def vote_confirm():
try:
token = request.json["token"]
except KeyError:
return jsonify("'token' missing from JSON body"), 400
s = URLSafeSerializer(current_app.config["SECRET_KEY"])
valid, vote_id = s.loads_unsafe(token, "vote-confirmation")
if not valid:
return jsonify(status="error",
reason="token is not valid"), 400
v = Vote.query.get(vote_id)
delete_votes = Vote.query \
.filter(Vote.voter_email == v.voter_email,
Vote.id != v.id) \
.all()
# delete any other vote that was clicked
for d in delete_votes:
db.session.delete(d)
v.confirmed = True
db.session.commit()
return jsonify(status="success",
reason="vote confirmed")
def unpack(token):
""" Unpacks a token without verification.
Should only be used for fields which provide their own integrity.
(Such as other tokens).
Returns: The token object.
Raises ValueError if the token cannot be unpacked.
"""
unpacker = URLSafeSerializer("BadKey", None)
_, res = unpacker.loads_unsafe(token)
if not res:
raise ValueError("Corrupt/empty token")
return res
def validate_token(token, secret, salt):
""" Validate a URL safe signature
Args:
secret: secret to use for signing
salt: namespace or other known value
Return:
(validated, value): if validated == True, then value has the to be signed data
"""
serializer = URLSafeSerializer(secret)
try:
return serializer.loads_unsafe(token, salt=salt)
except:
return (False, None)
def vote_confirm():
try:
token = request.json["token"]
except KeyError:
return jsonify("'token' missing from JSON body"), 400
s = URLSafeSerializer(current_app.config["SECRET_KEY"])
valid, vote_id = s.loads_unsafe(token, "vote-confirmation")
if not valid:
return jsonify(status="error", reason="token is not valid"), 400
v = Vote.query.get(vote_id)
if not v:
return jsonify(
status="error",
reason=
"vote not found - try voting again, or contestant may have been disqualified.",
)
if v.confirmed:
return jsonify(status="success", reason="vote already confirmed")
delete_votes = Vote.query.filter(Vote.voter_email == v.voter_email,
Vote.id != v.id).all()
# delete any other vote that was clicked
for d in delete_votes:
db.session.delete(d)
v.confirmed = True
db.session.commit()
msg = Message(subject="Vote confirmation successful!",
recipients=[v.voter_email])
votes, rank = v.ranking()
msg.html = render_template(
"challenge_vote_submitted.html",
username=v.answer.user.username,
votes=int(votes),
rank=rank,
)
mail.send(msg)
return jsonify(status="success", reason="vote confirmed")
def validate_token(self, request, token):
s = URLSafeSerializer(settings.BIDAUTH_SECRET)
sig_ok, payload = s.loads_unsafe(token)
if not sig_ok:
return HttpResponse("bad token")
email = payload['email']
if not within_an_hour(payload['timestamp']):
# token's only valid for an hour
return HttpResponse("stale token")
r = Token.objects.filter(
token=token,
user__email=email)
if r.count() == 0:
return HttpResponse("token not found. probably already used")
u = r[0].user
u.backend = 'django.contrib.auth.backends.ModelBackend'
django_login(request, u)
redirect = r[0].redirect_to
r[0].delete()
return HttpResponseRedirect(redirect)
def fetch_steam_cookie(request):
cookie_str = request.cookies.get("steam_info")
if not cookie_str:
return 0, {}
ser = URLSafeSerializer(app.secret_key)
loaded, cookie_json = ser.loads_unsafe(cookie_str)
if not loaded:
return 1, {}
try:
steam_info = json.loads(cookie_json)
except json.JSONDecodeError:
return 2, {}
if "expires" not in steam_info.keys() or steam_info["expires"] <= datetime.now(timezone.utc).timestamp():
return 3, steam_info
else:
return 0, steam_info
def unlock_token(self, token):
s = URLSafeSerializer(secret_key, salt=self.salt)
sig_okay, payload = s.loads_unsafe(token)
if not sig_okay:
raise InvalidToken(token)
return payload
