def wrapper(request, file_id, key, *args, **kw): viewer = FileViewer(get_object_or_404(File, pk=file_id)) token = request.GET.get('token') if not token: log.error('Denying access to %s, no token.' % viewer.file.id) raise PermissionDenied if not Token.valid(token, [viewer.file.id, key]): log.error('Denying access to %s, token invalid.' % viewer.file.id) raise PermissionDenied return func(request, viewer, key, *args, **kw)
def test_token_ip(self): new = Token(data='127.0.0.1') new.save() assert Token.valid(new.token, '127.0.0.1')
def test_token_fails(self): assert not Token.pop('some-random-token')
def test_token_valid(self): new = Token() new.save() assert Token.valid(new.token)
def test_token_pop(self): new = Token() new.save() assert Token.pop(new.token) assert not Token.pop(new.token)
def test_token_well_formed(self): new = Token('some badly formed token') assert not new.well_formed()
def redirect(request, viewer, key): new = Token(data=[viewer.file.id, key]) new.save() url = reverse('files.serve', args=[viewer, key]) url = urlparams(url, token=new.token) return http.HttpResponseRedirect(url)
def test_token_no_ip_invalid(self): new = Token() assert not Token.valid(new.token, '255.255.255.0')
def test_token_bad_ip_invalid(self): new = Token(data='127.0.0.1') new.save() assert not Token.pop(new.token, '255.255.255.0') assert Token.pop(new.token, '127.0.0.1')