def clean(self):
cleaned_data = super(ExternalURLForm, self).clean()
signer = Signer()
if self.errors:
# if it's not a valid URL, no reason to do further validation
return
url = cleaned_data['ext_url']
matched_whitelist = any((regex.match(url) for regex in EXTERNAL_URL_WHITELIST))
if matched_whitelist:
cleaned_data['validated_url'] = url
elif 'signature' in cleaned_data:
signed_url = "{ext_url}:{signature}".format(**cleaned_data)
try:
cleaned_data['validated_url'] = signer.unsign(signed_url)
except BadSignature:
raise ValidationError(_('Signature validation failed'),
code='invalid')
else:
raise ValidationError(_('URL must either be allowed by '
'settings.EXTERNAL_URL_WHITELIST '
'or have a valid signature'),
code='invalid')
def catalogo(request):
try:
lista = get_lista(request)
cliente = request.user.cliente if request.user.is_authenticated() else None
context = get_base_context(request=request)
signer = Signer()
signed_id = None
if request.method == 'GET':
signed_id = request.GET.get('bien_id',0)
else:
if 'add_to_cart_button' in request.POST:
signed_id = request.POST.get('bien_id',0)
add_to_cart(request)
if signed_id:
bien_id = int(signer.unsign(signed_id),0)
if lista and (bien_id > 0):
bien = lista.get_bienes(include_hidden=False, search_bien_id=bien_id, cliente=cliente)
context['bien'] = bien
context['impuesto'] = lista.impuesto
atributos = models.BienYAtributo.objects.filter(bien__id=bien.id)
context['atributos'] = atributos
except AttributeError as e:
return HttpResponseServerError(e)
return render(request, 'catalogo.html', context)
def _custListItemDelete(requestData, user):
'''
问卷删除的具体处理函数
'''
# 检查是否提供了id
keys = requestData.keys()
if 'id' not in keys:
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_ID)
idSigned = requestData['id']
# 对id进行数字签名的检查
try:
signer = Signer()
id = signer.unsign(idSigned)
except BadSignature:
# 篡改发现处理
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.BAD_SAGNATURE)
# 检查对象是否还存在,并将对象锁定
custListListItem = CustListItem.objects.filter(id=id).select_for_update()
if len(custListListItem) == 0:
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.OBJECT_NOT_EXIST)
custListItem = custListListItem[0]
# 检查当前用户是否有权限修改
if custListItem.createBy.id != user.id:
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_PRIVILEGE)
# 执行删除
custListItem.delete()
# 返回成功
return packageResult(RESULT_CODE.SUCCESS, RESULT_MESSAGE.SUCCESS)
def _paperDelete(requestData, user):
# 检查是否提供了id
keys = requestData.keys()
if 'id' not in keys:
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_ID)
idSigned = requestData['id']
# 对id进行数字签名的检查
try:
signer = Signer()
id = signer.unsign(idSigned)
except BadSignature:
# 篡改发现处理
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.BAD_SAGNATURE)
# 检查对象是否还存在,并将对象锁定
paperList = Paper.objects.filter(id=id).select_for_update()
if len(paperList) == 0:
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.OBJECT_NOT_EXIST)
paper = paperList[0]
# 检查当前用户是否有权限修改
if paper.createBy.id != user.id:
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_PRIVILEGE)
# 执行删除
paper.delete()
# 返回成功
return packageResult(RESULT_CODE.SUCCESS, RESULT_MESSAGE.SUCCESS)
def _surveyDelete(requestData, user):
'''
问卷删除的具体处理函数
'''
# 检查是否提供了id
keys = requestData.keys()
if 'id' not in keys:
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_ID)
idSigned = requestData['id']
# 对id进行数字签名的检查
try:
signer = Signer()
id = signer.unsign(idSigned)
except BadSignature:
# 篡改发现处理
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.BAD_SAGNATURE)
# 检查对象是否还存在,并将对象锁定
surveyList = Survey.objects.filter(id=id).select_for_update()
if len(surveyList) == 0:
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.OBJECT_NOT_EXIST)
survey = surveyList[0]
# 检查当前用户是否有权限修改
if survey.createBy.id != user.id:
return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_PRIVILEGE)
# 执行删除
# 调查的删除不是直接删除,而是将状态改为P,有些信息还要以备后查
survey.state = 'P'
survey.save()
# 返回成功
return packageResult(RESULT_CODE.SUCCESS, RESULT_MESSAGE.SUCCESS)
def Home(request):
form = None
deck_list = []
if request.user.is_authenticated:
user_id = request.user.id
signer = Signer(request.user.id)
#new deck form
if request.method == "POST":
form = NewDeck(request.POST)
if form.is_valid():
deck = form.save(commit=False)
deck.user_id = user_id
deck.save()
return HttpResponseRedirect('/')
else:
form = NewDeck(initial={'user' : request.user.id})
#grab all decks associated with a user order by descending date created
decks = Deck.objects.filter(user_id=user_id, deleted_flag = 0).order_by('-date_created')
for deck in decks:
deck_list.append({
"deck_id" : signer.sign(deck.deck_id),
"deck_name" : deck.deck_name,
"share" : deck.share_flag
})
context = {
"form" : form,
"deck_list" : deck_list,
}
return render(request, "landing/home.html", context)
def email_verify_and_update(request):
"""If the verification_key is correct, change the user email."""
# check the verification_key
name = request.user.name
new_email = request.GET.get('new_email')
signer = Signer()
expected_verification_key = signer.sign(name + new_email).split(':')[1]
if expected_verification_key == request.GET.get('verification_key'):
# now update email
user_id = request.user.id
# if we dont set password to None we get a dict-key error in api/keystone
api.keystone.user_update(
request,
user_id,
name=new_email,
password=None)
msg = 'Email changed succesfully.'
messages.success(request, msg)
else:
msg = 'Invalid verification key. Email not updated.'
messages.error(request, msg)
# redirect user to settings home
response = redirect('horizon:settings:multisettings:index')
return response
def addDefaultScoreQuestion(request):
'''
增加一个默认结构的问答题,提供给前台的新增问题按钮使用。
'''
# 检查用户是否登录,并读取session中的用户信息
if USER_SESSION_NAME not in request.session.keys():
return packageResponse(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_LOGIN)
user = request.session[USER_SESSION_NAME]
# 检查是否提供了paper
if 'paper' not in request.REQUEST.keys():
return packageResponse(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_ID)
paperId = request.REQUEST['paper']
# 调用问题新增处理过程
requestData = {'paper': paperId, 'text': u'新增评分题,请填写(最长150字)', 'type': 'Score'}
result = _questionAdd(requestData, user)
if result['resultCode'] != 0:
return dictToJsonResponse(result)
questionId = result['questionId']
# 对id进行数字签名
signer = Signer()
questionId = signer.sign(questionId)
# 返回成功
return packageResponse(RESULT_CODE.SUCCESS, RESULT_MESSAGE.SUCCESS, {'id': questionId})
def manifest_url(key=None):
if not key:
return reverse('cache_manifest')
else:
signer = Signer(sep='_', salt='manifesto')
signed_key = signer.sign(key)
return reverse('cache_manifest_keyed', args=[signed_key])
def index(request):
N = 10
file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(N))
file_url = '/CodeTable_app/' + file_name + '/'
signer = Signer()
value = signer.sign(file_name)
# print 'Result : ', value, file_name
response = HttpResponseRedirect(file_url)
c = Code(code_id = file_name, last_edited = datetime.now(), code_actual = "")
c.save()
if 'key' in request.COOKIES:
key = request.COOKIES.get('key')
# print 'yay'
else:
key =''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(20))
response.set_cookie('key', key)
# print 'no'
allowed_key = [key]
session = Session(code_id = file_name)
session.setlist(allowed_key)
session.save()
return response
def get_sign_vigencia(value):
string = "%s,%s,%s" % (
value.ta_publicado_id if value.ta_publicado_id else 0,
value.inicio_vigencia,
value.fim_vigencia)
signer = Signer()
return signer.sign(str(string))
def form_valid(self, form):
resp = super(EmailUserRegistrationView, self).form_valid(form)
user = self.object
signer = Signer()
site = Site.objects.get(id=settings.SITE_ID)
ref_url = 'http://{}/confirm-email/{}/{}/'.format(site.domain, user.id, signer.signature(user.email))
txt_body = render_to_string(self.email_text_template_name,
{'reference': ref_url, 'site': site.name})
html_body = render_to_string(self.email_html_template_name,
{'reference': ref_url, 'site': site.name})
from_email = '{}{}'.format(settings.DEFAULT_FROM_EMAIL, site.domain)
send_mail(
recipient_list = [user.email],
subject = 'Account activation on the website online-polling.com',
message=txt_body,
html_message=html_body,
from_email = from_email ,
fail_silently = True,
)
#save early voting
try:
sch = self.request.session.pop('anonym_vote') #early voting
ch = Choice.objects.get(pk=sch)
user_choice = CUserChoice(choice=ch, cuser=user, date_vote = timezone.now())
user_choice.save()
except:
pass
return resp
def View_Deck(request):
deck_id_signed = request.GET.get('deck_id')
deck_id = None
card_list =[]
signer = Signer(request.user.id)
try:
deck_id = signer.unsign(deck_id_signed)
except signing.BadSignature:
print("Tampering detected! View deck")
return HttpResponseRedirect('/')
form = NewCard(initial={'deck' : request.GET.get('deck_id')})
cards = Card.objects.filter(deck_id=deck_id, deleted_flag = 0).order_by('-date_created')
deck = Deck.objects.filter(deck_id=deck_id, deleted_flag = 0)
print "here"
deck_name = ""
try:
deck_name = deck[0].deck_name
except IndexError:
deck_name = ""
for card in cards:
card_list.append({
"card_id" : card.card_id,
"front" : card.front,
"back" : card.back,
})
upload_form = UploadFile(initial={"deck_id" : signer.sign(deck_id)})
context = {
"upload_form" : upload_form,
"form" : form,
"card_list" : card_list,
"deck_id" : deck_id_signed,
"deck_name" : deck_name,
}
return render(request, 'flash_cards/view_deck.html', context)
def generate_unsubscribe_url(user, email_type):
signer = Signer()
url_path = "/account/settings/unsubscribe/{email_type}/{token}"
action = '|'.join([str(user.id), user.username, 'unsubscribe', email_type])
token = signer.sign(action)
path = url_path.format(email_type=email_type, token=token)
return make_path_absolute(path)
def unsign_purpose(signed_purpose):
signer = Signer()
try:
val = signer.unsign(signed_purpose)
return val[len(SALT):]
except BadSignature:
return None
def Shared_Decks(request):
u_id = request.GET.get('u_id')
user = None
user_name = None
signer = Signer(request.user.id)
try:
user = signer.unsign(u_id)
except signing.BadSignature:
return HttpResponse(json.dumps({"Tampering": "bad signature"}))
shared_decks = Deck.objects.filter(user_id = user, share_flag = 1, deleted_flag = 0)
deck_list = []
for deck in shared_decks:
deck_list.append({
"orig_deck_id" : signer.sign(deck.deck_id),
"deck_name" : deck.deck_name,
"share" : deck.share_flag,
})
form = NewDeck(initial={'user' : request.user.id})
getname = User.objects.filter(id = user)
for user_obj in getname:
user_name = user_obj.username
context = {
"shared_user_id" : user,
"shared_user_name" : user_name,
"shared_decks" : deck_list,
"clone_form" : form,
"sign" : signer.sign(request.user.id)
}
return render(request, 'flash_cards/shared_profile.html', context)
def surveyAnswerSubmit(request):
'''
问卷批量提交服务
'''
# 读取surveyId
surveyIdSigned = request.REQUEST.get('surveyId')
if not surveyIdSigned:
# raise Exception(RESULT_MESSAGE.NO_SURVEY_ID) # 没有提供调查对象
template = loader.get_template('www/answerFinished.html')
context = RequestContext(request, {'title': u'出错', 'message': RESULT_MESSAGE.NO_SURVEY_ID, 'returnUrl': '/'})
return HttpResponse(template.render(context))
# 对调查标识的数据签名进行检查
try:
signer = Signer()
surveyId = signer.unsign(surveyIdSigned)
except:
# raise Exception(RESULT_MESSAGE.BAD_SAGNATURE) # 无效的数字签名
template = loader.get_template('www/answerFinished.html')
context = RequestContext(request, {'title': u'出错', 'message': RESULT_MESSAGE.BAD_SAGNATURE, 'returnUrl': '/'})
return HttpResponse(template.render(context))
# 调用提交控制器生成处理数据,并生成返回结果
surveySubmitController = SurveySubmitController(request, surveyId)
return surveySubmitController.process()
def setUpTestData(cls):
"""Prepare data fro test cases.
1. Create new organization.
2. Create invitation.
"""
cls.client = Client()
cls.org = Organization.objects.create(
name="My Organization 1",
email="*****@*****.**",
phone="887555473",
address="Hawai, Janosikova 4",
created=datetime.now())
cls.org.save()
cls.inv = Invitation.objects.create(
reg_uuid=str(uuid4()).replace('-', ''),
user_name='Invited User',
email='*****@*****.**',
phone='1230000',
organization=cls.org,
superuser=False,
# default_file_permissions=1,
can_invite=True,
expiration=datetime.now()+timedelta(days=1),
secret_code=str(uuid4())[:5])
cls.inv.save()
signer = Signer()
register_data = {
'signature': signer.sign(cls.inv.reg_uuid),
'user_name': cls.inv.user_name,
'email': cls.inv.email,
'login_pwd': 'password',
'c_login_pwd': 'password',
'key_pwd': 'password',
'c_key_pwd': 'password',
'phone': cls.inv.phone,
'address': 'Janosikova 4, Hawai',
'pub_key': _public_key,
'priv_key': _private_key,
'organization': 'someorg',
'superuser': cls.inv.superuser,
'can_invite': cls.inv.can_invite,
'can_view': cls.inv.can_view,
'can_comment': cls.inv.can_comment,
'can_sign': cls.inv.can_sign,
'can_modify': cls.inv.can_modify,
'can_remove': cls.inv.can_remove,
# 'default_file_permissions': permissions._permissions,
'csr': _csr,
}
cls.get_access_response = cls.client.get(
'/register/{}/'.format(cls.inv.reg_uuid))
cls.invalid_code_response = cls.client.post(
'/register/{}/'.format(cls.inv.reg_uuid),
{'secret_code': '0000'})
cls.valid_code_response = cls.client.post(
'/register/{}/'.format(cls.inv.reg_uuid),
{'secret_code': cls.inv.secret_code})
cls.register_response = cls.client.post(
'/register/submit/', register_data)
def __init__(s, token):
try: token = Signer(sep=s.separators, salt=s.salt).unsign(token)
except BadSignature: raise TokenSignatureError(token)
s.token = token.split(s.separator)
if len(s.token) != 4: raise TokenFormatError("Invalid token format [1]")
if s.token[2] != "ALLOW": raise TokenFormatError("Invalid token format [2]")
s.fields = s.token[3].split(s.separator2)
def form_type(context, form_type):
mu_forms = getattr(settings, "MULTIUPLOADER_FORMS_SETTINGS", DEFAULTS.MULTIUPLOADER_FORMS_SETTINGS)
signer = Signer()
if form_type:
import warnings
if form_type == "" or form_type not in mu_forms:
if settings.DEBUG:
warnings.warn(
"A {% form_type %} was used in a template but such form_type (%s) was not provided in settings, default used instead"
% form_type
)
return mark_safe(
u"<div style='display:none'><input type='hidden' name='form_type' value='%s' /></div>"
% signer.sign("default")
)
else:
return mark_safe(
u"<div style='display:none'><input type='hidden' name='form_type' value='%s' /></div>"
% signer.sign(form_type)
)
else:
# It's very probable that the form_type is missing because of
# misconfiguration, so we raise a warning
if settings.DEBUG:
warnings.warn("A {% form_type %} was used in a template but form_type was not provided")
return mark_safe(u"")
def changeResestPassword(request):
token = request.POST['token']
if token:
signer = Signer()
try:
original = signer.unsign(token)
except BadSignature:
print("Tampering detected!")
return JsonResponse({'error' : 'token expired'})
user = User.objects.filter(username=original).get()
newPass = request.POST['password']
user.password = make_password(newPass)
user.save()
user = authenticate(username=original, password=newPass)
login(request, user)
request.session['member_id'] = user.id
request.session['username'] = user.username
return JsonResponse({'success' : 'password changed for ' + user.username})
else:
if request.user.is_authenticated():
me = request.user
if check_password(request.POST['password0'], me.password):
newPass = request.POST['password']
me.password = make_password(newPass)
me.save()
me = authenticate(username=me.username, password=newPass)
login(request, me)
return JsonResponse({'success' : 'password changed for ' + me.username})
else:
return JsonResponse({'error' : 'current password doesn\'t match'})
return JsonResponse({'error' : 'password not changed'})
def make_paypal_url(request, payment):
signer = Signer()
item_number = signer.sign(unicode(payment.id))
params = {"cmd": "_xclick",
"business": settings.ARTSHOW_PAYPAL_ACCOUNT,
"undefined_quantity": "0",
"item_name": "Art Show Payment from " + payment.artist.artistname(),
"item_number": item_number,
"amount": unicode(payment.amount),
"shipping": "0",
"no_shipping": "1",
"return": request.build_absolute_uri(reverse("artshow.manage.payment_made_paypal",
args=(payment.artist_id,))),
"cancel_return": request.build_absolute_uri(
reverse("artshow.manage.payment_cancelled_paypal",
args=(payment.artist_id,)) + "?" + urlencode({"item_number": item_number})),
"currency_code": "USD",
"bn": "PP-BuyNow",
"charset": "UTF-8",
"notify_url": request.build_absolute_uri(reverse(ipn_handler)),
}
return settings.ARTSHOW_PAYPAL_URL + "?" + urlencode(params)
def process_ipn(sender, **kwargs):
query = kwargs['query']
payment_id = None
try:
verify_url = settings.ARTSHOW_PAYPAL_URL + "?cmd=_notify-validate&" + query
paypal_logger.debug("requesting verification from: %s", verify_url)
pipe = urlopen(verify_url)
text = pipe.read(128)
if text != "VERIFIED":
raise IPNProcessingError("Paypal returned %s for verification" % text)
params = parse_qs(query)
paypal_logger.info("validated PayPal IPN: %s", repr(params))
txn_type = params['txn_type'][0]
if txn_type != "web_accept":
raise IPNProcessingError("txn_type is %s not web_accept" % txn_type)
item_number = params['item_number'][0]
payment_status = params['payment_status'][0]
amount_gross = params['mc_gross'][0]
amount_gross = Decimal(amount_gross)
payer_email = params['payer_email'][0]
payment_date_str = params['payment_date'][0]
payment_date = convert_date(payment_date_str)
if payment_status != "Completed":
raise IPNProcessingError("payment status is %s != Completed" % payment_status)
signer = Signer()
payment_id = signer.unsign(item_number)
payment = Payment.objects.get(id=payment_id)
if payment.payment_type_id != settings.ARTSHOW_PAYMENT_PENDING_PK:
if payment.payment_type_id == settings.ARTSHOW_PAYMENT_RECEIVED_PK and payment.amount == amount_gross:
paypal_logger.info("additional notification received for payment id %s. this is normal", payment_id)
return
raise IPNProcessingError("payment is not Payment Pending state")
if payment.amount != amount_gross:
paypal_logger.warning("payment is being changed from %s to %s", payment.amount, amount_gross)
paypal_logger.info("marking payment received. payment id: %s amount: %s paypal email: %s",
payment_id, amount_gross, payer_email)
payment.amount = amount_gross
payment.payment_type_id = settings.ARTSHOW_PAYMENT_RECEIVED_PK
payment.description = "Paypal " + payer_email
payment.date = payment_date
payment.save()
except Exception, x:
paypal_logger.error("Error when getting validation for: %s", query)
if payment_id:
paypal_logger.error("... during processing of payment_id: %s", payment_id)
paypal_logger.error("%s", x)
def explain(request):
# Make sure that the user can only submit an explanation for the random word we picked
signer = Signer()
if request.method == 'POST':
form = ExplainForm(request.POST)
if form.is_valid():
word_id = signer.unsign(form.cleaned_data['word_signed'])
word = Word.objects.get(pk=word_id)
explanation = Explanation(
word=word,
explanation= form.cleaned_data['explanation'],
author = request.user,
)
explanation.save()
messages.success(request, u"Vielen Dank für Deine Erklärung zu „%s“!" % word.lemma)
return redirect('index')
else:
try:
word = Word.random(player = request.user)
form = ExplainForm(initial = {'word_signed': signer.sign(word.id)})
except NotEnoughWordsException:
messages.error(request, u"Leider gibt es nicht genügend Wörter. Motiviere deine Freunde, ein paar neue Wörter einzugeben!")
return redirect('index')
context = {
'word': word,
'form': form,
}
return render(request, 'nbip/explain.html', context)
def Edit_Deck(request):
if request.method == 'POST':
deck_id_signed = request.POST.get('deck_id')
deck_id = None
signer = Signer(request.user.id)
try:
deck_id = signer.unsign(deck_id_signed)
except signing.BadSignature:
print("Tampering detected!!")
return HttpResponseRedirect('/')
deck_name = request.POST.get('deck_name')
user = request.POST.get('user')
share_flag = request.POST.get('share_flag')
if share_flag == 'false':
share_flag = 0
else:
share_flag = 1
data = {'user' : user, 'deck_name' : deck_name, "share_flag" : share_flag}
deck = get_object_or_404(Deck, deck_id=deck_id)
if deck.deck_name == deck_name:
deck.share_flag = share_flag
deck.save()
else:
form = NewDeck(data)
if form.is_valid():
#deck = get_object_or_404(Deck, deck_id=deck_id)
deck.deck_name = deck_name
deck.share_flag = share_flag
deck.save()
else:
errors = form.errors
return HttpResponse(json.dumps(errors))
return HttpResponse(json.dumps({"success": "success"}))
def authenticate(self, hash, pk):
user = User.objects.get(pk=pk)
signer = Signer()
value = signer.sign(user.username)
if value.split(":")[1] == hash:
return user
return None
def Study(request):
signer = Signer(request.user.id)
deck_id_signed = request.GET.get('deck_id')
deck_id = None
deckname = ""
card_list = []
current_user_id = request.user.id
try:
deck_id = signer.unsign(deck_id_signed)
except signing.BadSignature:
print "Tampering Detected! Study"
return HttpResponseRedirect('/')
deck = Deck.objects.filter(deck_id = deck_id, deleted_flag = 0)
try:
deckname = deck[0].deck_name
deck_creator_id = deck[0].user_id
except IndexError:
deckname = ""
cards = Card.objects.filter(deck_id = deck_id, deleted_flag = 0).order_by('-date_created')
for card in cards:
card_list.append({
"card_id" : card.card_id,
"front" : card.front,
"back" : card.back,
})
context = {
"deckname" : deckname,
"card_list" : card_list,
"deck_id_signed" : deck_id_signed,
"deck_creator_id" : deck_creator_id,
"current_user_id" : current_user_id,
}
return render(request, 'flash_cards/study.html', context)
def _generate_timestamp(self):
"""
Generate a new signed timestamp.
"""
signer = Signer(salt=self.timestamp_signer_salt)
timestamp = baseconv.base62.encode(int(time.time()))
return signer.sign(timestamp)
def dispatch(self, request, *args, **kwargs):
self.event = get_object_or_404(Event, pk=self.kwargs['pk'])
if self.admin:
self.person = get_object_or_404(Person, id=self.kwargs.get('person_id', None))
else:
self.token = self.kwargs.get('token', None)
if self.token:
self.person = person_from_token(self.token, Person)
else:
self.person_id = self.kwargs.get('person_id', None)
if not self.person_id:
self.person = person_from_user(request, raiseException=False)
if self.person:
self.person_id = self.person.id
if self.person_id:
signer = Signer()
token = signer.sign(self.person_id)
return redirect('events:register_token', token=token, pk=self.event.pk)
# Get here with a token and self.person set OR self.person=None which requires a login
self.participants = Participant.objects.filter(
event=self.event).order_by('person__first_name', 'person__last_name')
parts = self.participants.filter(person=self.person)
if parts:
self.participant = parts[0]
return super().dispatch(request, *args, **kwargs)
def get_authentication_url(self, request, next=None):
signer = Signer("user-authentication")
sig = signer.sign(self.email)
querystring = urlencode({
"sig": sig,
"next": next or '',
})
return request.build_absolute_uri(reverse("users-authenticate")) + "?" + querystring
def test_saving_and_retreiving_prospect(self):
random_str = identifier.getNewProspectEmailUnsubscribeString()
email_unsubscribe_signer = Signer(salt='email_unsubscribe')
signed_string = email_unsubscribe_signer.sign(random_str)
pr_cd = identifier.getNewProspectCode()
prospect1 = Prospect.objects.create(
first_name='first',
last_name='last',
email='*****@*****.**',
phone='1-800-800-8000 ext 800',
email_unsubscribed=True,
email_unsubscribe_string=random_str,
email_unsubscribe_string_signed=signed_string.rsplit(':', 1)[1],
prospect_comment='prospect_commented here',
swa_comment='swa_commented here',
pr_cd=pr_cd,
created_date_time=timezone.now())
prospect1.converted_date_time = timezone.now()
prospect1.save()
random_str2 = identifier.getNewProspectEmailUnsubscribeString()
signed_string2 = email_unsubscribe_signer.sign(random_str2)
pr_cd2 = identifier.getNewProspectCode()
prospect2 = Prospect.objects.create(
first_name='first2',
last_name='last2',
email='*****@*****.**',
phone='1-800-800-8000 ext 802',
email_unsubscribed=False,
email_unsubscribe_string=random_str2,
email_unsubscribe_string_signed=signed_string2.rsplit(':', 1)[1],
prospect_comment='prospect_commented here 2',
swa_comment='swa_commented here 2',
pr_cd=pr_cd2,
created_date_time=timezone.now())
prospect2.converted_date_time = timezone.now()
prospect2.save()
saved_prospects = Prospect.objects.all()
self.assertEqual(saved_prospects.count(), 2)
self.assertEqual(
Prospect.objects.get(email_unsubscribe_string=random_str).
email_unsubscribe_string_signed,
signed_string.rsplit(':', 1)[1])
self.assertEqual(
Prospect.objects.get(
email_unsubscribe_string=random_str2).last_name, 'last2')
random_str3 = identifier.getNewProspectEmailUnsubscribeString()
signed_string3 = email_unsubscribe_signer.sign(random_str3)
pr_cd3 = identifier.getNewProspectCode()
try:
prospect3 = Prospect.objects.create(
first_name='first3',
last_name='last3',
email='*****@*****.**',
phone='1-800-800-8000 ext 803',
email_unsubscribed=False,
email_unsubscribe_string=random_str3,
email_unsubscribe_string_signed=signed_string3.rsplit(':',
1)[1],
prospect_comment='prospect_commented here 2',
swa_comment='swa_commented here 2',
pr_cd=pr_cd3,
created_date_time=timezone.now())
except IntegrityError as e:
print('Expected Error! Code: {c}, Message, {m}'.format(
c=type(e).__name__, m=str(e)))
self.assertEqual(type(e).__name__, 'IntegrityError')
def generate_token(self, rand_length=15):
generated_rand = self.gererate_random(randrange(rand_length, rand_length + rand_length))
signer = Signer()
return signer.sign(generated_rand)
import json
from api.models import Company, Account, Period, JournalEntry, JournalEntryLine, CashFlowWorksheet
from api.lib import reports as reports_lib
import jwt
from django.conf import settings
from django.core.signing import Signer
from django.db.models.functions import Cast
from django.db.models import CharField
from django.db import transaction
from django.utils import timezone
from api.utils import generate_slug, generate_slugs_batch
signer = Signer(key=settings.OBJECT_SIGNING_KEY)
# EXPORT FUNCTIONS # # # # # # # # # #
def export_company_to_jwt(company):
data = {
"meta": {
'version':
settings.OBJECT_SERIALIZATION_VERSION,
'issued_at':
timezone.now().strftime("%s"),
'user_history': [{
'user_hash': company.user.userprofile.slug,
'timestamp': timezone.now().strftime("%s"),
'event': 'export'
def timeless_load_qs_query(query):
payload = json.loads(query)
signer = Signer()
signed_data = payload['data']
data = signer.unsign(signed_data)
return pickle.loads(zlib.decompress(base64.b64decode(data)))
from django.conf import settings
from django.core.signing import Signer
LORIKEET_CART_COMPLETE_CHECKERS = getattr(
settings,
"LORIKEET_CART_COMPLETE_CHECKERS",
[
"lorikeet.cart_checkers.delivery_address_required",
"lorikeet.cart_checkers.payment_method_required",
"lorikeet.cart_checkers.cart_not_empty",
"lorikeet.cart_checkers.email_address_if_anonymous",
],
)
LORIKEET_ORDER_DETAIL_VIEW = getattr(settings, "LORIKEET_ORDER_DETAIL_VIEW", None)
LORIKEET_SET_CSRFTOKEN_EVERYWHERE = getattr(
settings, "LORIKEET_SET_CSRFTOKEN_EVERYWHERE", True
)
LORIKEET_INVOICE_ID_GENERATOR = getattr(settings, "LORIKEET_INVOICE_ID_GENERATOR", None)
order_url_signer = Signer(salt="au.com.cmv.open-source.lorikeet.order-url-signer")
def test_create_companies_form_success(self):
file_path = os.path.join(
settings.BASE_DIR,
'company/tests/fixtures/valid-companies-upload.csv')
response = self.client.post(reverse('admin:company_company_enrol'), {
'generated_for': constants.UK_ISD,
'csv_file': open(file_path, 'rb'),
})
assert response.status_code == 200
assert Company.objects.count() == 2
company_one, company_two = Company.objects.all()
assert company_one.name == 'Example Compass'
assert company_one.address_line_1 == ''
assert company_one.address_line_2 == ''
assert company_one.postal_code == ''
assert company_one.email_address == ''
assert company_one.mobile_number == '55555555555'
assert company_one.number == '12355434'
assert company_one.website == 'http://www.example-compass.co.uk'
assert company_one.twitter_url == 'https://www.twitter.com/one'
assert company_one.facebook_url == 'https://www.facebook.com/one'
assert company_one.linkedin_url == (
'https://www.linkedin.com/company/one')
assert company_one.company_type == company_types.COMPANIES_HOUSE
assert company_one.is_uk_isd_company is True
assert company_two.name == 'Example Associates Ltd'
assert company_two.address_line_1 == 'Example Business Centre'
assert company_two.address_line_2 == 'Example barn Farm'
assert company_two.postal_code == 'IG22 0PQ'
assert company_two.email_address == ''
assert company_two.mobile_number == '6666666'
assert company_two.number.startswith('ST')
assert company_two.website == 'http://www.example-asscoiates.com'
assert company_two.twitter_url == 'https://www.twitter.com/two'
assert company_two.facebook_url == 'https://www.facebook.com/two'
assert company_two.linkedin_url == (
'https://www.linkedin.com/company/two')
assert company_two.company_type == company_types.SOLE_TRADER
assert company_two.is_uk_isd_company is True
pre_verified_queryset = PreVerifiedEnrolment.objects.all()
assert len(pre_verified_queryset) == 2
assert pre_verified_queryset[0].company_number == company_one.number
assert pre_verified_queryset[0].generated_for == constants.UK_ISD
assert pre_verified_queryset[1].company_number == company_two.number
assert pre_verified_queryset[1].generated_for == constants.UK_ISD
signer = Signer()
assert response.context_data['created_companies'] == [{
'name':
'Example Compass',
'number':
company_one.number,
'email_address':
'*****@*****.**',
'url': ('http://profile.trade.great:8006/profile/enrol/'
'pre-verified/?key=' + signer.sign(company_one.number))
}, {
'name':
'Example Associates Ltd',
'number':
company_two.number,
'email_address':
'*****@*****.**',
'url': ('http://profile.trade.great:8006/profile/enrol/'
'pre-verified/?key=' + signer.sign(company_two.number))
}]
def get_basket_hash(self, basket_id):
return Signer().sign(basket_id)
def chat_path(channel, participant_id):
channel_and_id = '{}/{}'.format(channel, participant_id)
channel_and_id_signed = Signer(sep='/').sign(channel_and_id)
return '/otreechat_core/{}/'.format(channel_and_id_signed)
def sign_obj_id(obj_id, salt=None):
signer = Signer(salt=salt)
value = signer.sign('%s@%s' % (
obj_id, settings.TWILIO_ACCOUNT_SID)
)
return value
def sign_string(string: str) -> Tuple[str, str]:
salt = secrets.token_hex(32)
signer = Signer(salt=salt)
return signer.sign(string), salt
def get_redirect_url(self, *args, **kwargs):
if not self.request.user.is_authenticated:
return '/'
return settings.WORK_ADVENTURE_URL.rstrip('/') + '/register/' + Signer().sign(self.request.user.wa_uuid)
def sign_string(string: str) -> Tuple[str, str]:
salt = generate_random_token(64)
signer = Signer(salt=salt)
return signer.sign(string), salt
def unsign_string(signed_string: str, salt: str) -> str:
signer = Signer(salt=salt)
return signer.unsign(signed_string)
def get_anonymous_edit_url(self):
signer = Signer()
signature = signer.sign(self.pk)
return reverse('map_anonymous_edit_url', kwargs={'signature': signature})
def get_client_callback_url(self):
return reverse('callback_caller:callback_client_callback',
args=(Signer().sign(self.pk), ))
def get_token(self, obj):
if obj.is_active:
return None
signer = Signer()
return signer.signature(obj.email)
def get_absolute_url(self):
return reverse('callback_caller:callback_call',
args=(Signer().sign(self.pk), ))
raise UnknownFeature("Unknown feature: %r" % key)
return False
if setting is F.ALWAYS:
return True
elif setting is F.NEVER:
return False
elif setting is F.USER:
return key in self.features
raise ValueError(f"Unknown setting value {setting} for {key}")
__getitem__ = __getattr__
signer = Signer(salt="user")
class UserManager(BaseUserManager):
def create_user(self, email, password):
"""
Creates and saves a User with the given email, date of birth.
"""
if not email:
raise ValueError("Users must have an email address")
from workbench.awt.models import WorkingTimeModel
user = self.model(
email=self.normalize_email(email),
working_time_model=WorkingTimeModel.objects.first(),
def multiuploader(request, noajax=False):
"""
Main Multiuploader module.
Parses data from jQuery plugin and makes database changes.
"""
if request.method == 'POST':
log.info('received POST to main multiuploader view')
if request.FILES is None:
response_data = [{"error": _('Must have files attached!')}]
return HttpResponse(simplejson.dumps(response_data))
if not u'form_type' in request.POST:
response_data = [{"error": _("Error when detecting form type, form_type is missing")}]
return HttpResponse(simplejson.dumps(response_data))
signer = Signer()
try:
form_type = signer.unsign(request.POST.get(u"form_type"))
except BadSignature:
response_data = [{"error": _("Tampering detected!")}]
return HttpResponse(simplejson.dumps(response_data))
form = MultiUploadForm(request.POST, request.FILES, form_type=form_type)
if not form.is_valid():
error = _("Unknown error")
if "file" in form._errors and len(form._errors["file"]) > 0:
error = form._errors["file"][0]
response_data = [{"error": error}]
return HttpResponse(simplejson.dumps(response_data))
file = request.FILES[u'file']
wrapped_file = UploadedFile(file)
filename = wrapped_file.name
file_size = wrapped_file.file.size
log.info('Got file: "%s"' % filename)
#writing file manually into model
#because we don't need form of any type.
fl = MultiuploaderFile()
fl.filename = filename
fl.file = file
fl.save()
log.info('File saving done')
thumb_url = ""
try:
im = get_thumbnail(fl.file, "80x80", quality=50)
thumb_url = im.url
except Exception as e:
log.error(e)
#generating json response array
result = [{"id": fl.id,
"name": filename,
"size": file_size,
"url": reverse('multiuploader_file_link', args=[fl.pk]),
"thumbnail_url": thumb_url,
"delete_url": reverse('multiuploader_delete', args=[fl.pk]),
"delete_type": "POST", }]
response_data = simplejson.dumps(result)
#checking for json data type
#big thanks to Guy Shapiro
if noajax:
if request.META['HTTP_REFERER']:
redirect(request.META['HTTP_REFERER'])
if "application/json" in request.META['HTTP_ACCEPT_ENCODING']:
mimetype = 'application/json'
else:
mimetype = 'text/plain'
return HttpResponse(response_data, mimetype=mimetype)
else: # GET
return HttpResponse('Only POST accepted')
def get_published_properties(user, store, meta):
signer = Signer()
return {
'logged_in':
True,
'uid':
user.pk,
'username':
user.username,
'name': (user.first_name if user.first_name else user.username),
'email':
user.email,
'configured':
store.configured,
'taskd_credentials':
store.taskrc.get('taskd.credentials'),
'taskd_server':
store.taskrc.get('taskd.server'),
'taskd_server_is_default':
store.sync_uses_default_server,
'streaming_enabled': (settings.STREAMING_UPDATES_ENABLED
and store.sync_uses_default_server),
'streaming_key':
signer.sign(str(store.pk)),
'taskd_files':
store.taskd_certificate_status,
'twilio_auth_token':
store.twilio_auth_token,
'sms_whitelist':
store.sms_whitelist,
'sms_arguments':
store.sms_arguments,
'sms_replies':
store.sms_replies,
'email_whitelist':
store.email_whitelist,
'task_creation_email_address':
'*****@*****.**' % (store.secret_id),
'taskrc_extras':
store.taskrc_extras,
'api_key':
store.api_key.key,
'tos_up_to_date':
meta.tos_up_to_date,
'privacy_policy_up_to_date':
meta.privacy_policy_up_to_date,
'feed_url':
reverse('feed', kwargs={
'uuid': store.secret_id,
}),
'ical_waiting_url':
reverse('ical_feed',
kwargs={
'variant': 'waiting',
'secret_id': store.secret_id,
}),
'ical_due_url':
reverse('ical_feed',
kwargs={
'variant': 'due',
'secret_id': store.secret_id,
}),
'sms_url':
reverse('incoming_sms', kwargs={
'username': user.username,
}),
'colorscheme':
meta.colorscheme,
'repository_head':
store.repository.head(),
'sync_enabled':
store.sync_enabled,
'pebble_cards_enabled':
store.pebble_cards_enabled,
'feed_enabled':
store.feed_enabled,
'ical_enabled':
store.ical_enabled,
'auto_deduplicate':
store.auto_deduplicate,
'udas': [{
'field': k,
'label': v.label,
'type': v.__class__.__name__
} for k, v in store.client.config.get_udas().items()],
'trello_board_url':
(store.trello_board.meta['url'] if store.trello_board else None),
'bugwarrior_configured':
True if store.bugwarrior_config else False,
'bugwarrior_config': (store.bugwarrior_config.serialized_config
if store.bugwarrior_config else ''),
'bugwarrior_enabled': (store.bugwarrior_config.enabled
if store.bugwarrior_config else False),
'system_udas':
get_system_udas_as_config(),
}
def get_anonymous_unsubscribe_url(email):
return '{base_url}?{querystring}'.format(
base_url=settings.FAS_NOTIFICATIONS_UNSUBSCRIBE_URL,
querystring=urllib.parse.urlencode({'email': Signer().sign(email)}),
)
def get_sign_vigencia(value):
string = "%s,%s,%s" % (value.ta_publicado_id if value.ta_publicado_id else
0, value.inicio_vigencia, value.fim_vigencia)
signer = Signer()
return signer.sign(str(string))
def verification_hash(self):
signer = Signer(salt='oscar.apps.order.Order')
return signer.sign(self.number)
def dispatch(self, request, *args, **kwargs):
self.signer = Signer()
return super().dispatch(request, *args, **kwargs)
from django.template.loader import render_to_string
from django.core.signing import Signer
from datetime import datetime
from os.path import splitext
from blogsite.settings import ALLOWED_HOSTS
signer = Signer()
def send_activation_notification(user):
if ALLOWED_HOSTS:
host = 'http://' + ALLOWED_HOSTS[0]
else:
host = 'http://localhost:8000'
context = {'user': user, 'host': host, 'sign': signer.sign(user.username)}
subject = render_to_string('email/activation_letter_subject.txt', context)
body_text = render_to_string('email/activation_letter_body.txt', context)
user.email_user(subject, body_text)
"""
def get_timestamp_path(instance, filename):
return '%s%s' % (datetime.now().timestamp(), splitext(filename)[1])
def send_new_comment_notification(comment):
if ALLOWED_HOSTS:
host = 'http://' + ALLOWED_HOSTS[0]
else:
host = 'http://localhost:8000'
author = comment.bb.author
def unsubscribe_signer():
return Signer(salt='unsubscribe')
def get_signature(self):
return Signer().signature(self._serialize_for_signing())
class Application(object):
HEADERS = [
('Content-Type', 'text/event-stream'),
]
ERROR_RETRY_DELAY = 60 * 1000
def add_message(self, name, data=None):
if data is None:
data = ''
self.queue.put({
'name': name,
'data': data,
})
def handle_local_sync(self, message):
new_head = json.loads(message['data'])['head']
if new_head != self.head:
self.head = new_head
self.add_message('head_changed', self.head)
def handle_changed_task(self, message):
self.add_message('task_changed',
json.loads(message['data'])['task_id'])
def handle_log_message(self, message):
announcement = json.loads(message['data'])
if announcement['error'] and not announcement['silent']:
self.add_message('error_logged', announcement['message'])
def handle_personal_announcement(self, message):
self.add_message('personal_announcement',
json.loads(message['data'])['message'])
def handle_public_announcement(self, message):
self.add_message('public_announcement',
json.loads(message['data'])['message'])
def beat_heart(self):
heartbeat_interval = datetime.timedelta(
seconds=settings.EVENT_STREAM_HEARTBEAT_INTERVAL)
if (not self.last_heartbeat or self.last_heartbeat + heartbeat_interval
< datetime.datetime.now()):
self.add_message("heartbeat")
self.last_heartbeat = datetime.datetime.now()
def __init__(self, env, start_response):
start_response('200 OK', self.HEADERS)
self.last_heartbeat = None
self.env = env
self.response = env
self.signer = Signer()
self.initialized = False
self.queue = Queue()
try:
query = urlparse.parse_qs(
urlparse.urlparse(wsgiref_utils.request_uri(env)).query)
if 'key' not in query:
return
taskstore_id = self.signer.unsign(query['key'][0])
self.store = TaskStore.objects.get(pk=int(taskstore_id))
try:
self.head = query['head'][0]
except (KeyError, IndexError):
self.head = self.store.repository.head()
# Subscribe to the event stream
self.subscription = get_announcements_subscription(
self.store, **{
'local_sync.{username}':
self.handle_local_sync,
'changed_task.{username}':
self.handle_changed_task,
'log_message.{username}':
self.handle_log_message,
'{username}':
self.handle_personal_announcement,
settings.ANNOUNCEMENTS_CHANNEL:
(self.handle_public_announcement),
})
self.subscription_thread = self.subscription.run_in_thread(
sleep_time=1)
# Kick-off a sync just to be sure
kwargs = {'async': True, 'function': ('views.Status.iterator')}
self.store.sync(msg='Iterator initialization', **kwargs)
# Let the client know the head has changed if they've asked
# for a different head than the one we're on:
if self.head != self.store.repository.head():
for task_id in self.store.get_changed_task_ids(self.head):
self.add_message('task_changed', task_id)
self.initialized = True
except Exception as e:
logger.exception("Error starting event stream: %s", str(e))
def __iter__(self):
if not self.initialized:
yield 'retry: %s\n\n' % self.ERROR_RETRY_DELAY
return
self.beat_heart()
created = time.time()
while time.time() - created < settings.EVENT_STREAM_TIMEOUT:
self.beat_heart()
# Emit queued messages
while not self.queue.empty():
message = self.queue.get(False)
if not message:
continue
if message.get('name'):
yield 'event: {name}\n'.format(
name=message['name'].encode('utf8'))
yield 'data: {data}\n'.format(
data=message.get('data', '').encode('utf8'))
yield '\n'
# Relax
sleep(settings.EVENT_STREAM_LOOP_INTERVAL)
self.subscription_thread.stop()
def screenshot(request):
"""
Return screenshot of a given URL on this site. This is a light wrapper around "node scripts/screenshot.js".
Do not generate URLs for this page directly, but by calling page_image_url(). This view requires a signed JSON
object within the ?payload= query parameter so it can't be called unexpectedly.
"""
if not settings.SCREENSHOT_FEATURE:
raise Http404
# read payload
try:
payload = json.loads(Signer().unsign(request.GET.get('payload', '')))
except signing.BadSignature:
return HttpResponseBadRequest()
### NOTE: after this point, contents of 'payload' are verified as coming from a signed request we created,
# though the 'url' parameter may be partially user-controlled. ###
# validate that submitted URL is a complete URL on our site
url = payload.get('url')
if not url:
return HttpResponseBadRequest("URL parameter required.")
if not url.startswith(
'https://' if settings.MAKE_HTTPS_URLS else 'http://'):
return HttpResponseBadRequest("Invalid URL protocol.")
if not is_safe_url(url, safe_domains):
return HttpResponseBadRequest(
"URL should match one of these domains: %s" % safe_domains)
# apply target= and wait= query params
command_args = []
for selector in payload.get('waits', []):
command_args += ['--wait', selector]
for selector in payload.get('targets', []):
command_args += ['--target', selector]
for selector in payload.get('disable', []):
command_args += ['--disable', selector]
timeout = payload.get('timeout', settings.SCREENSHOT_DEFAULT_TIMEOUT)
# disable puppeteer sandbox just for dockerized dev/test env
# this is needed because puppeteer can't run as root without --no-sandbox; the alternative would be to set up docker
# to not run as root
if os.environ.get('DOCKERIZED') and settings.DEBUG:
command_args += ['--no-sandbox']
# get screenshot from node scripts/screenshot.js
subprocess_args = [
'node',
os.path.join(settings.BASE_DIR, 'scripts/screenshot.js'), '-m',
str(timeout * 1000)
] + command_args + [url]
print(" ".join(subprocess_args))
try:
screenshot = subprocess.check_output(subprocess_args, timeout=timeout)
content_type = "image/png"
except (subprocess.TimeoutExpired, subprocess.CalledProcessError) as e:
print("Using fallback for screenshot with payload %s: %s" %
(payload, e))
fallback_path = payload.get('fallback')
if not fallback_path or not staticfiles_storage.exists(fallback_path):
fallback_path = 'img/og_image/api.jpg'
with staticfiles_storage.open(fallback_path) as screenshot_file:
screenshot = screenshot_file.read()
content_types_by_suffix = {'png': 'image/png', 'jpg': 'image/jpeg'}
content_type = content_types_by_suffix[fallback_path.rsplit('.', 1)[1]]
return HttpResponse(screenshot, content_type=content_type)
def verify_signature(self):
assert self._signature
s = ':'.join([self._serialize_for_signing(), self._signature])
Signer().unsign(s)
