def post(self): """Handle a post request from the create/update/edit form""" # Handle a form submission from list page if self.request.get("edit_form"): authorization = db.get(self.request.get("authorization_key")) if not authorization: return self.error(404, _("No such Authorization entity.")) return self.render_form(authorization) # Handle authorization form submission if not (self.params.contact_name and self.params.contact_email and self.params.organization_name): return self.error(400, _("Please fill in all the required fields.")) original_key = self.request.get("key") if original_key: # just override the existing one existing_authorization = db.get(original_key) if not existing_authorization: return self.error(404, _("No such Authorization entity.")) key_str = existing_authorization.api_key action = ApiKeyManagementLog.UPDATE else: key_str = utils.generate_random_key(API_KEY_LENGTH) action = ApiKeyManagementLog.CREATE authorization = Authorization.create(self.repo, key_str, **to_authorization_params(self.params)) authorization.put() management_log = ApiKeyManagementLog(repo=self.repo, api_key=authorization.api_key, action=action) management_log.put() self.redirect("/admin/api_keys?repo=%s&log_key=%s" % (self.repo, management_log.key()))
def set_content_security_policy(self): """Sets the CSP in the headers. Returns the nonce to use for scripts.""" csp_nonce = utils.generate_random_key(20) csp_value = ('object-src \'none\'; ' 'script-src \'nonce-%s\' \'unsafe-inline\' ' '\'strict-dynamic\' https: http:; ' 'base-uri \'none\';') % csp_nonce self.response.headers['Content-Security-Policy'] = csp_value return csp_nonce
def found_face_object(found): with FoundsSession() as manager: key = generate_random_key() manager.create(key, { 'face_id': found[0], 'place': place, 'camera': camera, 'date': datetime.now() }) add_to_history(key, found)
def post(self, request, *args, **kwargs): self.enforce_xsrf('admin_api_keys') # Navigation to an individual key's management page is handled by making # a POST request to this view. When it's such a request, the edit_form # param will be set. if self.params.edit_form: authorization = db.get(self.params.authorization_key) if not authorization: return self.error(404, t.ugettext('No such Authorization entity.')) return self._render_form(authorization) if not (self.params.contact_name and self.params.contact_email and self.params.organization_name): return self.error( 400, t.ugettext('Please fill in all the required fields.')) repo = self.env.repo if repo == 'global': repo = '*' if self.params.key: # Just override the existing one. existing_authorization = db.get(self.params.key) if not existing_authorization: return self.error(404, t.ugettext('No such Authorization entity.')) # This shouldn't happen unless an admin does something funny with # URLs, but check just to be safe. if existing_authorization.repo != repo: return self.error( 400, t.ugettext( 'Authorization already exists for another repo! ' 'That\'s not expected.')) key_str = existing_authorization.api_key action = model.ApiKeyManagementLog.UPDATE else: key_str = utils.generate_random_key(_API_KEY_LENGTH) action = model.ApiKeyManagementLog.CREATE authorization = self._make_authorization(repo, key_str) management_log = model.ApiKeyManagementLog( repo=repo, api_key=authorization.api_key, action=action, ip_address=request.META.get('REMOTE_ADDR'), key_state=authorization.summary_str()) management_log.put() return django.shortcuts.redirect( self.build_absolute_uri('/%s/admin/api_keys?repo=%s&log_key=%s' % (self.env.repo or 'global', self.env.repo or 'global', management_log.key())))
def set_content_security_policy(self): """Sets the CSP in the headers. Returns the nonce to use for scripts.""" csp_nonce = utils.generate_random_key(20) csp_value = ( 'object-src \'none\'; ' 'script-src \'nonce-%s\' \'unsafe-inline\' ' '\'strict-dynamic\' https: http:; ' 'base-uri \'none\';' ) % csp_nonce self.response.headers['Content-Security-Policy'] = csp_value return csp_nonce
def create_note(self, title): # need to get a key unique to this database. not really important # what it is, as long as it's unique. new_key = utils.generate_random_key() while new_key in self.notes: new_key = utils.generate_random_key() timestamp = time.time() # note has no internal key yet. new_note = { 'content' : title, 'modifydate' : timestamp, 'createdate' : timestamp, 'savedate' : 0, # never been written to disc 'syncdate' : 0 # never been synced with server } self.notes[new_key] = new_note return new_key
def create_note(self, title): # need to get a key unique to this database. not really important # what it is, as long as it's unique. new_key = utils.generate_random_key() while new_key in self.notes: new_key = utils.generate_random_key() timestamp = time.time() # note has no internal key yet. new_note = { 'content': title, 'modifydate': timestamp, 'createdate': timestamp, 'savedate': 0, # never been written to disc 'syncdate': 0 # never been synced with server } self.notes[new_key] = new_note return new_key
def post(self): """Handle a post request from the create/update/edit form""" user = users.get_current_user() xsrf_tool = utils.XsrfTool() if not (self.params.xsrf_token and xsrf_tool.verify_token( self.params.xsrf_token, user.user_id(), 'admin_api_keys')): return self.error(403) # Handle a form submission from list page if self.request.get('edit_form'): authorization = db.get(self.request.get('authorization_key')) if not authorization: return self.error(404, _('No such Authorization entity.')) return self.render_form(authorization) # Handle authorization form submission if not (self.params.contact_name and self.params.contact_email and self.params.organization_name): return self.error(400, _('Please fill in all the required fields.')) original_key = self.request.get('key') if original_key: # just override the existing one existing_authorization = db.get(original_key) if not existing_authorization: return self.error(404, _('No such Authorization entity.')) key_str = existing_authorization.api_key action = ApiKeyManagementLog.UPDATE else: key_str = utils.generate_random_key(API_KEY_LENGTH) action = ApiKeyManagementLog.CREATE repo = self.repo or '*' authorization = Authorization.create( repo, key_str, **to_authorization_params(self.params)) authorization.put() management_log = ApiKeyManagementLog(repo=repo, api_key=authorization.api_key, action=action) management_log.put() self.redirect('/admin/api_keys?repo=%s&log_key=%s' % (self.repo, management_log.key()))