def get_action_token(self, request, obj): plugin_id = force_text(obj.pk) # salt is different for every user signer = signing.Signer(salt=request.session.session_key) return signer.sign(plugin_id)
def test_works_with_non_ascii_keys(self): binary_key = b'\xe7' # Set some binary (non-ASCII key) s = signing.Signer(binary_key) self.assertEqual('foo:6NB0fssLW5RQvZ3Y-MTerq2rX7w', s.sign('foo'))
def test_valid_sep(self): separators = ['/', '*sep*', ','] for sep in separators: signer = signing.Signer('predictable-secret', sep=sep) self.assertEqual('foo%ssH9B01cZcJ9FoT_jEVkRkNULrl8' % sep, signer.sign('foo'))
def office_convert_cluster_token(file_id): from django.core import signing s = '-'.join([file_id, datetime.now().strftime('%Y%m%d')]) return signing.Signer().sign(s)
def signer(self): if self.max_age is None: return signing.Signer(salt=self.salt) else: return signing.TimestampSigner(salt=self.salt)
class DropFileWidget(widgets.Widget): signer = signing.Signer() def __init__(self, area_label, fileupload_url, attrs=None): self.area_label = area_label self.fileupload_url = fileupload_url super(DropFileWidget, self).__init__(attrs) self.filetype = 'file' def render(self, name, value, attrs=None, renderer=None): from django.contrib.staticfiles.storage import staticfiles_storage extra_attrs = dict(attrs) extra_attrs.update({ 'name': name, 'class': 'djng-{}-uploader'.format(self.filetype), 'djng-fileupload-url': self.fileupload_url, 'ngf-drop': 'uploadFile($file, "{0}", "{id}", "{ng-model}")'.format( self.filetype, **attrs), 'ngf-select': 'uploadFile($file, "{0}", "{id}", "{ng-model}")'.format( self.filetype, **attrs), }) self.update_attributes(extra_attrs, value) final_attrs = self.build_attrs(self.attrs, extra_attrs=extra_attrs) elements = [ format_html('<textarea {}>{}</textarea>', flatatt(final_attrs), self.area_label) ] # add a spinnging wheel spinner_attrs = { 'class': 'glyphicon glyphicon-refresh glyphicon-spin', 'ng-cloak': True, } elements.append(format_html('<span {}></span>', flatatt(spinner_attrs))) # add a delete icon icon_attrs = { 'src': staticfiles_storage.url('djng/icons/{}/trash.svg'.format( self.filetype)), 'class': 'djng-btn-trash', 'title': _("Delete File"), 'djng-fileupload-button ': True, 'ng-click': 'deleteImage("{id}", "{ng-model}")'.format(**attrs), 'ng-cloak': True, } elements.append(format_html('<img {} />', flatatt(icon_attrs))) # add a download icon if value: download_attrs = { 'href': value.url, 'class': 'djng-btn-download', 'title': _("Download File"), 'download': True, 'ng-cloak': True, } download_icon = staticfiles_storage.url( 'djng/icons/{}/download.svg'.format(self.filetype)) elements.append( format_html('<a {}><img src="{}" /></a>', flatatt(download_attrs), download_icon)) return format_html('<div class="drop-box">{}</div>', mark_safe(''.join(elements))) def update_attributes(self, attrs, value): if value: try: content_type, _ = mimetypes.guess_type(value.file.name) extension = mimetypes.guess_extension(content_type)[1:] except (IOError, IndexError, TypeError): extension = '_blank' background_url = staticfiles_storage.url( 'djng/icons/{}.png'.format(extension)) attrs.update({ 'style': 'background-image: url({});'.format(background_url), 'current-file': self.signer.sign(value.name) })
class FileUploadTest(TestCase): signer = signing.Signer() storage = app_settings.upload_storage def tearDown(self): try: os.remove( os.path.join(settings.MEDIA_ROOT, 'upload_temp/sample-image.jpg')) except: pass def upload_image(self): client = Client() upload_filename = os.path.join(os.path.dirname(__file__), 'sample-image.jpg') with open(upload_filename, 'rb') as fp: upload_url = reverse('fileupload') response = client.post(upload_url, { 'file:0': fp, 'filetype': 'image' }) self.assertEquals(response.status_code, 200) return json.loads(response.content.decode('utf-8')) def test_upload(self): content = self.upload_image() self.assertTrue('file:0' in content) self.assertTrue(content['file:0']['url'].startswith( 'url(data:application/octet-stream;base64,/9j/4AAQSkZJRgABA')) self.assertEquals(content['file:0']['file_name'], 'sample-image.jpg') self.assertEquals(content['file:0']['content_type'], 'image/jpeg') self.assertEquals(self.signer.unsign(content['file:0']['temp_name']), 'sample-image.jpg') def test_render_widget(self): form = TestUploadForm() htmlsource = form.as_p() dom = PyQuery(htmlsource) textarea = dom('div.drop-box textarea') self.assertEquals(textarea.attr('djng-fileupload-url'), reverse('fileupload')) self.assertEquals( textarea.attr('ngf-drop'), 'uploadFile($file, "image", "id_avatar", "my_data[\'avatar\']")') self.assertEquals( textarea.attr('ngf-select'), 'uploadFile($file, "image", "id_avatar", "my_data[\'avatar\']")') delete_button = dom('div.drop-box img.djng-btn-trash') self.assertEquals(delete_button.attr('src'), '/static/djng/icons/image/trash.svg') self.assertEquals(delete_button.attr('djng-fileupload-button'), '') self.assertEquals(delete_button.attr('ng-click'), 'deleteImage("id_avatar", "my_data[\'avatar\']")') def test_receive_small_image(self): content = self.upload_image() content['file:0'].pop('url') data = {'avatar': content['file:0']} form = TestUploadForm(data=data) self.assertTrue(form.is_valid()) self.assertIsInstance(form.cleaned_data['avatar'], InMemoryUploadedFile) self.assertEquals(form.cleaned_data['avatar'].name, "sample-image.jpg") # TODO: delete this image again # stored_image = self.storage.save('persisted.jpg', form.cleaned_data['avatar'].file) # initial = {'avatar': stored_image} # form = TestUploadForm(initial=initial) # htmlsource = form.as_p() @override_settings(FILE_UPLOAD_MAX_MEMORY_SIZE=50000) def test_receive_large_image(self): content = self.upload_image() content['file:0'].pop('url') data = {'avatar': content['file:0']} form = TestUploadForm(data=data) self.assertTrue(form.is_valid()) self.assertIsInstance(form.cleaned_data['avatar'], TemporaryUploadedFile) self.assertEquals(form.cleaned_data['avatar'].name, "sample-image.jpg")
def test_invalid_algorithm(self): signer = signing.Signer('predictable-secret', algorithm='whatever') msg = "'whatever' is not an algorithm accepted by the hashlib module." with self.assertRaisesMessage(InvalidAlgorithm, msg): signer.sign('hello')
def __init__(self, *args, **kwargs): self.signer = signing.Signer() # workaround modeltranslation patching Page.clean in an unpythonic way # goo.gl/yYD4pw self.clean = lambda: None super().__init__(*args, **kwargs)
import os.path from six.moves.urllib_parse import parse_qs, urlparse, urlunparse from django.core.management import call_command from django.core.management.base import BaseCommand from django.conf import settings from django.core import signing from django.utils.crypto import get_random_string try: from django.urls import reverse except ImportError: from django.core.urlresolvers import reverse signer = signing.Signer(salt='datadownloader') class Command(BaseCommand): def __init__(self, *args, **kw): self._requests = kw.pop('requests', None) super(Command, self).__init__(*args, **kw) def add_arguments(self, parser): super(Command, self).add_arguments(parser) parser.add_argument('--media-only', action='store_const', const='media', dest='components', default='media+db') parser.add_argument(
import binascii import json import re import urllib.parse from collections import namedtuple from django.core import signing SQL_SALT = "django_sql_dashboard:query" signer = signing.Signer(salt=SQL_SALT) def sign_sql(sql): return signer.sign(sql) def unsign_sql(signed_sql, try_object=False): # Returns (sql, signature_verified) # So we can handle broken signatures # Usually this will be a regular string try: sql = signer.unsign(signed_sql) return sql, True except signing.BadSignature: try: value, bad_sig = signed_sql.rsplit(signer.sep, 1) return value, False except ValueError: return signed_sql, False
from django.core.exceptions import PermissionDenied from django import http from django.utils.encoding import force_str, force_text from easydjango.websockets.exceptions import WebSocketError, HandshakeError, UpgradeRequiredError try: # django >= 1.8 && python >= 2.7 # https://docs.djangoproject.com/en/1.8/releases/1.7/#django-utils-dictconfig-django-utils-importlib from importlib import import_module except ImportError: # RemovedInDjango19Warning: django.utils.importlib will be removed in Django 1.9. # noinspection PyUnresolvedReferences from django.utils.importlib import import_module logger = logging.getLogger('django.request') signer = signing.Signer() topic_serializer = import_string(settings.WS4REDIS_TOPIC_SERIALIZER) signal_decoder = import_string(settings.WS4REDIS_SIGNAL_DECODER) # noinspection PyCallingNonCallable @lru_cache() def _get_redis_connection(): return StrictRedis(**settings.WS4REDIS_CONNECTION) def get_websocket_topics(request): signed_token = request.GET.get('token', '') try: token = signer.unsign(signed_token) except signing.BadSignature: