def foundry(request):
    # get_preferencem get_current_site do caching
    return {
        'FOUNDRY': settings.FOUNDRY,
        'LAYER_PATH': settings.FOUNDRY['layers'][0] + '/',
        'CURRENT_SITE': get_current_site(request),
        'ANALYTICS_TAGS': get_preference('GeneralPreferences', 'analytics_tags'),
        'SITE_DESCRIPTION': get_preference('GeneralPreferences', 'site_description'),
        'FOUNDRY_HAS_FACEBOOK_CONNECT': getattr(settings, 'FACEBOOK_APP_ID', '') != '',
        'FOUNDRY_HAS_TWITTER_OAUTH': getattr(settings, 'TWITTER_CONSUMER_KEY', '') != '',
    }
def foundry(request):
    # get_preference, get_current_site do caching
    return {
        'FOUNDRY': settings.FOUNDRY,
        'LAYER_PATH': settings.LAYERS['layers'][-1] + '/',
        'CURRENT_SITE': get_current_site(request),
        'ANALYTICS_TAGS': get_preference('GeneralPreferences', 'analytics_tags'),
        'SITE_DESCRIPTION': get_preference('GeneralPreferences', 'site_description'),
        'FOUNDRY_HAS_FACEBOOK_CONNECT': getattr(settings, 'FACEBOOK_APP_ID', '') != '',
        'FOUNDRY_HAS_TWITTER_OAUTH': getattr(settings, 'TWITTER_CONSUMER_KEY', '') != '',
        'FOUNDRY_HAS_GOOGLE_OAUTH2': getattr(settings, 'GOOGLE_OAUTH2_CLIENT_ID', '') != '',
        'FOUNDRY_HAS_GALLERY': 'gallery' in settings.INSTALLED_APPS,
        'FOUNDRY_HAS_BANNER': 'banner' in settings.INSTALLED_APPS,

    }
Esempio n. 3
0
    def test_get_preference(self):
        # Set about us for each site
        gp1 = preferences.GeneralPreferences
        gp1.about_us = 'gp1'
        gp1.save()
        settings.SITE_ID = 2
        django.contrib.sites.models.SITE_CACHE = {}
        gp2 = preferences.GeneralPreferences
        gp2.about_us = 'gp2'
        gp2.save()
        settings.SITE_ID = 1
        django.contrib.sites.models.SITE_CACHE = {}

        # Test that there is no cache key collision
        about1 = get_preference('GeneralPreferences', 'about_us')
        settings.SITE_ID = 2
        django.contrib.sites.models.SITE_CACHE = {}
        about2 = get_preference('GeneralPreferences', 'about_us')
        settings.SITE_ID = 1
        django.contrib.sites.models.SITE_CACHE = {}
        self.assertNotEqual(about1, about2)
Esempio n. 4
0
    def get_partner_age_gateway_values(self, request):
        """
        Checks if age gateway values have been supplied by a partner site in a
        JWT token. Returns (ag_values, expires) if valid, otherwise (None, None).
        The token is only valid if
        1. the payload expiry time is not yet past (field 'exp'),
        2. the time to payload expiry is less than AG_TOKEN_MAX_TIME_TO_EXPIRY,
        3. both the 'e' (cookie expiry) and 'v' (cookie value) fields are supplied,
        4. HTTP_REFERER matches a partner site.
        """
        if AG_TOKEN_PARAMETER_NAME in request.GET:
            token = request.GET[AG_TOKEN_PARAMETER_NAME]
            ref_domain = urlparse(request.META.get('HTTP_REFERER', '')).netloc
            partner_config = get_preference('GeneralPreferences',
                                            'partner_site_configuration')

            try:
                # get domains and JWT keys - will raise ValueError
                # if the partner_site_configuration format is incorrect
                domain_key_map = dict(line.split(' ', 1) for line in
                                      partner_config.strip('\n').split('\n'))
                # raises KeyError if referer is not a partner domain
                jwt_shared_secret = domain_key_map[ref_domain]

                payload = jwt.decode(token, jwt_shared_secret)
                from_expiry = (timegm(datetime.utcnow().utctimetuple())
                               - int(payload['exp']))

                # make sure a partner site cannot set a token
                # that expires too far in the future
                if from_expiry > AG_TOKEN_MAX_TIME_TO_EXPIRY:
                    raise jwt.ExpiredSignature

                if len(payload['v']) != 13:
                    raise ValueError

                # assume UTC timestamp
                return (payload['v'], datetime.strptime(payload['e'],
                                                        '%Y-%m-%dT%H:%M:%S'))

            except (jwt.DecodeError, jwt.ExpiredSignature,
                    KeyError, ValueError):
                pass

        return None, None
Esempio n. 5
0
    def process_response(self, request, response):

        # Ignore ajax
        if request.is_ajax():
            return response

        # Protected URLs
        global PROTECTED_URLS_PATTERN
        if not PROTECTED_URLS_PATTERN:
            PROTECTED_URLS_PATTERN = r'|'.join((
                reverse('age-gateway'),
                reverse('join'),
                reverse('login'),
                reverse('logout'),
                reverse('password_reset'),
                reverse('terms-and-conditions'),
                '/auth/password_reset/',
                '/static/',
                '/admin/',
            ))
        if re.match(PROTECTED_URLS_PATTERN, request.META['PATH_INFO']) is not None:
            return response

        # Listing feeds also exempted
        # todo: make the test more refined.
        if request.META['PATH_INFO'].endswith('/feed/'):
            return response

        # Now only do we possibly hit the database
        private_site = get_preference('GeneralPreferences', 'private_site')
        show_age_gateway = get_preference('GeneralPreferences', 'show_age_gateway')

        # Check trivial case
        if not (private_site or show_age_gateway):
            return response

        # Private site not enabled and gateway passed
        if not private_site and request.COOKIES.get('age_gateway_passed'):
            return response

        # Exempted URLs
        exempted_urls = get_preference('GeneralPreferences', 'exempted_urls')
        if exempted_urls \
            and (
                re.match(
                    r'|'.join(exempted_urls.split()),
                    request.META['PATH_INFO']
               ) is not None
            ):
            return response

        # Exempted IP addresses
        exempted_ips = get_preference('GeneralPreferences', 'exempted_ips')
        if exempted_ips \
            and (
                re.match(
                    r'|'.join(exempted_ips.split()),
                    request.META['REMOTE_ADDR']
               ) is not None
            ):
            return response

        # Exempted user agents
        exempted_user_agents = get_preference('GeneralPreferences', 'exempted_user_agents')
        if exempted_user_agents \
            and (
                re.match(
                    r'|'.join(exempted_user_agents.split()),
                    request.META.get('HTTP_USER_AGENT', '')
               ) is not None
            ):
            return response

        user = getattr(request, 'user', None)
        if (user is not None) and user.is_anonymous():
            if private_site:
                return redirect_to_login(request.path_info,
                                         login_url=reverse('login'))
            else:
                # check if a partner site has supplied this
                # site with the user's age
                ag_values, expires = self.get_partner_age_gateway_values(request)
                if ag_values and expires:
                    # verify age and automatically pass age gateway
                    dob = datetime.strptime(ag_values[3:], '%d-%m-%Y').date()
                    if Country.objects.filter(country_code__iexact=ag_values[:2],
                                              minimum_age__lte=get_age(dob)).exists():
                        response.set_cookie('age_gateway_passed', value=1,
                                            expires=expires)
                        response.set_cookie('age_gateway_values', value=ag_values,
                                            expires=expires)
                        return response
                return redirect_to_login(request.path_info,
                                         login_url=reverse('age-gateway'))

        return response
Esempio n. 6
0
    def process_response(self, request, response):
        
        # Ignore ajax
        if request.is_ajax():
            return response
        
        # Protected URLs
        if re.match(PROTECTED_URLS_PATTERN, request.META['PATH_INFO']) is not None:
            return response

        # Listing feeds also exempted
        # todo: make the test more refined.
        if request.META['PATH_INFO'].endswith('/feed/'):
            return response

        # Now only do we possibly hit the database
        private_site = get_preference('GeneralPreferences', 'private_site')
        show_age_gateway = get_preference('GeneralPreferences', 'show_age_gateway')

        # Check trivial case
        if not (private_site or show_age_gateway):
            return response

        # Private site not enabled and gateway passed
        if not private_site and request.COOKIES.get('age_gateway_passed'):
            return response

        # Exempted URLs
        exempted_urls = get_preference('GeneralPreferences', 'exempted_urls')
        if exempted_urls \
            and (
                re.match(
                    r'|'.join(exempted_urls.split()), 
                    request.META['PATH_INFO']
               ) is not None
            ):
            return response

        # Exempted IP addresses
        exempted_ips = get_preference('GeneralPreferences', 'exempted_ips')
        if exempted_ips \
            and (
                re.match(
                    r'|'.join(exempted_ips.split()), 
                    request.META['REMOTE_ADDR']
               ) is not None
            ):
            return response

        # Exempted user agents
        exempted_user_agents = get_preference('GeneralPreferences', 'exempted_user_agents')
        if exempted_user_agents \
            and (
                re.match(
                    r'|'.join(exempted_user_agents.split()), 
                    request.META.get('HTTP_USER_AGENT', '')
               ) is not None
            ):
            return response

        user = getattr(request, 'user', None)
        if (user is not None) and user.is_anonymous():
            if private_site:
                return HttpResponseRedirect(reverse('login'))
            else:
                return HttpResponseRedirect(reverse('age-gateway'))

        return response