def form_valid(self, form): signer = Signer() leaflet_people = {} for person in form.cleaned_data["people"]: person_data = json.loads(signer.unsign(person)) if not person_data: continue leaflet_people[person_data["person"]["id"]] = person_data person, _ = Person.objects.get_or_create( remote_id=person_data["person"]["id"], defaults={ "name": person_data["person"]["name"], "source_url": "https://candidates.democracyclub.org.uk/person/{}".format( person_data["person"]["id"] ), "source_name": "YNR2017", }, ) self.object.people = leaflet_people self.object.person_ids = list(leaflet_people.keys()) self.object.ballots = [ c["ballot"] for ynr_id, c in leaflet_people.items() ] party_data = json.loads(signer.unsign(form.cleaned_data["parties"])) if party_data["party_id"]: self.object.ynr_party_id = party_data["party_id"] self.object.ynr_party_name = party_data["party_name"] return super().form_valid(form)
def save(self): if "people" in self.cleaned_data and self.cleaned_data["people"]: signer = Signer() data = json.loads(signer.unsign(self.cleaned_data["people"])) self.instance.ynr_party_id = data["ynr_party_id"] self.instance.ynr_party_name = data["ynr_party_name"] self.instance.ballot_id = data["ballot_id"] person, _ = Person.objects.get_or_create( remote_id=data["ynr_person_id"], defaults={ "name": data["ynr_person_name"], "source_url": "https://candidates.democracyclub.org.uk/person/{}".format( data["ynr_person_id"]), "source_name": "YNR2017", }, ) self.instance.publisher_person = person elif self.cleaned_data.get("parties") and self.cleaned_data["parties"]: signer = Signer() ( self.instance.ynr_party_id, self.instance.ynr_party_name, ) = signer.unsign(self.cleaned_data["parties"]).split("--") self.instance.save()
def verify(self): """ Attempts to unsign the signature using the current `SECRET_KEY`. If unsigning fails, `SECRET_KEY` has changed, and the exception `django.core.signing.BadSignature` will be raised. If `SECRET_KEY_FILE` does not exist, `secretkey.errors.SecretKeyFileNotFound` will be raised. """ secret_key = settings.SECRET_KEY signer = Signer(secret_key) signer.unsign(self.signed_value)
def get_initial(self): """ Validating the redirection from account via session variable """ if 'signed_token' not in self.request.session: raise Http404 signer = Signer() try: signer.unsign(self.request.session['signed_token']) except BadSignature: raise Http404 return super(EmailChangePasswordView, self).get_initial()
def CheckLogin(request): if 'user_login' in request.session: try: sig = Signer() sig.unsign(request.session['user_login']) return True except: return False else: return False
def get(self, request: HttpRequest, recovery: UUID): """ Handle the get request - comes from an E-Mail """ url_form = ForgottenCredentialsStep3BaseForm(request.GET) if not url_form.is_valid(): return self.report(request, 'invalid-link') signer = Signer(salt=str(recovery)) try: auth = signer.unsign(url_form.cleaned_data['auth']) except (BadSignature, ValueError): return self.report(request, 'invalid-link') try: pending_recovery = PendingCredentialRecovery.objects.filter( user__is_active=True, valid_until__gte=now()).get( uuid=recovery) # type: PendingCredentialRecovery except PendingCredentialRecovery.DoesNotExist: return self.report(request, 'invalid-link') if pending_recovery.key != auth: # pragma: no cover # Safeguard, can only happen with compromised security key return self.report(request, 'invalid-link') if pending_recovery.recovery_type == 'password': return self.request_password(request, url_form.cleaned_data['auth'], str(recovery)) return self.reveal_information(request, url_form.cleaned_data['auth'], str(recovery), pending_recovery.recovery_type)
class ConfirmImportManagementForm(forms.Form): """ Store the import file name and input format in the form so that it can be used in the next step The initial values are signed, to prevent them from being tampered with. """ import_file_name = forms.CharField(widget=forms.HiddenInput()) input_format = forms.CharField(widget=forms.HiddenInput()) def __init__(self, *args, **kwargs): self.signer = Signer() initial = kwargs.get("initial", {}) for key in {"import_file_name", "input_format"}: if key in initial: # Sign initial data so it cannot be tampered with initial[key] = self.signer.sign(initial[key]) super().__init__(*args, **kwargs) def clean(self): cleaned_data = super().clean() for key in {"import_file_name", "input_format"}: try: cleaned_data[key] = self.signer.unsign(cleaned_data[key]) except BadSignature as e: raise forms.ValidationError(e.message) return cleaned_data
def getUser(request): if CheckLogin(request) == True: signer = Signer(web_settings.salt) username = signer.unsign(request.session['teacher_login']) return add.objects.get(email=username)
def clean(self): cleaned_data = super(ExternalURLForm, self).clean() signer = Signer() if self.errors: # if it's not a valid URL, no reason to do further validation return url = cleaned_data['ext_url'] matched_whitelist = any((regex.match(url) for regex in EXTERNAL_URL_WHITELIST)) if matched_whitelist: cleaned_data['validated_url'] = url elif 'signature' in cleaned_data: signed_url = "{ext_url}:{signature}".format(**cleaned_data) try: cleaned_data['validated_url'] = signer.unsign(signed_url) except BadSignature: raise ValidationError(_('Signature validation failed'), code='invalid') else: raise ValidationError(_('URL must either be allowed by ' 'settings.EXTERNAL_URL_WHITELIST ' 'or have a valid signature'), code='invalid')
def catalogo(request): try: lista = get_lista(request) cliente = request.user.cliente if request.user.is_authenticated() else None context = get_base_context(request=request) signer = Signer() signed_id = None if request.method == 'GET': signed_id = request.GET.get('bien_id',0) else: if 'add_to_cart_button' in request.POST: signed_id = request.POST.get('bien_id',0) add_to_cart(request) if signed_id: bien_id = int(signer.unsign(signed_id),0) if lista and (bien_id > 0): bien = lista.get_bienes(include_hidden=False, search_bien_id=bien_id, cliente=cliente) context['bien'] = bien context['impuesto'] = lista.impuesto atributos = models.BienYAtributo.objects.filter(bien__id=bien.id) context['atributos'] = atributos except AttributeError as e: return HttpResponseServerError(e) return render(request, 'catalogo.html', context)
def get_signed_age(s, salt=None): signer = Signer(salt=salt) result = signer.unsign(s) value, timestamp = result.rsplit(signer.sep, 1) timestamp = baseconv.base62.decode(timestamp) age = time.time() - timestamp return age
def explain(request): # Make sure that the user can only submit an explanation for the random word we picked signer = Signer() if request.method == 'POST': form = ExplainForm(request.POST) if form.is_valid(): word_id = signer.unsign(form.cleaned_data['word_signed']) word = Word.objects.get(pk=word_id) explanation = Explanation( word=word, explanation= form.cleaned_data['explanation'], author = request.user, ) explanation.save() messages.success(request, u"Vielen Dank für Deine Erklärung zu „%s“!" % word.lemma) return redirect('index') else: try: word = Word.random(player = request.user) form = ExplainForm(initial = {'word_signed': signer.sign(word.id)}) except NotEnoughWordsException: messages.error(request, u"Leider gibt es nicht genügend Wörter. Motiviere deine Freunde, ein paar neue Wörter einzugeben!") return redirect('index') context = { 'word': word, 'form': form, } return render(request, 'nbip/explain.html', context)
def _surveyDelete(requestData, user): ''' 问卷删除的具体处理函数 ''' # 检查是否提供了id keys = requestData.keys() if 'id' not in keys: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_ID) idSigned = requestData['id'] # 对id进行数字签名的检查 try: signer = Signer() id = signer.unsign(idSigned) except BadSignature: # 篡改发现处理 return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.BAD_SAGNATURE) # 检查对象是否还存在,并将对象锁定 surveyList = Survey.objects.filter(id=id).select_for_update() if len(surveyList) == 0: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.OBJECT_NOT_EXIST) survey = surveyList[0] # 检查当前用户是否有权限修改 if survey.createBy.id != user.id: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_PRIVILEGE) # 执行删除 # 调查的删除不是直接删除,而是将状态改为P,有些信息还要以备后查 survey.state = 'P' survey.save() # 返回成功 return packageResult(RESULT_CODE.SUCCESS, RESULT_MESSAGE.SUCCESS)
def unsign_purpose(signed_purpose): signer = Signer() try: val = signer.unsign(signed_purpose) return val[len(SALT):] except BadSignature: return None
def get(self, *args, **kwargs): signer = Signer() sign = self.request.GET.get('sign') topic = kwargs.get('pk') if not topic: data = {'status': 'No topic #{} found.'.format(topic)} if not sign: data = {'status': 'No message sign passed.'} if sign and topic: try: topic = Topic.objects.get(pk=topic) user = User.objects.get(email=signer.unsign(sign)) topic.unsubscribed.add(user) data = { 'status': 'successfully unsubscribed from topic #{}'.format(topic.pk) } except: data = {'status': 'wrong signature, cannot unsubscribe'} unsubscribed_serializer = UnsubscribedSerializer(data=data) unsubscribed_serializer.is_valid(raise_exception=True) return Response(unsubscribed_serializer.data)
def process_ipn(sender, **kwargs): query = kwargs['query'] payment_id = None try: verify_url = settings.ARTSHOW_PAYPAL_URL + "?cmd=_notify-validate&" + query paypal_logger.debug("requesting verification from: %s", verify_url) pipe = urlopen(verify_url) text = pipe.read(128) if text != "VERIFIED": raise IPNProcessingError("Paypal returned %s for verification" % text) params = parse_qs(query) paypal_logger.info("validated PayPal IPN: %s", repr(params)) txn_type = params['txn_type'][0] if txn_type != "web_accept": raise IPNProcessingError("txn_type is %s not web_accept" % txn_type) item_number = params['item_number'][0] payment_status = params['payment_status'][0] amount_gross = params['mc_gross'][0] amount_gross = Decimal(amount_gross) payer_email = params['payer_email'][0] payment_date_str = params['payment_date'][0] payment_date = convert_date(payment_date_str) if payment_status != "Completed": raise IPNProcessingError("payment status is %s != Completed" % payment_status) signer = Signer() payment_id = signer.unsign(item_number) payment = Payment.objects.get(id=payment_id) if payment.payment_type_id != settings.ARTSHOW_PAYMENT_PENDING_PK: if payment.payment_type_id == settings.ARTSHOW_PAYMENT_RECEIVED_PK and payment.amount == amount_gross: paypal_logger.info("additional notification received for payment id %s. this is normal", payment_id) return raise IPNProcessingError("payment is not Payment Pending state") if payment.amount != amount_gross: paypal_logger.warning("payment is being changed from %s to %s", payment.amount, amount_gross) paypal_logger.info("marking payment received. payment id: %s amount: %s paypal email: %s", payment_id, amount_gross, payer_email) payment.amount = amount_gross payment.payment_type_id = settings.ARTSHOW_PAYMENT_RECEIVED_PK payment.description = "Paypal " + payer_email payment.date = payment_date payment.save() except Exception, x: paypal_logger.error("Error when getting validation for: %s", query) if payment_id: paypal_logger.error("... during processing of payment_id: %s", payment_id) paypal_logger.error("%s", x)
def user_activate_page(request, signed_value): """ Function will decode the 'signed_value' parameter and extract the User object from this value then set the User account to be active in our system. """ try: # Convert our signed value into a text. signer = Signer() value = signer.unsign(signed_value) except Exception as e: return HttpResponseBadRequest(_("Failed activating this account.")) # Get the user account and activate it. user = get_object_or_404(User, pk=value) user.is_active = True user.save() # Get the domain URL. try: org = PublicOrganization.objects.get(users__id=user.id) group = Group.objects.get(id=constants.ENTREPRENEUR_GROUP_ID) login_url = org.reverse('foundation_auth_user_login') if group in user.groups.all(): login_url = org.reverse('foundation_auth_user_login') except PublicOrganization.DoesNotExist: login_url = reverse('foundation_auth_user_login') return render(request, 'foundation_auth/user_activation/view.html',{ 'user': user, 'login_url': login_url, })
def surveyAnswerSubmit(request): ''' 问卷批量提交服务 ''' # 读取surveyId surveyIdSigned = request.REQUEST.get('surveyId') if not surveyIdSigned: # raise Exception(RESULT_MESSAGE.NO_SURVEY_ID) # 没有提供调查对象 template = loader.get_template('www/answerFinished.html') context = RequestContext(request, {'title': u'出错', 'message': RESULT_MESSAGE.NO_SURVEY_ID, 'returnUrl': '/'}) return HttpResponse(template.render(context)) # 对调查标识的数据签名进行检查 try: signer = Signer() surveyId = signer.unsign(surveyIdSigned) except: # raise Exception(RESULT_MESSAGE.BAD_SAGNATURE) # 无效的数字签名 template = loader.get_template('www/answerFinished.html') context = RequestContext(request, {'title': u'出错', 'message': RESULT_MESSAGE.BAD_SAGNATURE, 'returnUrl': '/'}) return HttpResponse(template.render(context)) # 调用提交控制器生成处理数据,并生成返回结果 surveySubmitController = SurveySubmitController(request, surveyId) return surveySubmitController.process()
def receive_json(self, content, **kwargs): signer = Signer() request_id = content.get("request_id") if request_id is None: raise TurboStreamException( "No request_id in subscription request.") message_type = content.get("type") if message_type == "subscribe": try: channel_name = signer.unsign( content.get("signed_channel_name", "")) except BadSignature: raise TurboStreamException( "Signature has been tampered with on the client!") self.requests.setdefault(channel_name, []).append(request_id) self.groups.append(channel_name) async_to_sync(self.channel_layer.group_add)(channel_name, self.channel_name) elif message_type == "unsubscribe": try: channel_name = [ channel_name for channel_name, requests in self.requests.items() if request_id in requests ][0] except IndexError: raise TurboStreamException( "No subscription for a given request ID exists to unsubscribe." ) self.groups.remove(channel_name) if channel_name not in self.groups: async_to_sync(self.channel_layer.group_discard)( channel_name, self.channel_name)
def mute(self, account, courtesy_of=None): signer = Signer() sc_client = get_sc_client() token = self.token_set.get() # get a new token in terms of expirations if token.expires_at >= timezone.now(): self.refresh_access_token() token = self.token_set.get() sc_client.access_token = signer.unsign(token.access_token) mute_op = Mute( self.username, account, ) resp = sc_client.broadcast([mute_op.to_operation_structure()]) if 'error' in resp: raise Exception(resp.get("error")) if courtesy_of: action_text = f"Muted {account} in " \ f"courtesy of {courtesy_of}." else: action_text = f"Muted {account}." log = Log(user=self, message=action_text) log.save()
def Shared_Decks(request): u_id = request.GET.get('u_id') user = None user_name = None signer = Signer(request.user.id) try: user = signer.unsign(u_id) except signing.BadSignature: return HttpResponse(json.dumps({"Tampering": "bad signature"})) shared_decks = Deck.objects.filter(user_id=user, share_flag=1, deleted_flag=0) deck_list = [] for deck in shared_decks: deck_list.append({ "orig_deck_id": signer.sign(deck.deck_id), "deck_name": deck.deck_name, "share": deck.share_flag, }) form = NewDeck(initial={'user': request.user.id}) getname = User.objects.filter(id=user) for user_obj in getname: user_name = user_obj.username context = { "shared_user_id": user, "shared_user_name": user_name, "shared_decks": deck_list, "clone_form": form, "sign": signer.sign(request.user.id) } return render(request, 'flash_cards/shared_profile.html', context)
def Study(request): signer = Signer(request.user.id) deck_id_signed = request.GET.get('deck_id') deck_id = None deckname = "" card_list = [] current_user_id = request.user.id try: deck_id = signer.unsign(deck_id_signed) except signing.BadSignature: print "Tampering Detected! Study" return HttpResponseRedirect('/') deck = Deck.objects.filter(deck_id = deck_id, deleted_flag = 0) try: deckname = deck[0].deck_name deck_creator_id = deck[0].user_id except IndexError: deckname = "" cards = Card.objects.filter(deck_id = deck_id, deleted_flag = 0).order_by('-date_created') for card in cards: card_list.append({ "card_id" : card.card_id, "front" : card.front, "back" : card.back, }) context = { "deckname" : deckname, "card_list" : card_list, "deck_id_signed" : deck_id_signed, "deck_creator_id" : deck_creator_id, "current_user_id" : current_user_id, } return render(request, 'flash_cards/study.html', context)
def Shared_Decks(request): u_id = request.GET.get('u_id') user = None user_name = None signer = Signer(request.user.id) try: user = signer.unsign(u_id) except signing.BadSignature: return HttpResponse(json.dumps({"Tampering": "bad signature"})) shared_decks = Deck.objects.filter(user_id = user, share_flag = 1, deleted_flag = 0) deck_list = [] for deck in shared_decks: deck_list.append({ "orig_deck_id" : signer.sign(deck.deck_id), "deck_name" : deck.deck_name, "share" : deck.share_flag, }) form = NewDeck(initial={'user' : request.user.id}) getname = User.objects.filter(id = user) for user_obj in getname: user_name = user_obj.username context = { "shared_user_id" : user, "shared_user_name" : user_name, "shared_decks" : deck_list, "clone_form" : form, "sign" : signer.sign(request.user.id) } return render(request, 'flash_cards/shared_profile.html', context)
def Edit_Deck(request): if request.method == 'POST': deck_id_signed = request.POST.get('deck_id') deck_id = None signer = Signer(request.user.id) try: deck_id = signer.unsign(deck_id_signed) except signing.BadSignature: print("Tampering detected!!") return HttpResponseRedirect('/') deck_name = request.POST.get('deck_name') user = request.POST.get('user') share_flag = request.POST.get('share_flag') if share_flag == 'false': share_flag = 0 else: share_flag = 1 data = {'user' : user, 'deck_name' : deck_name, "share_flag" : share_flag} deck = get_object_or_404(Deck, deck_id=deck_id) if deck.deck_name == deck_name: deck.share_flag = share_flag deck.save() else: form = NewDeck(data) if form.is_valid(): #deck = get_object_or_404(Deck, deck_id=deck_id) deck.deck_name = deck_name deck.share_flag = share_flag deck.save() else: errors = form.errors return HttpResponse(json.dumps(errors)) return HttpResponse(json.dumps({"success": "success"}))
def _paperDelete(requestData, user): # 检查是否提供了id keys = requestData.keys() if 'id' not in keys: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_ID) idSigned = requestData['id'] # 对id进行数字签名的检查 try: signer = Signer() id = signer.unsign(idSigned) except BadSignature: # 篡改发现处理 return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.BAD_SAGNATURE) # 检查对象是否还存在,并将对象锁定 paperList = Paper.objects.filter(id=id).select_for_update() if len(paperList) == 0: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.OBJECT_NOT_EXIST) paper = paperList[0] # 检查当前用户是否有权限修改 if paper.createBy.id != user.id: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_PRIVILEGE) # 执行删除 paper.delete() # 返回成功 return packageResult(RESULT_CODE.SUCCESS, RESULT_MESSAGE.SUCCESS)
def clean(self): cleaned_data = super(ExternalURLForm, self).clean() signer = Signer() if self.errors: # if it's not a valid URL, no reason to do further validation return url = cleaned_data['ext_url'] matched_whitelist = any( (regex.match(url) for regex in EXTERNAL_URL_WHITELIST)) if matched_whitelist: cleaned_data['validated_url'] = url elif 'signature' in cleaned_data: signed_url = "{ext_url}:{signature}".format(**cleaned_data) try: cleaned_data['validated_url'] = signer.unsign(signed_url) except BadSignature: raise ValidationError(_('Signature validation failed'), code='invalid') else: raise ValidationError(_('URL must either be allowed by ' 'settings.EXTERNAL_URL_WHITELIST ' 'or have a valid signature'), code='invalid')
def api_check_magnet2(request): if request.method == 'POST' and request.FILES['file']: lancuch = request.FILES['file'].read() lancuch = lancuch.decode( "utf-8") # konwersja kodowania z bytes na string utf-8 print(lancuch) # -- print(string_sha256(lancuch.encode('utf-8'))) # -- # sprawdzenie podpisu signer = Signer() # salt='jakas_sol' try: signed_hash = signer.unsign(lancuch) except BadSignature: return JsonResponse({"magnet": {"status": "bad sign"}}) doc = Documents.objects.filter( hash=signed_hash).first() # szukam pliku do ktorego kieruje magnet if doc and os.path.isfile("media/" + doc.file.name): data = { "id": str(doc.id), "nazwa": str(doc.file).split("/")[1], "timestamp": str(doc.timestamp), "autor": str(doc.owner.username) } return JsonResponse(data) else: return JsonResponse({"magnet": {"status": "file not exists"}})
def get(self, request, pk, format=None): try: signer = Signer() sign_in_link_id = signer.unsign(pk) sign_in_link = SignInLink.objects.get(id=sign_in_link_id) if not sign_in_link.is_valid_link: if sign_in_link.used: return HttpResponseRedirect(reverse('login') + '?error=already_used') return HttpResponseRedirect(reverse('login') + '?error=expired') user = User.objects.get(email=sign_in_link.email) if user.is_active: password = User.objects.make_random_password() user.set_password(password) user.save() user = authenticate_and_login(email=sign_in_link.email, password=password, request=request) sign_in_link.used = True sign_in_link.active = False sign_in_link.save() return HttpResponseRedirect(reverse('index')) else: return HttpResponseRedirect(reverse('login') + '?error=user_is_deactivated') except: return HttpResponseRedirect(reverse('login') + '?error=invalid_link')
def _custListItemDelete(requestData, user): ''' 问卷删除的具体处理函数 ''' # 检查是否提供了id keys = requestData.keys() if 'id' not in keys: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_ID) idSigned = requestData['id'] # 对id进行数字签名的检查 try: signer = Signer() id = signer.unsign(idSigned) except BadSignature: # 篡改发现处理 return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.BAD_SAGNATURE) # 检查对象是否还存在,并将对象锁定 custListListItem = CustListItem.objects.filter(id=id).select_for_update() if len(custListListItem) == 0: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.OBJECT_NOT_EXIST) custListItem = custListListItem[0] # 检查当前用户是否有权限修改 if custListItem.createBy.id != user.id: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_PRIVILEGE) # 执行删除 custListItem.delete() # 返回成功 return packageResult(RESULT_CODE.SUCCESS, RESULT_MESSAGE.SUCCESS)
def Study(request): signer = Signer(request.user.id) deck_id_signed = request.GET.get('deck_id') deck_id = None deckname = "" card_list = [] current_user_id = request.user.id try: deck_id = signer.unsign(deck_id_signed) except signing.BadSignature: print "Tampering Detected! Study" return HttpResponseRedirect('/') deck = Deck.objects.filter(deck_id=deck_id, deleted_flag=0) try: deckname = deck[0].deck_name deck_creator_id = deck[0].user_id except IndexError: deckname = "" cards = Card.objects.filter(deck_id=deck_id, deleted_flag=0).order_by('-date_created') for card in cards: card_list.append({ "card_id": card.card_id, "front": card.front, "back": card.back, }) context = { "deckname": deckname, "card_list": card_list, "deck_id_signed": deck_id_signed, "deck_creator_id": deck_creator_id, "current_user_id": current_user_id, } return render(request, 'flash_cards/study.html', context)
def Edit_Deck(request): if request.method == 'POST': deck_id_signed = request.POST.get('deck_id') deck_id = None signer = Signer(request.user.id) try: deck_id = signer.unsign(deck_id_signed) except signing.BadSignature: print("Tampering detected!!") return HttpResponseRedirect('/') deck_name = request.POST.get('deck_name') user = request.POST.get('user') share_flag = request.POST.get('share_flag') if share_flag == 'false': share_flag = 0 else: share_flag = 1 data = {'user': user, 'deck_name': deck_name, "share_flag": share_flag} deck = get_object_or_404(Deck, deck_id=deck_id) if deck.deck_name == deck_name: deck.share_flag = share_flag deck.save() else: form = NewDeck(data) if form.is_valid(): #deck = get_object_or_404(Deck, deck_id=deck_id) deck.deck_name = deck_name deck.share_flag = share_flag deck.save() else: errors = form.errors return HttpResponse(json.dumps(errors)) return HttpResponse(json.dumps({"success": "success"}))
def View_Deck(request): deck_id_signed = request.GET.get('deck_id') deck_id = None card_list = [] signer = Signer(request.user.id) try: deck_id = signer.unsign(deck_id_signed) except signing.BadSignature: print("Tampering detected! View deck") return HttpResponseRedirect('/') form = NewCard(initial={'deck': request.GET.get('deck_id')}) cards = Card.objects.filter(deck_id=deck_id, deleted_flag=0).order_by('-date_created') deck = Deck.objects.filter(deck_id=deck_id, deleted_flag=0) print "here" deck_name = "" try: deck_name = deck[0].deck_name except IndexError: deck_name = "" for card in cards: card_list.append({ "card_id": card.card_id, "front": card.front, "back": card.back, }) upload_form = UploadFile(initial={"deck_id": signer.sign(deck_id)}) context = { "upload_form": upload_form, "form": form, "card_list": card_list, "deck_id": deck_id_signed, "deck_name": deck_name, } return render(request, 'flash_cards/view_deck.html', context)
def has_permission(self, request, view): signature = request.META.get('HTTP_X_GMTOOLS_SIGNATURE', '') signer = Signer(sep='/', salt=self.NAMESPACE) try: return signer.unsign(signature) == self.RAW_VALUE except BadSignature: return False
def get(self, request, link): signer = Signer() global email email = signer.unsign(script_email) audit = signer.sign(email).split(':')[1] if link != audit: message = 'Паге нот фаунд' form = EmailForm() return render(request, 'Performer/Forgot_password.html', context={ 'form': form, 'message': message }) form = ChangePasswordForm() return render(request, 'Performer/Change_password_page.html', context={'form': form})
def View_Deck(request): deck_id_signed = request.GET.get('deck_id') deck_id = None card_list =[] signer = Signer(request.user.id) try: deck_id = signer.unsign(deck_id_signed) except signing.BadSignature: print("Tampering detected! View deck") return HttpResponseRedirect('/') form = NewCard(initial={'deck' : request.GET.get('deck_id')}) cards = Card.objects.filter(deck_id=deck_id, deleted_flag = 0).order_by('-date_created') deck = Deck.objects.filter(deck_id=deck_id, deleted_flag = 0) print "here" deck_name = "" try: deck_name = deck[0].deck_name except IndexError: deck_name = "" for card in cards: card_list.append({ "card_id" : card.card_id, "front" : card.front, "back" : card.back, }) upload_form = UploadFile(initial={"deck_id" : signer.sign(deck_id)}) context = { "upload_form" : upload_form, "form" : form, "card_list" : card_list, "deck_id" : deck_id_signed, "deck_name" : deck_name, } return render(request, 'flash_cards/view_deck.html', context)
def message_view(request, message_id): message = get_object_or_404(Message, pk=message_id) try: signer = Signer() original = signer.unsign(message.text) messages.success( request, 'Tudo certo! Nós garantimos a autenticidade dessa mensagem.') message.read_status = True message.save() return render(request, 'custom_mail/message_view.html', context={ 'message': message, 'message_text': original }) except signing.BadSignature: messages.warning( request, 'Ops! Houve um problema, a mensagem pode ter sido corrompida.') return redirect('inbox') print("Tampering detected!")
def changeResestPassword(request): token = request.POST['token'] if token: signer = Signer() try: original = signer.unsign(token) except BadSignature: print("Tampering detected!") return JsonResponse({'error' : 'token expired'}) user = User.objects.filter(username=original).get() newPass = request.POST['password'] user.password = make_password(newPass) user.save() user = authenticate(username=original, password=newPass) login(request, user) request.session['member_id'] = user.id request.session['username'] = user.username return JsonResponse({'success' : 'password changed for ' + user.username}) else: if request.user.is_authenticated(): me = request.user if check_password(request.POST['password0'], me.password): newPass = request.POST['password'] me.password = make_password(newPass) me.save() me = authenticate(username=me.username, password=newPass) login(request, me) return JsonResponse({'success' : 'password changed for ' + me.username}) else: return JsonResponse({'error' : 'current password doesn\'t match'}) return JsonResponse({'error' : 'password not changed'})
def token(self): signer = Signer() try: original = signer.unsign(self.__input) except Exception as e: return False return True if original != "" else False
def verifyemail(request): signer = Signer() userid = request.GET.get('id') useridclear = signer.unsign(userid) userprofile = Userprofile.objects.get(user__id=useridclear) userprofile.emailverified = True userprofile.save() return render(request, 'account/email-verified.html', {})
def dispatch(self, request, *args, **kwargs): signed_email = kwargs['signed_email'] signer = Signer(salt=SUBSCRIPTION_SIGNING_SALT) try: self.email = signer.unsign(signed_email) except BadSignature as e: raise SuspiciousOperation(e) return super().dispatch(request, *args, **kwargs)
def verify_signature(self, signature): """ Checks if the signature has been tampered with. :arg str signature: The signature to check, as generated by :func:`make_signature`. :returns: ``True`` if the signature has not been tampered with, ``False`` otherwise. :rtype: bool """ signer = Signer() value = "%s:%s" % (self.new_email, signature) try: signer.unsign(value) except BadSignature: return False return True
def dispatch(self, request, *args, **kwargs): # Get and unsign the key if we have one key = kwargs.get('key', None) if key: signer = Signer(sep='_', salt='manifesto') key = signer.unsign(key) self.key = key return super(ManifestView, self).dispatch(request, *args, **kwargs)
def verify_signature(self, signature): """ Checks if the signature has been tampered with. :arg str signature: The signature to check, as generated by :func:`make_signature`. :returns: ``True`` if the signature has not been tampered with, ``False`` otherwise. :rtype: bool """ signer = Signer() value = "%s:%s" % (self.new_email, signature) try: signer.unsign(value) except BadSignature: return False return True
def check_object(obj, signature): signer = Signer() value = get_value_to_sign(obj) try: return signer.unsign(f"{value}:{signature}") == value except BadSignature: return False
def validate_token(self, token): signer = Signer() try: original = signer.unsign(token) except Exception: return False return True if original != "" else False
def confirm_email(request): username = request.GET['username'] signature = request.GET['signature'] signer = Signer() try: received_token = str(signer.unsign(signature)) except Exception, e: response = "Invalid URL"
def getReachableQuestionListForSelect(request): # 检查用户是否登录,并读取session中的用户信息 if USER_SESSION_NAME not in request.session.keys(): return packageResponse(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_LOGIN) user = request.session[USER_SESSION_NAME] # 检查是否提供了branchId if 'branchId' not in request.REQUEST.keys(): return packageResponse(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_ID) branchIdSigned = request.REQUEST['branchId'] # 对id进行数字签名的检查 try: signer = Signer() branchId = signer.unsign(branchIdSigned) except BadSignature: # 篡改发现处理 return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.BAD_SAGNATURE) # 检查对象是否还存在 branchList = Branch.objects.filter(id=branchId).select_for_update() if len(branchList) == 0: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.OBJECT_NOT_EXIST) branch = branchList[0] # 检查当前用户是否有权限修改 if branch.createBy.id != user.id: return packageResult(RESULT_CODE.ERROR, RESULT_MESSAGE.NO_PRIVILEGE) # 将数据打包 questionList = [] # 导入问卷内的所有可选问题 for question in branch.getReachableQuestionList(): questionList.append({ 'num': question.getNum(), 'id': question.getIdSigned(), 'selected': question == branch.nextQuestion, 'type': question.type }) # 导入系统预定义 for question in branch.getSystemPredefined(): questionList.append({ 'num': question.getNum(), 'id': question.getIdSigned(), 'selected': branch.nextQuestion == question, 'type': question.type }) # 导入为空是系统预定义的下一题 questionList.append({ 'num': '下一题', 'id': None, 'selected': branch.nextQuestion is None, 'type': None }) return packageResponse(RESULT_CODE.SUCCESS, RESULT_MESSAGE.SUCCESS, {'questionList': questionList})
def get(self, request, *args, **kwargs): signer = Signer() pk = signer.unsign(self.kwargs['signature']) map_inst = get_object_or_404(Map, pk=pk) url = map_inst.get_absolute_url() response = HttpResponseRedirect(url) key, value = map_inst.signed_cookie_elements response.set_signed_cookie(key, value) return response
def multi_get_files(request, fieldname, noajax=False): """ View to retrieve MultiuploaderFiles based on a list of ids. """ if request.method == 'GET': log.info('received GET to get files view') if not u'form_type' in request.GET: response_data = [{"error": _("Error when detecting form type, form_type is missing")}] return HttpResponse(simplejson.dumps(response_data)) signer = Signer() try: form_type = signer.unsign(request.GET.get(u"form_type")) except BadSignature: response_data = [{"error": _("Tampering detected!")}] return HttpResponse(simplejson.dumps(response_data)) #log.info('Got file: "%s"' % filename) result = [] for p in request.GET.getlist(fieldname): fl = MultiuploaderFile.objects.get(id=p) thumb_url = "" try: thumb_url = get_thumbnail(fl.file, "80x80", quality=50) except Exception as e: log.error(e) #generating json response array result.append({"id": fl.id, "name": fl.filename, "size": fl.file.size, "url": reverse('multiuploader_file_link', args=[fl.pk]), "thumbnail_url": thumb_url, "delete_url": reverse('multiuploader_delete', args=[fl.pk]), "delete_type": "POST", }) response_data = simplejson.dumps(result) #checking for json data type #big thanks to Guy Shapiro if noajax: if request.META['HTTP_REFERER']: redirect(request.META['HTTP_REFERER']) if "application/json" in request.META['HTTP_ACCEPT_ENCODING']: mimetype = 'application/json' else: mimetype = 'text/plain' return HttpResponse(response_data, mimetype=mimetype) else: # POST return HttpResponse('Only GET accepted')
def get(self, request, *args, **kwargs): signed_pk = kwargs['signed_pk'] signer = Signer(salt=MIRROR_SIGNING_SALT) try: pk = signer.unsign(signed_pk) except BadSignature as e: raise SuspiciousOperation(e) mail = get_object_or_404(Mail, pk=pk) return HttpResponse(mail.html_body)
def Delete_Deck(request): deck_id_signed = request.POST.get('deck') deck_id = None signer = Signer(request.user.id) try: deck_id = signer.unsign(deck_id_signed) except signing.BadSignature: print("Tampering detected! Delete deck") return HttpResponse(json.dumps(errors)) deck = get_object_or_404(Deck, deck_id=deck_id) deck.deleted_flag = 1 deck.save() return HttpResponse(json.dumps({"success": "success"}))
def validate_hash(data): signer = Signer() sign_code = '' try: sign_code = signer.unsign(data['code']) except: pass if data and data['name'] and data['code'] and data['name'] == sign_code: return True return False
def get(self, request, *args, **kwargs): signer = Signer() try: pk = signer.unsign(self.kwargs['signature']) except BadSignature: return HttpResponseForbidden('Bad Signature') else: map_inst = get_object_or_404(Map, pk=pk) url = map_inst.get_absolute_url() response = HttpResponseRedirect(url) if not map_inst.owner: key, value = map_inst.signed_cookie_elements response.set_signed_cookie(key, value) return response
def from_signature(cls, signature): signer = Signer() value = signer.unsign(signature) try: value = base64.urlsafe_b64decode(value).decode('utf-8') except binascii.Error: # Typically, this would indicate a non-base64-encoded value return None email, timestamp = value.rsplit(':', 1) timestamp = float(timestamp) elapsed = datetime.utcnow() - datetime.utcfromtimestamp(timestamp) if elapsed > timedelta(days=1): return None return cls.objects.get(email=email)
def payment_made_paypal(request, artist_id): artist = get_object_or_404(Artist.objects.viewable_by(request.user), pk=artist_id) payment = None if request.method == "POST": ipn_received.send(None, query=request.body) try: signer = Signer() item_number = request.POST['item_number'] payment_id = signer.unsign(item_number) payment = Payment.objects.get(id=payment_id) except (KeyError, BadSignature, Payment.DoesNotExist): pass return render(request, "artshow/payment_made_paypal.html", {"artist": artist, "payment": payment, "pr_pk": settings.ARTSHOW_PAYMENT_RECEIVED_PK})
def Delete_Card(request): card_id = request.POST.get('card') deck_id_signed = request.POST.get('deck') deck_id = None signer = Signer(request.user.id) try: deck = signer.unsign(deck_id_signed) except signing.BadSignature: print("Tampering detected! Delete card") return HttpResponse(json.dumps(errors)) card = get_object_or_404(Card, card_id=card_id) card.deleted_flag = 1 card.save() return HttpResponse(json.dumps({"success": "success"}))
def check_signed_url(signed_url): tokens = signed_url.rsplit('&checksum=', 1) # use a maximum of 1 split to make sure that it's separated at rightmost ':' if len(tokens) == 1: return 'not verified' # join the callback url and checksum with ':' # this is the format requirement to be fed into signer signed_url = ':'.join(tokens) try: signer = Signer() original = signer.unsign(signed_url) return 'verified' except BadSignature: return 'not verified'