Esempio n. 1
0
    def _verify_upload_integrity(self, file, file_url):
        """Download the given file from the URL and compare the SHA1s.

        :type file: :class:`cgi.FieldStorage`
        :param file: A freshly uploaded file object, that has just been
            sent to the FTP server.

        :type file_url: str
        :param file_url: A publicly accessible URL where the uploaded file
            can be downloaded.

        :returns: `True` if the integrity check succeeds or is disabled.

        :raises FTPUploadError: If the file cannot be downloaded after
            the max number of retries, or if the the downloaded file
            doesn't match the original.

        """
        max_tries = int(self._data[FTP_MAX_INTEGRITY_RETRIES])
        if max_tries < 1:
            return True

        file.seek(0)
        orig_hash = sha1(file.read()).hexdigest()

        # Try to download the file. Increase the number of retries, or the
        # timeout duration, if the server is particularly slow.
        # eg: Akamai usually takes 3-15 seconds to make an uploaded file
        #     available over HTTP.
        for i in xrange(max_tries):
            try:
                temp_file = urlopen(file_url)
                dl_hash = sha1(temp_file.read()).hexdigest()
                temp_file.close()
            except HTTPError, http_err:
                # Don't raise the exception now, wait until all attempts fail
                time.sleep(3)
            else:
                # If the downloaded file matches, success! Otherwise, we can
                # be pretty sure that it got corrupted during FTP transfer.
                if orig_hash == dl_hash:
                    return True
                else:
                    msg = _('The file transferred to your FTP server is '\
                            'corrupted. Please try again.')
                    raise FTPUploadError(msg, None, None)
Esempio n. 2
0
    def _verify_upload_integrity(self, file, file_url):
        """Download the given file from the URL and compare the SHA1s.

        :type file: :class:`cgi.FieldStorage`
        :param file: A freshly uploaded file object, that has just been
            sent to the FTP server.

        :type file_url: str
        :param file_url: A publicly accessible URL where the uploaded file
            can be downloaded.

        :returns: `True` if the integrity check succeeds or is disabled.

        :raises FTPUploadError: If the file cannot be downloaded after
            the max number of retries, or if the the downloaded file
            doesn't match the original.

        """
        max_tries = int(self._data[FTP_MAX_INTEGRITY_RETRIES])
        if max_tries < 1:
            return True

        file.seek(0)
        orig_hash = sha1(file.read()).hexdigest()

        # Try to download the file. Increase the number of retries, or the
        # timeout duration, if the server is particularly slow.
        # eg: Akamai usually takes 3-15 seconds to make an uploaded file
        #     available over HTTP.
        for i in xrange(max_tries):
            try:
                temp_file = urlopen(file_url)
                dl_hash = sha1(temp_file.read()).hexdigest()
                temp_file.close()
            except HTTPError, http_err:
                # Don't raise the exception now, wait until all attempts fail
                time.sleep(3)
            else:
                # If the downloaded file matches, success! Otherwise, we can
                # be pretty sure that it got corrupted during FTP transfer.
                if orig_hash == dl_hash:
                    return True
                else:
                    msg = _('The file transferred to your FTP server is '\
                            'corrupted. Please try again.')
                    raise FTPUploadError(msg, None, None)
Esempio n. 3
0
    def _set_password(self, password):
        """Hash password on the fly."""
        if isinstance(password, unicode):
            password_8bit = password.encode('UTF-8')
        else:
            password_8bit = password

        salt = sha1()
        salt.update(os.urandom(60))
        hash_ = sha1()
        hash_.update(password_8bit + salt.hexdigest())
        hashed_password = salt.hexdigest() + hash_.hexdigest()

        # make sure the hashed password is an UTF-8 object at the end of the
        # process because SQLAlchemy _wants_ a unicode object for Unicode columns
        if not isinstance(hashed_password, unicode):
            hashed_password = hashed_password.decode('UTF-8')
        self._password = hashed_password
Esempio n. 4
0
    def _set_password(self, password):
        """Hash password on the fly."""
        if isinstance(password, unicode):
            password_8bit = password.encode('UTF-8')
        else:
            password_8bit = password

        salt = sha1()
        salt.update(os.urandom(60))
        hash_ = sha1()
        hash_.update(password_8bit + salt.hexdigest())
        hashed_password = salt.hexdigest() + hash_.hexdigest()

        # make sure the hashed password is an UTF-8 object at the end of the
        # process because SQLAlchemy _wants_ a unicode object for Unicode columns
        if not isinstance(hashed_password, unicode):
            hashed_password = hashed_password.decode('UTF-8')
        self._password = hashed_password
Esempio n. 5
0
def _verify_ftp_upload_integrity(file, file_url):
    """Download the file and make sure that it matches the original.

    Returns True on success, and raises a formencode.Invalid on failure
    so that the error may be displayed to the user.

    FIXME: Ideally we wouldn't have to download the whole file, we'd have
           some better way of verifying the integrity of the upload.

    """
    tries = 0
    max_tries = int(app_globals.settings['ftp_upload_integrity_retries'])
    if max_tries < 1:
        return True

    file.seek(0)
    orig_hash = sha1(file.read()).hexdigest()

    # Try to download the file. Increase the number of retries, or the
    # timeout duration, if the server is particularly slow.
    # eg: Akamai usually takes 3-15 seconds to make an uploaded file
    #     available over HTTP.
    while tries < max_tries:
        tries += 1
        try:
            temp_file = urllib2.urlopen(file_url)
            new_hash = sha1(temp_file.read()).hexdigest()
            temp_file.close()

            # If the downloaded file matches, success! Otherwise, we can
            # be pretty sure that it got corrupted during FTP transfer.
            if orig_hash == new_hash:
                return True
            else:
                msg = _('The file transferred to your FTP server is '\
                        'corrupted. Please try again.')
                raise FTPUploadException(msg, None, None)
        except urllib2.HTTPError, http_err:
            # Don't raise the exception now, wait until all attempts fail
            time.sleep(3)
Esempio n. 6
0
    def validate_password(self, password):
        """Check the password against existing credentials.

        :param password: the password that was provided by the user to
            try and authenticate. This is the clear text version that we will
            need to match against the hashed one in the database.
        :type password: unicode object.
        :return: Whether the password is valid.
        :rtype: bool

        """
        hashed_pass = sha1()
        hashed_pass.update(password + self.password[:40])
        return self.password[40:] == hashed_pass.hexdigest()
Esempio n. 7
0
    def validate_password(self, password):
        """Check the password against existing credentials.

        :param password: the password that was provided by the user to
            try and authenticate. This is the clear text version that we will
            need to match against the hashed one in the database.
        :type password: unicode object.
        :return: Whether the password is valid.
        :rtype: bool

        """
        hashed_pass = sha1()
        hashed_pass.update(password + self.password[:40])
        return self.password[40:] == hashed_pass.hexdigest()
 def test_add_vimeo_video(self):
     pylons.app_globals.settings['use_embed_thumbnails'] = 'true'
     media = save_media_obj(
         u'Fake Name',
         u'*****@*****.**',
         u'Python Code Swarm',
         u'A visualization of all activity in the Python repository.',
         u'',
         None,
         u'http://www.vimeo.com/1093745'
     )
     # XXX: The following values are based on the values provided by the
     #      remote site at the time this test was written. They may change
     #      in future.
     assert media.duration == 282
     thumbnail_path = thumb_path(media, 's', exists=True)
     assert thumbnail_path is not None
     img = open(thumbnail_path)
     s = sha1(img.read()).hexdigest()
     img.close()
     assert s == '1eb9442b7864841e0f48270de7e3e871050b3876'
 def test_add_google_video(self):
     pylons.app_globals.settings['use_embed_thumbnails'] = 'true'
     media = save_media_obj(
         u'Fake Name',
         u'*****@*****.**',
         u'Pictures at an Exhibition',
         u'A nice, long, production of the orchestrated Pictures...',
         u'',
         None,
         u'http://video.google.com/videoplay?docid=8997593004077118819'
     )
     # XXX: The following values are based on the values provided by the
     #      remote site at the time this test was written. They may change
     #      in future.
     assert media.duration == 1121
     thumbnail_path = thumb_path(media, 's', exists=True)
     assert thumbnail_path is not None
     img = open(thumbnail_path)
     s = sha1(img.read()).hexdigest()
     img.close()
     assert s == 'f8e84e4a487c9ff6ea69ac696c199ae6ac222e38'
 def test_add_youtube_video(self):
     pylons.app_globals.settings['use_embed_thumbnails'] = 'true'
     media = save_media_obj(
         u'Fake Name',
         u'*****@*****.**',
         u'Old Spice',
         u'Isiah Mustafa stars in...',
         u'',
         None,
         u'http://www.youtube.com/watch?v=uLTIowBF0kE'
     )
     # XXX: The following values are based on the values provided by the
     #      remote site at the time this test was written. They may change
     #      in future.
     assert media.duration == 32
     thumbnail_path = thumb_path(media, 's', exists=True)
     assert thumbnail_path is not None
     img = open(thumbnail_path)
     s = sha1(img.read()).hexdigest()
     img.close()
     assert s == 'f0a3f5991fa032077faf2d3c698a6cf3e9dcadc1'