def avatar_file_path(instance=None, filename=None, size=None, ext=None):
tmppath = [AVATAR_STORAGE_DIR]
dir = instance.user.username
if AVATAR_USE_PK_IN_PATH:
dir = str(instance.user.pk)
if AVATAR_HASH_USERDIRNAMES:
tmp = md5_constructor(dir).hexdigest()
tmppath.extend([tmp[0], tmp[1], dir])
else:
tmppath.append(dir)
if not filename:
# Filename already stored in database
filename = instance.avatar.name
if ext and AVATAR_HASH_FILENAMES:
# An extension was provided, probably because the thumbnail
# is in a different format than the file. Use it. Because it's
# only enabled if AVATAR_HASH_FILENAMES is true, we can trust
# it won't conflict with another filename
(root, oldext) = os.path.splitext(filename)
filename = root + "." + ext
else:
# File doesn't exist yet
if AVATAR_HASH_FILENAMES:
(root, ext) = os.path.splitext(filename)
filename = md5_constructor(smart_str(filename)).hexdigest()
filename = filename + ext
if size:
tmppath.extend(['resized', str(size)])
tmppath.append(os.path.basename(filename))
return os.path.join(*tmppath)
def avatar_upyun_path(instance=None,
filename=None,
size=None,
ext=None,
separator='!'):
tmppath = [AVATAR_STORAGE_DIR]
if AVATAR_HASH_USERDIRNAMES:
tmp = md5_constructor(instance.user.username).hexdigest()
tmppath.extend([tmp[0], tmp[1], str(instance.user.id)])
else:
tmppath.append(str(instance.user.id))
if not filename:
# Filename already stored in database
filename = instance.avatar.name
if ext and AVATAR_HASH_FILENAMES:
# An extension was provided, probably because the thumbnail
# is in a different format than the file. Use it. Because it's
# only enabled if AVATAR_HASH_FILENAMES is true, we can trust
# it won't conflict with another filename
(root, oldext) = os.path.splitext(filename)
filename = root + "." + ext
else:
# File doesn't exist yet
if AVATAR_HASH_FILENAMES:
(root, ext) = os.path.splitext(filename)
salt = md5_constructor(str(random.random())).hexdigest()
filename = md5_constructor(smart_str(filename) + salt).hexdigest()
filename = filename + ext
if size:
filename = filename + separator + size
tmppath.append(os.path.basename(filename))
return os.path.join(*tmppath)
def avatar_file_path(instance=None, filename=None, size=None, ext=None, new=False):
tmppath = [AVATAR_STORAGE_DIR]
if AVATAR_HASH_USERDIRNAMES:
tmp = md5_constructor(instance.user.username).hexdigest()
tmppath.extend([tmp[0], tmp[1], instance.user.username])
else:
tmppath.append(instance.user.username)
if not filename:
# Filename already stored in database
filename = instance.avatar.name
else:
filename = filename
# File doesn't exist yet
if AVATAR_HASH_FILENAMES:
(root, oldext) = os.path.splitext(filename)
filename = md5_constructor(smart_str(filename)).hexdigest()
filename = filename + oldext
if size:
tmppath.extend(['resized', str(size)])
tmppath.append(os.path.basename(filename))
filename = os.path.join(*tmppath)
# ext overrides current extension
(root, oldext) = os.path.splitext(filename)
if ext and ext != oldext:
filename = root + "." + ext
if new:
# file does not yet exist, avoid filename collision
if instance is not None:
filename = instance.avatar.storage.get_available_name(filename)
else:
pass # Not sure how to avoid collisions without storage
return filename
def generate_cache_key(request, headers, key_prefix=None):
"""
Returns a cache key from the headers given in the header list.
NOTE: This was copied from Django, with the following changes:
* Caches based on full path, including the query string.
* Requires headers as a dictionary, which can optionally contain values
for the headers. When provided, these values are used instead of the
request header values. This is to support including the X-Vary-On-View
header values in the cache key.
"""
if key_prefix is None:
key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX
ctx = md5_constructor()
for header, value in sorted(headers.items()):
if value is None:
value = request.META.get(header, None)
if value is not None:
ctx.update(value)
else:
ctx.update(value)
url = md5_constructor()
url.update(request.get_host())
url.update(iri_to_uri(request.get_full_path()))
cache_key = 'cache_middleware.response.%s.%s.%s' % (key_prefix, url.hexdigest(), ctx.hexdigest())
return _i18n_cache_key_suffix(request, cache_key)
def generate_cache_key(request, headers, key_prefix=None):
"""
Returns a cache key from the headers given in the header list.
NOTE: This was copied from Django, with the following changes:
* Caches based on full path, including the query string.
* Requires headers as a dictionary, which can optionally contain values
for the headers. When provided, these values are used instead of the
request header values. This is to support including the X-Vary-On-View
header values in the cache key.
"""
if key_prefix is None:
key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX
ctx = md5_constructor()
for header, value in sorted(headers.items()):
if value is None:
value = request.META.get(header, None)
if value is not None:
ctx.update(value)
else:
ctx.update(value)
url = md5_constructor()
url.update(request.get_host())
url.update(iri_to_uri(request.get_full_path()))
cache_key = 'cache_middleware.response.%s.%s.%s' % (
key_prefix, url.hexdigest(), ctx.hexdigest())
return _i18n_cache_key_suffix(request, cache_key)
def avatar_file_path(instance=None, filename=None, size=None, ext=None):
tmppath = [AVATAR_STORAGE_DIR]
if AVATAR_HASH_USERDIRNAMES:
tmp = md5_constructor(instance.user.username).hexdigest()
tmppath.extend([tmp[0], tmp[1], instance.user.username])
else:
tmppath.append(instance.user.username)
if not filename:
# Filename already stored in database
filename = instance.avatar.name
if ext and AVATAR_HASH_FILENAMES:
# An extension was provided, probably because the thumbnail
# is in a different format than the file. Use it. Because it's
# only enabled if AVATAR_HASH_FILENAMES is true, we can trust
# it won't conflict with another filename
(root, oldext) = os.path.splitext(filename)
filename = root + "." + ext
else:
# File doesn't exist yet
if AVATAR_HASH_FILENAMES:
(root, ext) = os.path.splitext(filename)
filename = md5_constructor(smart_str(filename)).hexdigest()
filename = filename + ext
if size:
tmppath.extend(['resized', str(size)])
tmppath.append(os.path.basename(filename))
return os.path.join(*tmppath)
def generate(self):
if hasattr(self.dest, 'write'):
self._do_generate()
else:
do_generate = False
if self.cache_dir is not None:
if isinstance(self.source, FieldFile) or \
isinstance(self.source, File):
source = force_unicode(self.source)
elif not isinstance(self.source, basestring):
source = pickle.dumps(self.source.read())
self.source.seek(0)
else:
source = smart_str(force_unicode(self.source))
source = os.path.join(self.cache_dir,
md5_constructor(source).hexdigest())
if not isinstance(self.dest, basestring):
dest = pickle.dumps(self.dest.read())
self.dest.seek(0)
else:
dest = smart_str(force_unicode(self.dest))
dest = os.path.join(self.cache_dir,
md5_constructor(dest).hexdigest())
else:
source = force_unicode(self.source)
dest = self.dest
if hasattr(default_storage, 'getmtime') and not self.cache_dir:
do_generate = default_storage.getmtime(source) > \
default_storage.getmtime(dest)
else:
if not self.cache_dir:
source_cache = os.path.join(settings.MEDIA_ROOT, source)
dest_cache = os.path.join(settings.MEDIA_ROOT, dest)
else:
source_cache, dest_cache = source, dest
try:
do_generate = os.path.getmtime(source_cache) > \
os.path.getmtime(dest_cache)
except OSError:
do_generate = True
if do_generate:
if self.cache_dir is not None:
for filename in (source, dest):
path = os.path.split(filename)[0]
if not os.path.exists(path):
os.makedirs(path)
open(filename, 'w').close()
try:
self._do_generate()
except:
if self.cache_dir is not None:
for filename in (source, dest):
if os.path.exists(filename):
os.remove(filename)
raise
def get_cache_key(request):
url = md5_constructor(request.path_info).hexdigest()
query_string = md5_constructor(request.META.get('QUERY_STRING', ''))\
.hexdigest()
keyprefix = getattr(settings, 'CACHE_PAGE_KEY_PREFIX', '')
if request.user.is_authenticated():
return '_'.join([keyprefix, str(request.user.pk), url, query_string])
else:
return '_'.join([keyprefix, url, query_string])
def get_cache_key(request):
url = md5_constructor(request.path_info).hexdigest()
query_string = md5_constructor(request.META.get('QUERY_STRING', ''))\
.hexdigest()
keyprefix = getattr(settings, 'CACHE_PAGE_KEY_PREFIX', '')
if request.user.is_authenticated():
return '_'.join([keyprefix, str(request.user.pk), url, query_string])
else:
return '_'.join([keyprefix, url, query_string])
def _generate_cache_key(request, headerlist, key_prefix):
"""Returns a cache key from the headers given in the header list."""
ctx = md5_constructor()
for header in headerlist:
value = request.META.get(header, None)
if value is not None:
ctx.update(value)
path = md5_constructor(iri_to_uri(request.path))
return 'views.decorators.cache.cache_page.%s.%s.%s' % (
key_prefix, path.hexdigest(), ctx.hexdigest())
def _generate_cache_key(request, headerlist, key_prefix):
"""Returns a cache key from the headers given in the header list."""
ctx = md5_constructor()
for header in headerlist:
value = request.META.get(header, None)
if value is not None:
ctx.update(value)
path = md5_constructor(iri_to_uri(request.get_full_path()))
return 'views.decorators.cache.cache_page.%s.%s.%s' % (
key_prefix, path.hexdigest(), ctx.hexdigest())
def update_screenshot(item, force=False):
api_key = getattr(settings, "URL2PNG_KEY", None)
api_secret = getattr(settings, "URL2PNG_SECRET", None)
if not api_key or not api_secret:
screenshot_logger.warning(u"Either URL2PNG_KEY or URL2PNG_SECRET is missing. Can't fetch screenshot.")
return
url = item.url
url = url.strip()
url = urllib.quote(url, safe="%/:=&?~#+!$,;'@()*[]")
if not url:
return
if item.http_status != 200:
screenshot_logger.warning(u"Skipping '%s'. HTTP status is not 200." % item.url)
return
if item.screenshot and not force:
screenshot_logger.warning(u"Skipping '%s'. Screenshot exists already." % item.url)
return
url_hash = md5_constructor(smart_str(url)).hexdigest()
filename = "%s-%i-%s.png" % (item._meta.object_name.lower(), item.id, url_hash)
filename = os.path.join(item.screenshot.field.get_directory_name(), filename)
# Remove existing screenshot
if item.screenshot:
try:
delete(item.screenshot)
except OSError:
pass
update_item(item, screenshot=None)
full_path = os.path.join(settings.MEDIA_ROOT, filename)
dirname = os.path.dirname(full_path)
if not os.path.exists(dirname):
os.makedirs(dirname)
bounds = "1000x1000"
token = md5_constructor("%s+%s" % (api_secret, url)).hexdigest()
screenshot_url = "http://api.url2png.com/v3/%s/%s/%s/%s" % (api_key, token, bounds, url)
try:
response = urllib2.urlopen(screenshot_url, timeout=120)
except:
screenshot_logger.error(u"Failed to fetch screenshot for '%s': %s %s" % (url, sys.exc_info()[0], sys.exc_info()[1]))
return
f = open(full_path, "w+")
f.write(response.read())
f.close()
update_item(item, screenshot=filename)
screenshot_logger.info(u"Fetched screenshot for '%s'" % url)
def __init__(self, metadata, instances, path, site=None, language=None):
self.__metadata = metadata
if metadata._meta.use_cache:
if metadata._meta.use_sites and site:
hexpath = md5_constructor(iri_to_uri(site.domain+path)).hexdigest()
else:
hexpath = md5_constructor(iri_to_uri(path)).hexdigest()
if metadata._meta.use_i18n:
self.__cache_prefix = 'rollyourown.seo.%s.%s.%s' % (self.__metadata.__class__.__name__, hexpath, language)
else:
self.__cache_prefix = 'rollyourown.seo.%s.%s' % (self.__metadata.__class__.__name__, hexpath)
else:
self.__cache_prefix = None
self.__instances_original = instances
self.__instances_cache = []
def avatar_url(user, size=80):
if not isinstance(user, User):
try:
user = User.objects.get(username=user)
except User.DoesNotExist:
return AVATAR_DEFAULT_URL
avatars = user.avatar_set.order_by('-date_uploaded')
primary = avatars.filter(primary=True)
if primary.count() > 0:
avatar = primary[0]
elif avatars.count() > 0:
avatar = avatars[0]
else:
avatar = None
if avatar is not None:
if not avatar.thumbnail_exists(size):
avatar.create_thumbnail(size)
return avatar.avatar_url(size)
else:
if AVATAR_GRAVATAR_BACKUP:
params = {'s': str(size)}
if AVATAR_GRAVATAR_DEFAULT:
params['d'] = AVATAR_GRAVATAR_DEFAULT
return "http://www.gravatar.com/avatar/%s/?%s" % (
md5_constructor(user.email).hexdigest(),
urllib.urlencode(params))
else:
return AVATAR_DEFAULT_URL
def avatar_url(user, size=80, first_login=False):
if not isinstance(user, User):
try:
user = User.objects.get(username=user)
except User.DoesNotExist:
return AVATAR_DEFAULT_NO_URL
avatars = user.avatar_set.order_by('-date_uploaded')
if avatars:
avt = avatars[0]
else:
avt = None
if avt is not None:
if not avt.thumbnail_exists(size):
avt.create_thumbnail(size)
return avt.avatar_url(size)
else:
if AVATAR_GRAVATAR_BACKUP:
return "http://www.gravatar.com/avatar/%s/?%s" % (
md5_constructor(user.email).hexdigest(),
urllib.urlencode({'s': str(size)}),)
else:
if user.get_profile().setup_complete:
return AVATAR_DEFAULT_YES_URL
else:
if size > 60:
if first_login:
return AVATAR_DEFAULT_YES_URL
else:
return AVATAR_DEFAULT_NO_LG_URL
else:
if first_login:
return AVATAR_DEFAULT_YES_URL
else:
return AVATAR_DEFAULT_NO_URL
def __init__(self, merchant_id, portal_id, key, mode='live', encoding='utf8'):
self.merchant_id = merchant_id
self.portal_id = portal_id
self.key = key
self.md5_key = md5_constructor(key).hexdigest()
self.mode = mode
self.encoding = encoding
def secure_hash(key, params):
hash_str = ''
for i in sorted(params):
if i in HASH_PARAMS:
hash_str += smart_str(params[i])
hash_str += key
return md5_constructor(hash_str).hexdigest()
def _decode_old(self, session_data):
encoded_data = base64.decodestring(session_data)
pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
if not constant_time_compare(md5_constructor(pickled + settings.SECRET_KEY).hexdigest(),
tamper_check):
raise SuspiciousOperation("User tampered with session cookie.")
return pickle.loads(pickled)
def get_cache_key(request):
user_id = ""
try:
if request.user.is_authenticated():
user_id = str(request.user.id)
except AttributeError: # e.g. if auth is not installed
pass
bits = {
"cache_prefix": str(CACHE_PREFIX),
"generation": str(cache.get(GLOBAL_GENERATION)),
"path": iri_to_uri(request.path),
"domain": unicode(request.site.domain) if hasattr(request, 'site') else "*",
"get_params": urllib.urlencode(request.GET),
"language": translation.get_language(),
"user_id": str(user_id),
}
key = ":".join([
bits["cache_prefix"],
bits["generation"],
bits["path"],
bits["domain"],
bits["get_params"],
bits["language"],
bits["user_id"]])
digest = md5_constructor(key).hexdigest()
debug("Jimmy-Page cache key: %r (%s)" % (bits, digest))
return digest
def _decode_old(self, session_data):
encoded_data = base64.decodestring(session_data)
pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
if not constant_time_compare(md5_constructor(pickled + settings.SECRET_KEY).hexdigest(),
tamper_check):
raise SuspiciousOperation("User tampered with session cookie.")
return pickle.loads(pickled)
def calc_file_path_hash(path, bits=12):
if isinstance(path, unicode):
path = path.encode('UTF-8')
path_hash = md5_constructor(urllib2.quote(path)).hexdigest()[:bits]
return path_hash
def test_hashing(self):
"""Test that keys are hashed into subdirectories correctly"""
self.cache.set("foo", "bar")
keyhash = md5_constructor("foo").hexdigest()
keypath = os.path.join(self.dirname, keyhash[:2], keyhash[2:4],
keyhash[4:])
self.assert_(os.path.exists(keypath))
def security_hash(self, request, form):
"""
Calculates the security hash for the given HttpRequest and Form instances.
Subclasses may want to take into account request-specific information,
such as the IP address.
"""
# this is copy of django.contrib.formtools.utils.security_hash, it
# ignores FileField's
data = []
for bf in form:
if isinstance(bf.field, FileField):
continue
# Get the value from the form data. If the form allows empty or hasn't
# changed then don't call clean() to avoid trigger validation errors.
if form.empty_permitted and not form.has_changed():
value = bf.data or ''
else:
value = bf.field.clean(bf.data) or ''
if isinstance(value, basestring):
value = value.strip()
data.append((bf.name, value))
data.append(settings.SECRET_KEY)
# Use HIGHEST_PROTOCOL because it's the most efficient. It requires
# Python 2.3, but Django requires 2.3 anyway, so that's OK.
pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
return md5_constructor(pickled).hexdigest()
def encode(self, session_dict):
"""
Returns the given session dictionary pickled and encoded as a string.
"""
pickled = pickle.dumps(session_dict)
pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
return base64.encodestring(pickled + pickled_md5)
def security_hash(request, form, *args):
"""
Calculates a security hash for the given Form instance.
This creates a list of the form field names/values in a deterministic
order, pickles the result with the SECRET_KEY setting, then takes an md5
hash of that.
"""
data = []
for bf in form:
# Get the value from the form data. If the form allows empty or hasn't
# changed then don't call clean() to avoid trigger validation errors.
if form.empty_permitted and not form.has_changed():
value = bf.data or ''
else:
value = bf.field.clean(bf.data) or ''
if isinstance(value, basestring):
value = value.strip()
data.append((bf.name, value))
data.extend(args)
data.append(settings.SECRET_KEY)
# Use HIGHEST_PROTOCOL because it's the most efficient. It requires
# Python 2.3, but Django requires 2.4 anyway, so that's OK.
pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
return md5_constructor(pickled).hexdigest()
def check_request(self,request):
"""Check that the given request is valid for this session.
It's valid if its fingerprint hash matches the current hash, or
if the duplicate nonce window is enabled and it matches a sufficiently
recent hash.
"""
if request.is_secure():
if self.secure_key is None:
seed = (randrange(0,MAX_NONCE_SEED),settings.SECRET_KEY)
self.secure_key = md5_constructor("%s%s" % seed).hexdigest()
request.session.modified = True
else:
cookie_name = settings.PSESSION_SECURE_COOKIE_NAME
key = request.COOKIES.get(cookie_name,"")
if key != self.secure_key:
return False
hash = self.request_hash(request)
if hash != self.hash:
return False
if settings.PSESSION_NONCE_TIMEOUT is not None:
nonce = request.COOKIES.get(settings.PSESSION_COOKIE_NAME,"")
if nonce not in self.get_valid_nonces():
return False
self.last_request_time = time.time()
return True
def render(self, context):
try:
expire_time = self.expire_time_var.resolve(context)
except VariableDoesNotExist:
raise TemplateSyntaxError(
'"cache" tag got an unknown variable: %r' %
self.expire_time_var.var)
try:
expire_time = int(expire_time)
except (ValueError, TypeError):
raise TemplateSyntaxError(
'"cache" tag got a non-integer timeout value: %r' %
expire_time)
# Build a unicode key for this fragment and all vary-on's.
args = md5_constructor(u':'.join([
urlquote(resolve_variable(var, context)) for var in self.vary_on
]))
cache_key = 'template.cache.%s.%s' % (self.fragment_name,
args.hexdigest())
value = cache.get(cache_key)
if value is None:
value = self.nodelist.render(context)
req = context.get('request', None)
if req:
value, dimensions_found = add_dimensions(
value, req.build_absolute_uri())
else:
dimensions_found = False
if dimensions_found:
cache.set(cache_key, value, expire_time)
return value
def encode(self, session_dict):
"""
Returns the given session dictionary pickled and encoded as a string.
"""
pickled = pickle.dumps(session_dict)
pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
return base64.encodestring(pickled + pickled_md5)
def get_gravatar(email, size = None, rating = None, default = None):
'''
Method returns URL string for gravatar image.
Not only for template tag, also can be used as simple function
'''
gravatar_id = md5_constructor(email.lower()).hexdigest()
gravatar_url = GRAVATAR_URL_PREFIX + gravatar_id + GRAVATAR_IMAGE_EXT
if default:
default = _get_default_image_url(default)
# Build a list of tuples with Gravatar parameters that we want to use.
#
# This makes sure that no empty parameter will get appended to our final
# URL, which makes it a little bit shorter and cleaner.
parameters = [p for p in (
('d', default or GRAVATAR_DEFAULT_IMAGE),
('s', size or GRAVATAR_SIZE),
('r', rating or GRAVATAR_RATING),
) if p[1]]
if parameters:
gravatar_url += '?' + urlencode(parameters, doseq = True)
return gravatar_url
def invalidate_template_cache(fragment_name, *variables):
"""Invalidates the cache associated with a template.
Credit: `djangosnippets.org/snippets/1593/ <http://djangosnippets.org/snippets/1593/>`_"""
args = md5_constructor(u':'.join([urlquote(var) for var in variables]))
cache_key = 'template.cache.%s.%s' % (fragment_name, args.hexdigest())
delete(cache_key)
def test_register(self):
response = self.client.get('/')
self.failUnlessEqual(response.status_code, 200)
response = self.client.post('/_register/', {'email': '*****@*****.**', 'password': '******'}, follow=True)
self.assertEquals(response.status_code, 200)
self.assertEquals(response.redirect_chain, [('http://testserver/', 302)])
self.assertEquals(True, redis_ob.exists("user:email:%s" %md5_constructor('*****@*****.**').hexdigest()))
def get_gravatar_url(user, size=80):
params = {'s': str(size)}
if AVATAR_GRAVATAR_DEFAULT:
params['d'] = AVATAR_GRAVATAR_DEFAULT
return "http://www.gravatar.com/avatar/%s/?%s" % (
md5_constructor(user.email).hexdigest(),
urllib.urlencode(params))
def _decode_post_data(encoded_data):
encoded_data = base64.decodestring(encoded_data)
pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
from django.core.exceptions import SuspiciousOperation
raise SuspiciousOperation, "User may have tampered with session cookie."
return pickle.loads(pickled)
def process_exception(self, request, exception):
if not DBLOG_CATCH_404_ERRORS and isinstance(exception, Http404):
return
server_name = socket.gethostname()
tb_text = traceback.format_exc()
class_name = exception.__class__.__name__
checksum = md5_constructor(tb_text).hexdigest()
defaults = dict(
class_name = class_name,
message = getattr(exception, 'message', ''),
url = request.build_absolute_uri(),
server_name = server_name,
traceback = tb_text,
)
try:
Error.objects.create(**defaults)
batch, created = ErrorBatch.objects.get_or_create(
class_name = class_name,
server_name = server_name,
checksum = checksum,
defaults = defaults
)
if not created:
batch.times_seen += 1
batch.resolved = False
batch.last_seen = datetime.datetime.now()
batch.save()
except Exception, exc:
warnings.warn(unicode(exc))
def get_checksum(self):
checksum = md5_constructor(str(self.level))
checksum.update(self.source)
checksum.update(self.host or '')
checksum.update(self.get_headline())
checksum = checksum.hexdigest()
return checksum
def check_request(self,request):
"""Check that the given request is valid for this session.
It's valid if its fingerprint hash matches the current hash, or
if the duplicate nonce window is enabled and it matches a sufficiently
recent hash.
"""
if request.is_secure():
if self.secure_key is None:
seed = (randrange(0,MAX_NONCE_SEED),settings.SECRET_KEY)
self.secure_key = md5_constructor("%s%s" % seed).hexdigest()
request.session.modified = True
else:
cookie_name = settings.PSESSION_SECURE_COOKIE_NAME
key = request.COOKIES.get(cookie_name,"")
if key != self.secure_key:
return False
user_req_hash = request.session.get(settings.PSESSION_HEADER_HASH_SESSION_NAME, None)
browser_req_hash = self.browser_request_hash(request)
if user_req_hash is not None:
if browser_req_hash != user_req_hash:
return False
else:
request.session[settings.PSESSION_HEADER_HASH_SESSION_NAME] = browser_req_hash
if settings.PSESSION_NONCE_TIMEOUT is not None:
nonce = request.COOKIES.get(settings.PSESSION_COOKIE_NAME,"")
if nonce not in self.get_valid_nonces():
return False
self.last_request_time = time.time()
return True
def get_client(client=None):
global _client
tmp_client = client is not None
if not tmp_client:
client = getattr(django_settings, 'SENTRY_CLIENT', 'raven.contrib.django.DjangoClient')
if _client[0] != client:
module, class_name = client.rsplit('.', 1)
instance = getattr(__import__(module, {}, {}, class_name), class_name)(
servers=getattr(django_settings, 'SENTRY_SERVERS', None),
include_paths=set(getattr(django_settings, 'SENTRY_INCLUDE_PATHS', [])) | get_installed_apps(),
exclude_paths=getattr(django_settings, 'SENTRY_EXCLUDE_PATHS', None),
timeout=getattr(django_settings, 'SENTRY_TIMEOUT', None),
name=getattr(django_settings, 'SENTRY_NAME', None),
auto_log_stacks=getattr(django_settings, 'SENTRY_AUTO_LOG_STACKS', None),
key=getattr(django_settings, 'SENTRY_KEY', md5_constructor(django_settings.SECRET_KEY).hexdigest()),
string_max_length=getattr(django_settings, 'SENTRY_MAX_LENGTH_STRING', None),
list_max_length=getattr(django_settings, 'SENTRY_MAX_LENGTH_LIST', None),
site=getattr(django_settings, 'SENTRY_SITE', None),
public_key=getattr(django_settings, 'SENTRY_PUBLIC_KEY', None),
secret_key=getattr(django_settings, 'SENTRY_SECRET_KEY', None),
project=getattr(django_settings, 'SENTRY_PROJECT', None),
processors=getattr(django_settings, 'SENTRY_PROCESSORS', None),
dsn=getattr(django_settings, 'SENTRY_DSN', None),
)
if not tmp_client:
_client = (client, instance)
return instance
return _client[1]
def hashed_name(self, name, content=None):
parsed_name = urlsplit(unquote(name))
clean_name = parsed_name.path
if content is None:
if not self.exists(clean_name):
raise ValueError("The file '%s' could not be found with %r." %
(clean_name, self))
try:
content = self.open(clean_name)
except IOError:
# Handle directory paths and fragments
return name
path, filename = os.path.split(clean_name)
root, ext = os.path.splitext(filename)
# Get the MD5 hash of the file
md5 = md5_constructor()
for chunk in content.chunks():
md5.update(chunk)
md5sum = md5.hexdigest()[:12]
hashed_name = os.path.join(path, u"%s.%s%s" % (root, md5sum, ext))
unparsed_name = list(parsed_name)
unparsed_name[2] = hashed_name
# Special casing for a @font-face hack, like url(myfont.eot?#iefix")
# http://www.fontspring.com/blog/the-new-bulletproof-font-face-syntax
if '?#' in name and not unparsed_name[3]:
unparsed_name[2] += '?'
return urlunsplit(unparsed_name)
def _create(self, **defaults):
from models import Error, ErrorBatch
server_name = socket.gethostname()
class_name = defaults.pop('class_name', None)
checksum = md5_constructor(str(defaults.get('level', logging.FATAL)))
checksum.update(class_name or '')
checksum.update(defaults.get('traceback') or defaults['message'])
checksum = checksum.hexdigest()
data = defaults.pop('data', {})
try:
instance = Error.objects.create(
class_name=class_name,
server_name=server_name,
data=data,
**defaults
)
batch, created = ErrorBatch.objects.get_or_create(
class_name = class_name,
server_name = server_name,
checksum = checksum,
defaults = defaults
)
if not created:
batch.times_seen += 1
batch.status = 0
batch.last_seen = datetime.datetime.now()
batch.save()
except Exception, exc:
warnings.warn(smart_unicode(exc))
def process_exception(self, request, exception):
if not DBLOG_CATCH_404_ERRORS and isinstance(exception, Http404):
return None
server_name = socket.gethostname()
tb_text = traceback.format_exc()
class_name = exception.__class__.__name__
checksum = md5_constructor(tb_text).hexdigest()
redirected = False
if self.covered_by_redirect(request):
redirected = True
defaults = dict(
method = request.method,
path = request.path,
class_name = class_name,
message = getattr(exception, 'message', ''),
url = request.build_absolute_uri(),
referrer = request.META.get("HTTP_REFERER", None),
server_name = server_name,
traceback = tb_text,
redirected = redirected,
post = json.dumps(request.POST, indent=4),
get = json.dumps(request.GET, indent=4),
cookies = json.dumps(request.COOKIES, indent=4),
)
try:
Error.objects.create(**defaults)
except Exception, exc:
warnings.warn(unicode(exc))
def verify_thumb(self, thumb, width, height, image):
cache = os.path.join(
self.MEDIA_MIDDLE,
'cb-thumbnail-test_jpg_%s' % image
)
if isinstance(image, basestring):
image = os.path.join(
self.MEDIA_MIDDLE,
'cb-thumbnail-test_jpg_%s' % image
)
thumb = force_unicode(thumb)
self.assertEqual(
os.path.normcase(thumb),
os.path.normcase(image)
)
self.assert_(default_storage.exists(image),
'Does not exist: %s' % image)
self.images_to_delete.add(image)
file = default_storage.open(image, 'rb')
imageobj = Image.open(ContentFile(file.read()))
file.close()
cache = os.path.join(
settings.CUDDLYBUDDLY_THUMBNAIL_CACHE,
md5_constructor(smart_str(cache)).hexdigest()
)
self.assert_(os.path.exists(cache), 'Does not exist: %s' % cache)
self.cache_to_delete.add(cache)
else:
imageobj = Image.open(image)
self.assertEqual(imageobj.size, (width, height))
def security_hash_new(form, exclude=None, *args):
"""Calculates a security hash for the given Form/FormSet instance.
This creates a list of the form field names/values in a deterministic
order, pickles the result with the SECRET_KEY setting, then takes an md5
hash of that.
"""
data = []
if exclude is None:
exclude = ()
if isinstance(form, BaseFormSet):
for _form in form.forms + [form.management_form]:
for bf in _form:
value = bf.field.clean(bf.data) or ''
if isinstance(value, basestring):
value = value.strip()
data.append((bf.name, value))
else:
for bf in form:
if bf.name in exclude:
continue
value = bf.field.clean(bf.data) or ''
if isinstance(value, basestring):
value = value.strip()
data.append((bf.name, value))
data.extend(args)
data.append(settings.SECRET_KEY)
# Use HIGHEST_PROTOCOL because it's the most efficient. It requires
# Python 2.3, but Django requires 2.3 anyway, so that's OK.
pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
return md5_constructor(pickled).hexdigest()
def process_response(self, request, response):
"Check for a flat page (for 404s) and calculate the Etag, if needed."
if response.status_code == 404:
if settings.SEND_BROKEN_LINK_EMAILS:
# If the referrer was from an internal link or a non-search-engine site,
# send a note to the managers.
domain = request.get_host()
referer = request.META.get('HTTP_REFERER', None)
is_internal = _is_internal_request(domain, referer)
path = request.get_full_path()
if referer and not _is_ignorable_404(path) and (is_internal or '?' not in referer):
ua = request.META.get('HTTP_USER_AGENT', '<none>')
ip = request.META.get('REMOTE_ADDR', '<none>')
mail_managers("Broken %slink on %s" % ((is_internal and 'INTERNAL ' or ''), domain),
"Referrer: %s\nRequested URL: %s\nUser agent: %s\nIP address: %s\n" \
% (referer, request.get_full_path(), ua, ip))
return response
# Use ETags, if requested.
if settings.USE_ETAGS:
if response.has_header('ETag'):
etag = response['ETag']
else:
etag = '"%s"' % md5_constructor(response.content).hexdigest()
if response.status_code >= 200 and response.status_code < 300 and request.META.get('HTTP_IF_NONE_MATCH') == etag:
cookies = response.cookies
response = http.HttpResponseNotModified()
response.cookies = cookies
else:
response['ETag'] = etag
return response
def save_entry(self, feed, entry):
"""Save a new entry to the database."""
try:
json_entry = jsonpickle.encode(entry)
entry_guid = ''
if ('guid' in entry and
len(entry.guid) <= Entry._meta.get_field_by_name('guid')[0].max_length):
entry_guid = entry.guid
else:
entry_guid = hashcompat.md5_constructor(encoding.smart_str(
json_entry)).hexdigest()
if 'updated_parsed' in entry:
yr, mon, d, hr, min, sec = entry.updated_parsed[:-3]
last_publication = datetime.datetime(yr, mon, d, hr, min, sec)
else:
log.warn("Entry has no updated field, faking it")
last_publication = datetime.datetime.now()
new_entry = Entry(feed=feed, guid=entry_guid, raw=json_entry,
visible=True, last_published=last_publication)
try:
new_entry.save()
return True
except IntegrityError, e:
#log.debug('Skipping duplicate entry %s, caught error: %s', entry_guid, e)
pass
except KeyboardInterrupt:
raise
except Exception, e:
log.error('General Error on %s: %s', feed.url, e)
log.exception(e)
def get_client(client=None):
global _client
tmp_client = client is not None
if not tmp_client:
client = getattr(django_settings, 'SENTRY_CLIENT', 'raven.contrib.django.DjangoClient')
if _client[0] != client:
ga = lambda x, d=None: getattr(django_settings, 'SENTRY_%s' % x, d)
module, class_name = client.rsplit('.', 1)
options = getattr(django_settings, 'RAVEN_CONFIG', {})
options.setdefault('servers', ga('SERVERS'))
options.setdefault('include_paths', ga('INCLUDE_PATHS', []))
options['include_paths'] = set(options['include_paths']) | get_installed_apps()
options.setdefault('exclude_paths', ga('EXCLUDE_PATHS'))
options.setdefault('timeout', ga('TIMEOUT'))
options.setdefault('name', ga('NAME'))
options.setdefault('auto_log_stacks', ga('AUTO_LOG_STACKS'))
options.setdefault('key', ga('KEY', md5_constructor(django_settings.SECRET_KEY).hexdigest()))
options.setdefault('string_max_length', ga('MAX_LENGTH_STRING'))
options.setdefault('list_max_length', ga('MAX_LENGTH_LIST'))
options.setdefault('site', ga('SITE'))
options.setdefault('public_key', ga('PUBLIC_KEY'))
options.setdefault('secret_key', ga('SECRET_KEY'))
options.setdefault('project', ga('PROJECT'))
options.setdefault('processors', ga('PROCESSORS'))
options.setdefault('dsn', ga('DSN'))
instance = getattr(__import__(module, {}, {}, class_name), class_name)(**options)
if not tmp_client:
_client = (client, instance)
return instance
return _client[1]
def save_entry(self, feed, entry):
"""Save a new entry to the database."""
try:
json_entry = jsonpickle.encode(entry)
entry_guid = ''
if ('guid' in entry and
(len(entry.guid) <=
Entry._meta.get_field_by_name('guid')[0].max_length)):
entry_guid = entry.guid
else:
entry_guid = hashcompat.md5_constructor(encoding.smart_str(
json_entry)).hexdigest()
if 'updated_parsed' in entry:
yr, mon, d, hr, min, sec = entry.updated_parsed[:-3]
last_publication = datetime.datetime(yr, mon, d, hr, min, sec)
else:
log.warn("Entry has no updated field, faking it")
last_publication = datetime.datetime.now()
new_entry = Entry(feed=feed, guid=entry_guid, raw=json_entry,
visible=True, last_published=last_publication)
try:
new_entry.save()
return True
except IntegrityError, e:
pass
except KeyboardInterrupt:
raise
except Exception, e:
log.error('General Error on %s: %s', feed.url, e)
log.exception(e)
def avatar_file_path(self, instance, tmppath):
if AVATAR_HASH_USERDIRNAMES:
tmp = md5_constructor(instance.content_object.username).hexdigest()
tmppath.extend([tmp[0], tmp[1], instance.content_object.username])
else:
tmppath.append(instance.content_object.username)
return tmppath
def _decode_post_data(encoded_data):
encoded_data = base64.decodestring(encoded_data)
pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
from django.core.exceptions import SuspiciousOperation
raise SuspiciousOperation, "User may have tampered with session cookie."
return pickle.loads(pickled)
def render(self, context):
# Try to resolve the variables. If they are not resolve-able, then use
# the provided name itself.
try:
email = self.email.resolve(context)
except template.VariableDoesNotExist:
email = self.email.var
try:
rating = self.rating.resolve(context)
except template.VariableDoesNotExist:
rating = self.rating.var
try:
size = self.size.resolve(context)
except template.VariableDoesNotExist:
size = self.size.var
except AttributeError:
size = self.size
try:
default = self.default.resolve(context)
except template.VariableDoesNotExist:
default = self.default.var
gravatargs = {
'hash': md5_constructor(email).hexdigest(),
'rating': rating,
'size': size,
'default': urllib.quote_plus(default),
}
url = GRAVATAR_URL % gravatargs
if 'as' in self.other_kwargs:
context[self.other_kwargs['as']] = mark_safe(url)
return ''
return url
def process_exception(self, request, exception):
if not DBLOG_CATCH_404_ERRORS and isinstance(exception, Http404):
return
server_name = socket.gethostname()
tb_text = traceback.format_exc()
class_name = exception.__class__.__name__
checksum = md5_constructor(tb_text).hexdigest()
defaults = dict(
class_name=class_name,
message=getattr(exception, 'message', ''),
url=request.build_absolute_uri(),
server_name=server_name,
traceback=tb_text,
)
try:
Error.objects.create(**defaults)
batch, created = ErrorBatch.objects.get_or_create(
class_name=class_name,
server_name=server_name,
checksum=checksum,
defaults=defaults)
if not created:
batch.times_seen += 1
batch.resolved = False
batch.save()
except Exception, exc:
warnings.warn(unicode(exc))
def get_hexdigest(algorithm, salt, raw_password):
raw_password, salt = smart_str(raw_password), smart_str(salt)
if algorithm == 'md5':
return md5_constructor(salt + raw_password).hexdigest()
elif algorithm == 'sha1':
return sha_constructor(salt + raw_password).hexdigest()
raise ValueError('Got unknown password algorithm type in password')
def security_hash(request, form, *args):
"""
Calculates a security hash for the given Form instance.
This creates a list of the form field names/values in a deterministic
order, pickles the result with the SECRET_KEY setting, then takes an md5
hash of that.
"""
import warnings
warnings.warn("security_hash is deprecated; use form_hmac instead",
PendingDeprecationWarning)
data = []
for bf in form:
# Get the value from the form data. If the form allows empty or hasn't
# changed then don't call clean() to avoid trigger validation errors.
if form.empty_permitted and not form.has_changed():
value = bf.data or ''
else:
value = bf.field.clean(bf.data) or ''
if isinstance(value, basestring):
value = value.strip()
data.append((bf.name, value))
data.extend(args)
data.append(settings.SECRET_KEY)
# Use HIGHEST_PROTOCOL because it's the most efficient. It requires
# Python 2.3, but Django requires 2.4 anyway, so that's OK.
pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
return md5_constructor(pickled).hexdigest()
def avatar_url(user, size=80):
if not isinstance(user, User):
try:
user = User.objects.get(username=user)
except User.DoesNotExist:
return AVATAR_DEFAULT_URL
avatars = user.avatar_set.order_by('-date_uploaded')
primary = avatars.filter(primary=True)
if primary.count() > 0:
avatar = primary[0]
elif avatars.count() > 0:
avatar = avatars[0]
else:
avatar = None
if avatar is not None:
if not avatar.thumbnail_exists(size):
avatar.create_thumbnail(size)
return avatar.avatar_url(size)
else:
if AVATAR_GRAVATAR_BACKUP:
return "http://www.gravatar.com/avatar/%s/?%s" % (
md5_constructor(user.email).hexdigest(),
urllib.urlencode({'s': str(size)}),
)
else:
return AVATAR_DEFAULT_URL
def color_bg(request, color, opacity=100):
"""
Generates a 10x10 square image in the color requested.
Useful for generating background colors based on user-provided
color settings.
"""
import Image, ImageDraw, ImageColor
alpha = int((int(opacity) / 100.0) * 255)
if len(color) != 3 and len(color) != 6:
raise Http404
color = "#%s" % color
color = ImageColor.getrgb(color) + (alpha,)
size = (10, 10)
etag = md5_constructor("%s%s" % (color, size)).hexdigest()
if request.META.get("HTTP_IF_NONE_MATCH") == etag:
return HttpResponseNotModified()
img = Image.new("RGBA", size=size, color=color)
response = HttpResponse(mimetype="image/png")
img.save(response, "PNG")
response["Etag"] = etag
return response
def get_hexdigest(algorithm, salt, raw_password):
raw_password, salt = smart_str(raw_password), smart_str(salt)
if algorithm == 'md5':
return md5_constructor(salt + raw_password).hexdigest()
elif algorithm == 'sha1':
return sha_constructor(salt + raw_password).hexdigest()
raise ValueError('Got unknown password algorithm type in password')
def security_hash(self, request, form):
"""
Calculates the security hash for the given HttpRequest and Form instances.
Subclasses may want to take into account request-specific information,
such as the IP address.
"""
data = []
form_list = [form]
if isinstance(form, forms.formsets.BaseFormSet):
form_list = form.forms + [form.management_form]
for _form in form_list:
for bf in _form:
value = bf.data
if not value:
# for not commited False values of checkboxes
if isinstance(bf.field, forms.BooleanField):
value = u'False'
else:
value = ''
data.append((bf.name, force_unicode(value)))
data.append(settings.SECRET_KEY)
hash = md5_constructor(u'%s' % data).hexdigest()
return hash