def timestampsigner_test():
from django.core.signing import TimestampSigner
signer = TimestampSigner()
value = signer.sign('hello')
print(value)
original = signer.unsign(value)
print(original)
original = signer.unsign(value, max_age=10)
print(original)
def reset(request, token=None):
error_message = None
signer = TimestampSigner()
reset_token_form = ResetTokenForm(request.POST or None)
# Token not passed through URL parameter.
if token is None and reset_token_form.is_valid():
token = reset_token_form.cleaned_data['token']
if token is not None:
encrypted_token = None
# The token might be a shortcode. First try to look up a matching shortcode.
try:
shortcode = TextMessageShortCode.objects.get(code=token)
encrypted_token = shortcode.token
except TextMessageShortCode.DoesNotExist:
encrypted_token = token
try:
# max_age is in seconds, so 1 hr.
psu_uuid = signer.unsign(encrypted_token, max_age=60*60)
# Verify psu_uuid, authenticate user, redirect to "new student" version of MyInfo.
user = auth.authenticate(psu_uuid = psu_uuid, request=request)
if user is not None:
auth.login(request, user)
# Now they need to reset their password.
(oam_status, _) = OAMStatusTracker.objects.get_or_create(psu_uuid = request.session['identity']['PSU_UUID'])
oam_status.set_password = False
oam_status.save()
return HttpResponseRedirect(reverse('AccountPickup:next_step'))
logger.error("service=myinfo psu_uuid={0} error=\"Password token decrypted succesfully but unable to authenticate.\"".format(psu_uuid))
error_message = "There was an internal error. Please contact the helpdesk for support."
except SignatureExpired:
udc_id = signer.unsign(token)
# Too slow!
logger.info("service=myinfo psu_uuid={0} error=password_timeout".format(udc_id))
error_message = "The password reset expired. Please try again."
except BadSignature:
logger.info("service=myinfo token={0} error=\"An invalid reset token was passed to OAM PasswordReset\"")
error_message = "There was an internal error. Please contact the helpdesk for support."
# Something went wrong, forward them back to the password reset link page.
if error_message is None:
error_message = "There was an internal error. Please contact the helpdesk for support."
logger.debug("Reached end of key signing attempt without an error message for token: {0}".format(token))
return render(request, 'PasswordReset/verification.html', {'form' : reset_token_form, 'error' : error_message,})
def check_token(self, request):
token = request.GET.get('token')
if token is None:
return None
original = '%s:%s' % (self.get_absolute_file_url(), token)
signer = TimestampSigner()
try:
signer.unsign(original, max_age=settings.FOI_MEDIA_TOKEN_EXPIRY)
except SignatureExpired:
return None
except BadSignature:
return False
return True
def check_token(self, request):
token = request.GET.get('token')
if token is None:
return None
original = '%s:%s' % (self.get_absolute_file_url(), token)
signer = TimestampSigner()
try:
signer.unsign(original, max_age=settings.FOI_MEDIA_TOKEN_EXPIRY)
except SignatureExpired:
return None
except BadSignature:
return False
return True
def faculty_schedule(request, name, token):
token_full = name + ':' + token
signer = TimestampSigner()
try:
signer.unsign(token_full, max_age=5 * 60 * 5)
faculty_pk = int(name.split('_')[-1])
fac = Faculty.objects.filter(pk=faculty_pk)[0]
fac_sch = FacultySchedule.objects.filter(faculty=fac)
if request.method == 'POST':
for s in fac_sch:
s.delete()
# adding updated entries
for day in DAYS:
day = day[0]
hours = request.POST.getlist(day)
if hours:
for hour in hours:
sch = FacultySchedule(faculty=fac,
day=day,
hour=int(hour))
sch.save()
messages.add_message(request, messages.SUCCESS,
"Schedule updated successfully!")
return redirect(reverse('home'))
elif request.method == 'GET':
schedule_dict = {}
for day in DAYS:
day = day[0]
day_schedule = fac_sch.filter(day=day)
if day_schedule:
schedule_dict[str(day)] = [i.hour for i in day_schedule]
schedule_json = json.dumps(schedule_dict)
return render(
request, 'members/faculty_schedule_change.html', {
'member_slots': get_free_slots_context('member'),
'faculty_slots': schedule_json,
'title': "Weekly schedule update",
'token': token,
'name': name
})
except (BadSignature, SignatureExpired):
raise Http404
def upload_finalize(request: Request) -> HttpResponseBase:
name: str = request.data['name']
status: str = request.data['status']
object_id: str = request.data['id']
upload_sig: str = request.data['signature']
# check if upload_prepare signed this less than max age ago
tsigner = TimestampSigner()
if object_id != tsigner.unsign(upload_sig,
max_age=settings.JOIST_UPLOAD_DURATION):
raise BadSignature()
signals.joist_upload_finalize.send(sender=upload_finalize,
name=name,
status=status,
object_key=object_id)
signer = Signer()
sig = signer.sign(object_id)
# can be one of aborted|uploaded
# TODO move file to where it belongs and return the new name
return JsonResponse({
'name': name,
'status': status,
'id': object_id,
'signature': sig
})
def get_access_token(self, code, state, status):
if status != "PARTIALLY_AUTHENTICATED":
raise Exception('Accountkit could not authenticate the user')
try:
signer = TimestampSigner()
csrf = signer.unsign(state)
except BadSignature:
raise Exception('Invalid request')
# Exchange authorization code for access token
token_url = 'https://graph.accountkit.com/%s/access_token' % self.api_version
params = {
'grant_type':
'authorization_code',
'code':
code,
'access_token':
'AA|%s|%s' % (self.facebook_app_id, self.accountkit_secret)
}
res = requests.get(token_url, params=params)
token_response = res.json()
if 'error' in token_response:
raise Exception('This authorization code has been used')
return token_response.get('access_token')
def _wrapped_view(request, *args, **kwargs):
signer = TimestampSigner()
user = request.user
vid = request.data.get('email_verify_code')
try:
value = signer.unsign(
vid,
max_age=timedelta(minutes=settings.VERIFY_EMAIL_MAX_AGE))
except SignatureExpired:
return Response({'detail': 'Signature expired.'},
status=status.HTTP_403_FORBIDDEN)
except BadSignature:
return Response({'detail': 'Bad signature.'},
status=status.HTTP_403_FORBIDDEN)
if value != user.username:
return Response({'detail': 'Mismatch signature.'},
status=status.HTTP_403_FORBIDDEN)
if not user.email_verified:
user.email_verified = True
user.save()
return func(request, *args, **kwargs)
def lookup(self, signed):
if signed is None:
raise NonceException(_('Токен не указан.'))
signer = TimestampSigner()
try:
payload = signer.unsign(signed, max_age=NONCE_MAX_AGE)
except SignatureExpired:
raise NonceException(_('Токен устарел.'))
except BadSignature:
raise NonceException(_('Токен неверный.'))
nonce, user_id = payload.split('|')
user_klass = get_user_model()
user = user_klass.objects.get(pk=user_id) if user_id else None
nonce_list = list(self.get_queryset().filter(key=nonce)[:1])
if nonce_list:
nonce_obj = nonce_list[0]
if nonce_obj.user == user:
return nonce_obj
else:
raise NonceException(
_('Текущий пользователь не имеет доступа к токену.'))
else:
return self.model(key=nonce, user=user)
def find(request, token):
try:
signer = TimestampSigner(key=request.session.session_key, sep=':')
id = b64_decode(signer.unsign(token, max_age=86400).encode('utf-8'))
return AsyncResult(id)
except:
return None
def confirmar_permiso(request):
"""
## Confirma un permiso enviado por la url
Estado=Aprobado
http://127.0.0.1:8000/confirmar/permiso/?token=4:1ay4mm:xeXW4JDTQqU3JYtVC-l_He1gT08&estado=1
Estado=No Aprobado
http://127.0.0.1:8000/confirmar/permiso/?token=4:1ay4mm:xeXW4JDTQqU3JYtVC-l_He1gT08&estado=0
La utilidad de esta liibreria es para otorgar un permiso via email
"""
token_mail = request.GET.get("token")
estado = True if request.GET.get("estado") == "1" else False
print estado
print token_mail
signer = TimestampSigner(salt="4g3t1c")
try:
pk_dpermiso = signer.unsign(token_mail, max_age=3600*1)
designacion_permiso = DesignacionPermiso.objects.filter(pk=pk_dpermiso, token_mail=token_mail, token_confirmation_date__isnull=True)
if designacion_permiso:
designacion_permiso.update(aprobado=estado, token_confirmation_date=timezone.now())
return HttpResponse("El permiso fue aprobado satisfactoriamente")
else:
return HttpResponse("El permiso ya fue confirmado")
except signing.SignatureExpired:
return HttpResponse("La clave del mensaje a expirado")
except signing.BadSignature:
return HttpResponse("Firma de Mensaje Incorrecto")
def parse_invitation_token(token):
signer = TimestampSigner()
try:
payload = signer.unsign(token, max_age=settings.WALDUR_CORE['INVITATION_MAX_AGE'])
except BadSignature:
raise serializers.ValidationError('Invalid signature.')
parts = payload.split('.')
if len(parts) != 2:
raise serializers.ValidationError('Invalid payload.')
user_uuid = parts[0]
invitation_uuid = parts[1]
if not core_utils.is_uuid_like(user_uuid):
raise serializers.ValidationError('Invalid user UUID.')
try:
user = core_models.User.objects.filter(uuid=parts[0], is_active=True, is_staff=True).get()
except core_models.User.DoesNotExist:
raise serializers.ValidationError('Invalid user UUID.')
if not core_utils.is_uuid_like(invitation_uuid):
raise serializers.ValidationError('Invalid invitation UUID.')
try:
invitation = models.Invitation.objects.get(uuid=parts[1], state=models.Invitation.State.REQUESTED)
except models.Invitation.DoesNotExist:
raise serializers.ValidationError('Invalid invitation UUID.')
return user, invitation
def get_object(self):
try:
signer = TimestampSigner()
member = self.queryset.get(
pk=signer.unsign(self.kwargs['pk'], max_age=timedelta(
hours=2)))
if member.is_active:
raise ValidationError({
'id':
_('The link to activate your account has already been used.'
)
})
return member
except SignatureExpired:
raise ValidationError({
'id':
_('The link to activate your account has expired. Please sign up again.'
)
})
except BadSignature:
raise ValidationError({
'id':
_('Something went wrong on our side. Please sign up again.')
})
def post(self, request):
errors = []
fatal = False
token = request.data.get('token')
password = request.data.get('password')
if not token:
errors.append('Invalid reset token.')
fatal = True
if not password:
errors.append('No password provided.')
signer = TimestampSigner(salt=settings.RESET_SALT)
if token:
try:
user_uuid = signer.unsign(token,
max_age=settings.RESET_TOKEN_LENGTH)
except BadSignature:
errors.append(
'Can not reset password because the reset link used was invalid.'
)
fatal = True
if len(errors) == 0:
# set password
user = PFBUser.objects.get(uuid=user_uuid)
user.set_password(password)
user.save()
return Response({'status': 'Success'})
else:
return Response({
'errors': errors,
'fatal': fatal
}, status.HTTP_400_BAD_REQUEST)
def _check_csrf(self, state):
signer = TimestampSigner()
if state is None:
state = ""
try:
state = signer.unsign(state, max_age=300)
except BadSignature:
logger.debug("state has been tempered with")
state = ""
except SignatureExpired:
logger.debug("state has expired")
state = ""
checks = (
re.search("[a-zA-Z0-9]", state),
len(state) == CSRF_TOKEN_LENGTH,
)
# validate state parameter
if not all(checks):
logger.debug("State validation failed:")
logger.debug("state: {}".format(state))
logger.debug("checks: {}".format(checks))
self.context["message"] = {"error": "bad_state"}
def validate_key(key, user):
signer = TimestampSigner(settings.SECRET_KEY)
try:
value = signer.unsign(key, max_age=settings.EMAIL_LINK_EXPIRY_DAYS)
return str(user.id) == value
except (BadSignature, SignatureExpired):
return False
def activate(self):
"""
Function will activate member with given code if it's valid and not expired.
:raises signing.BadSignature: Activation code was tampered
:raises signing.SignatureExpired: Activation code has expired after 48h
:raises ValidationError: The member was already activated
:return: None
"""
if self.activation_code == '':
raise ValidationError('The member is already activated')
signer = TimestampSigner()
signer.unsign(self.activation_code, max_age=timedelta(days=2))
self.hidden = False
self.activation_code = ''
self.joined_date = timezone.now()
self.save()
def check_validation(request):
"""Function"""
username = request.POST.get('username')
idcheck = User.objects.filter(username__iexact=username).exists()
code = request.POST.get('code')
email = request.POST.get('email')
signer = TimestampSigner()
msg = ''
result = False
try:
value = signer.unsign(code, max_age=180)
code_check = value == email
if idcheck:
msg = u"이미 존재하는 아이디입니다."
elif not code_check:
msg = u"인증코드가 잘못되었습니다."
else:
result = True
except:
msg = u"인증코드가 잘못되었습니다."
data = {
'result': result,
'msg': msg,
}
return JsonResponse(data)
def check_token(request, answer, token):
payload = hashlib.sha1('{}:{}'.format(request.session.session_key, answer.pk).encode()).hexdigest()
signer = TimestampSigner()
try:
return payload == signer.unsign(token, max_age=3600 * 24)
except BadSignature:
return False
def sign_up(request):
"""Function"""
if request.method == "POST":
userform = RegistrationForm(request.POST)
if userform.is_valid():
userform.save(commit=False)
email = userform.cleaned_data['email']
code = userform.cleaned_data['code']
signer = TimestampSigner()
try:
value = signer.unsign(code, max_age=86400)
id_check = value == email
if (id_check):
msg = u"가입성공.<br><a href=%s>로그인</a>" % reverse_lazy('login')
userform.save()
else:
msg = u"인증코드를 확인해 주세요."
except:
msg = u"인증코드를 확인해 주세요.."
else:
msg = u"회원가입 오류.<br>아이디를 확인해 주세요."
return HttpResponse(msg)
elif request.method == "GET":
userform = RegistrationForm()
return render(
request,
"accounts/signup.html",
{
'userform': userform,
}
)
def find(request, token):
try:
signer = TimestampSigner(key=request.session.session_key, sep=':')
id = b64_decode(signer.unsign(token, max_age=86400).encode('utf-8'))
return AsyncResult(id)
except:
return None
def get(self, request, *args, **kwargs):
if self.request.session.has_key(
'checkout_order_id'
) and self.request.session['checkout_order_id']:
# If we've already completed a checkout session, just redirect to confirmation.
return HttpResponseRedirect(self.get_success_url())
signer = TimestampSigner()
try:
order_number = signer.unsign(request.GET.get('order_number', ''),
max_age=3600)
except BadSignature:
# The URL has been tampered with, push out to the success page without
# modifying the session context
return HttpResponseBadRequest()
# Flush all session data
self.checkout_session.flush()
# Save order id in session so thank-you page can load it
order = Order.objects.get(number=order_number)
self.request.session['checkout_order_id'] = order.id
response = HttpResponseRedirect(self.get_success_url())
self.send_signal(self.request, response, order)
return response
def lookup(self, signed):
if signed is None:
raise NonceException("No nonce was provided.")
signer = TimestampSigner()
try:
payload = signer.unsign(signed, max_age=NONCE_MAX_AGE)
except BadSignature:
raise NonceException("The nonce signature was invalid.")
except SignatureExpired:
raise NonceException("The nonce has expired.")
nonce, user_id = payload.split(":")
User = get_user_model()
user = User.objects.get(pk=user_id) if user_id else None
nonce_list = list(Nonce.objects.filter(key=nonce)[:1])
if nonce_list:
nonce_obj = nonce_list[0]
if nonce_obj.user == user:
return nonce_obj
else:
raise NonceException("The current user does not have access to the specified nonce.")
else:
return Nonce(key=nonce, user=user)
def find(request, token):
try:
signer = TimestampSigner(key=request.session.session_key, sep=':')
id = b64_decode(signer.unsign(token, max_age=Task.TIMEOUT).encode('utf-8'))
return Task.status(id)
except:
return None
def verify_email(self, code):
if code:
signer = TimestampSigner()
try:
code = code.encode('utf-8')
max_age = datetime.timedelta(
days=settings.VERIFICATION_CODE_EXPIRED).total_seconds()
code = force_bytes(code)
code = b64_decode(code)
code = code.decode()
email = signer.unsign(code, max_age=max_age)
user = StdUser.objects.get(**{
StdUser.USERNAME_FIELD: email,
'is_active': False
})
user.is_active = True
user.code = "None code"
user.save()
return True, ('Your account has been activated.')
except (BadSignature, StdUser.DoesNotExist, TypeError,
UnicodeDecodeError):
raise ValueError('Error')
return False, (
'Activation link is incorrect, please resend request')
else:
raise ValueError('No code')
def lookup(self, signed):
if signed is None:
raise NonceException("No nonce was provided.")
signer = TimestampSigner()
try:
payload = signer.unsign(signed, max_age=NONCE_MAX_AGE)
except BadSignature:
raise NonceException("The nonce signature was invalid.")
except SignatureExpired:
raise NonceException("The nonce has expired.")
nonce, user_id = payload.split(":")
User = get_user_model()
user = User.objects.get(pk=user_id) if user_id else None
nonce_list = list(Nonce.objects.filter(key=nonce)[:1])
if nonce_list:
nonce_obj = nonce_list[0]
if nonce_obj.user == user:
return nonce_obj
else:
raise NonceException("The current user does not have access to the specified nonce.")
else:
return Nonce(key=nonce, user=user)
def userdeny(request):
signer = TimestampSigner()
try:
signed_data = request.POST.get("signed_app_data")
raw_data_str = signer.unsign(signed_data, max_age=300)
except:
response = PrettyJsonResponse({
"ok":
False,
"error": ("The signed data received was invalid."
" Please try the login process again. "
"If this issue persists, please contact support.")
})
response.status_code = 400
return response
try:
data = json.loads(raw_data_str)
except:
response = PrettyJsonResponse({
"ok":
False,
"error": ("The JSON data was not in the expected format."
" Please contact support.")
})
response.status_code = 400
return response
# We can trust this value because it came from a signed dictionary
app = App.objects.get(client_id=data["client_id"])
state = data["state"]
redir = "{}?result=denied&state={}".format(app.callback_url, state)
# Now check if a token has been granted in the past. If so, invalidate it.
# There shouldn't be a situation where more than one user/app token pair
# exists but, just in case, let's invalidate them all.
try:
users = User.objects.filter(employee_id=data["user_upi"])
user = users[0]
except (User.DoesNotExist, KeyError):
response = PrettyJsonResponse({
"ok":
False,
"error":
"User does not exist. This should never occur. "
"Please contact support."
})
response.status_code = 400
return response
tokens = OAuthToken.objects.filter(app=app, user=user)
for token in tokens:
token.active = False
token.save()
# Send the user to the app's denied permission page
return redirect(redir)
def parse_token(self, token):
signer = TimestampSigner()
try:
return signer.unsign(token, max_age=259200)
except BadSignature:
raise ValidationError({'token': ['Link invalido']})
except SignatureExpired:
raise ValidationError({'token': ['Link scaduto']})
def find(request, token):
try:
signer = TimestampSigner(key=request.session.session_key, sep=':')
id = b64_decode(
signer.unsign(token, max_age=Task.TIMEOUT).encode('utf-8'))
return Task.status(id)
except:
return None
def check_token(request, answer, token):
payload = hashlib.sha1('{}:{}'.format(request.session.session_key,
answer.pk).encode()).hexdigest()
signer = TimestampSigner()
try:
return payload == signer.unsign(token, max_age=3600 * 24)
except BadSignature:
return False
def validateCode(self, app, action, captcha):
timeSigner = TimestampSigner(salt=app)
try:
if action == timeSigner.unsign(captcha, self.maxAge):
return True
except Exception:
pass
return False
def unsign_acode(acodestr):
signer = TimestampSigner(salt=salt)
try:
code = signer.unsign(acodestr, max_age=(3600 * 24 * 14))
except:
print('invalid acode')
code = None
return code
def sign_up(request):
"""Sign up"""
if request.method == "POST":
userform = RegistrationForm(request.POST)
if userform.is_valid():
userform.save(commit=False)
username = userform.cleaned_data['username']
q = Q(username__iexact=username) | Q(first_name__iexact=username)
if User.objects.filter(q).exists() or \
len(username) < settings.ID_MIN_LENGTH or \
len(username) > settings.ID_MAX_LENGTH:
errormsg = _('Please check username.')
return error_page(request, errormsg)
if settings.ENABLE_NICKNAME:
nick = userform.cleaned_data['first_name']
if nick:
q = Q(username__iexact=nick) | Q(first_name__iexact=nick)
if User.objects.filter(q).exists() or \
len(nick) < settings.NICKNAME_MIN_LENGTH or \
len(nick) > settings.NICKNAME_MAX_LENGTH:
errormsg = _('Please check nickname.')
return error_page(request, errormsg)
code = userform.cleaned_data['code']
email = userform.cleaned_data['email']
signer = TimestampSigner()
try:
value = signer.unsign(
code, max_age=settings.VERIFICATION_CODE_VALID)
code_check = value == email
if code_check:
userform.save()
return render(
request,
"accounts/join.html",
)
else:
errormsg = _('Verification failure. Please check verification code again.')
except:
errormsg = _('Verification failure. Please check verification code again.')
else:
errormsg = _('Sorry. Please try again later.')
return error_page(request, errormsg)
elif request.method == "GET":
userform = RegistrationForm()
return render(
request,
"accounts/signup.html",
{
'userform': userform,
}
)
def _token2user_id(self, token):
signer = TimestampSigner()
try:
# 如果加上max_age就可以控制登录有效时长
max_age = 12 * 60 * 60
user_id = signer.unsign(token, max_age=max_age)
except SignatureExpired as e:
raise errors.LoginExpireError
return int(user_id)
def get_local_file_path_id_from_token(token: str) -> Optional[str]:
signer = TimestampSigner(salt=LOCAL_FILE_ACCESS_TOKEN_SALT)
try:
signed_data = base64.b16decode(token).decode("utf-8")
path_id = signer.unsign(signed_data, max_age=timedelta(seconds=60))
except (BadSignature, binascii.Error):
return None
return path_id
def find_temporary_file(token):
signer = TimestampSigner(sep=':')
filename, attachment_filename, mimetype = b64_decode(signer.unsign(
token, max_age=TEMPORARY_FILE_TTL).encode('utf-8')).split(',')
return (
secure_join(settings.MEDIA_ROOT, 'temporary', filename),
attachment_filename,
mimetype,
)
def reset_password(cls, signature: str, new_password: str) -> None:
signer = TimestampSigner()
try:
user_pk = signer.unsign(signature, max_age=settings.AWESOME_RESET_PASSWORD_EXPIRATION_DELTA)
user = UserAccount.objects.active().get(pk=user_pk)
except (SignatureExpired, BadSignature, UserAccount.DoesNotExist) as e:
raise InvalidResetPasswordSignatureError(gettext("Invalid confirmation code or user does not exist")) from e
else:
cls.change_password(user, new_password)
def decryption(self, *args, **kwargs):
time_stamp = TimestampSigner()
data = kwargs.pop('data', None)
try:
data = time_stamp.unsign(data, max_age=3600)
data = signing.loads(data)
except Exception as e:
print(e)
return data
def restore_password(self, inp):
key = self.user.username + ":" + inp
signer = TimestampSigner()
try:
x = signer.unsign(key, max_age=60*5)
if x == self.user.username:
return True
except (SignatureExpired, BadSignature):
pass
return False
def unsign_user_id(b64_user_id, max_age=None):
try:
id_signer = TimestampSigner()
unencoded_user_id = base64.urlsafe_b64decode(b64_user_id.encode('utf-8')).decode('utf-8')
signed = id_signer.unsign(unencoded_user_id, max_age)
return signed.split(':', 1)[0]
except Exception as e:
print(e)
return None
def advanced_click_register(request, ad_identifier):
signer = TimestampSigner()
try:
ad_pk = signer.unsign(ad_identifier)
except BadSignature:
raise Http404
advert = get_object_or_404(Advertisement, pk=ad_pk)
advert.clicked()
return HttpResponseRedirect(advert.url)
def get(self, request, *args, **kwargs):
signer = TimestampSigner()
try:
ad_pk = signer.unsign(kwargs["ad_identifier"])
except BadSignature:
raise Http404
advert = get_object_or_404(Advertisement, pk=ad_pk)
advert.clicked()
return HttpResponseRedirect(advert.url)
def dispatch(self, request, *args, **kwargs):
'''
'''
signer = TimestampSigner()
try:
value = request.get_signed_cookie('recovery_key')
self.value = signer.unsign(value, max_age=self.max_age)
except:
return HttpResponseForbidden('This page is expired')
else:
return super(SetNewPassword, self).dispatch(request, *args, **kwargs)
def is_valid(self):
if self.force_expiry:
return False
signer = TimestampSigner()
try:
username = signer.unsign(self.token, max_age=self.expiry_seconds)
except (BadSignature, SignatureExpired):
return False
return username == self.user.username
def returned_wrapper(request, *args, **kwargs):
if request.method == "POST":
code = request.POST.get('code', None)
if code is None:
code = request.GET.get('code', None)
else:
code = request.GET.get('code', None)
if code:
value = base64.b64decode(code)
signer = TimestampSigner()
try:
username = signer.unsign(value, ONE_DAY)
INFO_LOG.info(gen_info_msg(request, action='链接正常', code_url=request.path, valid=True, username=username))
return func(request, *args, **kwargs)
except (SignatureExpired, BadSignature, TypeError), e:
username = signer.unsign(value)
if isinstance(e, SignatureExpired):
messages.error(request, '链接已失效')
INFO_LOG.info(gen_info_msg(request, action=u'链接已失效', code_url=request.path, valid=False, username=username))
elif isinstance(e, BadSignature):
messages.error(request, '链接被篡改')
INFO_LOG.info(gen_info_msg(request, action=u'链接被篡改', code_url=request.path, valid=False, username=username))
return HttpResponseRedirect(settings.LOGIN_URL)
def get(self, request, *args, **kwargs):
verify_val = kwargs['pk']
signer = TimestampSigner()
try:
value = signer.unsign(verify_val, max_age=timedelta(seconds=100))
except SignatureExpired:
msg = u'验证过期, 重新验证'
return render(request, self.template_name, {'msg': msg})
else:
pass
pk = int(value)
user = get_object_or_404(User, pk=pk)
personinfo = user.personinfo
personinfo.auth_mail = True
personinfo.save()
msg = u'验证通过'
return render(request, self.template_name, {'msg': msg})
def login(request, signature):
"""
Automatically logs in a user based on a signed PK of a user object. The
signature should be generated with the `login` management command.
The signature will only work for 60 seconds.
"""
signer = TimestampSigner()
try:
pk = signer.unsign(signature, max_age=MAX_AGE_OF_SIGNATURE_IN_SECONDS)
except (BadSignature, SignatureExpired) as e:
return HttpResponseForbidden("Can't log you in")
user = get_object_or_404(get_user_model(), pk=pk)
# we *have* to set the backend for this user, so we just use the first one
user.backend = settings.AUTHENTICATION_BACKENDS[0]
django_login(request, user)
return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def get(self, request, activation_key, *args, **kwargs):
signer = TimestampSigner()
expiration = get_configuration("QS_SIGNUP_TOKEN_EXPIRATION_DAYS")
try:
username = signer.unsign(activation_key, max_age=expiration * SECONDS_IN_DAY)
except (BadSignature, SignatureExpired):
return super().get(request, *args, **kwargs)
user_model = get_user_model()
try:
user = user_model.objects.activate(username)
except user_model.DoesNotExist:
return super().get(request, *args, **kwargs)
if user.is_active:
user_activated.send(sender=self.__class__, user=user, request=request)
if get_configuration("QS_SIGNUP_AUTO_LOGIN"):
self._login_user(request, user)
return redirect(self.get_success_url())
class AuthKey(object):
"""Command authorisation key class."""
def __init__(self, value=None):
"""Initialise new AuthKey instance."""
self.signer = TimestampSigner(salt="auth")
self._data = {
'clear': value,
'signed': self.signer.sign(value)
}
@property
def clear(self):
"""Get cleartext key value."""
return self._data['clear']
@property
def signed(self):
"""Get cyphertext key value."""
return self._data['signed']
def validate(self, key, life=None):
"""Validate key value."""
if not life and settings.LIFETIME:
life = settings.LIFETIME
try:
clear = self.signer.unsign(key, max_age=life)
except SignatureExpired as e:
raise KeyValidityExpired("{}".format(e))
if self.clear == clear:
return True
else:
raise KeyValueMismatchError(keyval=clear, refval=self.clear)
def __str__(self):
"""Return string representation."""
return self.signed
def __unicode__(self):
"""Return string representation."""
return self.__str__() # pragma: no cover
def edit(request, signed_id):
signer = TimestampSigner()
try:
id = signer.unsign(signed_id, max_age=30 * 60) # 30 minutes
member = Member.objects.get(pk=id)
except (BadSignature, SignatureExpired, Member.DoesNotExist):
return render(request, "members/edit_failed.html")
member_form = MemberForm(instance=member)
email_form = MemberEmailEditForm(instance=member)
if request.method == "POST":
if "edit_member" in request.POST:
member_form = MemberForm(request.POST, instance=member)
if member_form.is_valid():
member_form.save()
messages.success(request, "Jäsentiedot tallennettu.")
return HttpResponseRedirect(request.get_full_path())
else:
messages.error(request, "Korjaa jäsentiedoissa esiintyvät virheet.")
elif "edit_email" in request.POST:
email_form = MemberEmailEditForm(request.POST, instance=member)
if email_form.is_valid():
email_form.save()
messages.success(request, u"Syöttämääsi sähköpostiosoitteeseen %s lähetettiin vahvistusviesti, \
josta löytyvää linkkiä sinun tulee käydä klikkaamassa vahvistaaksesi muutoksen." % email_form.cleaned_data["email"])
return HttpResponseRedirect(request.get_full_path())
else:
messages.error(request, "Korjaa virheet.")
try:
latest_invoice = member.invoices.latest()
except Invoice.DoesNotExist:
latest_invoice = None
return render(request, "members/edit.html", {"member": member,
"member_form": member_form,
"email_form": email_form,
"latest_invoice": latest_invoice,
'invoices': member.invoices.all() })
def activate_account(request, token):
signer = TimestampSigner(salt='account activation', sep='.')
try:
user_id = int(signer.unsign(token, 8 * 60 * 60))
user = User.objects.get(id=user_id)
except (TypeError, ValueError, OverflowError, User.DoesNotExist,
BadSignature, SignatureExpired) as e:
user = None
if user is not None:
user.is_active = True
user.save()
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
messages.info(request, _("Your account is active! You may now participate on the site."))
return redirect('osnap_front_page')
else:
return render(request, "osnap/accounts/done.html", {
"action": "bad link"
})
def get(self, request, *args, **kwargs):
if self.request.session.has_key('checkout_order_id') and self.request.session['checkout_order_id']:
# If we've already completed a checkout session, just redirect to confirmation.
return HttpResponseRedirect(self.get_success_url())
signer = TimestampSigner()
try:
order_number = signer.unsign(request.GET.get('order_number', ''), max_age=3600)
except BadSignature:
# The URL has been tampered with, push out to the success page without
# modifying the session context
return HttpResponseBadRequest()
# Flush all session data
self.checkout_session.flush()
# Save order id in session so thank-you page can load it
order = Order.objects.get(number=order_number)
self.request.session['checkout_order_id'] = order.id
response = HttpResponseRedirect(self.get_success_url())
self.send_signal(self.request, response, order)
return response
def caja(request, problem_id=None, authToken=None):
signer = TimestampSigner()
if request.GET.get('type') == 'getToken':
value = signer.sign(binascii.b2a_hex(os.urandom(15)))
return HttpResponse("/publicproblem/" + request.GET.get('id') + "/" + value)
if authToken is None:
value = signer.sign(binascii.b2a_hex(os.urandom(15)))
publicProblem = PublicProblem.objects.get(pk=problem_id)
verifiedByUser = False
if publicProblem.verifiedBy1 is not None and publicProblem.verifiedBy1 == request.user:
verifiedByUser = True
elif publicProblem.verifiedBy2 is not None and publicProblem.verifiedBy2 == request.user:
verifiedByUser = True
elif publicProblem.verifiedBy3 is not None and publicProblem.verifiedBy3 == request.user:
verifiedByUser = True
return render(request, "publicproblem/caja.html", {'verifiedByUser':verifiedByUser, 'request':request, 'token':value, 'id':problem_id, 'author':publicProblem.author.username, 'problem':publicProblem})
else:
try:
if settings.DEBUG == True:
original = signer.unsign(authToken[1:])
else:
original = signer.unsign(authToken[1:], max_age=5)
except signing.BadSignature:
return HttpResponse("incorrect token")
publicProblem = PublicProblem.objects.get(pk=problem_id)
if publicProblem.title.startswith('temporary-problem-'):
if publicProblem.title != 'temporary-problem-' + request.user.username:
return HttpResponse("you don't have permission to view this problem")
randomList = re.findall(r"(r\d+)", publicProblem.text)
randomSet = set(randomList)
publicProblem.text = re.sub(r'<span class="math-tex">(.+?)</span>', r"\1", publicProblem.text)
publicProblem.text = re.sub(r'\\', r'\\\\', publicProblem.text)
tempString = ""
tempAssignValues = ""
tempReplaceDivs = ""
tempReplaceReg = ""
for counter, s in enumerate(randomSet):
tempString += "var " + s + " = {};\n"
tempString += "tempArray.push(" + s + ");\n"
tempAssignValues += s + " = tempArray[%d].value;\n" % counter
tempReplaceDivs += "elementList = document.querySelectorAll('." + s + "'); for(var i=0; i < elementList.length;i++){elementList[i].innerHTML = tempArray[%d].value;\n" % counter
tempReplaceReg += "tempString = tempString.replace(/" + s + "/g, tempArray[%d].value.toString());\n" % counter
publicProblem.replaceReg = tempReplaceReg
publicProblem.replaceDivs = tempReplaceDivs
publicProblem.assignValues = tempAssignValues
publicProblem.vars = tempString
publicProblem.numRandom = len(randomSet)
publicProblem.authorName = publicProblem.author
#make javascript look nice in html
publicProblem.code = publicProblem.javascript.replace('\n', "<br />")
#grab all javascript variables so that we can declare them for ES5 Strict Mode compliance
publicProblem.javascript = ";" + publicProblem.javascript
variableList = re.findall(r'[((|;|\s*]([a-zA-Z_$][a-zA-Z0-9_$]*)\s*=', publicProblem.javascript)
variableSet = set(variableList)
publicProblem.variableSet = variableSet
#grab the user variable min/max configuration
publicProblem.userMinMaxLines = re.findall(r'r\d+\..*=.*;', publicProblem.javascript) #TODO we might want to also get rid of the \n characters
publicProblem.javascript = re.sub(r'r\d+\..*=.*;', r'', publicProblem.javascript) #delete user min/max lines TODO we might want to also get rid of the \n characters
context = {"publicProblem": publicProblem}
return HttpResponse(render_to_string("publicproblem/index.html", context))
class SignerField(object):
"""
Generate signature of values fields
"""
KEY = 'sign'
def __init__(self, form, data, *args):
from .forms import RelatedForm, ModelRelatedForm
assert isinstance(form, (RelatedForm, ModelRelatedForm)), \
'Parameter name of "form" is not belongs instance class of "RelatedForm" or "ModelRelatedForm"!'
self.__signer = TimestampSigner()
self.__form = form
self.__data = data
self.__sent_signature = None
self.__signature = None
if len(form.meta_signer_fields):
if dict(*args) or data:
self.__signature = self.generate_signature(dict(*args) or data)
if form.is_bound:
self.__sent_signature = dict(*args).get(SignerField.KEY)
form.fields[SignerField.KEY] = forms.CharField(widget=forms.HiddenInput())
@property
def signer(self):
return self.__signer
@property
def signature(self):
return self.__signature
def fields_values(self, data):
"""
Values of the fields that require the generation of a signature
:param data:
:return:
"""
for sf in self.__form.meta_signer_fields:
yield data.get(sf)
def combine_values(self, data):
"""
Combining the values of fields that require the generation of a signature
:param data:
:return:
"""
r = list()
# v -> Value field
for v in self.fields_values(data):
if v is None:
continue
r.append(str(v))
return '.'.join(r)
def generate_signature(self, data):
"""
Generation of signature fields
:param data:
:return:
"""
val = self.combine_values(data)
return self.__signer.sign(val) if val else None
def validate(self):
"""
Validate signature
:return bool|None:
"""
if not len(self.__form.meta_signer_fields):
return None
try:
s1 = self.__signer.unsign(self.signature)
s2 = self.__signer.unsign(self.__sent_signature)
return s1 == s2
except BadSignature:
return False
def get_username(self):
reset_token = self.kwargs["reset_token"]
signer = TimestampSigner()
expiration = get_configuration("PASSWORD_RESET_TIMEOUT_DAYS")
return signer.unsign(reset_token, max_age=expiration * SECONDS_IN_DAY)
def validate_key(key, user, for_subscription=True):
salt = 'subscription' if for_subscription else 'unsubscription'
signer = TimestampSigner(settings.SECRET_KEY, salt=salt)
value = signer.unsign(key, max_age=settings.EMAIL_LINK_EXPIRY_DAYS)
return str(user.id) == value
def to_python(self, value):
signer = TimestampSigner()
try:
return signer.unsign(value, max_age=total_seconds(self.timeout))
except:
raise forms.ValidationError('Malformed signature.')
