Exemple #1
0
def we_callback(request):
    signature = request.GET.get('signature', '')
    timestamp = request.GET.get('timestamp', '')
    nonce = request.GET.get('nonce', '')
    echostr = request.GET.get('echostr', '')
    encrypt_type = request.GET.get('encrypt_type', '')
    msg_signature = request.GET.get('msg_signature', '')

    CFG = final_cfg(request, state='callback')

    # 校验签名
    if not check_callback_signature(CFG['token'], signature, timestamp, nonce):
        return HttpResponse()

    if request.method == 'GET':
        return HttpResponse(echostr)

    xml = request.body

    resp_xml = ''
    if hasattr(settings, 'DJANGO_WE_MESSAGE_CALLBACK_FUNC') and hasattr(
            settings.DJANGO_WE_MESSAGE_CALLBACK_FUNC, '__call__'):
        decrypted = msg.decrypt(CFG['appID'],
                                token=CFG['token'],
                                encodingaeskey=CFG['encodingaeskey'],
                                post_data=xml,
                                encrypt=None,
                                msg_signature=msg_signature,
                                timestamp=timestamp,
                                nonce=nonce,
                                xmltodict=True)
        resp_xml = settings.DJANGO_WE_MESSAGE_CALLBACK_FUNC(
            request, xml_to_dict(xml), decrypted or {}) or ''

    if resp_xml:
        resp_xml = msg.encrypt(CFG['appID'],
                               token=CFG['token'],
                               encodingaeskey=CFG['encodingaeskey'],
                               resp_xml=resp_xml,
                               nonce=nonce,
                               timestamp=None,
                               random_str=None)

    return HttpResponse(resp_xml or 'success')
Exemple #2
0
def we_component_auth(request):
    signature = request.GET.get('signature', '')
    timestamp = request.GET.get('timestamp', '')
    nonce = request.GET.get('nonce', '')
    encrypt_type = request.GET.get('encrypt_type', '')
    msg_signature = request.GET.get('msg_signature', '')

    CFG = final_cfg(request, state='component_auth')

    # 校验签名
    if not check_callback_signature(CFG['token'], signature, timestamp, nonce):
        return HttpResponse()

    xml = request.body

    # 消息解密
    decrypted = msg.decrypt(CFG['appID'],
                            token=CFG['token'],
                            encodingaeskey=CFG['encodingaeskey'],
                            post_data=xml,
                            encrypt=None,
                            msg_signature=msg_signature,
                            timestamp=timestamp,
                            nonce=nonce,
                            xmltodict=True)

    # 获取 InfoType
    InfoType = decrypted.get(
        'InfoType', ''
    )  # unauthorized是取消授权,updateauthorized是更新授权,authorized是授权成功通知,component_verify_ticket

    # 当 InfoType 为 component_verify_ticket 时,进行保存 component_verify_ticket 的操作
    if InfoType == 'component_verify_ticket':
        # Set Component Verify Ticket into Redis
        set_component_verify_ticket(
            appid=CFG['appID'],
            secret=CFG['appsecret'],
            token=CFG['token'],
            encodingaeskey=CFG['encodingaeskey'],
            post_data=xml,
            encrypt=None,
            msg_signature=msg_signature,
            timestamp=timestamp,
            nonce=nonce,
            storage=redis_storage(request),
        )

        # Set Component Verify Ticket into MySQL
        component_verify_ticket_push_func(CFG['appID'], CFG['appsecret'],
                                          decrypted)

    resp_xml = ''
    if hasattr(settings, 'DJANGO_WE_COMPONENT_AUTH_FUNC') and hasattr(
            settings.DJANGO_WE_COMPONENT_AUTH_FUNC, '__call__'):
        resp_xml = settings.DJANGO_WE_COMPONENT_AUTH_FUNC(
            request, xml_to_dict(xml), decrypted or {}) or ''

    if resp_xml:
        resp_xml = msg.encrypt(CFG['appID'],
                               token=CFG['token'],
                               encodingaeskey=CFG['encodingaeskey'],
                               resp_xml=resp_xml,
                               nonce=nonce,
                               timestamp=None,
                               random_str=None)

    return HttpResponse(resp_xml or 'success')