def timestampsigner_test(): from django.core.signing import TimestampSigner signer = TimestampSigner() value = signer.sign('hello') print(value) original = signer.unsign(value) print(original) original = signer.unsign(value, max_age=10) print(original)
def reset(request, token=None): error_message = None signer = TimestampSigner() reset_token_form = ResetTokenForm(request.POST or None) # Token not passed through URL parameter. if token is None and reset_token_form.is_valid(): token = reset_token_form.cleaned_data['token'] if token is not None: encrypted_token = None # The token might be a shortcode. First try to look up a matching shortcode. try: shortcode = TextMessageShortCode.objects.get(code=token) encrypted_token = shortcode.token except TextMessageShortCode.DoesNotExist: encrypted_token = token try: # max_age is in seconds, so 1 hr. psu_uuid = signer.unsign(encrypted_token, max_age=60*60) # Verify psu_uuid, authenticate user, redirect to "new student" version of MyInfo. user = auth.authenticate(psu_uuid = psu_uuid, request=request) if user is not None: auth.login(request, user) # Now they need to reset their password. (oam_status, _) = OAMStatusTracker.objects.get_or_create(psu_uuid = request.session['identity']['PSU_UUID']) oam_status.set_password = False oam_status.save() return HttpResponseRedirect(reverse('AccountPickup:next_step')) logger.error("service=myinfo psu_uuid={0} error=\"Password token decrypted succesfully but unable to authenticate.\"".format(psu_uuid)) error_message = "There was an internal error. Please contact the helpdesk for support." except SignatureExpired: udc_id = signer.unsign(token) # Too slow! logger.info("service=myinfo psu_uuid={0} error=password_timeout".format(udc_id)) error_message = "The password reset expired. Please try again." except BadSignature: logger.info("service=myinfo token={0} error=\"An invalid reset token was passed to OAM PasswordReset\"") error_message = "There was an internal error. Please contact the helpdesk for support." # Something went wrong, forward them back to the password reset link page. if error_message is None: error_message = "There was an internal error. Please contact the helpdesk for support." logger.debug("Reached end of key signing attempt without an error message for token: {0}".format(token)) return render(request, 'PasswordReset/verification.html', {'form' : reset_token_form, 'error' : error_message,})
def check_token(self, request): token = request.GET.get('token') if token is None: return None original = '%s:%s' % (self.get_absolute_file_url(), token) signer = TimestampSigner() try: signer.unsign(original, max_age=settings.FOI_MEDIA_TOKEN_EXPIRY) except SignatureExpired: return None except BadSignature: return False return True
def faculty_schedule(request, name, token): token_full = name + ':' + token signer = TimestampSigner() try: signer.unsign(token_full, max_age=5 * 60 * 5) faculty_pk = int(name.split('_')[-1]) fac = Faculty.objects.filter(pk=faculty_pk)[0] fac_sch = FacultySchedule.objects.filter(faculty=fac) if request.method == 'POST': for s in fac_sch: s.delete() # adding updated entries for day in DAYS: day = day[0] hours = request.POST.getlist(day) if hours: for hour in hours: sch = FacultySchedule(faculty=fac, day=day, hour=int(hour)) sch.save() messages.add_message(request, messages.SUCCESS, "Schedule updated successfully!") return redirect(reverse('home')) elif request.method == 'GET': schedule_dict = {} for day in DAYS: day = day[0] day_schedule = fac_sch.filter(day=day) if day_schedule: schedule_dict[str(day)] = [i.hour for i in day_schedule] schedule_json = json.dumps(schedule_dict) return render( request, 'members/faculty_schedule_change.html', { 'member_slots': get_free_slots_context('member'), 'faculty_slots': schedule_json, 'title': "Weekly schedule update", 'token': token, 'name': name }) except (BadSignature, SignatureExpired): raise Http404
def upload_finalize(request: Request) -> HttpResponseBase: name: str = request.data['name'] status: str = request.data['status'] object_id: str = request.data['id'] upload_sig: str = request.data['signature'] # check if upload_prepare signed this less than max age ago tsigner = TimestampSigner() if object_id != tsigner.unsign(upload_sig, max_age=settings.JOIST_UPLOAD_DURATION): raise BadSignature() signals.joist_upload_finalize.send(sender=upload_finalize, name=name, status=status, object_key=object_id) signer = Signer() sig = signer.sign(object_id) # can be one of aborted|uploaded # TODO move file to where it belongs and return the new name return JsonResponse({ 'name': name, 'status': status, 'id': object_id, 'signature': sig })
def get_access_token(self, code, state, status): if status != "PARTIALLY_AUTHENTICATED": raise Exception('Accountkit could not authenticate the user') try: signer = TimestampSigner() csrf = signer.unsign(state) except BadSignature: raise Exception('Invalid request') # Exchange authorization code for access token token_url = 'https://graph.accountkit.com/%s/access_token' % self.api_version params = { 'grant_type': 'authorization_code', 'code': code, 'access_token': 'AA|%s|%s' % (self.facebook_app_id, self.accountkit_secret) } res = requests.get(token_url, params=params) token_response = res.json() if 'error' in token_response: raise Exception('This authorization code has been used') return token_response.get('access_token')
def _wrapped_view(request, *args, **kwargs): signer = TimestampSigner() user = request.user vid = request.data.get('email_verify_code') try: value = signer.unsign( vid, max_age=timedelta(minutes=settings.VERIFY_EMAIL_MAX_AGE)) except SignatureExpired: return Response({'detail': 'Signature expired.'}, status=status.HTTP_403_FORBIDDEN) except BadSignature: return Response({'detail': 'Bad signature.'}, status=status.HTTP_403_FORBIDDEN) if value != user.username: return Response({'detail': 'Mismatch signature.'}, status=status.HTTP_403_FORBIDDEN) if not user.email_verified: user.email_verified = True user.save() return func(request, *args, **kwargs)
def lookup(self, signed): if signed is None: raise NonceException(_('Токен не указан.')) signer = TimestampSigner() try: payload = signer.unsign(signed, max_age=NONCE_MAX_AGE) except SignatureExpired: raise NonceException(_('Токен устарел.')) except BadSignature: raise NonceException(_('Токен неверный.')) nonce, user_id = payload.split('|') user_klass = get_user_model() user = user_klass.objects.get(pk=user_id) if user_id else None nonce_list = list(self.get_queryset().filter(key=nonce)[:1]) if nonce_list: nonce_obj = nonce_list[0] if nonce_obj.user == user: return nonce_obj else: raise NonceException( _('Текущий пользователь не имеет доступа к токену.')) else: return self.model(key=nonce, user=user)
def find(request, token): try: signer = TimestampSigner(key=request.session.session_key, sep=':') id = b64_decode(signer.unsign(token, max_age=86400).encode('utf-8')) return AsyncResult(id) except: return None
def confirmar_permiso(request): """ ## Confirma un permiso enviado por la url Estado=Aprobado http://127.0.0.1:8000/confirmar/permiso/?token=4:1ay4mm:xeXW4JDTQqU3JYtVC-l_He1gT08&estado=1 Estado=No Aprobado http://127.0.0.1:8000/confirmar/permiso/?token=4:1ay4mm:xeXW4JDTQqU3JYtVC-l_He1gT08&estado=0 La utilidad de esta liibreria es para otorgar un permiso via email """ token_mail = request.GET.get("token") estado = True if request.GET.get("estado") == "1" else False print estado print token_mail signer = TimestampSigner(salt="4g3t1c") try: pk_dpermiso = signer.unsign(token_mail, max_age=3600*1) designacion_permiso = DesignacionPermiso.objects.filter(pk=pk_dpermiso, token_mail=token_mail, token_confirmation_date__isnull=True) if designacion_permiso: designacion_permiso.update(aprobado=estado, token_confirmation_date=timezone.now()) return HttpResponse("El permiso fue aprobado satisfactoriamente") else: return HttpResponse("El permiso ya fue confirmado") except signing.SignatureExpired: return HttpResponse("La clave del mensaje a expirado") except signing.BadSignature: return HttpResponse("Firma de Mensaje Incorrecto")
def parse_invitation_token(token): signer = TimestampSigner() try: payload = signer.unsign(token, max_age=settings.WALDUR_CORE['INVITATION_MAX_AGE']) except BadSignature: raise serializers.ValidationError('Invalid signature.') parts = payload.split('.') if len(parts) != 2: raise serializers.ValidationError('Invalid payload.') user_uuid = parts[0] invitation_uuid = parts[1] if not core_utils.is_uuid_like(user_uuid): raise serializers.ValidationError('Invalid user UUID.') try: user = core_models.User.objects.filter(uuid=parts[0], is_active=True, is_staff=True).get() except core_models.User.DoesNotExist: raise serializers.ValidationError('Invalid user UUID.') if not core_utils.is_uuid_like(invitation_uuid): raise serializers.ValidationError('Invalid invitation UUID.') try: invitation = models.Invitation.objects.get(uuid=parts[1], state=models.Invitation.State.REQUESTED) except models.Invitation.DoesNotExist: raise serializers.ValidationError('Invalid invitation UUID.') return user, invitation
def get_object(self): try: signer = TimestampSigner() member = self.queryset.get( pk=signer.unsign(self.kwargs['pk'], max_age=timedelta( hours=2))) if member.is_active: raise ValidationError({ 'id': _('The link to activate your account has already been used.' ) }) return member except SignatureExpired: raise ValidationError({ 'id': _('The link to activate your account has expired. Please sign up again.' ) }) except BadSignature: raise ValidationError({ 'id': _('Something went wrong on our side. Please sign up again.') })
def post(self, request): errors = [] fatal = False token = request.data.get('token') password = request.data.get('password') if not token: errors.append('Invalid reset token.') fatal = True if not password: errors.append('No password provided.') signer = TimestampSigner(salt=settings.RESET_SALT) if token: try: user_uuid = signer.unsign(token, max_age=settings.RESET_TOKEN_LENGTH) except BadSignature: errors.append( 'Can not reset password because the reset link used was invalid.' ) fatal = True if len(errors) == 0: # set password user = PFBUser.objects.get(uuid=user_uuid) user.set_password(password) user.save() return Response({'status': 'Success'}) else: return Response({ 'errors': errors, 'fatal': fatal }, status.HTTP_400_BAD_REQUEST)
def _check_csrf(self, state): signer = TimestampSigner() if state is None: state = "" try: state = signer.unsign(state, max_age=300) except BadSignature: logger.debug("state has been tempered with") state = "" except SignatureExpired: logger.debug("state has expired") state = "" checks = ( re.search("[a-zA-Z0-9]", state), len(state) == CSRF_TOKEN_LENGTH, ) # validate state parameter if not all(checks): logger.debug("State validation failed:") logger.debug("state: {}".format(state)) logger.debug("checks: {}".format(checks)) self.context["message"] = {"error": "bad_state"}
def validate_key(key, user): signer = TimestampSigner(settings.SECRET_KEY) try: value = signer.unsign(key, max_age=settings.EMAIL_LINK_EXPIRY_DAYS) return str(user.id) == value except (BadSignature, SignatureExpired): return False
def activate(self): """ Function will activate member with given code if it's valid and not expired. :raises signing.BadSignature: Activation code was tampered :raises signing.SignatureExpired: Activation code has expired after 48h :raises ValidationError: The member was already activated :return: None """ if self.activation_code == '': raise ValidationError('The member is already activated') signer = TimestampSigner() signer.unsign(self.activation_code, max_age=timedelta(days=2)) self.hidden = False self.activation_code = '' self.joined_date = timezone.now() self.save()
def check_validation(request): """Function""" username = request.POST.get('username') idcheck = User.objects.filter(username__iexact=username).exists() code = request.POST.get('code') email = request.POST.get('email') signer = TimestampSigner() msg = '' result = False try: value = signer.unsign(code, max_age=180) code_check = value == email if idcheck: msg = u"이미 존재하는 아이디입니다." elif not code_check: msg = u"인증코드가 잘못되었습니다." else: result = True except: msg = u"인증코드가 잘못되었습니다." data = { 'result': result, 'msg': msg, } return JsonResponse(data)
def check_token(request, answer, token): payload = hashlib.sha1('{}:{}'.format(request.session.session_key, answer.pk).encode()).hexdigest() signer = TimestampSigner() try: return payload == signer.unsign(token, max_age=3600 * 24) except BadSignature: return False
def sign_up(request): """Function""" if request.method == "POST": userform = RegistrationForm(request.POST) if userform.is_valid(): userform.save(commit=False) email = userform.cleaned_data['email'] code = userform.cleaned_data['code'] signer = TimestampSigner() try: value = signer.unsign(code, max_age=86400) id_check = value == email if (id_check): msg = u"가입성공.<br><a href=%s>로그인</a>" % reverse_lazy('login') userform.save() else: msg = u"인증코드를 확인해 주세요." except: msg = u"인증코드를 확인해 주세요.." else: msg = u"회원가입 오류.<br>아이디를 확인해 주세요." return HttpResponse(msg) elif request.method == "GET": userform = RegistrationForm() return render( request, "accounts/signup.html", { 'userform': userform, } )
def get(self, request, *args, **kwargs): if self.request.session.has_key( 'checkout_order_id' ) and self.request.session['checkout_order_id']: # If we've already completed a checkout session, just redirect to confirmation. return HttpResponseRedirect(self.get_success_url()) signer = TimestampSigner() try: order_number = signer.unsign(request.GET.get('order_number', ''), max_age=3600) except BadSignature: # The URL has been tampered with, push out to the success page without # modifying the session context return HttpResponseBadRequest() # Flush all session data self.checkout_session.flush() # Save order id in session so thank-you page can load it order = Order.objects.get(number=order_number) self.request.session['checkout_order_id'] = order.id response = HttpResponseRedirect(self.get_success_url()) self.send_signal(self.request, response, order) return response
def lookup(self, signed): if signed is None: raise NonceException("No nonce was provided.") signer = TimestampSigner() try: payload = signer.unsign(signed, max_age=NONCE_MAX_AGE) except BadSignature: raise NonceException("The nonce signature was invalid.") except SignatureExpired: raise NonceException("The nonce has expired.") nonce, user_id = payload.split(":") User = get_user_model() user = User.objects.get(pk=user_id) if user_id else None nonce_list = list(Nonce.objects.filter(key=nonce)[:1]) if nonce_list: nonce_obj = nonce_list[0] if nonce_obj.user == user: return nonce_obj else: raise NonceException("The current user does not have access to the specified nonce.") else: return Nonce(key=nonce, user=user)
def find(request, token): try: signer = TimestampSigner(key=request.session.session_key, sep=':') id = b64_decode(signer.unsign(token, max_age=Task.TIMEOUT).encode('utf-8')) return Task.status(id) except: return None
def verify_email(self, code): if code: signer = TimestampSigner() try: code = code.encode('utf-8') max_age = datetime.timedelta( days=settings.VERIFICATION_CODE_EXPIRED).total_seconds() code = force_bytes(code) code = b64_decode(code) code = code.decode() email = signer.unsign(code, max_age=max_age) user = StdUser.objects.get(**{ StdUser.USERNAME_FIELD: email, 'is_active': False }) user.is_active = True user.code = "None code" user.save() return True, ('Your account has been activated.') except (BadSignature, StdUser.DoesNotExist, TypeError, UnicodeDecodeError): raise ValueError('Error') return False, ( 'Activation link is incorrect, please resend request') else: raise ValueError('No code')
def userdeny(request): signer = TimestampSigner() try: signed_data = request.POST.get("signed_app_data") raw_data_str = signer.unsign(signed_data, max_age=300) except: response = PrettyJsonResponse({ "ok": False, "error": ("The signed data received was invalid." " Please try the login process again. " "If this issue persists, please contact support.") }) response.status_code = 400 return response try: data = json.loads(raw_data_str) except: response = PrettyJsonResponse({ "ok": False, "error": ("The JSON data was not in the expected format." " Please contact support.") }) response.status_code = 400 return response # We can trust this value because it came from a signed dictionary app = App.objects.get(client_id=data["client_id"]) state = data["state"] redir = "{}?result=denied&state={}".format(app.callback_url, state) # Now check if a token has been granted in the past. If so, invalidate it. # There shouldn't be a situation where more than one user/app token pair # exists but, just in case, let's invalidate them all. try: users = User.objects.filter(employee_id=data["user_upi"]) user = users[0] except (User.DoesNotExist, KeyError): response = PrettyJsonResponse({ "ok": False, "error": "User does not exist. This should never occur. " "Please contact support." }) response.status_code = 400 return response tokens = OAuthToken.objects.filter(app=app, user=user) for token in tokens: token.active = False token.save() # Send the user to the app's denied permission page return redirect(redir)
def parse_token(self, token): signer = TimestampSigner() try: return signer.unsign(token, max_age=259200) except BadSignature: raise ValidationError({'token': ['Link invalido']}) except SignatureExpired: raise ValidationError({'token': ['Link scaduto']})
def find(request, token): try: signer = TimestampSigner(key=request.session.session_key, sep=':') id = b64_decode( signer.unsign(token, max_age=Task.TIMEOUT).encode('utf-8')) return Task.status(id) except: return None
def validateCode(self, app, action, captcha): timeSigner = TimestampSigner(salt=app) try: if action == timeSigner.unsign(captcha, self.maxAge): return True except Exception: pass return False
def unsign_acode(acodestr): signer = TimestampSigner(salt=salt) try: code = signer.unsign(acodestr, max_age=(3600 * 24 * 14)) except: print('invalid acode') code = None return code
def sign_up(request): """Sign up""" if request.method == "POST": userform = RegistrationForm(request.POST) if userform.is_valid(): userform.save(commit=False) username = userform.cleaned_data['username'] q = Q(username__iexact=username) | Q(first_name__iexact=username) if User.objects.filter(q).exists() or \ len(username) < settings.ID_MIN_LENGTH or \ len(username) > settings.ID_MAX_LENGTH: errormsg = _('Please check username.') return error_page(request, errormsg) if settings.ENABLE_NICKNAME: nick = userform.cleaned_data['first_name'] if nick: q = Q(username__iexact=nick) | Q(first_name__iexact=nick) if User.objects.filter(q).exists() or \ len(nick) < settings.NICKNAME_MIN_LENGTH or \ len(nick) > settings.NICKNAME_MAX_LENGTH: errormsg = _('Please check nickname.') return error_page(request, errormsg) code = userform.cleaned_data['code'] email = userform.cleaned_data['email'] signer = TimestampSigner() try: value = signer.unsign( code, max_age=settings.VERIFICATION_CODE_VALID) code_check = value == email if code_check: userform.save() return render( request, "accounts/join.html", ) else: errormsg = _('Verification failure. Please check verification code again.') except: errormsg = _('Verification failure. Please check verification code again.') else: errormsg = _('Sorry. Please try again later.') return error_page(request, errormsg) elif request.method == "GET": userform = RegistrationForm() return render( request, "accounts/signup.html", { 'userform': userform, } )
def _token2user_id(self, token): signer = TimestampSigner() try: # 如果加上max_age就可以控制登录有效时长 max_age = 12 * 60 * 60 user_id = signer.unsign(token, max_age=max_age) except SignatureExpired as e: raise errors.LoginExpireError return int(user_id)
def get_local_file_path_id_from_token(token: str) -> Optional[str]: signer = TimestampSigner(salt=LOCAL_FILE_ACCESS_TOKEN_SALT) try: signed_data = base64.b16decode(token).decode("utf-8") path_id = signer.unsign(signed_data, max_age=timedelta(seconds=60)) except (BadSignature, binascii.Error): return None return path_id
def find_temporary_file(token): signer = TimestampSigner(sep=':') filename, attachment_filename, mimetype = b64_decode(signer.unsign( token, max_age=TEMPORARY_FILE_TTL).encode('utf-8')).split(',') return ( secure_join(settings.MEDIA_ROOT, 'temporary', filename), attachment_filename, mimetype, )
def reset_password(cls, signature: str, new_password: str) -> None: signer = TimestampSigner() try: user_pk = signer.unsign(signature, max_age=settings.AWESOME_RESET_PASSWORD_EXPIRATION_DELTA) user = UserAccount.objects.active().get(pk=user_pk) except (SignatureExpired, BadSignature, UserAccount.DoesNotExist) as e: raise InvalidResetPasswordSignatureError(gettext("Invalid confirmation code or user does not exist")) from e else: cls.change_password(user, new_password)
def decryption(self, *args, **kwargs): time_stamp = TimestampSigner() data = kwargs.pop('data', None) try: data = time_stamp.unsign(data, max_age=3600) data = signing.loads(data) except Exception as e: print(e) return data
def restore_password(self, inp): key = self.user.username + ":" + inp signer = TimestampSigner() try: x = signer.unsign(key, max_age=60*5) if x == self.user.username: return True except (SignatureExpired, BadSignature): pass return False
def unsign_user_id(b64_user_id, max_age=None): try: id_signer = TimestampSigner() unencoded_user_id = base64.urlsafe_b64decode(b64_user_id.encode('utf-8')).decode('utf-8') signed = id_signer.unsign(unencoded_user_id, max_age) return signed.split(':', 1)[0] except Exception as e: print(e) return None
def advanced_click_register(request, ad_identifier): signer = TimestampSigner() try: ad_pk = signer.unsign(ad_identifier) except BadSignature: raise Http404 advert = get_object_or_404(Advertisement, pk=ad_pk) advert.clicked() return HttpResponseRedirect(advert.url)
def get(self, request, *args, **kwargs): signer = TimestampSigner() try: ad_pk = signer.unsign(kwargs["ad_identifier"]) except BadSignature: raise Http404 advert = get_object_or_404(Advertisement, pk=ad_pk) advert.clicked() return HttpResponseRedirect(advert.url)
def dispatch(self, request, *args, **kwargs): ''' ''' signer = TimestampSigner() try: value = request.get_signed_cookie('recovery_key') self.value = signer.unsign(value, max_age=self.max_age) except: return HttpResponseForbidden('This page is expired') else: return super(SetNewPassword, self).dispatch(request, *args, **kwargs)
def is_valid(self): if self.force_expiry: return False signer = TimestampSigner() try: username = signer.unsign(self.token, max_age=self.expiry_seconds) except (BadSignature, SignatureExpired): return False return username == self.user.username
def returned_wrapper(request, *args, **kwargs): if request.method == "POST": code = request.POST.get('code', None) if code is None: code = request.GET.get('code', None) else: code = request.GET.get('code', None) if code: value = base64.b64decode(code) signer = TimestampSigner() try: username = signer.unsign(value, ONE_DAY) INFO_LOG.info(gen_info_msg(request, action='链接正常', code_url=request.path, valid=True, username=username)) return func(request, *args, **kwargs) except (SignatureExpired, BadSignature, TypeError), e: username = signer.unsign(value) if isinstance(e, SignatureExpired): messages.error(request, '链接已失效') INFO_LOG.info(gen_info_msg(request, action=u'链接已失效', code_url=request.path, valid=False, username=username)) elif isinstance(e, BadSignature): messages.error(request, '链接被篡改') INFO_LOG.info(gen_info_msg(request, action=u'链接被篡改', code_url=request.path, valid=False, username=username)) return HttpResponseRedirect(settings.LOGIN_URL)
def get(self, request, *args, **kwargs): verify_val = kwargs['pk'] signer = TimestampSigner() try: value = signer.unsign(verify_val, max_age=timedelta(seconds=100)) except SignatureExpired: msg = u'验证过期, 重新验证' return render(request, self.template_name, {'msg': msg}) else: pass pk = int(value) user = get_object_or_404(User, pk=pk) personinfo = user.personinfo personinfo.auth_mail = True personinfo.save() msg = u'验证通过' return render(request, self.template_name, {'msg': msg})
def login(request, signature): """ Automatically logs in a user based on a signed PK of a user object. The signature should be generated with the `login` management command. The signature will only work for 60 seconds. """ signer = TimestampSigner() try: pk = signer.unsign(signature, max_age=MAX_AGE_OF_SIGNATURE_IN_SECONDS) except (BadSignature, SignatureExpired) as e: return HttpResponseForbidden("Can't log you in") user = get_object_or_404(get_user_model(), pk=pk) # we *have* to set the backend for this user, so we just use the first one user.backend = settings.AUTHENTICATION_BACKENDS[0] django_login(request, user) return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def get(self, request, activation_key, *args, **kwargs): signer = TimestampSigner() expiration = get_configuration("QS_SIGNUP_TOKEN_EXPIRATION_DAYS") try: username = signer.unsign(activation_key, max_age=expiration * SECONDS_IN_DAY) except (BadSignature, SignatureExpired): return super().get(request, *args, **kwargs) user_model = get_user_model() try: user = user_model.objects.activate(username) except user_model.DoesNotExist: return super().get(request, *args, **kwargs) if user.is_active: user_activated.send(sender=self.__class__, user=user, request=request) if get_configuration("QS_SIGNUP_AUTO_LOGIN"): self._login_user(request, user) return redirect(self.get_success_url())
class AuthKey(object): """Command authorisation key class.""" def __init__(self, value=None): """Initialise new AuthKey instance.""" self.signer = TimestampSigner(salt="auth") self._data = { 'clear': value, 'signed': self.signer.sign(value) } @property def clear(self): """Get cleartext key value.""" return self._data['clear'] @property def signed(self): """Get cyphertext key value.""" return self._data['signed'] def validate(self, key, life=None): """Validate key value.""" if not life and settings.LIFETIME: life = settings.LIFETIME try: clear = self.signer.unsign(key, max_age=life) except SignatureExpired as e: raise KeyValidityExpired("{}".format(e)) if self.clear == clear: return True else: raise KeyValueMismatchError(keyval=clear, refval=self.clear) def __str__(self): """Return string representation.""" return self.signed def __unicode__(self): """Return string representation.""" return self.__str__() # pragma: no cover
def edit(request, signed_id): signer = TimestampSigner() try: id = signer.unsign(signed_id, max_age=30 * 60) # 30 minutes member = Member.objects.get(pk=id) except (BadSignature, SignatureExpired, Member.DoesNotExist): return render(request, "members/edit_failed.html") member_form = MemberForm(instance=member) email_form = MemberEmailEditForm(instance=member) if request.method == "POST": if "edit_member" in request.POST: member_form = MemberForm(request.POST, instance=member) if member_form.is_valid(): member_form.save() messages.success(request, "Jäsentiedot tallennettu.") return HttpResponseRedirect(request.get_full_path()) else: messages.error(request, "Korjaa jäsentiedoissa esiintyvät virheet.") elif "edit_email" in request.POST: email_form = MemberEmailEditForm(request.POST, instance=member) if email_form.is_valid(): email_form.save() messages.success(request, u"Syöttämääsi sähköpostiosoitteeseen %s lähetettiin vahvistusviesti, \ josta löytyvää linkkiä sinun tulee käydä klikkaamassa vahvistaaksesi muutoksen." % email_form.cleaned_data["email"]) return HttpResponseRedirect(request.get_full_path()) else: messages.error(request, "Korjaa virheet.") try: latest_invoice = member.invoices.latest() except Invoice.DoesNotExist: latest_invoice = None return render(request, "members/edit.html", {"member": member, "member_form": member_form, "email_form": email_form, "latest_invoice": latest_invoice, 'invoices': member.invoices.all() })
def activate_account(request, token): signer = TimestampSigner(salt='account activation', sep='.') try: user_id = int(signer.unsign(token, 8 * 60 * 60)) user = User.objects.get(id=user_id) except (TypeError, ValueError, OverflowError, User.DoesNotExist, BadSignature, SignatureExpired) as e: user = None if user is not None: user.is_active = True user.save() user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) messages.info(request, _("Your account is active! You may now participate on the site.")) return redirect('osnap_front_page') else: return render(request, "osnap/accounts/done.html", { "action": "bad link" })
def get(self, request, *args, **kwargs): if self.request.session.has_key('checkout_order_id') and self.request.session['checkout_order_id']: # If we've already completed a checkout session, just redirect to confirmation. return HttpResponseRedirect(self.get_success_url()) signer = TimestampSigner() try: order_number = signer.unsign(request.GET.get('order_number', ''), max_age=3600) except BadSignature: # The URL has been tampered with, push out to the success page without # modifying the session context return HttpResponseBadRequest() # Flush all session data self.checkout_session.flush() # Save order id in session so thank-you page can load it order = Order.objects.get(number=order_number) self.request.session['checkout_order_id'] = order.id response = HttpResponseRedirect(self.get_success_url()) self.send_signal(self.request, response, order) return response
def caja(request, problem_id=None, authToken=None): signer = TimestampSigner() if request.GET.get('type') == 'getToken': value = signer.sign(binascii.b2a_hex(os.urandom(15))) return HttpResponse("/publicproblem/" + request.GET.get('id') + "/" + value) if authToken is None: value = signer.sign(binascii.b2a_hex(os.urandom(15))) publicProblem = PublicProblem.objects.get(pk=problem_id) verifiedByUser = False if publicProblem.verifiedBy1 is not None and publicProblem.verifiedBy1 == request.user: verifiedByUser = True elif publicProblem.verifiedBy2 is not None and publicProblem.verifiedBy2 == request.user: verifiedByUser = True elif publicProblem.verifiedBy3 is not None and publicProblem.verifiedBy3 == request.user: verifiedByUser = True return render(request, "publicproblem/caja.html", {'verifiedByUser':verifiedByUser, 'request':request, 'token':value, 'id':problem_id, 'author':publicProblem.author.username, 'problem':publicProblem}) else: try: if settings.DEBUG == True: original = signer.unsign(authToken[1:]) else: original = signer.unsign(authToken[1:], max_age=5) except signing.BadSignature: return HttpResponse("incorrect token") publicProblem = PublicProblem.objects.get(pk=problem_id) if publicProblem.title.startswith('temporary-problem-'): if publicProblem.title != 'temporary-problem-' + request.user.username: return HttpResponse("you don't have permission to view this problem") randomList = re.findall(r"(r\d+)", publicProblem.text) randomSet = set(randomList) publicProblem.text = re.sub(r'<span class="math-tex">(.+?)</span>', r"\1", publicProblem.text) publicProblem.text = re.sub(r'\\', r'\\\\', publicProblem.text) tempString = "" tempAssignValues = "" tempReplaceDivs = "" tempReplaceReg = "" for counter, s in enumerate(randomSet): tempString += "var " + s + " = {};\n" tempString += "tempArray.push(" + s + ");\n" tempAssignValues += s + " = tempArray[%d].value;\n" % counter tempReplaceDivs += "elementList = document.querySelectorAll('." + s + "'); for(var i=0; i < elementList.length;i++){elementList[i].innerHTML = tempArray[%d].value;\n" % counter tempReplaceReg += "tempString = tempString.replace(/" + s + "/g, tempArray[%d].value.toString());\n" % counter publicProblem.replaceReg = tempReplaceReg publicProblem.replaceDivs = tempReplaceDivs publicProblem.assignValues = tempAssignValues publicProblem.vars = tempString publicProblem.numRandom = len(randomSet) publicProblem.authorName = publicProblem.author #make javascript look nice in html publicProblem.code = publicProblem.javascript.replace('\n', "<br />") #grab all javascript variables so that we can declare them for ES5 Strict Mode compliance publicProblem.javascript = ";" + publicProblem.javascript variableList = re.findall(r'[((|;|\s*]([a-zA-Z_$][a-zA-Z0-9_$]*)\s*=', publicProblem.javascript) variableSet = set(variableList) publicProblem.variableSet = variableSet #grab the user variable min/max configuration publicProblem.userMinMaxLines = re.findall(r'r\d+\..*=.*;', publicProblem.javascript) #TODO we might want to also get rid of the \n characters publicProblem.javascript = re.sub(r'r\d+\..*=.*;', r'', publicProblem.javascript) #delete user min/max lines TODO we might want to also get rid of the \n characters context = {"publicProblem": publicProblem} return HttpResponse(render_to_string("publicproblem/index.html", context))
class SignerField(object): """ Generate signature of values fields """ KEY = 'sign' def __init__(self, form, data, *args): from .forms import RelatedForm, ModelRelatedForm assert isinstance(form, (RelatedForm, ModelRelatedForm)), \ 'Parameter name of "form" is not belongs instance class of "RelatedForm" or "ModelRelatedForm"!' self.__signer = TimestampSigner() self.__form = form self.__data = data self.__sent_signature = None self.__signature = None if len(form.meta_signer_fields): if dict(*args) or data: self.__signature = self.generate_signature(dict(*args) or data) if form.is_bound: self.__sent_signature = dict(*args).get(SignerField.KEY) form.fields[SignerField.KEY] = forms.CharField(widget=forms.HiddenInput()) @property def signer(self): return self.__signer @property def signature(self): return self.__signature def fields_values(self, data): """ Values of the fields that require the generation of a signature :param data: :return: """ for sf in self.__form.meta_signer_fields: yield data.get(sf) def combine_values(self, data): """ Combining the values of fields that require the generation of a signature :param data: :return: """ r = list() # v -> Value field for v in self.fields_values(data): if v is None: continue r.append(str(v)) return '.'.join(r) def generate_signature(self, data): """ Generation of signature fields :param data: :return: """ val = self.combine_values(data) return self.__signer.sign(val) if val else None def validate(self): """ Validate signature :return bool|None: """ if not len(self.__form.meta_signer_fields): return None try: s1 = self.__signer.unsign(self.signature) s2 = self.__signer.unsign(self.__sent_signature) return s1 == s2 except BadSignature: return False
def get_username(self): reset_token = self.kwargs["reset_token"] signer = TimestampSigner() expiration = get_configuration("PASSWORD_RESET_TIMEOUT_DAYS") return signer.unsign(reset_token, max_age=expiration * SECONDS_IN_DAY)
def validate_key(key, user, for_subscription=True): salt = 'subscription' if for_subscription else 'unsubscription' signer = TimestampSigner(settings.SECRET_KEY, salt=salt) value = signer.unsign(key, max_age=settings.EMAIL_LINK_EXPIRY_DAYS) return str(user.id) == value
def to_python(self, value): signer = TimestampSigner() try: return signer.unsign(value, max_age=total_seconds(self.timeout)) except: raise forms.ValidationError('Malformed signature.')