def apisolr(): acsrf = request.query['antiCSRF'] ses_id = request.query['session_id'] if (not auth.is_valid_acsrf(ses_id)): dict = {0: {"status": "BadAuthentication"}} return dict; auth.update_acsrf(ses_id) portfolio = request.query['portfolio'] print "portfolio = "+portfolio r = requests.get(URL_TO_MORRIS_PORTFOLIOS_API+"/decoration/"+portfolio) content = r.text d = ast.literal_eval(r.text) p3ids = d['data'] payload = { 'username' : PricesPaidAPIUsername,\ 'password' : PricesPaidAPIPassword,\ 'p3ids' : pickle.dumps(p3ids) } r = requests.post(URLToPPSearchApiSolr+"/fromIds", data=payload, \ auth=(PricesPaidAPIBasicAuthUsername, PricesPaidAPIBasicAuthPassword), verify=False) LogActivity.logDebugInfo("Got Past Post to :"+URLToPPSearchApiSolr) content = r.text d = ast.literal_eval(content) html = "" for key, vdict in d.iteritems(): # Turn this into a function! html = html + produceHTML(vdict) # Actually, here we need to loop over a template, but I will try this first! return html
def apisolr(): acsrf = request.forms.get('antiCSRF') ses_id = request.forms.get('session_id') if (not auth.is_valid_acsrf(ses_id)): dict = {0: {"status": "BadAuthentication"}} return dict; auth.update_acsrf(ses_id) portfolio = request.forms.get('portfolio') print "portfolio = "+portfolio r = requests.get(URL_TO_MORRIS_PORTFOLIOS_API+"/decoration/"+portfolio) content = r.text d = ast.literal_eval(r.text) p3ids = d['data'] payload = { 'username' : PricesPaidAPIUsername,\ 'password' : PricesPaidAPIPassword,\ 'p3ids' : pickle.dumps(p3ids) } r = requests.post(URLToPPSearchApiSolr+"/fromIds", data=payload, \ auth=(PricesPaidAPIBasicAuthUsername, PricesPaidAPIBasicAuthPassword), verify=False) LogActivity.logDebugInfo("Got Past Post to :"+URLToPPSearchApiSolr) content = r.text # This is inefficient, but I can't seem to get Bottle to # let me procure a correct JSON response with out using a dictionary. # I tried using BaseResponse. This could be my weakness # with Python or confusion in Bottle. d = ast.literal_eval(content) return d
def logoutViaGet(): LogActivity.logPageTurn("nosession","Logout") acsrf = request.forms.get('antiCSRF') ses_id = request.forms.get('session_id') auth.del_session(ses_id) return template('Logout',goog_anal_script=GoogleAnalyticsInclusionScript)
def is_valid_acsrf(session_id): if (session_id in GLOBAL_SESSION_DICT): timestamp = GLOBAL_SESSION_DICT[session_id][1] timenow = datetime.datetime.now() timedelta = timenow - timestamp if (timedelta < datetime.timedelta(seconds=TokenTimeout)): return True else: LogActivity.logTimeout(session_id) return False else: LogActivity.logMissingSession(session_id) return False
def is_valid_acsrf(session_id): if (session_id in GLOBAL_SESSION_DICT): timestamp = GLOBAL_SESSION_DICT[session_id][1] timenow = datetime.datetime.now() timedelta = timenow - timestamp if (timedelta < datetime.timedelta(seconds=TokenTimeout)): return True else: LogActivity.logTimeout(session_id) return False else: LogActivity.logMissingSession(session_id) return False;
def render_portfolio(): acsrf = request.forms.get('antiCSRF') ses_id = request.forms.get('session_id') if (not auth.is_valid_acsrf(ses_id)): return template('Login',message='Improper Credentials or Timeout.',goog_anal_script=GoogleAnalyticsInclusionScript) auth.update_acsrf(ses_id) LogActivity.logPageTurn(ses_id,"Portfolio") portfolio = request.forms.get('portfolio') return template('Portfolio',acsrf=auth.get_acsrf(ses_id),\ session_id=ses_id,\ portfolio=portfolio,\ feedback_url=LocalURLToRecordFeedback,\ goog_anal_script=GoogleAnalyticsInclusionScript)
def pptriv(): acsrf = request.forms.get('antiCSRF') ses_id = request.forms.get('session_id') if (not auth.is_valid_acsrf(ses_id)): return template('Login',message='Improper Credentials or Timeout.',goog_anal_script=GoogleAnalyticsInclusionScript) auth.update_acsrf(ses_id) search_string = request.forms.get('search_string') search_string = search_string if search_string is not None else "Dell Latitude" commodity_id = request.forms.get('commodity_id') print 'COMMODITY_ID = '+commodity_id LogActivity.logPageTurn(ses_id,"MainPage") return template('MainPage',search_string=search_string,\ acsrf=auth.get_acsrf(ses_id),\ session_id=ses_id,\ feedback_url=LocalURLToRecordFeedback,\ commodity_id=commodity_id,goog_anal_script=GoogleAnalyticsInclusionScript)
def render_main_page(acsf,ses_id): if (not auth.is_valid_acsrf(ses_id)): return template('Login',message='Improper Credentials or Timeout.', footer_html=FOOTER_HTML, goog_anal_script=GoogleAnalyticsInclusionScript) auth.update_acsrf(ses_id) search_string = request.forms.get('search_string') search_string = search_string if search_string is not None else "" commodity_id = request.forms.get('commodity_id') LogActivity.logPageTurn(ses_id,"MainPage") return template('MainPage',search_string=search_string,\ acsrf=auth.get_acsrf(ses_id),\ session_id=ses_id,\ feedback_url=LocalURLToRecordFeedback,\ footer_html=FOOTER_HTML,\ column_dropdown=COLUMN_DROPDOWN_HTML,\ commodity_id=commodity_id,goog_anal_script=GoogleAnalyticsInclusionScript)
def does_authenticate(username, password): hashes = loadHashes() if username in GLOBAL_BAD_LOGIN: timenow = datetime.datetime.now() timestamp = GLOBAL_BAD_LOGIN[username][1] timedelta = timenow - timestamp if (timedelta >= datetime.timedelta(seconds=LIMIT_TIME_TO_RETRY)): # An hour has gone by, so we givem them a pass.... GLOBAL_BAD_LOGIN.pop(username, None) if username in GLOBAL_BAD_LOGIN: count = GLOBAL_BAD_LOGIN[username][0] if (count >= LIMIT_NUMBER_BAD_LOGINS): # Probably should have a separate log message for this.. LogActivity.logTooManyLoginAttempts(username) return False if username not in hashes: LogActivity.logBadCredentials(username) record_bad_login(username) return False if hashes[username] == hashlib.sha256(password + P3APISALT).hexdigest(): return True else: LogActivity.logBadCredentials(username) record_bad_login(username) return False
def does_authenticate(username,password): hashes = loadHashes() if username in GLOBAL_BAD_LOGIN: timenow = datetime.datetime.now() timestamp = GLOBAL_BAD_LOGIN[username][1] timedelta = timenow - timestamp if (timedelta >= datetime.timedelta(seconds=LIMIT_TIME_TO_RETRY)): # An hour has gone by, so we givem them a pass.... GLOBAL_BAD_LOGIN.pop(username, None) if username in GLOBAL_BAD_LOGIN: count = GLOBAL_BAD_LOGIN[username][0] if (count >= LIMIT_NUMBER_BAD_LOGINS): # Probably should have a separate log message for this.. LogActivity.logTooManyLoginAttempts(username) return False; if username not in hashes: LogActivity.logBadCredentials(username) record_bad_login(username) return False; if hashes[username] == hashlib.sha256(password+P3APISALT).hexdigest(): return True; else: LogActivity.logBadCredentials(username) record_bad_login(username) return False;
def feedback(): acsrf = request.forms.get('antiCSRF') ses_id = request.forms.get('session_id') LogActivity.logDebugInfo("acsrf ses_d :"+acsrf+ses_id) if (not auth.is_valid_acsrf(ses_id)): dict = {0: {"status": "BadAuthentication"}} return dict; LogActivity.logDebugInfo("authenticated !") LogActivity.logFeedback(ses_id) message = request.forms.get('message') name = request.forms.get('name') radio_list_value = request.forms.get('radio_list_value') LogFeedback.logFeedback(name,message,radio_list_value); return "true";
def is_valid_acsrf(session_id,acsrf): if (session_id in GLOBAL_SESSION_DICT): timestamp = GLOBAL_SESSION_DICT[session_id][1] timenow = datetime.datetime.now() timedelta = timenow - timestamp if (timedelta < datetime.timedelta(seconds=TokenTimeout)): if (acsrf != GLOBAL_SESSION_DICT[session_id][0]): LogActivity.logDebugInfo("ACSRF Mismatch provided vs. stored :"+acsrf+","+GLOBAL_SESSION_DICT[session_id][0]) return False else: return True else: LogActivity.logTimeout(session_id) return False else: LogActivity.logMissingSession(session_id) return False;
def pptriv(): username = request.forms.get('username') password = request.forms.get('password') # just a little throttle to slow down any denial of service attack.. time.sleep(1.0); if (not auth.does_authenticate(username,password)): LogActivity.logBadCredentials(username) return template('Login',message='Improper Credentials.',goog_anal_script=GoogleAnalyticsInclusionScript) search_string = request.forms.get('search_string') search_string = search_string if search_string is not None else "Dell Latitude" psc_pattern = request.forms.get('psc_pattern') ses_id = auth.create_session_id() LogActivity.logSessionBegin(username,ses_id) LogActivity.logPageTurn(ses_id,"StartPage") return template('StartPage',search_string=search_string,\ acsrf=auth.get_acsrf(ses_id),\ username=username, \ session_id=ses_id,\ psc_pattern=psc_pattern,goog_anal_script=GoogleAnalyticsInclusionScript)
def apisolr(): acsrf = request.forms.get('antiCSRF') ses_id = request.forms.get('session_id') if (not auth.is_valid_acsrf(ses_id)): dict = {0: {"status": "BadAuthentication"}} return dict; auth.update_acsrf(ses_id) search_string = request.forms.get('search_string') psc_pattern = request.forms.get('psc_pattern') max_results = request.forms.get('numRows') LogActivity.logSearchBegun(ses_id,psc_pattern,search_string) payload = { 'username' : PricesPaidAPIUsername,\ 'password' : PricesPaidAPIPassword,\ 'search_string': search_string,\ 'psc_pattern': psc_pattern,\ 'numRows': max_results } r = requests.post(URLToPPSearchApiSolr, data=payload, \ auth=(PricesPaidAPIBasicAuthUsername, PricesPaidAPIBasicAuthPassword), verify=False) LogActivity.logDebugInfo("Got Past Post to :"+URLToPPSearchApiSolr) content = r.text # This is inefficient, but I can't seem to get Bottle to # let me procure a correct JSON response with out using a dictionary. # I tried using BaseResponse. This could be my weakness # with Python or confusion in Bottle. d = ast.literal_eval(content) LogActivity.logSearchDone(ses_id,psc_pattern,search_string) return d
def apisolr(): acsrf = request.forms.get('antiCSRF') ses_id = request.forms.get('session_id') if (not auth.is_valid_acsrf(ses_id)): dict = {0: {"status": "BadAuthentication"}} return dict; auth.update_acsrf(ses_id) search_string = request.forms.get('search_string') psc_pattern = request.forms.get('psc_pattern') LogActivity.logSearchBegun(ses_id,psc_pattern,search_string) payload = { 'username' : PricesPaidAPIUsername,\ 'password' : PricesPaidAPIPassword,\ 'search_string': search_string,\ 'psc_pattern': psc_pattern} r = requests.post(URLToPPSearchApiSolr, data=payload, \ auth=(PricesPaidAPIBasicAuthUsername, PricesPaidAPIBasicAuthPassword), verify=False) LogActivity.logDebugInfo("Got Past Post to :"+URLToPPSearchApiSolr) content = r.text # This is inefficient, but I can't seem to get Bottle to # let me procure a correct JSON response with out using a dictionary. # I tried using BaseResponse. This could be my weakness # with Python or confusion in Bottle. d = ast.literal_eval(content) LogActivity.logSearchDone(ses_id,psc_pattern,search_string) return d
def login(): LogActivity.logPageTurn("nosession","LoginPage") return template('Login',message='',goog_anal_script=GoogleAnalyticsInclusionScript)
def del_session(session_id): obj = (GLOBAL_SESSION_DICT.pop(session_id, None)) if session_id in GLOBAL_SESSION_DICT: LogActivity.logMissingSession(str(session_id) + "failed to remove") else: LogActivity.logMissingSession(str(session_id) + "removed")
def del_session(session_id): obj = (GLOBAL_SESSION_DICT.pop(session_id, None)) if session_id in GLOBAL_SESSION_DICT: LogActivity.logMissingSession(str(session_id)+"failed to remove") else: LogActivity.logMissingSession(str(session_id)+"removed")
def login(): LogActivity.logPageTurn("nosession","LoginPage") return template('Login',message='', footer_html=FOOTER_HTML, extra_login_methods=EXTRA_LOGIN_METHODS, goog_anal_script=GoogleAnalyticsInclusionScript)
def legalNotice(): LogActivity.logPageTurn("nosession","LegalNotice") return template('LegalNotice',goog_anal_script=GoogleAnalyticsInclusionScript)
def searchHelp(): LogActivity.logPageTurn("nosession","SearchHelp") return template('SearchHelp',goog_anal_script=GoogleAnalyticsInclusionScript)
def get_portfolios(): LogActivity.logDebugInfo("Begin Create Portfolios") r = requests.get(URL_TO_MORRIS_PORTFOLIOS_API+"/decoration") d = ast.literal_eval(r.text) return d
def update_new_acsrf(session_id,acsrf): timestamp = datetime.datetime.now(); GLOBAL_SESSION_DICT[session_id] = [acsrf,timestamp] LogActivity.logDebugInfo("SETTING ACSRF session, acsrf "+session_id+"."+GLOBAL_SESSION_DICT[session_id][0]) return session_id;