def form_type(context, form_type): mu_forms = getattr(settings, "MULTIUPLOADER_FORMS_SETTINGS", DEFAULTS.MULTIUPLOADER_FORMS_SETTINGS) signer = Signer() if form_type: import warnings if form_type == "" or form_type not in mu_forms: if settings.DEBUG: warnings.warn( "A {% form_type %} was used in a template but such form_type (%s) was not provided in settings, default used instead" % form_type ) return mark_safe( u"<div style='display:none'><input type='hidden' name='form_type' value='%s' /></div>" % signer.sign("default") ) else: return mark_safe( u"<div style='display:none'><input type='hidden' name='form_type' value='%s' /></div>" % signer.sign(form_type) ) else: # It's very probable that the form_type is missing because of # misconfiguration, so we raise a warning if settings.DEBUG: warnings.warn("A {% form_type %} was used in a template but form_type was not provided") return mark_safe(u"")
def Shared_Decks(request): u_id = request.GET.get('u_id') user = None user_name = None signer = Signer(request.user.id) try: user = signer.unsign(u_id) except signing.BadSignature: return HttpResponse(json.dumps({"Tampering": "bad signature"})) shared_decks = Deck.objects.filter(user_id = user, share_flag = 1, deleted_flag = 0) deck_list = [] for deck in shared_decks: deck_list.append({ "orig_deck_id" : signer.sign(deck.deck_id), "deck_name" : deck.deck_name, "share" : deck.share_flag, }) form = NewDeck(initial={'user' : request.user.id}) getname = User.objects.filter(id = user) for user_obj in getname: user_name = user_obj.username context = { "shared_user_id" : user, "shared_user_name" : user_name, "shared_decks" : deck_list, "clone_form" : form, "sign" : signer.sign(request.user.id) } return render(request, 'flash_cards/shared_profile.html', context)
def send_singup_conf(self, cliente): signer = Signer() token = signer.sign( 'validate' + timezone.datetime.now().strftime("%d%m%y%H%M") ).replace('validate', 'v') delete_token = signer.sign( 'delete' + timezone.datetime.now().strftime("%d%m%y%H%M") ).replace('delete', 'd') # Email body plaintext = get_template('email/confirma.txt') htmly = get_template('email/confirma.html') d = { 'fullname': cliente.user.get_user_name(), 'destinatario': cliente.user.email, 'delete_token': delete_token, 'base_url': self.base_url, 'token': token, } text_content = plaintext.render(d) html_content = htmly.render(d) msg = EmailMultiAlternatives( self.subject, text_content, self.sender, self.recipient_list) msg.attach_alternative(html_content, "text/html") return msg.send()
def form_type(context, form_type): mu_forms = getattr(settings, "MULTIUPLOADER_FORMS_SETTINGS", DEFAULTS.MULTIUPLOADER_FORMS_SETTINGS) signer = Signer() if form_type: import warnings if form_type == '' or form_type not in mu_forms: if settings.DEBUG: warnings.warn( "A {% form_type %} was used in a template but such form_type (%s) was not provided in settings, default used instead" % form_type) return mark_safe( u"<div style='display:none'><input type='hidden' name='form_type' value='%s' /></div>" % signer.sign('default')) else: return mark_safe( u"<div style='display:none'><input type='hidden' name='form_type' value='%s' /></div>" % signer.sign(form_type)) else: # It's very probable that the form_type is missing because of # misconfiguration, so we raise a warning if settings.DEBUG: warnings.warn( "A {% form_type %} was used in a template but form_type was not provided" ) return mark_safe(u"")
def Shared_Decks(request): u_id = request.GET.get('u_id') user = None user_name = None signer = Signer(request.user.id) try: user = signer.unsign(u_id) except signing.BadSignature: return HttpResponse(json.dumps({"Tampering": "bad signature"})) shared_decks = Deck.objects.filter(user_id=user, share_flag=1, deleted_flag=0) deck_list = [] for deck in shared_decks: deck_list.append({ "orig_deck_id": signer.sign(deck.deck_id), "deck_name": deck.deck_name, "share": deck.share_flag, }) form = NewDeck(initial={'user': request.user.id}) getname = User.objects.filter(id=user) for user_obj in getname: user_name = user_obj.username context = { "shared_user_id": user, "shared_user_name": user_name, "shared_decks": deck_list, "clone_form": form, "sign": signer.sign(request.user.id) } return render(request, 'flash_cards/shared_profile.html', context)
def setUp(self): self.thread = ThreadFactory(id_enabled=True) self.post = UserPostFactory(thread=self.thread) value1 = str(self.post.ip_address) + str(self.thread.thread_number) value2 = str(self.thread.ip_address) + str(self.thread.thread_number) signer = Signer() self.unique_post_id = signer.sign(value1)[-10:] self.unique_thread_id = signer.sign(value2)[-10:]
class SteemConnectBackend: def __init__(self): self.signer = Signer() def authenticate(self, request, **kwargs): if 'username' in kwargs: return None if 'code' not in kwargs: return None # validate the access token with /me endpoint and get user information client = get_sc_client() token_info = client.get_access_token(kwargs.get("code")) if 'error' in token_info or 'access_token' not in token_info: return None user_model = get_user_model() try: user_instance = user_model.objects.get( username=token_info.get("username")) except user_model.DoesNotExist: user_instance = user_model.objects.create_user( username=token_info.get("username")) expires_at = datetime.utcnow() + timedelta( seconds=token_info.get("expires_in")) access_token = self.signer.sign(token_info.get("access_token")) refresh_token = self.signer.sign(token_info.get("refresh_token")) # add or update the tokens for the user. try: t = Token.objects.get(user=user_instance) t.access_token = access_token t.refresh_token = refresh_token t.expires_at = expires_at except Token.DoesNotExist: t = Token(user=user_instance, access_token=access_token, refresh_token=refresh_token, expires_at=expires_at) t.save() return user_instance def get_user(self, user_id): user_model = get_user_model() try: return user_model.objects.get(pk=user_id) except user_model.DoesNotExist: return None
def login(request): login_error = False if request.method == "POST": username = request.POST['username'] password = request.POST['password'] login_error = True if username != '' and password != '': print("Logging in") setting_obj = settings.objects.get(~Q(timezone='')) signer = Signer(setting_obj.salt) password = signer.sign(password) #print(users) print(password) try: userss = users.objects.get(email=username, password=password, status='Active') if userss: login_error = True email = userss.email request.session['login_session'] = signer.sign(email) return redirect('../admin-panel') else: login_error = False return render(request, 'admin_html/login.html', {'error_log': login_error}) except Exception as e: login_error = False return render(request, 'admin_html/login.html', {'error_log': login_error}) else: login_error = False return render(request, 'admin_html/login.html', {'error_log': login_error}) else: print(login_error) if 'login_session' in request.session: print("Logged in") return redirect('../admin-panel') else: print("Not Logged in") return render(request, 'admin_html/login.html')
def test__site_get_id_by_hash(self): site = factories.SiteFactory() site_id_int = str(site.pk) self.assertEqual(models.Site.get_id_by_hash(site_id_int), site_id_int) signer = Signer() site_id = signer.sign(site.pk) self.assertEqual(models.Site.get_id_by_hash(site_id), site_id_int)
def _generate_timestamp(self): """ Generate a new signed timestamp. """ signer = Signer(salt=self.timestamp_signer_salt) timestamp = baseconv.base62.encode(int(time.time())) return signer.sign(timestamp)
def upload_finalize(request: Request) -> HttpResponseBase: name: str = request.data['name'] status: str = request.data['status'] object_id: str = request.data['id'] upload_sig: str = request.data['signature'] # check if upload_prepare signed this less than max age ago tsigner = TimestampSigner() if object_id != tsigner.unsign(upload_sig, max_age=settings.JOIST_UPLOAD_DURATION): raise BadSignature() signals.joist_upload_finalize.send(sender=upload_finalize, name=name, status=status, object_key=object_id) signer = Signer() sig = signer.sign(object_id) # can be one of aborted|uploaded # TODO move file to where it belongs and return the new name return JsonResponse({ 'name': name, 'status': status, 'id': object_id, 'signature': sig })
def setUpTestData(cls): """Prepare data fro test cases. 1. Create new organization. 2. Create invitation. """ cls.client = Client() cls.org = Organization.objects.create( name="My Organization 1", email="*****@*****.**", phone="887555473", address="Hawai, Janosikova 4", created=datetime.now()) cls.org.save() cls.inv = Invitation.objects.create( reg_uuid=str(uuid4()).replace('-', ''), user_name='Invited User', email='*****@*****.**', phone='1230000', organization=cls.org, superuser=False, # default_file_permissions=1, can_invite=True, expiration=datetime.now()+timedelta(days=1), secret_code=str(uuid4())[:5]) cls.inv.save() signer = Signer() register_data = { 'signature': signer.sign(cls.inv.reg_uuid), 'user_name': cls.inv.user_name, 'email': cls.inv.email, 'login_pwd': 'password', 'c_login_pwd': 'password', 'key_pwd': 'password', 'c_key_pwd': 'password', 'phone': cls.inv.phone, 'address': 'Janosikova 4, Hawai', 'pub_key': _public_key, 'priv_key': _private_key, 'organization': 'someorg', 'superuser': cls.inv.superuser, 'can_invite': cls.inv.can_invite, 'can_view': cls.inv.can_view, 'can_comment': cls.inv.can_comment, 'can_sign': cls.inv.can_sign, 'can_modify': cls.inv.can_modify, 'can_remove': cls.inv.can_remove, # 'default_file_permissions': permissions._permissions, 'csr': _csr, } cls.get_access_response = cls.client.get( '/register/{}/'.format(cls.inv.reg_uuid)) cls.invalid_code_response = cls.client.post( '/register/{}/'.format(cls.inv.reg_uuid), {'secret_code': '0000'}) cls.valid_code_response = cls.client.post( '/register/{}/'.format(cls.inv.reg_uuid), {'secret_code': cls.inv.secret_code}) cls.register_response = cls.client.post( '/register/submit/', register_data)
class ConfirmImportManagementForm(forms.Form): """ Store the import file name and input format in the form so that it can be used in the next step The initial values are signed, to prevent them from being tampered with. """ import_file_name = forms.CharField(widget=forms.HiddenInput()) input_format = forms.CharField(widget=forms.HiddenInput()) def __init__(self, *args, **kwargs): self.signer = Signer() initial = kwargs.get("initial", {}) for key in {"import_file_name", "input_format"}: if key in initial: # Sign initial data so it cannot be tampered with initial[key] = self.signer.sign(initial[key]) super().__init__(*args, **kwargs) def clean(self): cleaned_data = super().clean() for key in {"import_file_name", "input_format"}: try: cleaned_data[key] = self.signer.unsign(cleaned_data[key]) except BadSignature as e: raise forms.ValidationError(e.message) return cleaned_data
def chat_config(context, other=None, extra=None): # debugging errors on live site where request is not in context -- django trying to render 500 page? # occurs on api requests, hence sarah not seeing, for example, the chatroom settings a lot of the time if 'request' not in context: return {'conf': json.dumps({})} ############################################################ user = context['request'].user chat_host = context['request'].tenant.chat_host() server = "localhost" if settings.DEBUG else "178.62.105.186" if settings.DEBUG: password = "" else: signer = Signer() password = signer.sign(user.username) if user.is_authenticated(): me = _resource('%s@%s' % (user.username, chat_host)) else: me = "" try: role = user.groups.all()[0].name except IndexError: role = '-' conf = { 'me': me, 'role': role, 'nick': user.username, 'server': server, 'password': password, 'element': 'emptychat', 'page': None, 'hasChatroom': user.has_perm('configuration.can_chat'), } if extra: conf.update(extra) return {'conf': json.dumps(conf)}
def dispatch(self, request, *args, **kwargs): self.event = get_object_or_404(Event, pk=self.kwargs['pk']) if self.admin: self.person = get_object_or_404(Person, id=self.kwargs.get('person_id', None)) else: self.token = self.kwargs.get('token', None) if self.token: self.person = person_from_token(self.token, Person) else: self.person_id = self.kwargs.get('person_id', None) if not self.person_id: self.person = person_from_user(request, raiseException=False) if self.person: self.person_id = self.person.id if self.person_id: signer = Signer() token = signer.sign(self.person_id) return redirect('events:register_token', token=token, pk=self.event.pk) # Get here with a token and self.person set OR self.person=None which requires a login self.participants = Participant.objects.filter( event=self.event).order_by('person__first_name', 'person__last_name') parts = self.participants.filter(person=self.person) if parts: self.participant = parts[0] return super().dispatch(request, *args, **kwargs)
def authenticate(self, hash, pk): user = User.objects.get(pk=pk) signer = Signer() value = signer.sign(user.username) if value.split(":")[1] == hash: return user return None
def timeless_dump_qs(query): serialized_str = base64.b64encode(zlib.compress( pickle.dumps(query))).decode() signer = Signer() signed_data = signer.sign(serialized_str) payload = {'data': signed_data} return mark_safe(json.dumps(payload))
def register(request): if request.method == 'POST': username = request.POST['username'] password = request.POST['password'] display_name = request.POST['displayName'] signer = Signer('fataservice') secret_channel = signer.sign(str(username)) try: models.User1.objects.get(username=str(username)) except models.User1.DoesNotExist: models.User1.objects.create(username=str(username), password=str(password), display_name=str(display_name), secret=str(secret_channel)) user_model = models.User1.objects.get(username=str(username)) return JsonResponse({ 'status': 200, 'userId': user_model.id, 'displayName': str(display_name), 'secret': str(secret_channel) }) return JsonResponse({'status': 500, 'message': 'User already exist'}) return JsonResponse({'status': '500', 'message': 'Error'})
def message_send(request): if request.method == "POST": current_user = request.user data = request.POST.dict() message = Message() signer = Signer() value = signer.sign(data["message_text"]) message.text = value message.sender = current_user recipient = get_object_or_404(User, pk=data["recipient"]) if recipient: message.recipient = recipient message.save() messages.success(request, 'Tudo certo! Mensagem enviada com sucesso.') else: messages.warning( request, 'Ops! Parece que não conseguimos enviar sua mensagem.') return redirect('inbox')
def form_valid(self, form): #obj = form.save() # obj.set_password(password) # get_user_model().objects.create_user(form.cleaned_data.get('email'), # form.cleaned_data.get('password'), # form.cleaned_data.get('mobile_no'), # form.cleaned_data.get('name') # ) obj = form.save(commit=False) obj.password = make_password(obj.password) obj.is_active = False form.save() signer = Signer() signed_value = signer.sign(obj.email) key = ''.join(signed_value.split(':')[1:]) reg_obj = Registration.objects.create(user=obj, key=key) msg_html = render_to_string('realapp/email-act.html', {'key': key}) send_mail("123", "123", '*****@*****.**', [obj.email], html_message=msg_html, fail_silently=False) # return render(self.request, "realapp/home.html") return super().form_valid(form)
def setup_first(request): if request.method == 'POST': first_name = request.POST['first_name'] lastname = request.POST['lastname'] employe_id = request.POST['employe_id'] department = request.POST['department'] email = request.POST['email'] role = request.POST['role'] phone = request.POST['phone'] password = request.POST['password'] status = request.POST['status'] if status!='' and first_name!='' and lastname!='' and employe_id!='' and department!='' and email!='' and role!='' and phone!='' and password!='': setting_obj = settings.objects.get(~Q(timezone='')) salt = setting_obj.salt signer = Signer(salt) sign_pwd = signer.sign(password) insert = users.objects.create(staff_id="0", status=status, first_name=first_name, lastname=lastname, employe_id=employe_id, department=department, email=email, role=role, phone_no=phone, password=sign_pwd, added_by_user="******") if insert: messages.success(request, "User has been succssfully added.") else: messages.info(request, "All fields are required") return render(request, 'admin_html/web_setup.html')
def explain(request): # Make sure that the user can only submit an explanation for the random word we picked signer = Signer() if request.method == 'POST': form = ExplainForm(request.POST) if form.is_valid(): word_id = signer.unsign(form.cleaned_data['word_signed']) word = Word.objects.get(pk=word_id) explanation = Explanation( word=word, explanation= form.cleaned_data['explanation'], author = request.user, ) explanation.save() messages.success(request, u"Vielen Dank für Deine Erklärung zu „%s“!" % word.lemma) return redirect('index') else: try: word = Word.random(player = request.user) form = ExplainForm(initial = {'word_signed': signer.sign(word.id)}) except NotEnoughWordsException: messages.error(request, u"Leider gibt es nicht genügend Wörter. Motiviere deine Freunde, ein paar neue Wörter einzugeben!") return redirect('index') context = { 'word': word, 'form': form, } return render(request, 'nbip/explain.html', context)
def recover_password(request): ''' Verifies key Accepts the key parameter from the url. If exists in the db it signs the user in and prompts him to change his password. When the token is used - it's deleted. ''' key = request.GET['key'] signer = Signer() signed_key = signer.sign(key) try: recover = Recover.objects.get(key=signed_key) except ObjectDoesNotExist: return HttpResponse('Key already used, or does not exists.', status=404) user = User.objects.get(id=recover.user_id) # Try to authenticate first so user.backend hack is not needed user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) recover.delete() success = HttpResponseRedirect('/') cookie_time = datetime.utcnow().replace(tzinfo=utc) + timedelta(seconds=48) success.set_cookie('recover', 'true', expires=cookie_time) return success
def vote(request, template_name='vote.html'): eb = ElectionBusiness() context = {} signer = Signer() if eb.isOccurring(): # Check if elector already voted. if Voted.objects.filter(elector__user=request.user).count() > 0: messages.warning(request, 'You have already voted.') return render(request, template_name, context) positions = Position.objects.all() if request.method == 'POST': try: for p in positions: pname = 'position{}'.format(p.id) candidate_id = request.POST.get(pname,"") candidate = Candidate.objects.get(id=int(candidate_id)) cv, created = CandidateVote.objects.get_or_create(candidate=candidate) cv.quantity = cv.quantity + 1 cv.save() elector = Elector.objects.get(user=request.user) voted = Voted.objects.create(elector=elector) voted.system_signature = signer.sign(str(elector.id)) voted.save() messages.success(request, 'Your vote was registred successfully') except Exception as e: messages.error(request, str(e)) else: context['positions'] = positions context['quantity_of_positions'] = positions.count() else: messages.error(request, 'Election has finished.') return render(request, template_name, context)
def Add_User(request): if request.method == "POST": form = MyRegistrationForm(request.POST) if form.is_valid(): post = form.save(commit=False) post.author = request.user post.is_active = False post.save() signer = Signer() signed_value = signer.sign(post.username) key = ''.join(signed_value.split(':')[1:]) reg_obj = Registration.objects.create(user=post, key=key) msg_html = render_to_string('blogapp/mail_validation.html', {'key': key}) #import pdb;pdb.set_trace() send_mail("123", "123", '*****@*****.**', [post.username], html_message=msg_html, fail_silently=False) #send_mail('Acount Activated', 'post.author Activated succesfully', '*****@*****.**', [post.username ], html_message=msg_html, fail_silently=False) return render( request, 'blogapp/check_mail.html', ) else: form = MyRegistrationForm() return render(request, 'blogapp/UserRegistration.html', {'form': form})
def addDefaultScoreQuestion(request): ''' 增加一个默认结构的问答题,提供给前台的新增问题按钮使用。 ''' # 检查用户是否登录,并读取session中的用户信息 if USER_SESSION_NAME not in request.session.keys(): return packageResponse(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_LOGIN) user = request.session[USER_SESSION_NAME] # 检查是否提供了paper if 'paper' not in request.REQUEST.keys(): return packageResponse(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_ID) paperId = request.REQUEST['paper'] # 调用问题新增处理过程 requestData = {'paper': paperId, 'text': u'新增评分题,请填写(最长150字)', 'type': 'Score'} result = _questionAdd(requestData, user) if result['resultCode'] != 0: return dictToJsonResponse(result) questionId = result['questionId'] # 对id进行数字签名 signer = Signer() questionId = signer.sign(questionId) # 返回成功 return packageResponse(RESULT_CODE.SUCCESS, RESULT_MESSAGE.SUCCESS, {'id': questionId})
def View_Deck(request): deck_id_signed = request.GET.get('deck_id') deck_id = None card_list =[] signer = Signer(request.user.id) try: deck_id = signer.unsign(deck_id_signed) except signing.BadSignature: print("Tampering detected! View deck") return HttpResponseRedirect('/') form = NewCard(initial={'deck' : request.GET.get('deck_id')}) cards = Card.objects.filter(deck_id=deck_id, deleted_flag = 0).order_by('-date_created') deck = Deck.objects.filter(deck_id=deck_id, deleted_flag = 0) print "here" deck_name = "" try: deck_name = deck[0].deck_name except IndexError: deck_name = "" for card in cards: card_list.append({ "card_id" : card.card_id, "front" : card.front, "back" : card.back, }) upload_form = UploadFile(initial={"deck_id" : signer.sign(deck_id)}) context = { "upload_form" : upload_form, "form" : form, "card_list" : card_list, "deck_id" : deck_id_signed, "deck_name" : deck_name, } return render(request, 'flash_cards/view_deck.html', context)
def create(request, note_id): isuser = request.session.get('isuser', '0') if isuser == '0': return HttpResponseRedirect(reverse('notes:index')) user = User.objects.get(user_token=isuser) notes = user.noteboard_set.filter(id=note_id) if notes.exists(): note = notes[0] signer = Signer(salt="yellowTulpans") value = signer.sign(str(note.id) + "||" + str(note.pub_date) + "||").split("||") link = str(value[0] + value[2] + ":" + str(note.user.id)) print(link) prev = SharedNotes.objects.filter(note_from_board_id=note.id) s = request.build_absolute_uri().replace(request.path, '/share/') if not prev.exists(): SharedNotes.objects.create( note_from_board=note, note_link=link ) return render(request, 'share/create.html', {'link': "share/" + link, "full_link": s + link}) else: return render(request, 'share/create.html', {'link': "share/" + prev[0].note_link, "full_link": s + link}) return HttpResponse("Not exist 404")
def Home(request): form = None deck_list = [] if request.user.is_authenticated: user_id = request.user.id signer = Signer(request.user.id) #new deck form if request.method == "POST": form = NewDeck(request.POST) if form.is_valid(): deck = form.save(commit=False) deck.user_id = user_id deck.save() return HttpResponseRedirect('/') else: form = NewDeck(initial={'user' : request.user.id}) #grab all decks associated with a user order by descending date created decks = Deck.objects.filter(user_id=user_id, deleted_flag = 0).order_by('-date_created') for deck in decks: deck_list.append({ "deck_id" : signer.sign(deck.deck_id), "deck_name" : deck.deck_name, "share" : deck.share_flag }) context = { "form" : form, "deck_list" : deck_list, } return render(request, "landing/home.html", context)
def email_verify_and_update(request): """If the verification_key is correct, change the user email.""" # check the verification_key name = request.user.name new_email = request.GET.get('new_email') signer = Signer() expected_verification_key = signer.sign(name + new_email).split(':')[1] if expected_verification_key == request.GET.get('verification_key'): # now update email user_id = request.user.id # if we dont set password to None we get a dict-key error in api/keystone api.keystone.user_update(request, user_id, name=new_email, password=None) msg = 'Email changed succesfully.' messages.success(request, msg) else: msg = 'Invalid verification key. Email not updated.' messages.error(request, msg) # redirect user to settings home response = redirect('horizon:settings:multisettings:index') return response
def manifest_url(key=None): if not key: return reverse('cache_manifest') else: signer = Signer(sep='_', salt='manifesto') signed_key = signer.sign(key) return reverse('cache_manifest_keyed', args=[signed_key])
def api_download_magnet_file(request): if request.method == 'POST': tok = Tokens.objects.get(key=request.POST.get('token')) if tok is None: return JsonResponse({"status": "error"}) user = tok.user doc = Documents.objects.filter(id=request.POST.get('file_id')).first() if doc is None: return JsonResponse({"status": "error"}) if user == doc.owner: magnet_filename = str(doc.filename()) + "-" + str( doc.timestamp.strftime( '%d.%m.%Y-%H:%M')) + ".magnet" # MAGNET FILENAME magnet_path = 'media/' + str( user.id) + '/' + magnet_filename # MAGNET FILE PATH if not os.path.isfile(magnet_path): # jezeli plik magnetyczny nie istnieje jeszcze to go utworz magnet = open(magnet_path, 'w') # podpis pliku signer = Signer() # salt='jakas_sol' signed_hash = signer.sign(doc.hash) magnet.write(signed_hash) magnet.close() return FileResponse(open(magnet_path, 'rb')) else: return JsonResponse({"status": "bad file id"})
def View_Deck(request): deck_id_signed = request.GET.get('deck_id') deck_id = None card_list = [] signer = Signer(request.user.id) try: deck_id = signer.unsign(deck_id_signed) except signing.BadSignature: print("Tampering detected! View deck") return HttpResponseRedirect('/') form = NewCard(initial={'deck': request.GET.get('deck_id')}) cards = Card.objects.filter(deck_id=deck_id, deleted_flag=0).order_by('-date_created') deck = Deck.objects.filter(deck_id=deck_id, deleted_flag=0) print "here" deck_name = "" try: deck_name = deck[0].deck_name except IndexError: deck_name = "" for card in cards: card_list.append({ "card_id": card.card_id, "front": card.front, "back": card.back, }) upload_form = UploadFile(initial={"deck_id": signer.sign(deck_id)}) context = { "upload_form": upload_form, "form": form, "card_list": card_list, "deck_id": deck_id_signed, "deck_name": deck_name, } return render(request, 'flash_cards/view_deck.html', context)
def forgot(request): if request.user.is_authenticated: return redirect(_login_redirect_url(request)) form = forms.ForgotPasswordForm() if request.method == 'POST': form = forms.ForgotPasswordForm(request.POST) if form.is_valid(): try: user = models.User.objects.get( email__iexact=form.cleaned_data['email']) if not user.has_usable_password(): form.add_error( 'email', _('That user does not use a password to log in, and therefore their password cannot be reset. ' 'Did you sign up with a Google account?')) user = None except models.User.DoesNotExist: form.add_error( 'email', _('Sorry, there is no user with that email address.')) user = None if user: _send_forgot_email(request, user) signer = Signer('accounts.views.forgot-email') email_signed = urlsafe_base64_encode( signer.sign(user.email).encode('utf8')) return redirect( reverse('accounts:forgot-sent') + '?e=' + email_signed.decode('utf8')) return render(request, 'accounts/forgot/step1.html', {'form': form})
def forgot(request): if request.user.is_authenticated: return redirect(_login_redirect_url(request)) form = forms.ForgotPasswordForm() if request.method == "POST": form = forms.ForgotPasswordForm(request.POST) if form.is_valid(): try: user = models.User.objects.get( email__iexact=form.cleaned_data["email"]) if not user.has_usable_password(): form.add_error( "email", _("That user does not use a password to log in, " "and therefore their password cannot be reset. " "Did you sign up with a Google account?"), ) user = None except models.User.DoesNotExist: form.add_error( "email", _("Sorry, there is no user with that email address.")) user = None if user: _send_forgot_email(request, user) signer = Signer("accounts.views.forgot-email") email_signed = urlsafe_base64_encode( signer.sign(user.email).encode("utf8")) return redirect( reverse("accounts:forgot-sent") + "?e=" + email_signed) return render(request, "accounts/forgot/step1.html", {"form": form})
def create_app(request): if request.method == 'GET': form = CreateAppForm() return render(request, 'User/create-app.html', {"form": form}) elif request.method == 'POST': form = CreateAppForm(request.POST) if form.is_valid( ): # "Secret-Key": "fase-app:XOH3r_w74dxWVM9pwmEKaRsO-H4" app = form.save(commit=False) app_name = form.cleaned_data['app_name'] secret_key = form.cleaned_data['app_secret_key'] signer = Signer(secret_key) value = signer.sign(app_name) app.app_encrypted_key = value app.save() return Response( { "Response": "Successfully Created App", "Secret Key": value }, status=status.HTTP_201_CREATED) else: return Response( { "Response": "An app already exists with this App Name or Secret Key" }, status=status.HTTP_400_BAD_REQUEST)
def generate_unsubscribe_url(user, email_type): signer = Signer() url_path = "/account/settings/unsubscribe/{email_type}/{token}" action = '|'.join([str(user.id), user.username, 'unsubscribe', email_type]) token = signer.sign(action) path = url_path.format(email_type=email_type, token=token) return make_path_absolute(path)
def get_sign_vigencia(value): string = "%s,%s,%s" % ( value.ta_publicado_id if value.ta_publicado_id else 0, value.inicio_vigencia, value.fim_vigencia) signer = Signer() return signer.sign(str(string))
def email_verify_and_update(request): """If the verification_key is correct, change the user email.""" # check the verification_key name = request.user.name new_email = request.GET.get('new_email') signer = Signer() expected_verification_key = signer.sign(name + new_email).split(':')[1] if expected_verification_key == request.GET.get('verification_key'): # now update email user_id = request.user.id # if we dont set password to None we get a dict-key error in api/keystone api.keystone.user_update( request, user_id, name=new_email, password=None) msg = 'Email changed succesfully.' messages.success(request, msg) else: msg = 'Invalid verification key. Email not updated.' messages.error(request, msg) # redirect user to settings home response = redirect('horizon:settings:multisettings:index') return response
def make_paypal_url(request, payment): signer = Signer() item_number = signer.sign(unicode(payment.id)) params = {"cmd": "_xclick", "business": settings.ARTSHOW_PAYPAL_ACCOUNT, "undefined_quantity": "0", "item_name": "Art Show Payment from " + payment.artist.artistname(), "item_number": item_number, "amount": unicode(payment.amount), "shipping": "0", "no_shipping": "1", "return": request.build_absolute_uri(reverse("artshow.manage.payment_made_paypal", args=(payment.artist_id,))), "cancel_return": request.build_absolute_uri( reverse("artshow.manage.payment_cancelled_paypal", args=(payment.artist_id,)) + "?" + urlencode({"item_number": item_number})), "currency_code": "USD", "bn": "PP-BuyNow", "charset": "UTF-8", "notify_url": request.build_absolute_uri(reverse(ipn_handler)), } return settings.ARTSHOW_PAYPAL_URL + "?" + urlencode(params)
def index(request): N = 10 file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(N)) file_url = '/CodeTable_app/' + file_name + '/' signer = Signer() value = signer.sign(file_name) # print 'Result : ', value, file_name response = HttpResponseRedirect(file_url) c = Code(code_id = file_name, last_edited = datetime.now(), code_actual = "") c.save() if 'key' in request.COOKIES: key = request.COOKIES.get('key') # print 'yay' else: key =''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(20)) response.set_cookie('key', key) # print 'no' allowed_key = [key] session = Session(code_id = file_name) session.setlist(allowed_key) session.save() return response
def generate_unsubscribe_link(value): signer = Signer(salt="unsubscribe") token = base64.b64encode( signer.sign(value).encode("UTF-8")).decode("UTF-8") unsubscribe_link = settings.DOMAIN + reverse("post:unsubscribe", args=[token]) return unsubscribe_link
def change_status_email(sender, teamname, recipient): try: API_USER = '******' API_KEY = 'roar@dude1' signer = Signer() encrypteduserid = signer.sign(sender.id) print recipient.email print teamname print sender.first_name print sender.last_name mail_to = recipient.email subject = 'Change Of {0} Status !'.format(teamname) mail_from = '*****@*****.**' sg = sendgrid.SendGridClient(API_USER, API_KEY) message = sendgrid.Mail() message.add_filter('templates', 'enable', '1') message.add_filter('templates', 'template_id', 'b428616f-f29f-4896-8de5-725c6126b0a4') message.add_to(mail_to) message.add_substitution('[%first_name%]', sender.first_name) message.add_substitution('[%last_name%]', sender.last_name) message.set_subject(subject) message.set_from(mail_from) status, msg = sg.send(message) print "HTTP STATUS", status msg = json.loads(msg) except Exception as e: raise e
def activation(request, email, un): signer = Signer() unf = signer.sign(email) if un == unf: return render(request, 'activate.html') else: return redirect('index.html')
def get(self, request, link): signer = Signer() global email email = signer.unsign(script_email) audit = signer.sign(email).split(':')[1] if link != audit: message = 'Паге нот фаунд' form = EmailForm() return render(request, 'Performer/Forgot_password.html', context={ 'form': form, 'message': message }) form = ChangePasswordForm() return render(request, 'Performer/Change_password_page.html', context={'form': form})
def send_confirmation_mail(email, token, username): to = email subject = "Verify your email address" signer = Signer() signature = signer.sign(token) url = 'http://127.0.0.1:8000/myauth/confirmemail/?username='******'&signature=' + signature content = "Hi %s!,\n\nThank you for registering on our site.\n\nClick on the url below to confirm your email:\n\n%s\n\nThanks!" % (username, url) send_mail(subject, content, settings.EMAIL_HOST_USER, [to], fail_silently=False)
def sign_url(url, secret=None): if secret: signer = Signer(secret, sep='||') else: signer = Signer(sep='||') url, signature = signer.sign(url).split('||') return (url, signature)
def get_authentication_url(self, request, next=None): signer = Signer("user-authentication") sig = signer.sign(self.email) querystring = urlencode({ "sig": sig, "next": next or '', }) return request.build_absolute_uri(reverse("users-authenticate")) + "?" + querystring
def get_password(self): """Get the password for this user/backend combination :rtype: str :returns: the password """ signer = Signer() return signer.sign(self.password_seed)
def get_password(request): if settings.DEBUG: return HttpResponse() username = request.GET['user'] user = get_object_or_404(User, username=username) signer = Signer() value = signer.sign(user.username) return HttpResponse(value)
def generate_key(self): email = self.user.email if email: signer = Signer() key = signer.sign(email) x = key.index(':') key = key[x+1:] self.email_verification_key = key self.save()
def get_protect_data(): hash = get_hash() signer = Signer() data = { 'name' : hash, 'code' : signer.sign(hash) } return data
def set_activation_key(self): ''' Sets the activation key for the user Returns: None ''' signing = Signer(self.email) self.activation = signing.sign(self.username)
def link(context, link, text, id): """ Render a link, with a tokenised id """ signer = Signer() token = signer.sign(id) try: path = reverse(link, kwargs={'token': token}) except KeyError: text = 'Link error' path = '' url = context['path'] + path return mark_safe(f'<a href="{url}"><b>{text}</b></a>')
def invoice_render(context, invoice): """ Render an invoice as a table Usage: {% render_invoice invoice %} """ ctext = invoice.add_context({}) signer = Signer() token = signer.sign(invoice.id) ctext['invoice_url'] = context['path'] + reverse('invoice-public', kwargs={'token': token}) html = render_to_string('members/_invoice_detail.html', ctext) return mark_safe(html)
def signed_url(context, url_name, pk): """ Returns an absolute url with signed token Usage: {% signed_url url_name pk %} """ request = context['request'] signer = Signer() token = signer.sign(pk) resolved_url = reverse(url_name, kwargs={'token': token}) return request.build_absolute_uri(resolved_url)
def crear_user(request): if request.method == "POST": print "si esta entrando al post " reg = Registro_paciente(request.POST) print reg if reg.is_valid(): print "entro" u_name = reg.cleaned_data['username'] u_first_name = reg.cleaned_data['nombre'] u_last_name = reg.cleaned_data['apellido'] u_dni = reg.cleaned_data['dni'] u_email = reg.cleaned_data['email'] u_password = reg.cleaned_data['password'] u_gender = reg.cleaned_data['gender'] u_estado = reg.cleaned_data['estado'] u_ciudad = reg.cleaned_data['ciudad'] u_edo_civil = reg.cleaned_data['edoCivil'] u_tlf_cel = reg.cleaned_data['tlf_cel'] u_tlf_casa = reg.cleaned_data['tlf_casa'] u = User.objects.create_user(u_name, u_email, u_password) u.is_active = False # Como default no activamos # Generamos una llave de activacion para enviarle a su correo. u.save() # Guardamos al usuario signer = Signer() salt = signer.sign(u.username) activation_key = salt key_expires = datetime.datetime.today() + datetime.timedelta(2) # Creamos una fecha de expiracion por 3 dias p = userProfile() p.user = u # ligamos al usuario p.activationKey = activation_key p.keyExpires = key_expires p.gender = u_gender p.fechaNacimiento = reg.cleaned_data['fechaNacimiento'] p.save() # Guardamos el perfil del Usuario. #Enviamos email de confirmacion. emailUser = u.email subject = 'Bienvenido a InfoSalud' from_email = '*****@*****.**' to = emailUser text_content = '' html_content = '<p>We are happy to get you <strong> Here !!!</strong>:)</p><br>Your username is: %s <br><br> To activate your Acount Please <a href="http://%s/accounts/confirm/%s/%s/">click HERE</a> to confirm your email <br><br><h3>Sincerily: <strong>Eyventu Team</strong></h3>'%(u.username,settings.URL_SERVER,u.username,p.activationKey) msg = EmailMultiAlternatives(subject, text_content, from_email, [to]) msg.attach_alternative(html_content, "text/html") msg.send() return render_to_response('security/sendEmailConfirm.html',context_instance=RequestContext(request)) else: pass else: # is get form = Registro_paciente() reg = Registro_paciente() form = LoginForm() ctx = {'form':form,'register_form':reg,'mensaje':mens} return render_to_response('perfiles/medico/crear_paciente.html',ctx,context_instance=RequestContext(request))
def invoice_url(context, invoice): """ Returns an absolute url with signed token for an invoice Usage: {% invoice_url invoice %} """ request = context['request'] signer = Signer() token = signer.sign(invoice.id) resolved_url = reverse('invoice-public', kwargs={'token': token}) return request.build_absolute_uri(resolved_url)
def Search(request): query = request.GET.get('query') users = User.objects.filter(username__contains=str(query)) user_list = [] signer = Signer(request.user.id) #SQL SELECT * FROM flash_cards_deck where deck_name like '%hello%' and deleted_flag = 0 and share_flag = 1 decks = Deck.objects.filter(deck_name__contains=str(query), share_flag = 1, deleted_flag = 0).exclude(user_id=request.user.id) deck_list = [] for user in users: public_deck_count = Deck.objects.filter(user_id = user.id, share_flag = 1).count() user_list.append({ "user" : user.id, "signed_user" : signer.sign(user.id), "username" : user.username, "public_deck_count" : public_deck_count, }) for deck in decks: username = "" user = User.objects.filter(id = deck.user_id) card_count = Card.objects.filter(deck_id = deck.deck_id, deleted_flag = 0).count() try: username = user[0].username except IndexError: username = "" deck_list.append({ "orig_deck_id" : signer.sign(deck.deck_id), "deck_name" : deck.deck_name, "share" : deck.share_flag, "username" : username, "card_count" : card_count }) form = NewDeck(initial={'user' : request.user.id}) context = { "user_list" : user_list, "deck_list" : deck_list, "clone_form" : form, "sign" : signer.sign(request.user.id), "query" : query, } return render(request, 'flash_cards/search.html', context)