Exemple #1
0
def use_token(request, token_str=None, **kwargs):
    if not token_str is None:
        #print "use_token: {}".format(token_str)
        token = get_object_or_404(Token, token=token_str)
        response = HttpResponseRedirect(token.url)
        if True or not token.used:
            # our tokens are not single use so never lock them out
            response = HttpResponseRedirect(token.url)
            token.used = True
            token.save()
            signal_token_used.send(sender=use_token, request=request, token=token)
            max_age = 2592000
            expires_time = time.time() + max_age
            expires = cookie_date(expires_time)
            tokens_list = list(set(get_tokens_from_cookie(request) + [token.token]))
            tokens = '|'.join(tokens_list)
            response.set_cookie(TOKEN_COOKIE, tokens, max_age=max_age, expires=expires)
        # if token is used but user doesn't have token cookie so tell them NO
        elif not user_has_token_cookie(request, token_str=token.token):
            response = HttpResponseRedirect(
                reverse('token_used', kwargs={'token_str':token.token,}))
        # cookie's expired... answer is still no
        elif not token.valid_until is None and token.valid_until <= datetime.datetime.now():
            response = HttpResponseRedirect(reverse('token_expired'))
        # user has a cookie with that token and it's still valid
        elif token.single_use:
            token.delete()
        signal_token_visited.send(sender=use_token, request=request, token=token)
        return response
    else:
        return direct_to_template(request, template='token_auth/token_invalid.html', **kwargs)
Exemple #2
0
 def process_request(self, request):
     CHECK_TOKEN = False
     try:
         view, args, kwargs = resolve(request.path)
         if "use_token" is view.__name__:
             CHECK_TOKEN = True
     except:
         pass
     if CHECK_TOKEN:
         pass
     elif request.path == reverse("login_form"):
         pass
     else:
         where_sql = "SUBSTR(%s, 1, LENGTH(url)) = url"
         if ProtectedURL.objects.extra(where=[where_sql], params=[request.path]):
             user_tokens = get_tokens_from_cookie(request)  # get the user's tokens
             tokens = Token.active_objects.filter(token__in=user_tokens).order_by("url")
             if tokens:
                 for token in tokens:
                     if request.path.startswith(token.url):
                         signal_token_visited.send(sender=self.__class__, request=request, token=token)
                         request.valid_token = token
                         break
             allowed = self.check_for_user_or_token(request)
             if not allowed:
                 return HttpResponseRedirect(reverse("login_form"))
Exemple #3
0
 def process_request(self, request):
     CHECK_TOKEN = False
     try:
         view, args, kwargs = resolve(request.path)
         if 'use_token' is view.__name__: CHECK_TOKEN = True
     except:
         pass
     if CHECK_TOKEN:
         pass
     elif request.path == reverse('login_form'):
         pass
     else:
         where_sql = 'SUBSTR(%s, 1, LENGTH(url)) = url'
         if ProtectedURL.objects.extra(where=[where_sql],
                                       params=[request.path]):
             user_tokens = get_tokens_from_cookie(
                 request)  # get the user's tokens
             tokens = Token.active_objects.filter(
                 token__in=user_tokens).order_by('url')
             if tokens:
                 for token in tokens:
                     if request.path.startswith(token.url):
                         signal_token_visited.send(sender=self.__class__,
                                                   request=request,
                                                   token=token)
                         request.valid_token = token
                         break
             allowed = self.check_for_user_or_token(request)
             if not allowed:
                 return HttpResponseRedirect(reverse('login_form'))
Exemple #4
0
def use_token(request, token_str=None, **kwargs):
    if not token_str is None:
        token = get_object_or_404(Token, token=token_str)
        response = HttpResponseRedirect(token.url)
        if not token.used:
            response = HttpResponseRedirect(token.url)
            token.used = True
            token.save()
            signal_token_used.send(sender=use_token,
                                   request=request,
                                   token=token)
            max_age = 2592000
            expires_time = time.time() + max_age
            expires = cookie_date(expires_time)
            tokens_list = list(
                set(get_tokens_from_cookie(request) + [token.token]))
            tokens = '|'.join(tokens_list)
            response.set_cookie(TOKEN_COOKIE,
                                tokens,
                                max_age=max_age,
                                expires=expires)
        # if token is used but user doesn't have token cookie so tell them NO
        elif not user_has_token_cookie(request, token_str=token.token):
            response = HttpResponseRedirect(
                reverse('token_used', kwargs={
                    'token_str': token.token,
                }))
        # cookie's expired... answer is still no
        elif not token.valid_until is None and token.valid_until <= datetime.datetime.now(
        ):
            response = HttpResponseRedirect(reverse('token_expired'))
        # user has a cookie with that token and it's still valid
        elif token.single_use:
            token.delete()
        signal_token_visited.send(sender=use_token,
                                  request=request,
                                  token=token)
        return response
    else:
        return direct_to_template(request,
                                  template='token_auth/token_invalid.html',
                                  **kwargs)