def form_type(context, form_type):
mu_forms = getattr(settings, "MULTIUPLOADER_FORMS_SETTINGS", DEFAULTS.MULTIUPLOADER_FORMS_SETTINGS)
signer = Signer()
if form_type:
import warnings
if form_type == "" or form_type not in mu_forms:
if settings.DEBUG:
warnings.warn(
"A {% form_type %} was used in a template but such form_type (%s) was not provided in settings, default used instead"
% form_type
)
return mark_safe(
u"<div style='display:none'><input type='hidden' name='form_type' value='%s' /></div>"
% signer.sign("default")
)
else:
return mark_safe(
u"<div style='display:none'><input type='hidden' name='form_type' value='%s' /></div>"
% signer.sign(form_type)
)
else:
# It's very probable that the form_type is missing because of
# misconfiguration, so we raise a warning
if settings.DEBUG:
warnings.warn("A {% form_type %} was used in a template but form_type was not provided")
return mark_safe(u"")
def Shared_Decks(request):
u_id = request.GET.get('u_id')
user = None
user_name = None
signer = Signer(request.user.id)
try:
user = signer.unsign(u_id)
except signing.BadSignature:
return HttpResponse(json.dumps({"Tampering": "bad signature"}))
shared_decks = Deck.objects.filter(user_id = user, share_flag = 1, deleted_flag = 0)
deck_list = []
for deck in shared_decks:
deck_list.append({
"orig_deck_id" : signer.sign(deck.deck_id),
"deck_name" : deck.deck_name,
"share" : deck.share_flag,
})
form = NewDeck(initial={'user' : request.user.id})
getname = User.objects.filter(id = user)
for user_obj in getname:
user_name = user_obj.username
context = {
"shared_user_id" : user,
"shared_user_name" : user_name,
"shared_decks" : deck_list,
"clone_form" : form,
"sign" : signer.sign(request.user.id)
}
return render(request, 'flash_cards/shared_profile.html', context)
def send_singup_conf(self, cliente):
signer = Signer()
token = signer.sign(
'validate' + timezone.datetime.now().strftime("%d%m%y%H%M")
).replace('validate', 'v')
delete_token = signer.sign(
'delete' + timezone.datetime.now().strftime("%d%m%y%H%M")
).replace('delete', 'd')
# Email body
plaintext = get_template('email/confirma.txt')
htmly = get_template('email/confirma.html')
d = {
'fullname': cliente.user.get_user_name(),
'destinatario': cliente.user.email,
'delete_token': delete_token,
'base_url': self.base_url,
'token': token,
}
text_content = plaintext.render(d)
html_content = htmly.render(d)
msg = EmailMultiAlternatives(
self.subject, text_content, self.sender, self.recipient_list)
msg.attach_alternative(html_content, "text/html")
return msg.send()
def form_type(context, form_type):
mu_forms = getattr(settings, "MULTIUPLOADER_FORMS_SETTINGS",
DEFAULTS.MULTIUPLOADER_FORMS_SETTINGS)
signer = Signer()
if form_type:
import warnings
if form_type == '' or form_type not in mu_forms:
if settings.DEBUG:
warnings.warn(
"A {% form_type %} was used in a template but such form_type (%s) was not provided in settings, default used instead"
% form_type)
return mark_safe(
u"<div style='display:none'><input type='hidden' name='form_type' value='%s' /></div>"
% signer.sign('default'))
else:
return mark_safe(
u"<div style='display:none'><input type='hidden' name='form_type' value='%s' /></div>"
% signer.sign(form_type))
else:
# It's very probable that the form_type is missing because of
# misconfiguration, so we raise a warning
if settings.DEBUG:
warnings.warn(
"A {% form_type %} was used in a template but form_type was not provided"
)
return mark_safe(u"")
def Shared_Decks(request):
u_id = request.GET.get('u_id')
user = None
user_name = None
signer = Signer(request.user.id)
try:
user = signer.unsign(u_id)
except signing.BadSignature:
return HttpResponse(json.dumps({"Tampering": "bad signature"}))
shared_decks = Deck.objects.filter(user_id=user,
share_flag=1,
deleted_flag=0)
deck_list = []
for deck in shared_decks:
deck_list.append({
"orig_deck_id": signer.sign(deck.deck_id),
"deck_name": deck.deck_name,
"share": deck.share_flag,
})
form = NewDeck(initial={'user': request.user.id})
getname = User.objects.filter(id=user)
for user_obj in getname:
user_name = user_obj.username
context = {
"shared_user_id": user,
"shared_user_name": user_name,
"shared_decks": deck_list,
"clone_form": form,
"sign": signer.sign(request.user.id)
}
return render(request, 'flash_cards/shared_profile.html', context)
def setUp(self):
self.thread = ThreadFactory(id_enabled=True)
self.post = UserPostFactory(thread=self.thread)
value1 = str(self.post.ip_address) + str(self.thread.thread_number)
value2 = str(self.thread.ip_address) + str(self.thread.thread_number)
signer = Signer()
self.unique_post_id = signer.sign(value1)[-10:]
self.unique_thread_id = signer.sign(value2)[-10:]
class SteemConnectBackend:
def __init__(self):
self.signer = Signer()
def authenticate(self, request, **kwargs):
if 'username' in kwargs:
return None
if 'code' not in kwargs:
return None
# validate the access token with /me endpoint and get user information
client = get_sc_client()
token_info = client.get_access_token(kwargs.get("code"))
if 'error' in token_info or 'access_token' not in token_info:
return None
user_model = get_user_model()
try:
user_instance = user_model.objects.get(
username=token_info.get("username"))
except user_model.DoesNotExist:
user_instance = user_model.objects.create_user(
username=token_info.get("username"))
expires_at = datetime.utcnow() + timedelta(
seconds=token_info.get("expires_in"))
access_token = self.signer.sign(token_info.get("access_token"))
refresh_token = self.signer.sign(token_info.get("refresh_token"))
# add or update the tokens for the user.
try:
t = Token.objects.get(user=user_instance)
t.access_token = access_token
t.refresh_token = refresh_token
t.expires_at = expires_at
except Token.DoesNotExist:
t = Token(user=user_instance,
access_token=access_token,
refresh_token=refresh_token,
expires_at=expires_at)
t.save()
return user_instance
def get_user(self, user_id):
user_model = get_user_model()
try:
return user_model.objects.get(pk=user_id)
except user_model.DoesNotExist:
return None
def login(request):
login_error = False
if request.method == "POST":
username = request.POST['username']
password = request.POST['password']
login_error = True
if username != '' and password != '':
print("Logging in")
setting_obj = settings.objects.get(~Q(timezone=''))
signer = Signer(setting_obj.salt)
password = signer.sign(password)
#print(users)
print(password)
try:
userss = users.objects.get(email=username,
password=password,
status='Active')
if userss:
login_error = True
email = userss.email
request.session['login_session'] = signer.sign(email)
return redirect('../admin-panel')
else:
login_error = False
return render(request, 'admin_html/login.html',
{'error_log': login_error})
except Exception as e:
login_error = False
return render(request, 'admin_html/login.html',
{'error_log': login_error})
else:
login_error = False
return render(request, 'admin_html/login.html',
{'error_log': login_error})
else:
print(login_error)
if 'login_session' in request.session:
print("Logged in")
return redirect('../admin-panel')
else:
print("Not Logged in")
return render(request, 'admin_html/login.html')
def test__site_get_id_by_hash(self):
site = factories.SiteFactory()
site_id_int = str(site.pk)
self.assertEqual(models.Site.get_id_by_hash(site_id_int), site_id_int)
signer = Signer()
site_id = signer.sign(site.pk)
self.assertEqual(models.Site.get_id_by_hash(site_id), site_id_int)
def _generate_timestamp(self):
"""
Generate a new signed timestamp.
"""
signer = Signer(salt=self.timestamp_signer_salt)
timestamp = baseconv.base62.encode(int(time.time()))
return signer.sign(timestamp)
def upload_finalize(request: Request) -> HttpResponseBase:
name: str = request.data['name']
status: str = request.data['status']
object_id: str = request.data['id']
upload_sig: str = request.data['signature']
# check if upload_prepare signed this less than max age ago
tsigner = TimestampSigner()
if object_id != tsigner.unsign(upload_sig,
max_age=settings.JOIST_UPLOAD_DURATION):
raise BadSignature()
signals.joist_upload_finalize.send(sender=upload_finalize,
name=name,
status=status,
object_key=object_id)
signer = Signer()
sig = signer.sign(object_id)
# can be one of aborted|uploaded
# TODO move file to where it belongs and return the new name
return JsonResponse({
'name': name,
'status': status,
'id': object_id,
'signature': sig
})
def setUpTestData(cls):
"""Prepare data fro test cases.
1. Create new organization.
2. Create invitation.
"""
cls.client = Client()
cls.org = Organization.objects.create(
name="My Organization 1",
email="*****@*****.**",
phone="887555473",
address="Hawai, Janosikova 4",
created=datetime.now())
cls.org.save()
cls.inv = Invitation.objects.create(
reg_uuid=str(uuid4()).replace('-', ''),
user_name='Invited User',
email='*****@*****.**',
phone='1230000',
organization=cls.org,
superuser=False,
# default_file_permissions=1,
can_invite=True,
expiration=datetime.now()+timedelta(days=1),
secret_code=str(uuid4())[:5])
cls.inv.save()
signer = Signer()
register_data = {
'signature': signer.sign(cls.inv.reg_uuid),
'user_name': cls.inv.user_name,
'email': cls.inv.email,
'login_pwd': 'password',
'c_login_pwd': 'password',
'key_pwd': 'password',
'c_key_pwd': 'password',
'phone': cls.inv.phone,
'address': 'Janosikova 4, Hawai',
'pub_key': _public_key,
'priv_key': _private_key,
'organization': 'someorg',
'superuser': cls.inv.superuser,
'can_invite': cls.inv.can_invite,
'can_view': cls.inv.can_view,
'can_comment': cls.inv.can_comment,
'can_sign': cls.inv.can_sign,
'can_modify': cls.inv.can_modify,
'can_remove': cls.inv.can_remove,
# 'default_file_permissions': permissions._permissions,
'csr': _csr,
}
cls.get_access_response = cls.client.get(
'/register/{}/'.format(cls.inv.reg_uuid))
cls.invalid_code_response = cls.client.post(
'/register/{}/'.format(cls.inv.reg_uuid),
{'secret_code': '0000'})
cls.valid_code_response = cls.client.post(
'/register/{}/'.format(cls.inv.reg_uuid),
{'secret_code': cls.inv.secret_code})
cls.register_response = cls.client.post(
'/register/submit/', register_data)
class ConfirmImportManagementForm(forms.Form):
"""
Store the import file name and input format in the form so that it can be used in the next step
The initial values are signed, to prevent them from being tampered with.
"""
import_file_name = forms.CharField(widget=forms.HiddenInput())
input_format = forms.CharField(widget=forms.HiddenInput())
def __init__(self, *args, **kwargs):
self.signer = Signer()
initial = kwargs.get("initial", {})
for key in {"import_file_name", "input_format"}:
if key in initial:
# Sign initial data so it cannot be tampered with
initial[key] = self.signer.sign(initial[key])
super().__init__(*args, **kwargs)
def clean(self):
cleaned_data = super().clean()
for key in {"import_file_name", "input_format"}:
try:
cleaned_data[key] = self.signer.unsign(cleaned_data[key])
except BadSignature as e:
raise forms.ValidationError(e.message)
return cleaned_data
def chat_config(context, other=None, extra=None):
# debugging errors on live site where request is not in context -- django trying to render 500 page?
# occurs on api requests, hence sarah not seeing, for example, the chatroom settings a lot of the time
if 'request' not in context:
return {'conf': json.dumps({})}
############################################################
user = context['request'].user
chat_host = context['request'].tenant.chat_host()
server = "localhost" if settings.DEBUG else "178.62.105.186"
if settings.DEBUG:
password = ""
else:
signer = Signer()
password = signer.sign(user.username)
if user.is_authenticated():
me = _resource('%s@%s' % (user.username, chat_host))
else:
me = ""
try:
role = user.groups.all()[0].name
except IndexError:
role = '-'
conf = {
'me': me,
'role': role,
'nick': user.username,
'server': server,
'password': password,
'element': 'emptychat',
'page': None,
'hasChatroom': user.has_perm('configuration.can_chat'),
}
if extra:
conf.update(extra)
return {'conf': json.dumps(conf)}
def dispatch(self, request, *args, **kwargs):
self.event = get_object_or_404(Event, pk=self.kwargs['pk'])
if self.admin:
self.person = get_object_or_404(Person, id=self.kwargs.get('person_id', None))
else:
self.token = self.kwargs.get('token', None)
if self.token:
self.person = person_from_token(self.token, Person)
else:
self.person_id = self.kwargs.get('person_id', None)
if not self.person_id:
self.person = person_from_user(request, raiseException=False)
if self.person:
self.person_id = self.person.id
if self.person_id:
signer = Signer()
token = signer.sign(self.person_id)
return redirect('events:register_token', token=token, pk=self.event.pk)
# Get here with a token and self.person set OR self.person=None which requires a login
self.participants = Participant.objects.filter(
event=self.event).order_by('person__first_name', 'person__last_name')
parts = self.participants.filter(person=self.person)
if parts:
self.participant = parts[0]
return super().dispatch(request, *args, **kwargs)
def authenticate(self, hash, pk):
user = User.objects.get(pk=pk)
signer = Signer()
value = signer.sign(user.username)
if value.split(":")[1] == hash:
return user
return None
def timeless_dump_qs(query):
serialized_str = base64.b64encode(zlib.compress(
pickle.dumps(query))).decode()
signer = Signer()
signed_data = signer.sign(serialized_str)
payload = {'data': signed_data}
return mark_safe(json.dumps(payload))
def register(request):
if request.method == 'POST':
username = request.POST['username']
password = request.POST['password']
display_name = request.POST['displayName']
signer = Signer('fataservice')
secret_channel = signer.sign(str(username))
try:
models.User1.objects.get(username=str(username))
except models.User1.DoesNotExist:
models.User1.objects.create(username=str(username),
password=str(password),
display_name=str(display_name),
secret=str(secret_channel))
user_model = models.User1.objects.get(username=str(username))
return JsonResponse({
'status': 200,
'userId': user_model.id,
'displayName': str(display_name),
'secret': str(secret_channel)
})
return JsonResponse({'status': 500, 'message': 'User already exist'})
return JsonResponse({'status': '500', 'message': 'Error'})
def message_send(request):
if request.method == "POST":
current_user = request.user
data = request.POST.dict()
message = Message()
signer = Signer()
value = signer.sign(data["message_text"])
message.text = value
message.sender = current_user
recipient = get_object_or_404(User, pk=data["recipient"])
if recipient:
message.recipient = recipient
message.save()
messages.success(request,
'Tudo certo! Mensagem enviada com sucesso.')
else:
messages.warning(
request,
'Ops! Parece que não conseguimos enviar sua mensagem.')
return redirect('inbox')
def form_valid(self, form):
#obj = form.save()
# obj.set_password(password)
# get_user_model().objects.create_user(form.cleaned_data.get('email'),
# form.cleaned_data.get('password'),
# form.cleaned_data.get('mobile_no'),
# form.cleaned_data.get('name')
# )
obj = form.save(commit=False)
obj.password = make_password(obj.password)
obj.is_active = False
form.save()
signer = Signer()
signed_value = signer.sign(obj.email)
key = ''.join(signed_value.split(':')[1:])
reg_obj = Registration.objects.create(user=obj, key=key)
msg_html = render_to_string('realapp/email-act.html', {'key': key})
send_mail("123",
"123",
'*****@*****.**', [obj.email],
html_message=msg_html,
fail_silently=False)
# return render(self.request, "realapp/home.html")
return super().form_valid(form)
def setup_first(request):
if request.method == 'POST':
first_name = request.POST['first_name']
lastname = request.POST['lastname']
employe_id = request.POST['employe_id']
department = request.POST['department']
email = request.POST['email']
role = request.POST['role']
phone = request.POST['phone']
password = request.POST['password']
status = request.POST['status']
if status!='' and first_name!='' and lastname!='' and employe_id!='' and department!='' and email!='' and role!='' and phone!='' and password!='':
setting_obj = settings.objects.get(~Q(timezone=''))
salt = setting_obj.salt
signer = Signer(salt)
sign_pwd = signer.sign(password)
insert = users.objects.create(staff_id="0", status=status, first_name=first_name, lastname=lastname, employe_id=employe_id, department=department, email=email, role=role, phone_no=phone, password=sign_pwd, added_by_user="******")
if insert:
messages.success(request, "User has been succssfully added.")
else:
messages.info(request, "All fields are required")
return render(request, 'admin_html/web_setup.html')
def explain(request):
# Make sure that the user can only submit an explanation for the random word we picked
signer = Signer()
if request.method == 'POST':
form = ExplainForm(request.POST)
if form.is_valid():
word_id = signer.unsign(form.cleaned_data['word_signed'])
word = Word.objects.get(pk=word_id)
explanation = Explanation(
word=word,
explanation= form.cleaned_data['explanation'],
author = request.user,
)
explanation.save()
messages.success(request, u"Vielen Dank für Deine Erklärung zu „%s“!" % word.lemma)
return redirect('index')
else:
try:
word = Word.random(player = request.user)
form = ExplainForm(initial = {'word_signed': signer.sign(word.id)})
except NotEnoughWordsException:
messages.error(request, u"Leider gibt es nicht genügend Wörter. Motiviere deine Freunde, ein paar neue Wörter einzugeben!")
return redirect('index')
context = {
'word': word,
'form': form,
}
return render(request, 'nbip/explain.html', context)
def recover_password(request):
''' Verifies key
Accepts the key parameter from the url. If exists in the db it signs the user in
and prompts him to change his password.
When the token is used - it's deleted.
'''
key = request.GET['key']
signer = Signer()
signed_key = signer.sign(key)
try:
recover = Recover.objects.get(key=signed_key)
except ObjectDoesNotExist:
return HttpResponse('Key already used, or does not exists.', status=404)
user = User.objects.get(id=recover.user_id)
# Try to authenticate first so user.backend hack is not needed
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
recover.delete()
success = HttpResponseRedirect('/')
cookie_time = datetime.utcnow().replace(tzinfo=utc) + timedelta(seconds=48)
success.set_cookie('recover', 'true', expires=cookie_time)
return success
def vote(request, template_name='vote.html'):
eb = ElectionBusiness()
context = {}
signer = Signer()
if eb.isOccurring():
# Check if elector already voted.
if Voted.objects.filter(elector__user=request.user).count() > 0:
messages.warning(request, 'You have already voted.')
return render(request, template_name, context)
positions = Position.objects.all()
if request.method == 'POST':
try:
for p in positions:
pname = 'position{}'.format(p.id)
candidate_id = request.POST.get(pname,"")
candidate = Candidate.objects.get(id=int(candidate_id))
cv, created = CandidateVote.objects.get_or_create(candidate=candidate)
cv.quantity = cv.quantity + 1
cv.save()
elector = Elector.objects.get(user=request.user)
voted = Voted.objects.create(elector=elector)
voted.system_signature = signer.sign(str(elector.id))
voted.save()
messages.success(request, 'Your vote was registred successfully')
except Exception as e:
messages.error(request, str(e))
else:
context['positions'] = positions
context['quantity_of_positions'] = positions.count()
else:
messages.error(request, 'Election has finished.')
return render(request, template_name, context)
def Add_User(request):
if request.method == "POST":
form = MyRegistrationForm(request.POST)
if form.is_valid():
post = form.save(commit=False)
post.author = request.user
post.is_active = False
post.save()
signer = Signer()
signed_value = signer.sign(post.username)
key = ''.join(signed_value.split(':')[1:])
reg_obj = Registration.objects.create(user=post, key=key)
msg_html = render_to_string('blogapp/mail_validation.html',
{'key': key})
#import pdb;pdb.set_trace()
send_mail("123",
"123",
'*****@*****.**', [post.username],
html_message=msg_html,
fail_silently=False)
#send_mail('Acount Activated', 'post.author Activated succesfully', '*****@*****.**', [post.username ], html_message=msg_html, fail_silently=False)
return render(
request,
'blogapp/check_mail.html',
)
else:
form = MyRegistrationForm()
return render(request, 'blogapp/UserRegistration.html', {'form': form})
def addDefaultScoreQuestion(request):
'''
增加一个默认结构的问答题,提供给前台的新增问题按钮使用。
'''
# 检查用户是否登录,并读取session中的用户信息
if USER_SESSION_NAME not in request.session.keys():
return packageResponse(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_LOGIN)
user = request.session[USER_SESSION_NAME]
# 检查是否提供了paper
if 'paper' not in request.REQUEST.keys():
return packageResponse(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_ID)
paperId = request.REQUEST['paper']
# 调用问题新增处理过程
requestData = {'paper': paperId, 'text': u'新增评分题,请填写(最长150字)', 'type': 'Score'}
result = _questionAdd(requestData, user)
if result['resultCode'] != 0:
return dictToJsonResponse(result)
questionId = result['questionId']
# 对id进行数字签名
signer = Signer()
questionId = signer.sign(questionId)
# 返回成功
return packageResponse(RESULT_CODE.SUCCESS, RESULT_MESSAGE.SUCCESS, {'id': questionId})
def View_Deck(request):
deck_id_signed = request.GET.get('deck_id')
deck_id = None
card_list =[]
signer = Signer(request.user.id)
try:
deck_id = signer.unsign(deck_id_signed)
except signing.BadSignature:
print("Tampering detected! View deck")
return HttpResponseRedirect('/')
form = NewCard(initial={'deck' : request.GET.get('deck_id')})
cards = Card.objects.filter(deck_id=deck_id, deleted_flag = 0).order_by('-date_created')
deck = Deck.objects.filter(deck_id=deck_id, deleted_flag = 0)
print "here"
deck_name = ""
try:
deck_name = deck[0].deck_name
except IndexError:
deck_name = ""
for card in cards:
card_list.append({
"card_id" : card.card_id,
"front" : card.front,
"back" : card.back,
})
upload_form = UploadFile(initial={"deck_id" : signer.sign(deck_id)})
context = {
"upload_form" : upload_form,
"form" : form,
"card_list" : card_list,
"deck_id" : deck_id_signed,
"deck_name" : deck_name,
}
return render(request, 'flash_cards/view_deck.html', context)
def create(request, note_id):
isuser = request.session.get('isuser', '0')
if isuser == '0':
return HttpResponseRedirect(reverse('notes:index'))
user = User.objects.get(user_token=isuser)
notes = user.noteboard_set.filter(id=note_id)
if notes.exists():
note = notes[0]
signer = Signer(salt="yellowTulpans")
value = signer.sign(str(note.id) + "||" + str(note.pub_date) + "||").split("||")
link = str(value[0] + value[2] + ":" + str(note.user.id))
print(link)
prev = SharedNotes.objects.filter(note_from_board_id=note.id)
s = request.build_absolute_uri().replace(request.path, '/share/')
if not prev.exists():
SharedNotes.objects.create(
note_from_board=note,
note_link=link
)
return render(request, 'share/create.html', {'link': "share/" + link, "full_link": s + link})
else:
return render(request, 'share/create.html', {'link': "share/" + prev[0].note_link, "full_link": s + link})
return HttpResponse("Not exist 404")
def Home(request):
form = None
deck_list = []
if request.user.is_authenticated:
user_id = request.user.id
signer = Signer(request.user.id)
#new deck form
if request.method == "POST":
form = NewDeck(request.POST)
if form.is_valid():
deck = form.save(commit=False)
deck.user_id = user_id
deck.save()
return HttpResponseRedirect('/')
else:
form = NewDeck(initial={'user' : request.user.id})
#grab all decks associated with a user order by descending date created
decks = Deck.objects.filter(user_id=user_id, deleted_flag = 0).order_by('-date_created')
for deck in decks:
deck_list.append({
"deck_id" : signer.sign(deck.deck_id),
"deck_name" : deck.deck_name,
"share" : deck.share_flag
})
context = {
"form" : form,
"deck_list" : deck_list,
}
return render(request, "landing/home.html", context)
def email_verify_and_update(request):
"""If the verification_key is correct, change the user email."""
# check the verification_key
name = request.user.name
new_email = request.GET.get('new_email')
signer = Signer()
expected_verification_key = signer.sign(name + new_email).split(':')[1]
if expected_verification_key == request.GET.get('verification_key'):
# now update email
user_id = request.user.id
# if we dont set password to None we get a dict-key error in api/keystone
api.keystone.user_update(request,
user_id,
name=new_email,
password=None)
msg = 'Email changed succesfully.'
messages.success(request, msg)
else:
msg = 'Invalid verification key. Email not updated.'
messages.error(request, msg)
# redirect user to settings home
response = redirect('horizon:settings:multisettings:index')
return response
def manifest_url(key=None):
if not key:
return reverse('cache_manifest')
else:
signer = Signer(sep='_', salt='manifesto')
signed_key = signer.sign(key)
return reverse('cache_manifest_keyed', args=[signed_key])
def api_download_magnet_file(request):
if request.method == 'POST':
tok = Tokens.objects.get(key=request.POST.get('token'))
if tok is None:
return JsonResponse({"status": "error"})
user = tok.user
doc = Documents.objects.filter(id=request.POST.get('file_id')).first()
if doc is None:
return JsonResponse({"status": "error"})
if user == doc.owner:
magnet_filename = str(doc.filename()) + "-" + str(
doc.timestamp.strftime(
'%d.%m.%Y-%H:%M')) + ".magnet" # MAGNET FILENAME
magnet_path = 'media/' + str(
user.id) + '/' + magnet_filename # MAGNET FILE PATH
if not os.path.isfile(magnet_path):
# jezeli plik magnetyczny nie istnieje jeszcze to go utworz
magnet = open(magnet_path, 'w')
# podpis pliku
signer = Signer() # salt='jakas_sol'
signed_hash = signer.sign(doc.hash)
magnet.write(signed_hash)
magnet.close()
return FileResponse(open(magnet_path, 'rb'))
else:
return JsonResponse({"status": "bad file id"})
def View_Deck(request):
deck_id_signed = request.GET.get('deck_id')
deck_id = None
card_list = []
signer = Signer(request.user.id)
try:
deck_id = signer.unsign(deck_id_signed)
except signing.BadSignature:
print("Tampering detected! View deck")
return HttpResponseRedirect('/')
form = NewCard(initial={'deck': request.GET.get('deck_id')})
cards = Card.objects.filter(deck_id=deck_id,
deleted_flag=0).order_by('-date_created')
deck = Deck.objects.filter(deck_id=deck_id, deleted_flag=0)
print "here"
deck_name = ""
try:
deck_name = deck[0].deck_name
except IndexError:
deck_name = ""
for card in cards:
card_list.append({
"card_id": card.card_id,
"front": card.front,
"back": card.back,
})
upload_form = UploadFile(initial={"deck_id": signer.sign(deck_id)})
context = {
"upload_form": upload_form,
"form": form,
"card_list": card_list,
"deck_id": deck_id_signed,
"deck_name": deck_name,
}
return render(request, 'flash_cards/view_deck.html', context)
def forgot(request):
if request.user.is_authenticated:
return redirect(_login_redirect_url(request))
form = forms.ForgotPasswordForm()
if request.method == 'POST':
form = forms.ForgotPasswordForm(request.POST)
if form.is_valid():
try:
user = models.User.objects.get(
email__iexact=form.cleaned_data['email'])
if not user.has_usable_password():
form.add_error(
'email',
_('That user does not use a password to log in, and therefore their password cannot be reset. '
'Did you sign up with a Google account?'))
user = None
except models.User.DoesNotExist:
form.add_error(
'email',
_('Sorry, there is no user with that email address.'))
user = None
if user:
_send_forgot_email(request, user)
signer = Signer('accounts.views.forgot-email')
email_signed = urlsafe_base64_encode(
signer.sign(user.email).encode('utf8'))
return redirect(
reverse('accounts:forgot-sent') + '?e=' +
email_signed.decode('utf8'))
return render(request, 'accounts/forgot/step1.html', {'form': form})
def forgot(request):
if request.user.is_authenticated:
return redirect(_login_redirect_url(request))
form = forms.ForgotPasswordForm()
if request.method == "POST":
form = forms.ForgotPasswordForm(request.POST)
if form.is_valid():
try:
user = models.User.objects.get(
email__iexact=form.cleaned_data["email"])
if not user.has_usable_password():
form.add_error(
"email",
_("That user does not use a password to log in, "
"and therefore their password cannot be reset. "
"Did you sign up with a Google account?"),
)
user = None
except models.User.DoesNotExist:
form.add_error(
"email",
_("Sorry, there is no user with that email address."))
user = None
if user:
_send_forgot_email(request, user)
signer = Signer("accounts.views.forgot-email")
email_signed = urlsafe_base64_encode(
signer.sign(user.email).encode("utf8"))
return redirect(
reverse("accounts:forgot-sent") + "?e=" + email_signed)
return render(request, "accounts/forgot/step1.html", {"form": form})
def create_app(request):
if request.method == 'GET':
form = CreateAppForm()
return render(request, 'User/create-app.html', {"form": form})
elif request.method == 'POST':
form = CreateAppForm(request.POST)
if form.is_valid(
): # "Secret-Key": "fase-app:XOH3r_w74dxWVM9pwmEKaRsO-H4"
app = form.save(commit=False)
app_name = form.cleaned_data['app_name']
secret_key = form.cleaned_data['app_secret_key']
signer = Signer(secret_key)
value = signer.sign(app_name)
app.app_encrypted_key = value
app.save()
return Response(
{
"Response": "Successfully Created App",
"Secret Key": value
},
status=status.HTTP_201_CREATED)
else:
return Response(
{
"Response":
"An app already exists with this App Name or Secret Key"
},
status=status.HTTP_400_BAD_REQUEST)
def generate_unsubscribe_url(user, email_type):
signer = Signer()
url_path = "/account/settings/unsubscribe/{email_type}/{token}"
action = '|'.join([str(user.id), user.username, 'unsubscribe', email_type])
token = signer.sign(action)
path = url_path.format(email_type=email_type, token=token)
return make_path_absolute(path)
def get_sign_vigencia(value):
string = "%s,%s,%s" % (
value.ta_publicado_id if value.ta_publicado_id else 0,
value.inicio_vigencia,
value.fim_vigencia)
signer = Signer()
return signer.sign(str(string))
def email_verify_and_update(request):
"""If the verification_key is correct, change the user email."""
# check the verification_key
name = request.user.name
new_email = request.GET.get('new_email')
signer = Signer()
expected_verification_key = signer.sign(name + new_email).split(':')[1]
if expected_verification_key == request.GET.get('verification_key'):
# now update email
user_id = request.user.id
# if we dont set password to None we get a dict-key error in api/keystone
api.keystone.user_update(
request,
user_id,
name=new_email,
password=None)
msg = 'Email changed succesfully.'
messages.success(request, msg)
else:
msg = 'Invalid verification key. Email not updated.'
messages.error(request, msg)
# redirect user to settings home
response = redirect('horizon:settings:multisettings:index')
return response
def make_paypal_url(request, payment):
signer = Signer()
item_number = signer.sign(unicode(payment.id))
params = {"cmd": "_xclick",
"business": settings.ARTSHOW_PAYPAL_ACCOUNT,
"undefined_quantity": "0",
"item_name": "Art Show Payment from " + payment.artist.artistname(),
"item_number": item_number,
"amount": unicode(payment.amount),
"shipping": "0",
"no_shipping": "1",
"return": request.build_absolute_uri(reverse("artshow.manage.payment_made_paypal",
args=(payment.artist_id,))),
"cancel_return": request.build_absolute_uri(
reverse("artshow.manage.payment_cancelled_paypal",
args=(payment.artist_id,)) + "?" + urlencode({"item_number": item_number})),
"currency_code": "USD",
"bn": "PP-BuyNow",
"charset": "UTF-8",
"notify_url": request.build_absolute_uri(reverse(ipn_handler)),
}
return settings.ARTSHOW_PAYPAL_URL + "?" + urlencode(params)
def index(request):
N = 10
file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(N))
file_url = '/CodeTable_app/' + file_name + '/'
signer = Signer()
value = signer.sign(file_name)
# print 'Result : ', value, file_name
response = HttpResponseRedirect(file_url)
c = Code(code_id = file_name, last_edited = datetime.now(), code_actual = "")
c.save()
if 'key' in request.COOKIES:
key = request.COOKIES.get('key')
# print 'yay'
else:
key =''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(20))
response.set_cookie('key', key)
# print 'no'
allowed_key = [key]
session = Session(code_id = file_name)
session.setlist(allowed_key)
session.save()
return response
def generate_unsubscribe_link(value):
signer = Signer(salt="unsubscribe")
token = base64.b64encode(
signer.sign(value).encode("UTF-8")).decode("UTF-8")
unsubscribe_link = settings.DOMAIN + reverse("post:unsubscribe",
args=[token])
return unsubscribe_link
def change_status_email(sender, teamname, recipient):
try:
API_USER = '******'
API_KEY = 'roar@dude1'
signer = Signer()
encrypteduserid = signer.sign(sender.id)
print recipient.email
print teamname
print sender.first_name
print sender.last_name
mail_to = recipient.email
subject = 'Change Of {0} Status !'.format(teamname)
mail_from = '*****@*****.**'
sg = sendgrid.SendGridClient(API_USER, API_KEY)
message = sendgrid.Mail()
message.add_filter('templates', 'enable', '1')
message.add_filter('templates', 'template_id',
'b428616f-f29f-4896-8de5-725c6126b0a4')
message.add_to(mail_to)
message.add_substitution('[%first_name%]', sender.first_name)
message.add_substitution('[%last_name%]', sender.last_name)
message.set_subject(subject)
message.set_from(mail_from)
status, msg = sg.send(message)
print "HTTP STATUS", status
msg = json.loads(msg)
except Exception as e:
raise e
def activation(request, email, un):
signer = Signer()
unf = signer.sign(email)
if un == unf:
return render(request, 'activate.html')
else:
return redirect('index.html')
def get(self, request, link):
signer = Signer()
global email
email = signer.unsign(script_email)
audit = signer.sign(email).split(':')[1]
if link != audit:
message = 'Паге нот фаунд'
form = EmailForm()
return render(request,
'Performer/Forgot_password.html',
context={
'form': form,
'message': message
})
form = ChangePasswordForm()
return render(request,
'Performer/Change_password_page.html',
context={'form': form})
def send_confirmation_mail(email, token, username): to = email subject = "Verify your email address" signer = Signer() signature = signer.sign(token) url = 'http://127.0.0.1:8000/myauth/confirmemail/?username='******'&signature=' + signature content = "Hi %s!,\n\nThank you for registering on our site.\n\nClick on the url below to confirm your email:\n\n%s\n\nThanks!" % (username, url) send_mail(subject, content, settings.EMAIL_HOST_USER, [to], fail_silently=False)
def sign_url(url, secret=None):
if secret:
signer = Signer(secret, sep='||')
else:
signer = Signer(sep='||')
url, signature = signer.sign(url).split('||')
return (url, signature)
def get_authentication_url(self, request, next=None):
signer = Signer("user-authentication")
sig = signer.sign(self.email)
querystring = urlencode({
"sig": sig,
"next": next or '',
})
return request.build_absolute_uri(reverse("users-authenticate")) + "?" + querystring
def get_password(self):
"""Get the password for this user/backend combination
:rtype: str
:returns: the password
"""
signer = Signer()
return signer.sign(self.password_seed)
def get_password(request):
if settings.DEBUG:
return HttpResponse()
username = request.GET['user']
user = get_object_or_404(User, username=username)
signer = Signer()
value = signer.sign(user.username)
return HttpResponse(value)
def generate_key(self):
email = self.user.email
if email:
signer = Signer()
key = signer.sign(email)
x = key.index(':')
key = key[x+1:]
self.email_verification_key = key
self.save()
def get_protect_data():
hash = get_hash()
signer = Signer()
data = {
'name' : hash,
'code' : signer.sign(hash)
}
return data
def set_activation_key(self): ''' Sets the activation key for the user Returns: None ''' signing = Signer(self.email) self.activation = signing.sign(self.username)
def link(context, link, text, id):
""" Render a link, with a tokenised id """
signer = Signer()
token = signer.sign(id)
try:
path = reverse(link, kwargs={'token': token})
except KeyError:
text = 'Link error'
path = ''
url = context['path'] + path
return mark_safe(f'<a href="{url}"><b>{text}</b></a>')
def invoice_render(context, invoice):
"""
Render an invoice as a table
Usage: {% render_invoice invoice %}
"""
ctext = invoice.add_context({})
signer = Signer()
token = signer.sign(invoice.id)
ctext['invoice_url'] = context['path'] + reverse('invoice-public', kwargs={'token': token})
html = render_to_string('members/_invoice_detail.html', ctext)
return mark_safe(html)
def signed_url(context, url_name, pk):
"""
Returns an absolute url with signed token
Usage: {% signed_url url_name pk %}
"""
request = context['request']
signer = Signer()
token = signer.sign(pk)
resolved_url = reverse(url_name, kwargs={'token': token})
return request.build_absolute_uri(resolved_url)
def crear_user(request):
if request.method == "POST":
print "si esta entrando al post "
reg = Registro_paciente(request.POST)
print reg
if reg.is_valid():
print "entro"
u_name = reg.cleaned_data['username']
u_first_name = reg.cleaned_data['nombre']
u_last_name = reg.cleaned_data['apellido']
u_dni = reg.cleaned_data['dni']
u_email = reg.cleaned_data['email']
u_password = reg.cleaned_data['password']
u_gender = reg.cleaned_data['gender']
u_estado = reg.cleaned_data['estado']
u_ciudad = reg.cleaned_data['ciudad']
u_edo_civil = reg.cleaned_data['edoCivil']
u_tlf_cel = reg.cleaned_data['tlf_cel']
u_tlf_casa = reg.cleaned_data['tlf_casa']
u = User.objects.create_user(u_name, u_email, u_password)
u.is_active = False # Como default no activamos
# Generamos una llave de activacion para enviarle a su correo.
u.save() # Guardamos al usuario
signer = Signer()
salt = signer.sign(u.username)
activation_key = salt
key_expires = datetime.datetime.today() + datetime.timedelta(2) # Creamos una fecha de expiracion por 3 dias
p = userProfile()
p.user = u # ligamos al usuario
p.activationKey = activation_key
p.keyExpires = key_expires
p.gender = u_gender
p.fechaNacimiento = reg.cleaned_data['fechaNacimiento']
p.save() # Guardamos el perfil del Usuario.
#Enviamos email de confirmacion.
emailUser = u.email
subject = 'Bienvenido a InfoSalud'
from_email = '*****@*****.**'
to = emailUser
text_content = ''
html_content = '<p>We are happy to get you <strong> Here !!!</strong>:)</p><br>Your username is: %s <br><br> To activate your Acount Please <a href="http://%s/accounts/confirm/%s/%s/">click HERE</a> to confirm your email <br><br><h3>Sincerily: <strong>Eyventu Team</strong></h3>'%(u.username,settings.URL_SERVER,u.username,p.activationKey)
msg = EmailMultiAlternatives(subject, text_content, from_email, [to])
msg.attach_alternative(html_content, "text/html")
msg.send()
return render_to_response('security/sendEmailConfirm.html',context_instance=RequestContext(request))
else:
pass
else: # is get
form = Registro_paciente()
reg = Registro_paciente()
form = LoginForm()
ctx = {'form':form,'register_form':reg,'mensaje':mens}
return render_to_response('perfiles/medico/crear_paciente.html',ctx,context_instance=RequestContext(request))
def invoice_url(context, invoice):
"""
Returns an absolute url with signed token for an invoice
Usage: {% invoice_url invoice %}
"""
request = context['request']
signer = Signer()
token = signer.sign(invoice.id)
resolved_url = reverse('invoice-public', kwargs={'token': token})
return request.build_absolute_uri(resolved_url)
def Search(request):
query = request.GET.get('query')
users = User.objects.filter(username__contains=str(query))
user_list = []
signer = Signer(request.user.id)
#SQL SELECT * FROM flash_cards_deck where deck_name like '%hello%' and deleted_flag = 0 and share_flag = 1
decks = Deck.objects.filter(deck_name__contains=str(query), share_flag = 1, deleted_flag = 0).exclude(user_id=request.user.id)
deck_list = []
for user in users:
public_deck_count = Deck.objects.filter(user_id = user.id, share_flag = 1).count()
user_list.append({
"user" : user.id,
"signed_user" : signer.sign(user.id),
"username" : user.username,
"public_deck_count" : public_deck_count,
})
for deck in decks:
username = ""
user = User.objects.filter(id = deck.user_id)
card_count = Card.objects.filter(deck_id = deck.deck_id, deleted_flag = 0).count()
try:
username = user[0].username
except IndexError:
username = ""
deck_list.append({
"orig_deck_id" : signer.sign(deck.deck_id),
"deck_name" : deck.deck_name,
"share" : deck.share_flag,
"username" : username,
"card_count" : card_count
})
form = NewDeck(initial={'user' : request.user.id})
context = {
"user_list" : user_list,
"deck_list" : deck_list,
"clone_form" : form,
"sign" : signer.sign(request.user.id),
"query" : query,
}
return render(request, 'flash_cards/search.html', context)
