def post(self, request, code=None, case_id=None, *args, **kwargs): self.update_session(request, request.POST.dict()) errors = validate(request.session["registration"], self.validators) redirect_postfix = f"{code}/{case_id}/" if code and case_id else "" if not errors: return redirect(f"/accounts/register/3/{redirect_postfix}") else: return redirect(f"/accounts/register/2/{redirect_postfix}")
def get(self, request, *args, **kwargs): """ :param self: A Tweets instance :param request: An HttpRequest """ try: if "keyword" not in request.GET: return HttpResponseBadRequest("keyword required") keyword = request.GET.get("keyword") schema = {'type': 'string', 'default': 'halo'} utils.validate(keyword, schema) result = Stubs.getTweets(request, keyword, ) if type(result) is tuple: result, headers, status = result else: headers = {} status = 200 # The result may contain fields with date or datetime values that will not # pass JSON validation. We first create the response, and then maybe validate # the response content against the schema. response = JsonResponse(result, status=status, safe=False) maybe_validate_result(response.content, self.GET_RESPONSE_SCHEMA) for key, val in headers.items(): response[key] = val return response except PermissionDenied as pd: LOGGER.exception("403") return HttpResponseForbidden("Permission Denied: {}".format(str(pd))) except ObjectDoesNotExist as dne: LOGGER.exception("404") return HttpResponseNotFound("Not Found: {}".format(str(dne))) except ValidationError as ve: LOGGER.exception("400") return HttpResponseBadRequest("Parameter validation failed: {}".format(ve.message)) except ValueError as ve: LOGGER.exception("400") return HttpResponseBadRequest("Parameter validation failed: {}".format(ve)) except Exception as e: LOGGER.exception("500") return JsonResponse(str(e), status=500, safe=False)
def test_email_validator(self): for email, is_valid, description in self.test_cases: with self.subTest(email=email, is_valid=is_valid, description=description): errors = validate(data={"email": email}, validators=base_registration_validators) email_errors = errors.get("email") if is_valid: self.assertIsNone(email_errors, description) else: self.assertIsNotNone(email_errors, description)
def post(self, request, code=None, case_id=None, *args, **kwargs): # noqa: C901 self.default_session(request) redirect_postfix = f"{code}/{case_id}/" if code and case_id else "" request.session["registration"].update(request.POST.dict()) errors = validate(request.session["registration"], registration_validators) if request.session["registration"].get("password") != request.session[ "registration"].get("password_confirm"): errors["password_confirm"] = "Passwords do not match" if not request.session["registration"].get("email"): errors["email"] = "Email is required" if not errors: session_reg = request.session.get("registration", {}) if (session_reg.get("code") and session_reg.get("case_id") and session_reg.get("confirm_invited_org") is True): invitee_sec_group = get(request.session["registration"], "invite/organisation_security_group") if invitee_sec_group == SECURITY_GROUP_THIRD_PARTY_USER: # Use the third party invitee's organisation organisation_id = get(request.session["registration"], "invite/contact/organisation/id") else: organisation_id = get(request.session["registration"], "invite/organisation/id") organisation = self.trusted_client.get_organisation( organisation_id=organisation_id) field_map = { "id": "organisation_id", "name": "organisation_name", "address": "organisation_address", } out = {} organisation_country_code = get(organisation, "country/code") if organisation_country_code: out["organisation_country_code"] = organisation_country_code out["uk_company"] = "yes" if organisation_country_code == "GB" else "no" for field, value in organisation.items(): out_field = field_map.get(field) or field out[out_field] = value self.update_session(request, out) if organisation_country_code: return redirect("/accounts/register/3/") return redirect("/accounts/register/2/") elif (session_reg.get("code") and session_reg.get("case_id") and not session_reg.get("confirm_invited_org")): return redirect(f"/accounts/register/2/{redirect_postfix}") return redirect("/accounts/register/2/") return redirect(f"/accounts/register/{redirect_postfix}?error")
def test_password_validator(self): for password, is_valid, description in self.password_validation_test_cases: with self.subTest(password=password, is_valid=is_valid, description=description): errors = validate(data={"password": password}, validators=registration_validators) password_errors = errors.get("password") if is_valid: self.assertIsNone(password_errors) else: self.assertIsNotNone(password_errors)
def post(self, request, code=None, case_id=None, *args, **kwargs): redirect_postfix = f"{code}/{case_id}/" if code and case_id else "" if "registration" not in request.session: return redirect(f"/accounts/register/{redirect_postfix}") self.update_session(request, request.POST.dict()) errors = validate(request.session["registration"], self.validators) if not errors: return redirect(f"/accounts/register/5/{redirect_postfix}") else: request.session["registration"]["errors"] = errors request.session.modified = True return redirect(f"/accounts/register/4/{redirect_postfix}")
def post(self, request, code=None, case_id=None, *args, **kwargs): redirect_postfix = f"{code}/{case_id}/" if code and case_id else "" if "registration" not in request.session: return redirect(f"/accounts/register/{redirect_postfix}") self.update_session(request, request.POST.dict()) request.session["registration"].pop("errors", None) # Clear existing errors = validate(request.session["registration"], self.validators) or {} if get(request.session["registration"], "uk_company") == "no": errors.update( validate(request.session["registration"], self.country_validator) or {}) if not errors: next_page = ("5" if request.session["registration"].get( "same_contact_address") == "yes" else "4") return redirect( f"/accounts/register/{next_page}/{redirect_postfix}") else: request.session["registration"]["errors"] = errors request.session.modified = True return redirect(f"/accounts/register/3/{redirect_postfix}")
def post(self, request, code=None, case_id=None, *args, **kwargs): # noqa: C901 redirect_postfix = f"{code}/{case_id}/" if code and case_id else "" if "registration" not in request.session: return redirect("/accounts/register/") self.update_session(request, request.POST.dict()) # prepend http to the url if not provided _website = request.session["registration"].get("organisation_website") if _website and not _website.startswith("http"): request.session["registration"][ "organisation_website"] = "http://" + _website request.session.modified = True errors = validate(request.session["registration"], self.validators) if not errors: if "countries" in request.session["registration"]: del request.session["registration"]["countries"] if all([ bool(request.session["registration"].get(key)) for key in self.required_fields ]): session_reg = request.session["registration"] response = self.trusted_client.register_public(**session_reg) if response.get("success"): request.session.modified = True if settings.AUTO_LOGIN: auth_response = self.trusted_client.authenticate( session_reg["email"], session_reg["password"]) if auth_response: if auth_response.get("needs_verify"): request.session["registration"] = {} return redirect("/email/verify/") elif auth_response.get("token"): request.session.clear() request.session["token"] = auth_response[ "token"] request.session["user"] = auth_response["user"] return redirect("/dashboard/?welcome=true") else: request.session["registration"]["errors"] = response.get( "error") request.session.modified = True return redirect(f"/accounts/register/5/{redirect_postfix}")
def post(self, request, *args, **kwargs): # noqa: C901 email = request.POST.get("email") password = request.POST.get("password") code = request.POST.get("code") short_code = request.POST.get("short_code") case_id = request.POST.get("case_id") errors = validate({"email": email, "password": password}, base_registration_validators) if errors: request.session["errors"] = errors return redirect("/accounts/login/?error") try: response = self.trusted_client.authenticate( email, password, user_agent=request.META["HTTP_USER_AGENT"], ip_address=request.META["REMOTE_ADDR"], code=code, case_id=case_id, ) if response and response.get("token"): # TODO: Temporary application state initialisation request.session.clear() request.session["application"] = {} # TODO: Tmp app state end # Force 2fa for every public login request.session["force_2fa"] = True request.session["token"] = response["token"] request.session["user"] = response["user"] request.session["version"] = response.get("version") redirection_url = request.POST.get("next") or "/dashboard/" if len(request.session["user"].get("organisations", [])) == 1: request.session["organisation_id"] = request.session["user"]["organisations"][ 0 ]["id"] request.session.modified = True request.session.cycle_key() return internal_redirect(redirection_url, "/dashboard/") else: if case_id and code: return redirect(f"/accounts/login/{code}/{case_id}/?error=t") elif short_code: return redirect(f"/accounts/login/?error=t&short_code={short_code}") else: return redirect("/accounts/login/?error=t") except Exception as exc: detail = "" if hasattr(exc, "response"): try: if exc.response.status_code == 401: try: detail = exc.response.json().get("detail") except Exception: detail = """You have entered an incorrect email address or password. Please try again or click on the Forgotten password link below.""" else: response = exc.response.json() detail = response.get("detail") except json.decoder.JSONDecodeError: detail = exc.response.text else: detail = str(exc) request.session["errors"] = {"email": detail} request.session.modified = True if case_id and code: return redirect(f"/accounts/login/{code}/{case_id}/?error") else: return redirect("/accounts/login/?error")
def maybe_validate_result(result_string, schema): if VALIDATE_RESPONSES: try: utils.validate(json.loads(result_string, encoding="utf8"), schema) except ValidationError as e: LOGGER.error(e.message)