def check_url_signature_token(qr_code_options, token):
url_protection_options = get_url_protection_options()
signer = Signer(key=url_protection_options[constants.SIGNING_KEY],
salt=url_protection_options[constants.SIGNING_SALT])
try:
# Check signature.
url_protection_string = signer.unsign(token)
# Check that the given token matches the request parameters.
random_token = url_protection_string.split('.')[-1]
if get_qr_url_protection_token(qr_code_options,
random_token) != url_protection_string:
raise PermissionDenied(
"Request query does not match protection token.")
except BadSignature:
raise PermissionDenied("Wrong token signature.")
def check_image_access_permission(request, qr_code_options):
"""Handle image access protection (we do not allow external requests for anyone)."""
url_protection_options = get_url_protection_options(request.user)
if not url_protection_options['ALLOWS_EXTERNAL_REQUESTS']:
token = request.GET.get('token', '')
signer = Signer(key=url_protection_options['SIGNING_KEY'],
salt=url_protection_options['SIGNING_SALT'])
try:
# Check signature.
url_protection_string = signer.unsign(token)
# Check that the given token matches the request parameters.
random_token = url_protection_string.split('.')[-1]
if get_qr_url_protection_token(
qr_code_options, random_token) != url_protection_string:
raise PermissionDenied(
"Request query does not match protection token.")
except BadSignature:
raise PermissionDenied("Wrong token signature.")
