main/retrievePw?token=" +
TimestampSigner().sign(user[0].username).split(
":", maxsplit=1)[1])
return HttpResponseRedirect('/main/login?message=l_fp')
return HttpResponseRedirect('/main/login?message=l_fpfail')
def get_user_from_token(token):
try:
user = UserModel.objects.get(email=token.split(':', 1)[0])
except UserModel.DoesNotExist:
return None
try:
TimestampSigner(salt=user.password).unsign(
token,
max_age=60 * 60 * 24,
)
except BadSignature:
return None
return user
def test_update_email_post_valid_form_w_no_pref(self):
pref = ProfilePreferences.objects.get(profile=self.profile)
pref.delete()
self.url = create_unsubscribe_link(
self.profile.user_object.email
) + "?email_disable=send_schedule_change_notifications"
response = self.client.post(self.url, follow=True, data={
'token': TimestampSigner().sign(self.profile.user_object.email),
'send_daily_schedule': True,
'send_bid_notifications': False,
'send_role_notifications': False,
'send_schedule_change_notifications': True})
site = Site.objects.get_current()
self.assertRedirects(response, "http://%s" % site.domain)
assert_alert_exists(
response, 'success', 'Success', default_update_profile_msg)
class User(AbstractUser):
signer = TimestampSigner(salt='Hello World!')
is_email_verified = models.BooleanField(default=False)
initial_secret_key = models.CharField(null=True, max_length=256)
verification_email_sent_at = models.DateTimeField(null=True)
is_student = models.BooleanField(default=False)
grade = models.PositiveSmallIntegerField(null=True)
subgrade = models.CharField(max_length=1)
is_locked = models.BooleanField(default=False)
# def get_active_test_suite(self):
# return self.test_suites.get(
# is_active=True
# )
def get_initial_key(self):
initial_key = "".join(random.sample(APHABET, 256))
self.initial_secret_key = initial_key
self.save()
return initial_key
def get_signed_key(self):
initial_key = self.initial_secret_key
hashed_key = md5(bytes(initial_key, encoding='ascii')).hexdigest()
signed_key = self.signer.sign(hashed_key)
encoded_key = base64.b64encode(signed_key)
return encoded_key
def get_verification_link(self):
self.get_initial_key()
host = settings.HOST_NAME
key = self.get_signed_key()
link = f"{host}/verify-email?key={key}"
return link
def check_key(self, secret_key):
decoded_key = base64.b64decode(secret_key)
unsigned_key = self.signer.unsign(
decoded_key,
max_age=timedelta(days=1)
)
initial_key = self.initial_secret_key
hashed_key = md5(bytes(initial_key, encoding='ascii')).hexdigest()
return unsigned_key == hashed_key
def test_adzerk_returns_none_sponsored(self):
self.populate_es()
signer = TimestampSigner()
log_msg = (
'Addon id [%s] returned from Adzerk, but not in a valid Promoted '
'group [%s]')
log_groups = 'Sponsored; Verified; By Firefox'
with mock.patch('olympia.shelves.views.get_addons_from_adzerk') as get:
get.return_value = {
str(self.sponsored_ext.id): {
'impression': '123456',
'click': 'abcdef'
},
str(self.sponsored_theme.id): {
'impression': '012345',
'click': 'bcdefg',
},
str(self.verified_ext.id): {
'impression': '55656',
'click': 'efef'
},
str(self.recommended_ext.id): {
'impression': '9494',
'click': '4839'
},
str(self.not_promoted.id): {
'impression': '735754',
'click': 'jydh'
},
'0': {
'impression': '',
'click': ''
},
}
with mock.patch('django_statsd.clients.statsd.incr') as incr_mock:
with mock.patch('olympia.shelves.views.log.error') as log_mock:
data = self.perform_search()
incr_mock.assert_any_call('services.adzerk.elasticsearch_miss', 3)
log_mock.assert_has_calls((
mock.call(log_msg, str(self.recommended_ext.id), log_groups),
mock.call(log_msg, str(self.not_promoted.id), log_groups),
mock.call(log_msg, '0', log_groups),
))
get.assert_called_with(6)
# non .can_be_returned_from_azerk are ignored
assert data['count'] == 3
assert len(data['results']) == 3
assert data['impression_data'] == signer.sign('123456,012345,55656')
assert {(itm['id'], itm['click_data'])
for itm in data['results']} == {
(self.sponsored_ext.pk, signer.sign('abcdef')),
(self.sponsored_theme.pk, signer.sign('bcdefg')),
(self.verified_ext.pk, signer.sign('efef')),
}
def sendActivationLink(sender, created, instance, **kwargs):
"""
E-mail an activation link to new registrant. The e-mail sender is the setting
DEFAULT_FROM_EMAIL. The activation link is a remote procedure call to
tcsuser.views.activateUser.
"""
if created:
signed_email = TimestampSigner().sign(instance.email)
# Test server; for development only. For production, use settings.ALLOWED_HOSTS.
link = 'http://localhost:8000'
link += reverse('tcsuser_activate', args=(signed_email,))
try:
send_mail('Activate your account', link, settings.DEFAULT_FROM_EMAIL, [instance.email])
except SMTPRecipientsRefused:
print "Failed to send activation link. Invalid e-mail recipients."
except gaierror:
print "Failed to send activation link. No network connection?"
def send_registration_mail(self, request, queryset):
current_site = get_current_site(request)
_user_failed = ""
success = True
mail_subject = "Activate your account."
for user in queryset:
message = render_to_string(
"authentication/email/acc_activate_email.html",
{
"user": user.username,
"domain": current_site.domain,
"uid": base64.urlsafe_b64encode(force_bytes(user.pk)).decode(
"utf-8"
),
"token": TimestampSigner().sign(
default_token_generator.make_token(user)
),
},
)
plain_message = strip_tags(message)
to_email = user.email
if (
mail.send_mail(
mail_subject,
plain_message,
settings.EMAIL_HOST_USER,
[to_email],
html_message=message,
)
== 0
):
success = False
_user_failed += f"{user.username}, "
user.verification_email_sent_date = timezone.now()
if success:
self.message_user(
request,
"E-mail was send successfully for all user(s)",
messages.SUCCESS,
)
else:
self.message_user(
request,
f"Send the e-mail failed for the following user(s): {_user_failed}",
messages.ERROR,
)
def tcsuserActivate(request, usercode):
"""
This handles a remote procedure call for activating a TcsUser. "usercode"
is an e-mail address signed with a TimestampSigner. If the signature is
valid and less than or equal to 2 hours old, activate the TcsUser.
"""
try:
name = TimestampSigner().unsign(usercode, max_age=7200) # 2 hours
except BadSignature:
return HttpResponse("Invalid activation link.")
except SignatureExpired:
return HttpResponse("The activation link expired.")
new_user = get_user_model().objects.get(email=name)
new_user.is_active = True
new_user.save()
messages.success(request, "Thank you for activating your account.")
return HttpResponseRedirect(reverse('login'))
def validate_token(token):
"""
Validate token.
returns MeetingInvitation or None
"""
try:
# Valid in 7 days
valid_in = 60 * 60 * 24 * 7
data = signing.loads(TimestampSigner().unsign(token, max_age=valid_in))
return MeetingInvitation.objects.filter(
user=int(data["user_id"]), meeting=int(data["meeting_id"])
)[0]
except (BadSignature, SignatureExpired):
return None
def test_update_email_post_valid_form_logged_in(self):
login_as(self.profile.user_object, self)
self.url = create_unsubscribe_link(
self.profile.user_object.email
) + "?email_disable=send_schedule_change_notifications"
response = self.client.post(self.url, follow=True, data={
'token': TimestampSigner().sign(self.profile.user_object.email),
'send_daily_schedule': True,
'send_bid_notifications': False,
'send_role_notifications': False,
'send_schedule_change_notifications': True})
self.assertRedirects(response, reverse('home', urlconf='gbe.urls'))
preferences = ProfilePreferences.objects.get(profile=self.profile)
self.assertTrue(preferences.send_daily_schedule)
self.assertFalse(preferences.send_bid_notifications)
assert_alert_exists(
response, 'success', 'Success', default_update_profile_msg)
def get_context(self,
change=None,
subscription=None,
extracontext=None,
changes=None):
"""Return context for rendering mail."""
result = {
"LANGUAGE_CODE": get_language(),
"LANGUAGE_BIDI": get_language_bidi(),
"current_site_url": get_site_url(),
"site_title": settings.SITE_TITLE,
"notification_name": self.verbose,
}
if changes is not None:
result["changes"] = changes
if subscription is not None:
result["unsubscribe_nonce"] = TimestampSigner().sign(
subscription.pk)
if extracontext:
result.update(extracontext)
if change:
result["change"] = change
# Extract change attributes
attribs = (
"unit",
"translation",
"component",
"project",
"glossary_term",
"comment",
"suggestion",
"announcement",
"alert",
"user",
"target",
"old",
"details",
)
for attrib in attribs:
result[attrib] = getattr(change, attrib)
if result.get("translation"):
result["translation_url"] = get_site_url(
result["translation"].get_absolute_url())
return result
class User(AbstractUser):
signer = TimestampSigner(salt='Hello')
email_verification_link = models.CharField(
null=True,
max_length=1024
)
is_email_verified = models.BooleanField(default=False)
verification_email_sent_at = models.DateTimeField(null=True)
incorrect_attempts = models.PositiveSmallIntegerField(default=0)
is_seller = models.BooleanField(default=False)
initial_secret_key = models.CharField(max_length=256)
def generate_key(self):
key = "".join(
random.sample(ALPHABET, 256)
)
self.initial_secret_key = key
self.save()
signed_key = self.signer.sign(key)
encoded_key = base64.b64encode(bytes(signed_key, encoding='ascii')).decode('utf-8')
return encoded_key
def verify_email(self):
encoded_key = self.generate_key()
url = "http://127.0.0.1:8000/verify?key={}".format(
urllib.parse.quote(encoded_key)
)
self.verification_email_sent_at = timezone.now()
self.save()
self.email_user(
"Verification Link",
"<a href={}>Подтвердить почтовый адрес</a>".format(url),
"*****@*****.**"
)
def check_key(self, key):
signed_key = base64.b64decode(key).decode('utf-8')
initial_key = self.signer.unsign(signed_key, max_age=timedelta(days=1))
return self.initial_secret_key == initial_key
