def file_response(filename, response_prefix): full_path = os.path.join(settings.SAVEDFILES_DIR, filename) try: full_file = open(full_path, 'r') file_data = full_file.read() except Exception as e: return logWith404(logger,\ 'file_response: exception reading file: %s' % e,\ level='error') file_type = get_file_type(file_data) if file_type == 'unknown': return logWith404(logger,\ 'GetStatementHandler: unknown statement file type',\ level='error') elif file_type == 'pdf': mimetype = 'application/pdf' else: mimetype = 'application/msword' response = HttpResponse(file_data, mimetype=mimetype) resp_filename = '%s.%s' % (\ response_prefix,\ file_type) # response['Content-Disposition'] = 'attachment; filename=%s' % resp_filename return response
def plt_login(request): if request.method != 'POST': return HttpResponseNotAllowed(['POST']) args = bcap.dataPostProcess(request.read()) if not args.has_key('username'): return logWith404(logger, 'plt_login: post data missing username') if not args.has_key('password'): return logWith404(logger, 'plt_login: post data missing password') username = args['username'] rawpassword = args['password'] credentials = PltCredentials.objects.filter(username=username) if len(credentials) > 1: return logWith404(logger, 'plt_login: fatal error: duplicate credentials', level='error') if len(credentials) == 0: return bcap.bcapResponse({'loggedIn' : False}) c = credentials[0] hashed_password = get_hashed(rawpassword, c.salt) if hashed_password != c.hashed_password: return bcap.bcapResponse({'loggedIn' : False}) session_id = str(uuid.uuid4()) session = BelaySession(session_id=session_id, account=c.account) session.save() response = { 'station': bcap.Capability(c.account.station_url), 'makeStash': bcap.regrant('make-stash', c.account) } return bcap.bcapResponse(response)
def post_files(self, granted, args, files): applicant = granted.applicant statement = files['statement'] cid = int(args['comp']) cts = applicant.getComponentTypeById(cid) if len(cts) == 0: return logWith404(logger, 'no component type by id = %s' % cid, level='error') ct = cts[0] try: save_file(statement, get_statement_filename(applicant, ct)) except FileUploadException as e: msg = str(e) logger.info('submit-statement FileUploadException: %s' % msg) return bcap.bcapResponse({'error' : msg}) except Exception as e: return logWith404(logger, 'save_file exception: %s' % e) components = applicant.getComponentByType(ct) if len(components) > 0: component = components[0] else: component = Component(applicant=applicant, type=ct, value='',\ department=applicant.department) component.lastSubmitted = int(time.time()) component.value = statement.size component.save() app_info = applicant.cached_json() resp = {'component' : ct.name, 'app' : app_info} return bcap.bcapResponse(resp)
def post(self, grantable, args): username = grantable.pendingaccount.email rawpassword = args['password'] if len(username) > 200: return logWith404(logger, 'create_plt_account: bad username') if len(rawpassword) < 8: return logWith404(logger, 'create_plt_account: bad password') salt = str(uuid.uuid4()) hashed_password = get_hashed(rawpassword, salt) station_cap = newStationCap() account = BelayAccount(station_url=station_cap.serialize()) account.save() credentials = PltCredentials(username=username, \ salt=salt, \ hashed_password=hashed_password, \ account=account) credentials.save() session_id = str(uuid.uuid4()) session = BelaySession(session_id=session_id, account=account) session.save() grantable.pendingaccount.delete() response = { 'station': station_cap, 'makeStash': bcap.regrant('make-stash', account) } return bcap.bcapResponse(response)
def check_login(request): if request.method != 'POST': return HttpResponseNotAllowed(['POST']) args = bcap.dataPostProcess(request.read()) response = {} if not ('session' in request.COOKIES): response['loggedIn'] = False return bcap.bcapResponse(response) if not (args.has_key('sessionID')): return logWith404(logger, "check_login: request didn't pass sessionID arg") session_id = request.COOKIES['session'] req_session_id = args['sessionID'] if req_session_id != session_id: return logWith404(logger, "check_login: request session_id %s didn't match cookie\ session_id %s" % (req_session_id, session_id)) sessions = BelaySession.objects.filter(session_id=session_id) if len(sessions) > 1: return logWith404(logger, "check_login: fatal error, duplicate BelaySessions", level='error') response['loggedIn'] = (len(sessions) > 0) return bcap.bcapResponse(response)
def get(self, granted): component = granted.component filename = get_statement_filename(component.applicant, component.type) statement_path = os.path.join(settings.SAVEDFILES_DIR, filename) try: statement_file = open(statement_path, 'r') statement_data = statement_file.read() except Exception as e: return logWith404(logger,\ 'GetStatementHandler: exception reading file: %s' % e,\ level='error') file_type = get_file_type(statement_data) if file_type == 'unknown': return logWith404(logger,\ 'GetStatementHandler: unknown statement file type',\ level='error') elif file_type == 'pdf': mimetype = 'application/pdf' else: mimetype = 'application/msword' response = HttpResponse(statement_data, mimetype=mimetype) resp_filename = 'applicant_%s.%s' % (\ component.type.name.replace(' ', '_'),\ file_type) # response['Content-Disposition'] = 'attachment; filename=%s' % resp_filename return response
def post_files(self, granted, args, files): reference = granted.reference letter = files['letter'] filename = 'letter-%d-%d' % (reference.applicant.id, reference.id) try: save_file(letter, 'letter-%d-%d' % (reference.applicant.id, reference.id)) except FileUploadException as e: msg = str(e) logger.info('submit-reference FileUploadException: %s' % msg) return bcap.bcapResponse({'error' : msg}) except Exception as e: return logWith404(logger, 'save_file exception: %s' % e) reference.submitted = int(time.time()) reference.filename = filename reference.filesize = len(letter) reference.save() sendReferenceConfirmation(reference) resp = reference.to_json() resp['appname'] = reference.applicant.to_json() return bcap.bcapResponse(resp)
def delete(self, grantable): grants = Grant.objects.filter(db_entity=grantable) if len(grants) == 0: return logWith404(logger, 'UnverifiedUserDeleteHandler fatal error: no grant') uu = grantable.unverifieduser uu.delete() return bcap.bcapNullResponse()
def delete(self, grantable): grants = grantable.my_grants() if len(grants) == 0: return logWith404(logger, 'ARDeleteHandler fatal error: no grant') area = grantable.area area.delete() return bcap.bcapNullResponse()
def delete(self, grantable): grants = grantable.my_grants() if len(grants) == 0: return logWith404(logger, 'UnverifiedUserDeleteHandler fatal error: no grant') uu = grantable.unverifieduser uu.delete() return bcap.bcapNullResponse()
def request_plt_account_silent(request): """Allows requests only from those listed in settings.REQUESTING_DOMAINS Currently, used by Resume as a trusted channel to ask for new accounts so that service isn't exposed to arbitrary clients, and can be controlled through emails sent from Resume""" logger.error('Reached request_account') def request_allowed(): return request.META['REMOTE_ADDR'] in settings.REQUESTING_DOMAINS if request.method != 'POST': return HttpResponseNotAllowed(['POST']) args = bcap.dataPostProcess(request.read()) logger.error('Belay: got account request: %s' % args) logger.error('Request is from: %s' % request.META['REMOTE_ADDR']) if not request_allowed(): return logWith404(logger, 'request_silent: bad request %s' %\ request.META['REMOTE_ADDR']) pa = PendingAccount(email = args['email']) pa.save() create_cap = bcap.grant('create-account', pa) logger.error('Belay: successful create: %s' % create_cap.serialize()) return bcap.bcapResponse({'create': create_cap})
def delete(self, grantable): grants = Grant.objects.filter(db_entity=grantable) if len(grants) == 0: return logWith404(logger, 'ARDeleteHandler fatal error: no grant') area = grantable.area area.delete() return bcap.bcapNullResponse()
def glogin_landing(request): if request.method == 'GET': d = request.GET else: d = request.POST maybe_client_key = check_pending(request.path_info) if not maybe_client_key: return logWith404(logger, "Bad pending: %s" % request.path_info, level='error') # 11.4.2 Verifying directly with the OpenID Provider # 11.4.2.1. Request Parameters # . openid.mode # Value: "check_authentication" # . Exact copies of all fields from the authentication response, except # for "openid.mode". # http://openid.net/specs/openid-authentication-2_0.html#check_auth verify = {} for e in d: verify[e] = d[e] verify['openid.mode'] = 'check_authentication' try: f = urllib2.urlopen("https://www.google.com/accounts/o8/ud", urllib.urlencode(verify)) beginning = str(f.read()[0:13]) if(beginning != 'is_valid:true'): return bcap.bcapResponse('fail') except urllib2.HTTPError as e: logger.error("ErrorResponse: %s" % e.read()) return bcap.bcapNullResponse() identity = d['openid.identity'] email = d['openid.ext1.value.email'] q = GoogleCredentials.objects.filter(identity=identity) if len(q) == 0: station_cap = newStationCap() account = BelayAccount(station_url=station_cap.serialize()) account.save() gc = GoogleCredentials(account=account, identity=identity) gc.save() else: account = q[0].account session_id = str(uuid.uuid4()) session = BelaySession(account=account, session_id=session_id) session.save() response = render_to_response('glogin.html', { 'clientkey': maybe_client_key, 'station': account.station_url, 'make_stash': bcap.regrant('make-stash', account).serialize(), 'site_name': settings.SITE_NAME, 'email': email }) return response
def get(self, granted): applicant = granted.applicant try: from lib.py.combiner import get_combined_data combined_data = get_combined_data(applicant) response = HttpResponse(combined_data, mimetype='pdf') response['Content-Disposition'] = 'attachment; filename=applicant_combined.pdf' return response except Exception as e: return logWith404(logger, 'GetCombinedHandler: %s' % e, level='error')
def post(self, granted, args): applicant = granted.applicant id = args['id'] position = applicant.department.get_position_by_id(args['id']) if position: applicant.position = position applicant.save() return bcap.bcapResponse(applicant.to_json()) return logWith404(logger, 'SetPositionHandler: no position with id %s' % id,\ level='error')
def create_plt_account(request): if request.method != 'POST': return HttpResponseNotAllowed(['POST']) args = bcap.dataPostProcess(request.read()) if not args.has_key('username'): return logWith404(logger, 'create_plt_account: post data missing username') if not args.has_key('password'): return logWith404(logger, 'create_plt_account: post data missing password') username = args['username'] rawpassword = args['password'] if len(username) > 20: return logWith404(logger, 'create_plt_account: bad username') if len(rawpassword) < 8: return logWith404(logger, 'create_plt_account: bad password') salt = str(uuid.uuid4()) hashed_password = get_hashed(rawpassword, salt) station_cap = newStationCap() account = BelayAccount(station_url=station_cap.serialize()) account.save() credentials = PltCredentials(username=username, \ salt=salt, \ hashed_password=hashed_password, \ account=account) credentials.save() session_id = str(uuid.uuid4()) session = BelaySession(session_id=session_id, account=account) session.save() response = { 'station': station_cap, 'makeStash': bcap.regrant('make-stash', account) } return bcap.bcapResponse(response)
def post(self, grantable, args): email = args['email'] name = args['name'] role = args['role'] dept = grantable.department uu = UnverifiedUser(email=email, name=name, role=role, department=dept) try: uu.save() except: resp = {'success' : False, 'message' : 'failed to create UnverifiedUser'} return bcap.bcapResponse(resp) create_belay = bcap.Capability(settings.BELAY_CREATE) response = create_belay.post(bcap.dataPreProcess({'email': args['email']})) logger.error('Successfully got response for account creation: %s' % response) create_cap = response['create'] ub = UnverifiedBelayAccount(uu=uu, create=create_cap.serialize()) ub.save() if role == 'admin': create_cap = bcap.grant('get-admin-email-and-create', uu) elif role == 'reviewer': create_cap = bcap.grant('get-reviewer-email-and-create', uu) else: return logWith404(logger, 'UnverifiedUserAddRevHandler: role type not allowed: %s' % role) activate_url = '%s/new-account/#%s' % \ (bcap.this_server_url_prefix(), create_cap.serialize()) return_url = bcap.this_server_url_prefix() emailstr = u"""Dear %s, A new Resume account is being created for you. To activate it, visit: %s To regain access your account once it has been created, visit: %s """ emailstr = emailstr % (name, activate_url, return_url) fromaddr = fromAddr(dept) emailResponse = sendLogEmail('[Resume] New Account', emailstr, email, fromaddr) if emailResponse: return emailResponse resp = {\ 'success' : True,\ 'email' : email,\ 'name' : name,\ 'role' : role,\ } return bcap.bcapResponse(resp)
def contact_handler(request): if request.method != 'GET': return HttpResponseNotAllowed(['GET']) try: logger.info('Contact: %s' % dept_name) dept = Department.departmentByName(dept_name) except Exception as e: return logWith404(logger, "Looked up bad department: %s, %s" % (dept_name, e), level='error') return render_to_response('contact.html', { 'tech_contact': dept.techEmail, 'admin_name': dept.contactName, 'admin_email': dept.contactEmail })
def index_handler(request): if request.method != 'GET': return HttpResponseNotAllowed(['GET']) try: logger.info('Dept: %s' % dept_name) dept = Department.departmentByName(dept_name) cap = bcap.grant('add-applicant', dept) except Exception as e: return logWith404(logger, "Looked up bad department: %s, %s" % (dept_name, e), level='error') return render_to_response(index_file, { 'create_applicant': cap.serialize(), 'contact': dept.shortname })
def post(self, granted, args): applicant = granted.applicant if args.has_key('firstname'): applicant.firstname = args['firstname'] if args.has_key('lastname'): applicant.lastname = args['lastname'] try: applicant.save() except IntegrityError: return logWith404(logger, "failed to update applicant name: %s %s"\ % (applicant.firstname, applicant.lastname), level='error') return bcap.bcapResponse({\ 'firstname' : applicant.firstname,\ 'lastname' : applicant.lastname,\ })
def post(self, grantable, args): response = self.checkPostArgs(args) if response != 'OK': return response email = args['email'] name = args['name'] role = args['role'] dept = grantable.department uu = UnverifiedUser(email=email, name=name, role=role, department=dept) try: uu.save() except: resp = {'success' : False, 'message' : 'failed to create UnverifiedUser'} return bcap.bcapResponse(resp) if role == 'admin': create_cap = bcap.grant('add-admin', uu) elif role == 'reviewer': create_cap = bcap.grant('add-reviewer', uu) else: return logWith404(logger, 'UnverifiedUserAddRevHandler: role type not allowed: %s' % role) activate_url = '%s/new-account/#%s' % \ (bcap.this_server_url_prefix(), create_cap.serialize()) return_url = bcap.this_server_url_prefix() emailstr = u"""Dear %s, A new Apply account is being created for you. To activate it, visit: %s To regain access your account once it has been created, visit: %s """ emailstr = emailstr % (name, activate_url, return_url) sendLogEmail(emailstr, email) delCap = bcap.grant('unverifieduser-delete', uu) resp = {\ 'success' : True,\ 'email' : email,\ 'name' : name,\ 'role' : role,\ } return bcap.bcapResponse(resp)
def request_plt_account(request): if request.method != 'POST': return HttpResponseNotAllowed(['POST']) args = bcap.dataPostProcess(request.read()) logger.info('request: %s' % args) if not args.has_key('email'): return logWith404(logger, 'request_account: post data missing email') pa = PendingAccount(email = args['email']) pa.save() create_cap = bcap.grant('create-account', pa) message = """ Hi! You've requested an account with Resume at the Brown University Department of Computer Science. Visit this link to get started: %s/new-applicant/#%s """ % (settings.APPURL, create_cap.serialize()) emailResponse = sendLogEmail('Resume Account Request', message, args['email'], 'Lauren Clarke <*****@*****.**>') if emailResponse: return emailResponse return bcap.bcapResponse({'success': True})
def handle(cap_id, method, args, files): grants = get_cached_grant(cap_id) if len(grants) == 0: grants = Grant.objects.filter(cap_id=cap_id) if len(grants) == 0: response = HttpResponse() return logWith404(logger, "Cap not found: %s" % cap_id) content = dataPreProcess("proxyHandler: Cap not found: %s" % cap_id) xhr_content(response, content, "text/plain;charset=UTF-8") response.status_code = 404 return response if len(grants) > 1: # TODO([email protected]): appropriate error in response raise BelayException('%s, %s' % (self.request.path_info, cap_id)) grant = grants[0] handler_class = get_handler(str(grant.internal_path)) handler = handler_class(grant) files_needed = handler.files_needed() using_files = len(files_needed) > 0 if using_files: files_granted = dict([(n, files[n]) for n in files_needed if files.has_key(n)]) item = grant.db_entity handler_log = "" handler_log += 'Handler: %s\n' % str(grant.internal_path) handler_log += ' Time: %s\n' % datetime.datetime.now() if files_needed > 1: handler_log += (' Files_needed: %s\n' % str(handler.files_needed())) if args and (grant.internal_path != 'create-account'): handler_log += (' Args: %s\n' % str(args)) try: if method == 'GET': response = handler.get(item) elif method == 'PUT': response = handler.put(item, args) elif method == 'POST': maybe_error_response = handler.checkPostArgs(args) if maybe_error_response != 'OK': logger.error("Post args check failed") logger.error(handler_log) return maybe_error_response if using_files: response = handler.post_files(item, args, files_granted) else: response = handler.post(item, args) elif method == 'DELETE': response = handler.delete(item) else: response = HttpResponse() content = dataPreProcess("proxyHandler: Bad method: %s\n" % request.method) xhr_content(response, content, "text/plain;charset=UTF-8") response.status_code = 404 # Don't log file responses if hasattr(response, 'Content-Disposition') and\ response['Content-Disposition'].find('attachment') != -1: handler_log += ' Response: %s\n' % str(response) logger.error(handler_log) return response except Exception as e: logger.error(handler_log) logger.error('BELAY: Uncaught handler exception: %s' % e) raise e
def delete(self, grantable): grants = Grant.objects.filter(db_entity=grantable) if len(grants) == 0: return logWith404(logger, 'ScoreCategoryDeleteHandler fatal error: no grant') grantable.scorecategory.delete() return bcap.bcapNullResponse()
def checkPostArgs(self, args): for k in self.post_arg_names(): if not args.has_key(k): return logWith404(logger, self.name_str() + ' error: post args missing ' + k) return 'OK'
def checkPostArgs(classname, args, keys): for k in keys: if not args.has_key(k): return logWith404(classname + ' error: post args missing ' + k) return 'OK'
def get(self, granted): return logWith404(logger, 'GetCSVHandler NYI')
def post(self, granted, args): applicant = granted.applicant return logWith404(logger, 'UploadMaterialHandler NYI')
def delete(self, grantable): grants = grantable.my_grants() if len(grants) == 0: return logWith404(logger, 'ScoreCategoryDeleteHandler fatal error: no grant') grantable.scorecategory.delete() return bcap.bcapNullResponse()