def admin_home(request): # Generate a random error page a = HttpResponseForbidden(generate_http_error_page()) a['Server'] = "UnderFucking Server" return a
def AutoDeploy(request): ip = get_client_ip(request) ips = requests.get( 'https://api.github.com/meta', ).json() is_valid_ip = False for hook_ip in ips['hooks']: if ipaddress.ip_address(ip) in ipaddress.ip_network(hook_ip): is_valid_ip = True break if not is_valid_ip: send_deploy_email( 'Deploy git ejemplo (invalid ip)', f"From ip: {ip}", ) return HttpResponseForbidden('Permission denied.') # Verify the request signature header_signature = request.headers['X-Hub-Signature'] if header_signature is None: return HttpResponseForbidden('Permission denied. (invalid signature)') sha_name, signature = header_signature.split('=') if sha_name != 'sha1': return HttpResponseServerError('Operation not supported.', status=501) mac = hmac.new(force_bytes(GIT_KEY), msg=force_bytes(request.body), digestmod=sha1) if not hmac.compare_digest(force_bytes(mac.hexdigest()), force_bytes(signature)): send_deploy_email( 'Deploy git ejemplo (invalid secret)', f"From ip: {ip}", ) return HttpResponseForbidden(f'Permission denied.') g = git.cmd.Git(BASE_DIR) res = g.pull() command = f'./sincro_require_ddbb.sh' process = subprocess.Popen(command.split(), cwd=BASE_DIR, stdout=subprocess.PIPE) output, error = process.communicate() result = []; if output is not None: result.append(output.decode('utf-8')) if error is not None: result.append(error.decode('utf-8')) mig_and_req = '\n'.join(result) send_deploy_email( 'Deploy git ejemplo', f"From ip: {ip}\nResult git: \n{res}\nResult migrations and requirements: \n{mig_and_req}", ) touch = Path(f'{BASE_DIR}/auto_deploy_github/wsgi.py').touch() return HttpResponse('The proccess has been done succesfully.')
def dispatch(self, request, *args, **kwargs): id = kwargs['pk'] team = get_object_or_404(Team, pk=id) if team.teamleader != request.user.participant: return HttpResponseForbidden() return super(TeamUpdateView, self).dispatch(request, *args, **kwargs)
def permission_denied(request, exception, template_name='errors/403.html'): return HttpResponseForbidden(render(request, template_name))
def _auth_download(request, download): if not download.is_user_allowed(request.user): return HttpResponseForbidden('Sorry, you cannot access this file') return sendfile(request, download.file.path)
def project(request, code): project = get_object_or_404(Project, code=code) is_owner = project.owner_id == request.user.id if request.user.is_superuser or is_owner: is_manager = True rw = True else: membership = get_object_or_404(Member, project=project, user=request.user) is_manager = membership.role == Member.Role.MANAGER rw = membership.is_rw ctx = { "page": "project", "rw": rw, "project": project, "is_owner": is_owner, "is_manager": is_manager, "show_api_keys": "show_api_keys" in request.GET, "enable_prometheus": settings.PROMETHEUS_ENABLED is True, } if request.method == "POST": if "create_key" in request.POST: if not rw: return HttpResponseForbidden() if request.POST["create_key"] == "api_key": project.api_key = _new_key(24) elif request.POST["create_key"] == "api_key_readonly": project.api_key_readonly = _new_key(24) elif request.POST["create_key"] == "ping_key": project.ping_key = _new_key(16) project.save() ctx["key_created"] = True ctx["api_status"] = "success" ctx["show_keys"] = True elif "revoke_key" in request.POST: if not rw: return HttpResponseForbidden() if request.POST["revoke_key"] == "api_key": project.api_key = "" elif request.POST["revoke_key"] == "api_key_readonly": project.api_key_readonly = "" elif request.POST["revoke_key"] == "ping_key": project.ping_key = None project.save() ctx["key_revoked"] = True ctx["api_status"] = "info" elif "show_keys" in request.POST: if not rw: return HttpResponseForbidden() ctx["show_keys"] = True elif "invite_team_member" in request.POST: if not is_manager: return HttpResponseForbidden() form = forms.InviteTeamMemberForm(request.POST) if form.is_valid(): email = form.cleaned_data["email"] invite_suggestions = project.invite_suggestions() if not invite_suggestions.filter(email=email).exists(): # We're inviting a new user. Are we within team size limit? if not project.can_invite_new_users(): return HttpResponseForbidden() # And are we not hitting a rate limit? if not TokenBucket.authorize_invite(request.user): return render(request, "try_later.html") try: user = User.objects.get(email=email) except User.DoesNotExist: user = _make_user(email, with_project=False) if project.invite(user, role=form.cleaned_data["role"]): ctx["team_member_invited"] = email ctx["team_status"] = "success" else: ctx["team_member_duplicate"] = email ctx["team_status"] = "info" elif "remove_team_member" in request.POST: if not is_manager: return HttpResponseForbidden() form = forms.RemoveTeamMemberForm(request.POST) if form.is_valid(): q = User.objects q = q.filter(email=form.cleaned_data["email"]) q = q.filter(memberships__project=project) farewell_user = q.first() if farewell_user is None: return HttpResponseBadRequest() if farewell_user == request.user: return HttpResponseBadRequest() Member.objects.filter(project=project, user=farewell_user).delete() ctx["team_member_removed"] = form.cleaned_data["email"] ctx["team_status"] = "info" elif "set_project_name" in request.POST: if not rw: return HttpResponseForbidden() form = forms.ProjectNameForm(request.POST) if form.is_valid(): project.name = form.cleaned_data["name"] project.save() ctx["project_name_updated"] = True ctx["project_name_status"] = "success" elif "transfer_project" in request.POST: if not is_owner: return HttpResponseForbidden() form = forms.TransferForm(request.POST) if form.is_valid(): # Look up the proposed new owner email = form.cleaned_data["email"] try: membership = project.member_set.filter( user__email=email).get() except Member.DoesNotExist: return HttpResponseBadRequest() # Revoke any previous transfer requests project.member_set.update(transfer_request_date=None) # Initiate the new request membership.transfer_request_date = now() membership.save() # Send an email notification profile = Profile.objects.for_user(membership.user) profile.send_transfer_request(project) ctx["transfer_initiated"] = True ctx["transfer_status"] = "success" elif "cancel_transfer" in request.POST: if not is_owner: return HttpResponseForbidden() project.member_set.update(transfer_request_date=None) ctx["transfer_cancelled"] = True ctx["transfer_status"] = "success" elif "accept_transfer" in request.POST: tr = project.transfer_request() if not tr or tr.user != request.user: return HttpResponseForbidden() if not tr.can_accept(): return HttpResponseBadRequest() with transaction.atomic(): # 1. Reuse the existing membership, and change its user tr.user = project.owner tr.transfer_request_date = None # The previous owner becomes a regular member # (not readonly, not manager): tr.role = Member.Role.REGULAR tr.save() # 2. Change project's owner project.owner = request.user project.save() ctx["is_owner"] = True ctx["is_manager"] = True messages.success(request, "You are now the owner of this project!") elif "reject_transfer" in request.POST: tr = project.transfer_request() if not tr or tr.user != request.user: return HttpResponseForbidden() tr.transfer_request_date = None tr.save() q = project.member_set.select_related("user").order_by("user__email") ctx["memberships"] = list(q) return render(request, "accounts/project.html", ctx)
def post(self, request): if request.is_ajax(): source = request.POST['source'] # Handle Empty Source Case source_empty_check(source) print source lang = request.POST['lang'] # Handle Invalid Language Case lang_valid_check(lang) proxy = callme.Proxy(server_id='fooserver2', amqp_host='localhost', timeout=3600) resp = proxy.enveloppe_extract(source) model = Algorithm run_rank = model.objects.filter( score__lte=int(resp['score'])).order_by('rank') if len(run_rank) > 0: rankobj = run_rank.last() rank = rankobj.rank + 1 else: rank = 1 run_rank_low = model.objects.filter(score__gt=int(resp['score'])) if len(run_rank_low) > 0: for i in run_rank_low: i.rank += 1 i.save() else: pass b = Algorithm(username=request.user.username, user=request.user, rank=rank, score=resp['score'], time=resp['duration'], source_code=source, cpu=18) b.save() job_post = u'{0} has sent a job score: {1} rank: {2} :'.format( request.user.username, resp['score'], rank) resp = model.objects.all().order_by('rank') values = resp.values('id') for ind, item in enumerate(values): if (item['id']) == b.id: paging = divmod(ind, 5)[0] feed = Feed(user=request.user, post=job_post, job_link='/leaderboard?q=foo&flop=flip&page=' + str(paging + 1)) feed.save() #request.user.profile.notify_job_done(b) like = Activity(activity_type=Activity.RUN_PROCESSED, feed=feed.pk, user=request.user) like.save() user = request.user user.profile.notify_liked_bis(feed) print 'Notified' return HttpResponse(render(request, 'hackIDE/index.html')) else: print('error') return HttpResponseForbidden()
def show_result(request, collection_id): """show the ranking of a group (GET param) for collection_id""" if not Group.objects.all(): # Show an informative message if there are not groups in the system return render( request, 'generic_error_message.html', { 'error': [ _('¡Lo sentimos! No existe ningún grupo para ver resultados' ) ] }) position = 1 result_form = ResultForm(request.GET) start = None end = None up_to_classification_date = None from_classification_date = None up_to_classification = datetime.today().strftime('%Y-%m-%d') collection = get_object_or_404(Collection, pk=collection_id) if request.user.is_staff and result_form.is_valid(): group_id = result_form.cleaned_data['group'] start = result_form.cleaned_data['start'] end = result_form.cleaned_data['end'] groups_user = Group.objects.all().order_by('name') up_to_classification_date = end from_classification_date = start elif request.user.is_staff and not result_form.is_valid(): # Error 404 with all the validation errors as HTML return HttpResponseNotFound(str(result_form.errors)) else: if result_form.is_valid(): return HttpResponseForbidden("Forbidden") groups_user = request.user.groups.all().order_by('name') group_id = request.GET.get('group') if group_id is None: group_id = groups_user[0].id group0 = get_object_or_404(Group, pk=group_id) users = get_user_model().objects.filter(groups__name=group0.name) if users.filter(id=request.user.id) or request.user.is_staff: group0.name = group0.name group0.id = group_id groups_user = groups_user.exclude(id=group_id) collection.problem_list = collection.problems() collection.total_problem = collection.problem_list.count() users = users.exclude(is_staff=True) for user in users: user.collection = [] user.resolved = 0 user.score = 0 user.n_achievements = ObtainedAchievement.objects.filter( user=user.pk).count() update_user_with_scores(request.user, user, collection, start, end) users = sorted(users, key=lambda x: (x.resolved, -x.score), reverse=True) length = len(users) for i in range(length): if i != len(users) - 1: if pos(users[i], users[i + 1]): users[i].pos = position position = position + 1 else: users[i].pos = position else: if pos(users[i], users[i - 1]): users[i].pos = position position = position + 1 else: users[i].pos = position return render( request, 'results.html', { 'collection': collection, 'groups': groups_user, 'users': users, 'login': request.user, 'group0': group0, 'to_fixed': up_to_classification, 'from_date': from_classification_date, 'to_date': up_to_classification_date, 'end_date': end, 'start_date': start }) return HttpResponseForbidden("Forbidden")
def download_ranking(request, collection_id): """Download excel with the results of submissions""" result_form = ResultForm(request.GET) if request.user.is_staff and result_form.is_valid(): html = show_result(request, collection_id).content.decode('utf-8') soup = BeautifulSoup(html, 'html.parser') col = 1 row = 1 work = openpyxl.Workbook() book = work.active # Takes collection and date data = soup.find_all("h1") for i in data: book.cell(row=row, column=col, value=i.string.strip()) row += 1 # Takes group option = soup.find(id='clase').find("option") book.cell(row=row, column=col, value=option.string.strip()) row += 1 # Takes the first column of table (Pos, User, Exercises, Score, Solved) ths = soup.find_all("th") for i in ths: if i.string is not None: book.cell(row=row, column=col, value=i.string.strip()) col += 1 exercises = i.find_all("a") for j in exercises: if j.string is not None: book.cell(row=row, column=col, value=j['title'].strip()) col += 1 col = 1 # Takes the information for each student trs = soup.find_all("tr") for i in trs: tds = i.find_all("td") # Information of a student (Pos, User, Exercises, Score, Solved) for j in tds: name = j.find('span', class_='ranking-username') if name is not None: book.cell(row=row, column=col, value=name.string.strip()) col += 1 if j.string is not None: book.cell(row=row, column=col, value=j.string.strip()) col += 1 num_submissions = j.find_all("a") for k in num_submissions: if k.string is not None: book.cell(row=row, column=col, value=k.string.strip()) col += 1 col = 1 row += 1 # create a temporary file to save the workbook with the results temp = tempfile.NamedTemporaryFile(mode='w+b', buffering=-1, suffix='.xlsx') file = pathlib.Path(temp.name) name = file.name work.save(name) response = HttpResponse(open(name, 'rb').read()) response['Content-Type'] = 'application/xlsx' response['Content-Disposition'] = "attachment; filename=ranking.xlsx" temp.close() os.remove(name) return response if request.user.is_staff and not result_form.is_valid(): return HttpResponseNotFound(str(result_form.errors)) return HttpResponseForbidden("Forbidden")
def manage_collection(request, id=None, name=None): if id and name: collection = get_object_or_404( filter_by_access(request.user, Collection, manage=True), id=id ) elif request.user.has_perm('data.add_collection'): collection = Collection(title='Untitled') if not request.user.is_superuser: collection.owner = request.user collection.hidden = True else: raise Http404() class CollectionForm(forms.ModelForm): class UserField(forms.CharField): widget = forms.TextInput(attrs={'class': 'autocomplete-user'}) def prepare_value(self, value): try: if not value or getattr(self, "_invalid_user", False): return value return User.objects.get(id=value).username except ValueError: return value except ObjectDoesNotExist: return None def to_python(self, value): try: return User.objects.get(username=value) if value else None except ObjectDoesNotExist: self._invalid_user = True raise ValidationError('User not found') children = forms.ModelMultipleChoiceField( queryset=filter_by_access( request.user, Collection).exclude(id=collection.id), widget=forms.CheckboxSelectMultiple, required=False ) owner = UserField( widget=None if request.user.is_superuser else forms.HiddenInput, required=False ) def clean_owner(self): if not request.user.is_superuser: # non-admins cannot change collection owner return collection.owner else: return self.cleaned_data['owner'] class Meta: model = Collection fields = ( 'title', 'hidden', 'owner', 'description', 'agreement', 'children', 'order' ) if request.method == "POST": if request.POST.get('delete-collection'): if not ( request.user.is_superuser or request.user == collection.owner): raise HttpResponseForbidden() messages.add_message( request, messages.INFO, message="Collection '%s' has been deleted." % collection.title ) collection.delete() return HttpResponseRedirect(reverse('data-collections-manage')) else: form = CollectionForm(request.POST, instance=collection) if form.is_valid(): form.save() return HttpResponseRedirect( reverse( 'data-collection-manage', kwargs=dict( id=form.instance.id, name=form.instance.name ) ) ) else: form = CollectionForm(instance=collection) return render(request, 'data_collection_edit.html', { 'form': form, 'collection': collection, 'can_delete': collection.id and ( request.user.is_superuser or collection.owner == request.user ), } )
def export_pdf(request, id, uidb64=None, token=None): ''' Generates a PDF with the contents of a nutrition plan See also * http://www.blog.pythonlibrary.org/2010/09/21/reportlab * http://www.reportlab.com/apis/reportlab/dev/platypus.html ''' # Load the plan if uidb64 is not None and token is not None: if check_token(uidb64, token): plan = get_object_or_404(NutritionPlan, pk=id) else: return HttpResponseForbidden() else: if request.user.is_anonymous(): return HttpResponseForbidden() plan = get_object_or_404(NutritionPlan, pk=id, user=request.user) plan_data = plan.get_nutritional_values() # Create the HttpResponse object with the appropriate PDF headers. response = HttpResponse(content_type='application/pdf') # Create the PDF object, using the response object as its "file." doc = SimpleDocTemplate(response, pagesize=A4, title=_('Nutrition plan'), author='wger Workout Manager', subject=_('Nutritional plan %s') % request.user.username) # Background colour for header # Reportlab doesn't use the HTML hexadecimal format, but has a range of # 0 till 1, so we have to convert here. header_colour = colors.Color(int('73', 16) / 255.0, int('8a', 16) / 255.0, int('5f', 16) / 255.0) # container for the 'Flowable' objects elements = [] data = [] # Iterate through the Plan meal_markers = [] ingredient_markers = [] # Meals i = 0 for meal in plan.meal_set.select_related(): i += 1 meal_markers.append(len(data)) if not meal.time: p = Paragraph(u'<para align="center"><strong>{nr} {meal_nr}</strong></para>' .format(nr=_('Nr.'), meal_nr=i), styleSheet["Normal"]) else: p = Paragraph(u'<para align="center"><strong>' u'{nr} {meal_nr} - {meal_time}' u'</strong></para>' .format(nr=_('Nr.'), meal_nr=i, meal_time=meal.time.strftime("%H:%M")), styleSheet["Normal"]) data.append([p]) # Ingredients for item in meal.mealitem_set.select_related(): ingredient_markers.append(len(data)) p = Paragraph(u'<para>{0}</para>'.format(item.ingredient.name), styleSheet["Normal"]) if item.get_unit_type() == MEALITEM_WEIGHT_GRAM: unit_name = 'g' else: unit_name = ' ' + item.weight_unit.unit.name data.append([Paragraph(u"{0}{1}".format(item.amount, unit_name), styleSheet["Normal"]), p]) # Set general table styles table_style = [] # Set specific styles, e.g. background for title cells for marker in meal_markers: # Set background colour for headings table_style.append(('BACKGROUND', (0, marker), (-1, marker), header_colour)) table_style.append(('BOX', (0, marker), (-1, marker), 1.25, colors.black)) # Make the headings span the whole width table_style.append(('SPAN', (0, marker), (-1, marker))) # has the plan any data? if data: t = Table(data, style=table_style) # Manually set the width of the columns t._argW[0] = 2.5 * cm # There is nothing to output else: t = Paragraph(_('<i>This is an empty plan, what did you expect on the PDF?</i>'), styleSheet["Normal"]) # Set the title (if available) if plan.description: p = Paragraph('<para align="center"><strong>%(description)s</strong></para>' % {'description': plan.description}, styleSheet["Bold"]) elements.append(p) # Filler elements.append(Spacer(10*cm, 0.5*cm)) # append the table to the document elements.append(t) elements.append(Paragraph('<para> </para>', styleSheet["Normal"])) # Create table with nutritional calculations data = [] data.append([Paragraph(u'<para align="center">{0}</para>'.format(_('Nutritional data')), styleSheet["Bold"])]) data.append([Paragraph(_('Macronutrients'), styleSheet["Normal"]), Paragraph(_('Total'), styleSheet["Normal"]), Paragraph(_('Percent of energy'), styleSheet["Normal"]), Paragraph(_('g per body kg'), styleSheet["Normal"])]) data.append([Paragraph(_('Energy'), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['total']['energy']), styleSheet["Normal"])]) data.append([Paragraph(_('Protein'), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['total']['protein']), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['percent']['protein']), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['per_kg']['protein']), styleSheet["Normal"])]) data.append([Paragraph(_('Carbohydrates'), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['total']['carbohydrates']), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['percent']['carbohydrates']), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['per_kg']['carbohydrates']), styleSheet["Normal"])]) data.append([Paragraph(_('Sugar content in carbohydrates'), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['total']['carbohydrates_sugar']), styleSheet["Normal"])]) data.append([Paragraph(_('Fat'), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['total']['fat']), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['percent']['fat']), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['per_kg']['fat']), styleSheet["Normal"])]) data.append([Paragraph(_('Saturated fat content in fats'), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['total']['fat_saturated']), styleSheet["Normal"])]) data.append([Paragraph(_('Fibres'), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['total']['fibres']), styleSheet["Normal"])]) data.append([Paragraph(_('Sodium'), styleSheet["Normal"]), Paragraph(six.text_type(plan_data['total']['sodium']), styleSheet["Normal"])]) table_style = [] table_style.append(('BOX', (0, 0), (-1, -1), 1.25, colors.black)) table_style.append(('GRID', (0, 0), (-1, -1), 0.40, colors.black)) table_style.append(('SPAN', (0, 0), (-1, 0))) # Title table_style.append(('SPAN', (1, 2), (-1, 2))) # Energy table_style.append(('SPAN', (1, 5), (-1, 5))) # Sugar table_style.append(('SPAN', (1, 7), (-1, 7))) # Saturated fats table_style.append(('SPAN', (1, 8), (-1, 8))) # Fibres table_style.append(('SPAN', (1, 9), (-1, 9))) # Sodium t = Table(data, style=table_style) t._argW[0] = 5 * cm elements.append(t) # Footer, date and info elements.append(Spacer(10*cm, 0.5*cm)) created = datetime.date.today().strftime("%d.%m.%Y") url = reverse('nutrition:plan:view', kwargs={'id': plan.id}) p = Paragraph('''<para align="left"> %(date)s - <a href="%(url)s">%(url)s</a> - %(created)s %(version)s </para>''' % {'date': _("Created on the <b>%s</b>") % created, 'created': "wger Workout Manager", 'version': get_version(), 'url': request.build_absolute_uri(url), }, styleSheet["Normal"]) elements.append(p) doc.build(elements) response['Content-Disposition'] = 'attachment; filename=nutritional-plan.pdf' response['Content-Length'] = len(response.content) return response
def stu_enrollment(request): qq = request.GET.get('stu_qq') if request.method == "GET": if qq: try: enroll_obj = models.Enrollment.objects.get( customer__qq=qq, contract_agreed=False) customer_form = forms.CustomerForm( instance=enroll_obj.customer) enroll_form = forms.EnrollmentForm(instance=enroll_obj) return render(request, 'crm/enroll_page.html', { 'enroll_form': enroll_form, 'customer_form': customer_form }) except ObjectDoesNotExist as e: try: enroll_obj = models.Enrollment.objects.get(customer__qq=qq) if enroll_obj.contract_approved: return HttpResponse("培训协议已生成,请到首页查询") except ObjectDoesNotExist as e: return HttpResponse("报名表不存在") return HttpResponse("报名表正在审核中") else: return HttpResponse("请求错误,qq号未提供") else: if qq: try: enroll_obj = models.Enrollment.objects.get( customer__qq=qq, contract_agreed=False) upload_path = '%s/%s' % (settings.ENROLL_DATA_DIR, enroll_obj.customer.id) except ObjectDoesNotExist as e: return HttpResponse(u"未查到相应的报名表,也有可能是报名表正在审批中,请到首页查询") if request.FILES: if not os.path.exists(upload_path): os.mkdir(upload_path) abs_filepath = "%s/%s" % (upload_path, request.FILES['file'].name) if len(os.listdir(upload_path)) < 4: if request.FILES['file'].size < 5 * 1024 * 1024: #5MB with open(abs_filepath, 'wb') as f: for chunk in request.FILES['file'].chunks(): f.write(chunk) return HttpResponse('upload success') else: return HttpResponseForbidden('文件大小不能超过5MB') else: return HttpResponseForbidden('最多上传不超过4个文件') else: enroll_form = forms.EnrollmentForm(request.POST, instance=enroll_obj) customer_form = forms.CustomerForm( request.POST, instance=enroll_obj.customer) if enroll_form.is_valid() and customer_form.is_valid(): #check whether file has uploaded or not file_sources_upload_path = "%s/%s" % ( settings.ENROLL_DATA_DIR, enroll_obj.customer.id) file_uploaded = False try: if len(os.listdir(file_sources_upload_path) ) > 0: #has file in this dir new_check_password = ''.join( random.sample( 'zyxwvutsrqponmlkjihgfedcba1234567890~!@#$%^&*', 8)) enroll_form.save() customer_form.save() enroll_obj.check_passwd = new_check_password enroll_obj.save() file_uploaded = True except OSError as e: file_uploaded = False if file_uploaded == False: return render( request, 'crm/enroll_page.html', { 'enroll_form': enroll_form, 'customer_form': customer_form, 'file_upload_err': u'证件资料未上传!' }) return HttpResponse( '''<h4>报名表已提交,待审批通过后可到<a href="http://crm.oldboyedu.com/crm/training_contract/">培训协议查询</a> 查询生成的培训合同,查询密码为 <span style='color:red'>%s</span> </h4>''' % new_check_password) else: uploaded_files = [] if os.path.exists(upload_path): uploaded_files = os.listdir(upload_path) return render( request, 'crm/enroll_page.html', { 'enroll_form': enroll_form, 'customer_form': customer_form, 'uploaded_files': uploaded_files })
from django.conf import settings from django.http import HttpResponseForbidden from guardian.decorators import permission_required_or_403 # shortcut ok = permission_required_or_403 Http403 = HttpResponseForbidden() def session_is_owner(request): try: if int(request.POST['user']) == request.user.id: return True except ValueError, e: return False
def user_edit(request, username): """ View and edit user profile """ edit_user = get_object_or_404(User, username=username) if not edit_user.allows_editing_by(request.user): return HttpResponseForbidden() # Map of form field names to tag namespaces field_to_tag_ns = (('interests', 'profile:interest:'), ('expertise', 'profile:expertise:')) already_subscribed = NewsletterForm.is_subscribed(edit_user.email) if request.method != 'POST': initial = { 'beta': edit_user.is_beta_tester, 'username': edit_user.username, } # Form fields to receive tags filtered by namespace. for field, ns in field_to_tag_ns: initial[field] = ', '.join( tag.name.replace(ns, '') for tag in edit_user.tags.all_ns(ns)) subscription_initial = {} if already_subscribed: subscription_initial['newsletter'] = True subscription_initial['agree'] = True # Finally, set up the forms. user_form = UserEditForm(instance=edit_user, initial=initial, prefix='user') newsletter_form = NewsletterForm(locale=request.LANGUAGE_CODE, already_subscribed=already_subscribed, prefix='newsletter', initial=subscription_initial) else: user_form = UserEditForm(data=request.POST, files=request.FILES, instance=edit_user, prefix='user') newsletter_form = NewsletterForm(locale=request.LANGUAGE_CODE, already_subscribed=already_subscribed, data=request.POST, prefix='newsletter') if user_form.is_valid() and newsletter_form.is_valid(): new_user = user_form.save() try: # Beta beta_group = Group.objects.get(name=config.BETA_GROUP_NAME) if user_form.cleaned_data['beta']: beta_group.user_set.add(request.user) else: beta_group.user_set.remove(request.user) except Group.DoesNotExist: # If there's no Beta Testers group, ignore that logic pass # Update tags from form fields for field, tag_ns in field_to_tag_ns: field_value = user_form.cleaned_data.get(field, '') tags = [tag.lower() for tag in parse_tags(field_value)] new_user.tags.set_ns(tag_ns, *tags) newsletter_form.subscribe(request, new_user.email) return redirect(edit_user) context = { 'edit_user': edit_user, 'user_form': user_form, 'newsletter_form': newsletter_form, 'INTEREST_SUGGESTIONS': INTEREST_SUGGESTIONS, } return render(request, 'users/user_edit.html', context)
def phaxio_callback(request): """Handle Phaxio callbacks""" # pylint: disable=too-many-branches url = 'https://%s%s' % ( settings.MUCKROCK_URL, reverse('phaxio-callback'), ) if not _validate_phaxio( settings.PHAXIO_CALLBACK_TOKEN, url, request.POST, request.FILES, request.META['HTTP_X_PHAXIO_SIGNATURE'], ): return HttpResponseForbidden() logger.warning('In Phaxio Call Back %s', request.POST) fax_info = json.loads(request.POST['fax']) fax_id = fax_info['tags'].get('fax_id') error_count = int(fax_info['tags'].get('error_count', 0)) if fax_id: fax_comm = FaxCommunication.objects.filter(pk=fax_id).first() else: fax_comm = None if not fax_comm: logger.warning( 'No fax comm for phaxio callback: %s', request.POST, ) else: if 'completed_at' in fax_info: date = datetime.fromtimestamp( int(fax_info['completed_at']), tz=timezone.get_current_timezone(), ) else: date = timezone.now() if request.POST['success'] == 'true': fax_comm.confirmed_datetime = date fax_comm.save() else: for recipient in fax_info['recipients']: number, _ = PhoneNumber.objects.get_or_create( number=recipient['number'], defaults={'type': 'fax'}, ) FaxError.objects.create( fax=fax_comm, datetime=date, recipient=number, error_type=recipient['error_type'], error_code=recipient['error_code'], error_id=int(recipient['error_id']), ) # the following phaxio error IDs all correspond to # Phone Number Not Operational - all other errors are considered # temporary for now perm_error_ids = set([34, 47, 49, 91, 107, 109, 116, 123]) temp_failure = int(recipient['error_id']) not in perm_error_ids logger.warning( 'Fax Error - Number: %s - ID: %s - Temp: %s - ' 'error_count: %s - foia: %s - comm: %s', number, recipient['error_id'], temp_failure, error_count, fax_comm.communication.foia.pk, fax_comm.communication.pk, ) if temp_failure and error_count < 4: logger.warning('Fax Error Retrying...') # retry with exponential back off fax_comm.communication.foia.submit( fax_error_count=error_count + 1) else: logger.warning('Fax Error Giving Up...') number.status = 'error' number.save() ReviewAgencyTask.objects.ensure_one_created( agency=fax_comm.communication.foia.agency, resolved=False, ) fax_comm.communication.foia.submit(switch=True) return HttpResponse('OK')
def widget_edit(request, id, app_name=None, widget_name=None): template_name = 'cosinnus/widgets/add_widget.html' extra_context = {'form_view': 'edit'} wc = get_object_or_404(WidgetConfig, id=int(id)) if wc.group and not check_ug_admin(request.user, wc.group) or \ wc.user and wc.user_id != request.user.pk: return HttpResponseForbidden('Access denied!') if app_name and widget_name and (wc.app_name != app_name or wc.widget_name != widget_name): #print ">>>>> THIS WIDGET WAS SET UP TO BE SWAPPED BY EDITING IT!" #print ">> TODO: create new widget using create function, transfer important values, then delete this widget! " # TODO: widget swapping disabled for now! raise Exception("Swapping of widget types is not enabled. \ Delete this widget and create a new one if you want one of a different type!" ) widget_class = widget_registry.get(wc.app_name, wc.widget_name) if widget_class is None: return render_to_response('cosinnus/widgets/not_found.html') form_class = widget_class.get_setup_form_class() widget = widget_class(request, wc) if request.method == "POST": form = form_class(request.POST, group=wc.group) if form.is_valid(): widget.save_config(form.cleaned_data) return HttpResponse( widget.render(user=request.user, request=request, group=wc.group)) raise Exception("Form was invalid for widget edit: ", app_name, widget_name, form_class) else: data = [] for app_name, widgets in widget_registry: for widget_name in widgets: form_active = False widget_class = widget_registry.get(app_name, widget_name) if widget_class is None: #print ">>>>widg not found:", app_name, widget_name continue form_class = widget_class.get_setup_form_class() if not getattr(form_class, "template_name", None): #raise ImproperlyConfigured('Widget form "%s %s" has no attribute "template_name" configured!' % (app_name, widget_name)) #print '>> ignoring widget "%s %s" without template_name form: ' % (app_name, widget_name) continue if app_name == widget.app_name and widget_name == widget.widget_name: # this is the form of the widget class that the editing widget is of # init the form with the current widgets config, and set the active widget to this one form_dict = dict([(k, v) for k, v in widget.config]) form_dict.update({ 'sort_field': widget.config.sort_field, }) context = { 'form': form_class(initial=form_dict, group=wc.group) } form_active = True else: # TODO: widget swapping disabled for now! continue #context = {'form': form_class(group=wc.group)} widget_form_content = render(request, form_class.template_name, context).content data.append({ 'app_name': app_name, 'widget_name': widget_name, 'widget_title': widget_class.get_widget_title(), 'form_content': widget_form_content, 'form_id': '%s_%s_%d' % (app_name, widget_name, uuid1()), 'form_active': form_active, }) context = { 'widget_data': data, 'widget_conf_id': widget.id, } context.update(extra_context) return render(request, template_name, context)
def post(self, request): params = QueryDict(request.body) if request.META.get('HTTP_X_FORWARDED_FOR'): ip = request.META.get('HTTP_X_FORWARDED_FOR') else: ip = request.META.get('REMOTE_ADDR') if ip in getattr(settings, 'BLOCKED_IPS', []): return HttpResponseForbidden('<h1>Forbbidden</h1>') user = ShangmiUser.objects.get( pk=int(user_cache.get(params.get("token")))) order_id = params.get('order_id') amount = params.get("need") log = UserPayLog.objects.get(id=order_id) randuuid = uuid.uuid4() nonce_str = str(randuuid).replace('-', '') out_trade_no = log.wx_pay_num # log.wx_pay_num = out_trade_no # log.save() url = 'https://api.mch.weixin.qq.com/pay/unifiedorder' data = {} data['body'] = 'ShangMi'.encode('utf-8') data['mch_id'] = settings.MCHID data['nonce_str'] = nonce_str # data['device_info'] = 'WEB' data['total_fee'] = str(int(amount)) data['spbill_create_ip'] = ip # data['fee_type'] = 'CNY' data['openid'] = user.openid data['out_trade_no'] = out_trade_no data['notify_url'] = 'https://sharemsg.cn/shangmi/api/v1/pay/notify' data['appid'] = settings.PAY_APPID data['trade_type'] = 'JSAPI' data['sign'] = sign(data, settings.PAY_KEY) template = """ <xml> <appid>{appid}</appid> <body>{body}</body> <mch_id>{mch_id}</mch_id> <nonce_str>{nonce_str}</nonce_str> <notify_url>{notify_url}</notify_url> <openid>{openid}</openid> <out_trade_no>{out_trade_no}</out_trade_no> <spbill_create_ip>{spbill_create_ip}</spbill_create_ip> <total_fee>{total_fee}</total_fee> <trade_type>{trade_type}</trade_type> <sign>{sign}</sign> </xml> """ content = template.format(**data) headers = {'Content-Type': 'application/xml'} raw = requests.post(url, data=content, headers=headers) rdict = xml_response_to_dict(raw) # print('=------',rdict, '--------------') return_data = {} if rdict['return_code'] == 'SUCCESS' and rdict[ 'result_code'] == 'SUCCESS': randuuid = uuid.uuid4() nonce_str = str(randuuid).replace('-', '') time_stamp = str(int(time.time())) sign_data = {} sign_data['appId'] = rdict['appid'] sign_data['nonceStr'] = nonce_str sign_data['package'] = 'prepay_id=%s' % rdict['prepay_id'] sign_data['signType'] = 'MD5' sign_data['timeStamp'] = time_stamp paySign = sign(sign_data, settings.PAY_KEY) return_data['appId'] = rdict['appid'] return_data['paySign'] = paySign return_data['nonceStr'] = nonce_str return_data['timeStamp'] = time_stamp return_data['package'] = 'prepay_id=%s' % rdict['prepay_id'] return_data['signType'] = 'MD5' return JsonResponse({'data': return_data, "code": 0}) else: return JsonResponse({'code': 1, 'data': u'支付失败'})
def deploy_application(request): match_list = ['list', 'grain', 'nodegroup', 'pcre', 'glob'] app_list = [ 'zabbix', 'mysql', 'memcached', 'nginx', 'tomcat', 'system', 'redis', 'php' ] if request.method == 'POST': if not request.user.is_superuser: return HttpResponseForbidden(request) mapping = request.POST.get('map', '').replace(' ', '') target = request.POST.get('target', '').replace(' ', '') app = str(request.POST.get('app', '').replace(' ', '')) if app == '' or target == '' or mapping == '': return HttpResponseNotAllowed(request) if mapping not in match_list or app not in app_list: return HttpResponseNotAllowed(request) result, info = parse_target_params(target, mapping) if result is None: return render_to_response('salt_deploy_application.html', RequestContext(request, {'error': info})) target = info client = SaltByLocalApi('/etc/salt/master') cmd = '%s.install' % app output = client.client.cmd(target, 'state.sls', [cmd], expr_form=mapping) if output is None or output == {}: return render_to_response( 'salt_deploy_application.html', RequestContext(request, {'error': u'无效的目标主机'})) error_dict = {} error_log = '' ok_dict = {} all_dict = {} for k, v in output.iteritems(): if isinstance(v, list): return render_to_response( 'salt_deploy_application.html', RequestContext(request, {'error': v[0]})) tmp_list = [] for i, j in v.iteritems(): if 'name' not in j or 'duration' not in j or 'comment' not in j: tmp_list.append( [i, ' ', 0, j['result'], j['changes'], j['comment']]) else: tmp_list.append([ i, j['name'], j['duration'], j['result'], j['changes'], j['comment'] ]) all_dict[k] = tmp_list for k, v in all_dict.iteritems(): for i in v: if not i[3]: error_dict[k] = v break if len(error_dict) > 0: host_error_dict = {} for k, v in error_dict.iteritems(): host_error_list = [] for i in v: if not i[3]: host_error_list.append(i) break host_error_dict[k] = host_error_list for k, v in host_error_dict.iteritems(): error_log = error_log + '''-----host name: %s error log -----\n''' % k for i in v: if i[4] != {} and isinstance(i[4], dict): error_log = error_log + '''id: %s \n comment: %s \n name: %s \n %s \n''' % ( i[0], i[5], i[1], i[4]['stderr']) else: error_log = error_log + '''id: %s \n comment: %s \n name: %s \n %s \n''' % ( i[0], i[5], i[1], i[4]) all_key = all_dict.keys() for key in all_key: if key not in error_dict.keys(): ok_dict[key] = all_dict[key] head_txt = '-' * 10 + '\n' head_txt = head_txt + ''' total: %d , successed: %d , failed: %d \n''' % ( len(all_dict), len(ok_dict), len(error_dict)) head_txt = head_txt + '-' * 10 + '\n' success_txt = '-' * 10 + 'success' + '-' * 10 + '\n' error_txt = '' total_error_spend_time = 0 total_ok_spend_time = 0 if len(ok_dict) > 0: for k, v in ok_dict.iteritems(): ok_spend_time = 0 for i in v: ok_spend_time = i[2] + ok_spend_time ok_spend_time = ok_spend_time / 1000 total_ok_spend_time = total_ok_spend_time + ok_spend_time success_txt = success_txt + ''' Host: %s | Spend time: %s Sec | Result: success \n''' % ( k, str(ok_spend_time)) success_txt = success_txt + '-----success-----\n' if len(error_dict) > 0: log = '' for k, v in error_dict.iteritems(): error_spend_time = 0 for i in v: if i[4] != {} and isinstance(i[4], dict): log = log + '''name: %s \n --error_info--: %s \n ''' % ( i[1], i[4]['stderr']) else: log = log + '''name: %s \n --error_info--: %s \n ''' % ( i[1], i[4]) error_spend_time = i[2] + error_spend_time error_spend_time = error_spend_time / 1000 total_error_spend_time = total_error_spend_time + error_spend_time error_txt = error_txt + ''' Host: %s | Spend time: %s Sec | Result: failed \n ''' % ( k, str(error_spend_time)) #error_txt=error_txt+'''-----------host: %s error log-----------\n''' %k error_txt = error_txt + '''%s \n ----------\n''' % error_log if ok_dict.keys() == []: success_hosts = '' else: success_hosts = ','.join(ok_dict.keys()) if error_dict.keys() == []: failed_hosts = '' else: failed_hosts = ','.join(error_dict.keys()) total = len(all_key) deploylog = AppDeployLogModel( user=request.user, time=datetime.now(), target=target, application=app, mapping=mapping, success_hosts=success_hosts, failed_hosts=failed_hosts, total=total, log=head_txt + success_txt + error_txt, duration=str(total_error_spend_time + total_ok_spend_time) + ' s') try: deploylog.save() except: pass f = open('/tmp/.app_deploy.log', 'w') f.write(head_txt + success_txt + error_txt) f.close() code, log = commands.getstatusoutput('cat /tmp/.app_deploy.log') return render_to_response('salt_deploy_application.html', RequestContext(request, {'log': log})) return render_to_response('salt_deploy_application.html', RequestContext(request))
def dispatch(self, *args, **kwargs): if settings.DEBUG: return super(UnitTestView, self).dispatch(*args, **kwargs) else: return HttpResponseForbidden()
def incoming_sms(request, username): try: user = User.objects.get(username=username) except User.DoesNotExist: return HttpResponse(status=404) r = TwilioResponse() # This request is unauthenticated; we'll need to fetch the user's # store directly rather than looking it up via the auth cookie. store = models.TaskStore.get_for_user(user) if not store.twilio_auth_token: log_args = ( "Incoming SMS for %s, but no auth token specified.", user, user, ) logger.warning(*log_args) store.log_error(*log_args) return HttpResponse(status=404) if store.sms_whitelist: incoming_number = re.sub('[^0-9]', '', request.POST['From']) valid_numbers = [ re.sub('[^0-9]', '', n) for n in store.sms_whitelist.split('\n') ] if incoming_number not in valid_numbers: log_args = ( "Incoming SMS for %s, but phone number %s is not " "in the whitelist.", user, incoming_number, ) store.log_error(*log_args) logger.warning( *log_args, extra={ 'data': { 'incoming_number': incoming_number, 'whitelist': valid_numbers, } } ) return HttpResponseForbidden() try: validator = RequestValidator(store.twilio_auth_token) url = request.build_absolute_uri() signature = request.META['HTTP_X_TWILIO_SIGNATURE'] except (AttributeError, KeyError) as e: log_args = ( "Incoming SMS for %s, but error encountered while " "attempting to build request validator: %s.", user, e, ) logger.exception(*log_args) store.log_error(*log_args) return HttpResponseForbidden() if not validator.validate(url, request.POST, signature): log_args = ( "Incoming SMS for %s, but validator rejected message.", user, ) logger.warning(*log_args) store.log_error(*log_args) return HttpResponseForbidden() with git_checkpoint(store, "Incoming SMS", sync=True): from_ = request.POST['From'] body = request.POST['Body'] task_info = body[4:] if not body.lower().startswith('add'): if store.sms_replies >= store.REPLY_ERROR: r.sms("Bad Request: Unknown command.") log_args = ( "Incoming SMS from %s had no recognized command: '%s'." % ( from_, body, ), ) logger.warning(*log_args) store.log_error(*log_args) elif not task_info: log_args = ( "Incoming SMS from %s had no content." % ( from_, body, ), ) logger.warning(*log_args) store.log_error(*log_args) if store.sms_replies >= store.REPLY_ERROR: r.sms("Bad Request: Empty task.") else: task_uuid = str(uuid.uuid4()) task_args = ( ['add'] + shlex_without_quotes(store.sms_arguments) + shlex_without_quotes(task_info) ) task_args.append('uuid:%s' % task_uuid) result = store.client._execute_safe(*task_args) stdout, stderr = result if store.sms_replies >= store.REPLY_ALL: r.sms("Added.") log_args = ( "Added task %s via SMS from %s; message '%s'; " "automatic args: '%s';" "response: '%s'." % ( task_uuid, from_, body, store.sms_arguments, stdout, ), ) logger.info(*log_args) store.log_message(*log_args) return HttpResponse(str(r), content_type='application/xml')
def wrapper(request, *args, **kwargs): if not user_has_alumni(request.user): return HttpResponseForbidden( 'User missing Alumni. Contact Support if this is unexpected. ') return view(request, *args, **kwargs)
def get(self, request): # pylint: disable=too-many-statements """ Calculate basket totals given a list of sku's Create a temporary basket add the sku's and apply an optional voucher code. Then calculate the total price less discounts. If a voucher code is not provided apply a voucher in the Enterprise entitlements available to the user. Query Params: sku (string): A list of sku(s) to calculate code (string): Optional voucher code to apply to the basket. username (string): Optional username of a user for which to calculate the basket. Returns: JSON: { 'total_incl_tax_excl_discounts': basket.total_incl_tax_excl_discounts, 'total_incl_tax': basket.total_incl_tax, 'currency': basket.currency } Side effects: If the basket owner does not have an LMS user id, tries to find it. If found, adds the id to the user and saves the user. If the id cannot be found, writes custom metrics to record this fact. """ DEFAULT_REQUEST_CACHE.set(TEMPORARY_BASKET_CACHE_KEY, True) partner = get_partner_for_site(request) skus = request.GET.getlist('sku') if not skus: return HttpResponseBadRequest(_('No SKUs provided.')) skus.sort() code = request.GET.get('code', None) try: voucher = Voucher.objects.get(code=code) if code else None except Voucher.DoesNotExist: voucher = None products = Product.objects.filter(stockrecords__partner=partner, stockrecords__partner_sku__in=skus) if not products: return HttpResponseBadRequest( _('Products with SKU(s) [{skus}] do not exist.').format( skus=', '.join(skus))) basket_owner = request.user requested_username = request.GET.get('username', default='') is_anonymous = request.GET.get('is_anonymous', 'false').lower() == 'true' use_default_basket = is_anonymous use_default_basket_case = 0 # validate query parameters if requested_username and is_anonymous: return HttpResponseBadRequest( _('Provide username or is_anonymous query param, but not both') ) if not requested_username and not is_anonymous: logger.warning( "Request to Basket Calculate must supply either username or is_anonymous query" " param. Requesting user=%s. Future versions of this API will treat this " "WARNING as an ERROR and raise an exception.", basket_owner.username) requested_username = request.user.username # If a username is passed in, validate that the user has staff access or is the same user. if requested_username: if basket_owner.username.lower() == requested_username.lower(): pass elif basket_owner.is_staff: try: basket_owner = User.objects.get( username=requested_username) except User.DoesNotExist: # This case represents a user who is logged in to marketing, but # doesn't yet have an account in ecommerce. These users have # never purchased before. use_default_basket = True use_default_basket_case = 1 else: return HttpResponseForbidden('Unauthorized user credentials') if basket_owner.username == self.MARKETING_USER and not use_default_basket: # For legacy requests that predate is_anonymous parameter, we will calculate # an anonymous basket if the calculated user is the marketing user. # TODO: LEARNER-5057: Remove this special case for the marketing user # once logs show no more requests with no parameters (see above). use_default_basket = True use_default_basket_case = 2 if use_default_basket: basket_owner = None # If we have a basket owner, ensure they have an LMS user id try: if basket_owner: called_from = u'calculation of basket total' basket_owner.add_lms_user_id( 'ecommerce_missing_lms_user_id_calculate_basket_total', called_from) except MissingLmsUserIdException: return self._report_bad_request( api_exceptions.LMS_USER_ID_NOT_FOUND_DEVELOPER_MESSAGE.format( user_id=basket_owner.id), api_exceptions.LMS_USER_ID_NOT_FOUND_USER_MESSAGE) cache_key = None if use_default_basket: # For an anonymous user we can directly get the cached price, because # there can't be any enrollments or entitlements. cache_key = get_cache_key(site_comain=request.site, resource_name='calculate', skus=skus) cached_response = TieredCache.get_cached_response(cache_key) logger.info( 'bundle debugging 2: request [%s] referrer [%s] url [%s] Cache key [%s] response [%s]' 'skus [%s] case [%s] basket_owner [%s]', str(request), str(request.META.get('HTTP_REFERER')), str(request._request), str(cache_key), # pylint: disable=protected-access str(cached_response), str(skus), str(use_default_basket_case), str(basket_owner)) if cached_response.is_found: return Response(cached_response.value) response = self._calculate_temporary_basket_atomic( basket_owner, request, products, voucher, skus, code) if response and use_default_basket: logger.info( 'bundle debugging 3: request [%s] referrer [%s] url [%s] Cache key [%s] response [%s]' 'skus [%s] case [%s] basket_owner [%s]', str(request), str(request.META.get('HTTP_REFERER')), str(request._request), str(cache_key), # pylint: disable=protected-access str(response), str(skus), str(use_default_basket_case), str(basket_owner)) TieredCache.set_all_tiers( cache_key, response, settings.ANONYMOUS_BASKET_CALCULATE_CACHE_TIMEOUT) return Response(response)
def recruitment_application_interview( request, year, recruitment_period_pk, pk, template_name='recruitment/recruitment_application_interview.html'): fair = get_object_or_404(Fair, year=year) application = get_object_or_404(RecruitmentApplication, pk=pk) user = request.user if not user_can_access_recruitment_period(user, application.recruitment_period): return HttpResponseForbidden() InterviewPlanningForm = modelform_factory( RecruitmentApplication, fields=('interviewer', 'interviewer2', 'slot', 'recommended_role', 'scorecard', 'drive_document', 'rating'), widgets={ 'rating': forms.Select(choices=[('', '-------'), (1, 1), (2, 2), (3, 3), (5, 5)]), 'scorecard': forms.TextInput( attrs={'placeholder': 'Link to existing document'}), 'drive_document': forms.TextInput( attrs={'placeholder': 'Link to existing document'}), }, labels={ 'drive_document': _('Interview document'), }, help_texts={ 'slot': '<strong>Note:</strong> If you select a slot with <strong>Other</strong> as the location you must book a location separately and communicate this location to the participants of the interview.' }, ) profile_pic_form = None profile = Profile.objects.get(user=application.user) if Profile.objects.filter(user=application.user).first(): profile_pic_form = ProfilePictureForm(request.POST or None, request.FILES or None, instance=profile) interviewers = application.recruitment_period.interviewers() interview_planning_form = InterviewPlanningForm(request.POST or None, instance=application) interview_planning_form.fields[ 'recommended_role'].queryset = application.recruitment_period.recruitable_roles used_slots = [] for a in RecruitmentApplication.objects.select_related('slot').exclude( slot=None).exclude(pk=application.pk): used_slots.append(a.slot) slots_by_day = [('', '---------')] all_slots = Slot.objects.filter( recruitment_period=application.recruitment_period) local_tz = pytz.timezone('Europe/Stockholm') for slot in all_slots: found = False slot_yyyymmdd = local_tz.localize(slot.start, is_dst=None) slot_yyyymmdd = slot_yyyymmdd.strftime('%Y-%m-%d') for slot_by_day in slots_by_day: if slot_by_day[0] == slot_yyyymmdd: found = True break if not found: slots_by_day.append((slot_yyyymmdd, [])) for slot in all_slots: if slot in used_slots and slot.location.name != 'Other': continue slot_start = local_tz.localize(slot.start, is_dst=None) slot_yyyymmdd = slot_start.strftime('%Y-%m-%d') for slot_by_day in slots_by_day: if slot_by_day[0] == slot_yyyymmdd: slot_hhmm_start = slot_start.strftime('%H:%M') slot_hhmm_end = slot_start + datetime.timedelta( minutes=slot.length) slot_hhmm_end = slot_hhmm_end.strftime('%H:%M') slot_by_day[1].append( (slot.pk, slot_hhmm_start + '-' + slot_hhmm_end + ' | ' + str(slot.location))) break interview_planning_form.fields['slot'].choices = slots_by_day languages = Language.objects.all() interviewers_by_language = [(None, [])] for language in languages: interviewers_by_language.insert(0, (language, [])) for interviewer in interviewers: p = Profile.objects.filter(user=interviewer).first() for language in interviewers_by_language: if language[0] == p.preferred_language: language[1].append( (interviewer.pk, interviewer.get_full_name())) break interviewers_by_language[len(interviewers_by_language) - 1] = ( 'No preferred language', interviewers_by_language[len(interviewers_by_language) - 1][1]) interviewers_by_language = [ x for x in interviewers_by_language if len(x[1]) > 0 ] interviewers_by_language.insert(0, ('', '---------')) if 'interviewer' in interview_planning_form.fields: interview_planning_form.fields[ 'interviewer'].choices = interviewers_by_language if 'interviewer2' in interview_planning_form.fields: interview_planning_form.fields[ 'interviewer2'].choices = interviewers_by_language RoleDelegationForm = modelform_factory( RecruitmentApplication, fields=['delegated_role', 'superior_user', 'status']) role_delegation_form = RoleDelegationForm(request.POST or None, instance=application) role_delegation_form.fields[ 'delegated_role'].queryset = application.recruitment_period.recruitable_roles role_delegation_form.fields['superior_user'].choices = [ ('', '---------') ] + [(interviewer.pk, interviewer.get_full_name()) for interviewer in interviewers] if request.POST: application.recruitment_period.interview_questions.handle_answers_from_request( request, application.user) if interview_planning_form.is_valid(): interview_planning_form.save() if role_delegation_form: if role_delegation_form.is_valid(): role_delegation_form.save() return redirect('recruitment_period', fair.year, application.recruitment_period.pk) else: return redirect('recruitment_period', fair.year, application.recruitment_period.pk) if application.slot and application.interviewer and application.interviewer2 and ( request.user == application.interviewer or request.user == application.interviewer2): other = application.interviewer if application.interviewer != request.user else application.interviewer2 nicetime = local_tz.localize(slot.start, is_dst=None) nicetime = nicetime.strftime("%Y-%m-%d %H:%M") sms_english = "Hello! Thank you for applying to THS Armada. This is a confirmation of our interview arrangement. The interview is scheduled to take place on " + nicetime + " in " + str( slot.location ) + ". If you have any questions or if you would like to change the date and time, don't hesitate to contact me. " + other.first_name + " " + other.last_name + " and I are looking forward to meet you. /" + request.user.first_name + " " + request.user.last_name sms_swedish = "Hej! Tack för att du har sökt till THS Armada. Detta är en bekräftelse på vår överenskommelse. Intervjun är planerad till " + nicetime + " i " + str( slot.location ) + ". Tveka inte att kontakta mig om du har några frågor eller om du vill ändra datum eller tid. " + other.first_name + " " + other.last_name + " och jag själv ser fram emot att få träffa dig. /" + request.user.first_name + " " + request.user.last_name elif application.slot and application.interviewer and request.user == application.interviewer: nicetime = local_tz.localize(slot.start, is_dst=None) nicetime = nicetime.strftime("%Y-%m-%d %H:%M") sms_english = "Hello! Thank you for applying to THS Armada. This is a confirmation of our interview arrangement. The interview is scheduled to take place on " + nicetime + " in " + str( slot.location ) + ". If you have any questions or if you would like to change the date and time, don't hesitate to contact me. I am looking forward to meet you. /" + request.user.first_name + " " + request.user.last_name sms_swedish = "Hej! Tack för att du har sökt till THS Armada. Detta är en bekräftelse på vår överenskommelse. Intervjun är planerad till " + nicetime + " i " + str( slot.location ) + ". Tveka inte att kontakta mig om du har några frågor eller om du vill ändra datum eller tid. Jag ser fram emot att få träffa dig. /" + request.user.first_name + " " + request.user.last_name else: sms_english = None sms_swedish = None return render( request, template_name, { "profile_pic_form": profile_pic_form, "application": application, "application_questions_with_answers": application.recruitment_period.application_questions. questions_with_answers_for_user(application.user), "interview_questions_with_answers": application.recruitment_period.interview_questions. questions_with_answers_for_user(application.user), "interview_planning_form": interview_planning_form, "role_delegation_form": role_delegation_form, "profile": profile, "sms_english": sms_english, "sms_swedish": sms_swedish, "fair": fair, })
def get(self, request, *args, **kwargs): if not self.model_admin.has_view_permission(request): return HttpResponseForbidden("Interdit") avec_acces = Q( acces_application_parrainages__etat=AccesApplicationParrainages. Etat.VALIDE) est_elu = reduce(or_, (Q(**{f"elu_{m}": True}) for m in types_elus)) signataire_appel = Q(meta__subscriptions__NSP__mandat__isnull=False) ps = (Person.objects.annotate_elus().filter(avec_acces | ( est_elu & signataire_appel)).annotate( volontaire=Exists( AccesApplicationParrainages.objects.filter( person_id=OuterRef("id"), etat=AccesApplicationParrainages.Etat.VALIDE, ), ), en_cours=Count( "rechercheparrainage", filter=Q(rechercheparrainage__statut=RechercheParrainage. Statut.EN_COURS), ), fini=Count( "rechercheparrainage", filter=~Q(rechercheparrainage__statut__in=[ RechercheParrainage.Statut.EN_COURS, RechercheParrainage.Statut.ANNULEE, ]), ), )) spec = { "email": "email", "prenom": "first_name", "nom": "last_name", "téléphone": Coalesce("contact_phone.as_international", default=None), "code postal": "location_zip", "ville": "location_city", "volontaire": ("volontaire", { True: "oui", False: "non" }.get), "nombre de recherches en cours": "en_cours", "nombre de recherches terminées": "fini", } df = pd.DataFrame(glom(ps, [spec])) content = BytesIO() df.to_excel(content, engine="xlsxwriter", index=False) today = timezone.now().strftime("%Y-%m-%d") res = HttpResponse( content.getvalue(), content_type= "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", ) res["Content-Disposition"] = f'attachment; filename="{today}-acces-parrainages.xlsx"' return res
def recognize(request): if request.method == 'POST': user = request.user profile = Profile.objects.get(user=user) f = request.POST form = ImageUploadForm(request.POST, request.FILES) if form.is_valid(): catching = Catching.objects.create( image=form.cleaned_data['image'], senior=None, profile=profile, comment="" ) catching.save() image_url = 'http://150.95.135.222:8000' + catching.image.url client = FaceClient('ac38c745411845ce89698e1e2469df79', '9d70c1da17fd49609327c8ca154061f1') result = client.faces_recognize('all', image_url, namespace='senior') try: student_id1 = result['photos'][0]['tags'][0]['uids'][0]['uid'].split('@')[0] confidence1 = result['photos'][0]['tags'][0]['uids'][0]['confidence'] senior1 = Senior.objects.get(student_id=student_id1) senior1_name = senior1.name student_id2 = result['photos'][0]['tags'][0]['uids'][1]['uid'].split('@')[0] confidence2 = result['photos'][0]['tags'][0]['uids'][1]['confidence'] senior2 = Senior.objects.get(student_id=student_id2) senior2_name = senior2.name student_id3 = result['photos'][0]['tags'][0]['uids'][2]['uid'].split('@')[0] confidence3 = result['photos'][0]['tags'][0]['uids'][2]['confidence'] senior3 = Senior.objects.get(student_id=student_id3) senior3_name = senior3.name catchsenior = f['catchsenior'] if len(result['photos'][0]['tags']) > 1: student_id4 = result['photos'][0]['tags'][1]['uids'][0]['uid'].split('@')[0] confidence4 = result['photos'][0]['tags'][1]['uids'][0]['confidence'] senior4 = Senior.objects.get(student_id=student_id4) senior4_name = senior4.name student_id5 = result['photos'][0]['tags'][1]['uids'][1]['uid'].split('@')[0] confidence5 = result['photos'][0]['tags'][1]['uids'][1]['confidence'] senior5 = Senior.objects.get(student_id=student_id5) senior5_name = senior5.name student_id6 = result['photos'][0]['tags'][1]['uids'][2]['uid'].split('@')[0] confidence6 = result['photos'][0]['tags'][1]['uids'][2]['confidence'] senior6 = Senior.objects.get(student_id=student_id6) senior6_name = senior6.name return render(request, 'software/recognize.html', {'catching': catching, 'image_url': image_url, 'senior1_name': senior1_name, 'confidence1': confidence1, 'student_id1': student_id1, 'senior2_name': senior2_name, 'confidence2': confidence2, 'student_id2': student_id2, 'senior3_name': senior3_name, 'confidence3': confidence3, 'student_id3': student_id3, 'senior4_name': senior4_name, 'confidence4': confidence4, 'student_id4': student_id4, 'senior5_name': senior5_name, 'confidence5': confidence5, 'student_id5': student_id5, 'senior6_name': senior6_name, 'confidence6': confidence6, 'student_id6': student_id6, 'catchsenior': catchsenior, 'person_num': '2', }) return render(request, 'software/recognize.html', {'catching': catching, 'image_url': image_url, 'senior1_name': senior1_name, 'confidence1': confidence1, 'student_id1': student_id1, 'senior2_name': senior2_name, 'confidence2': confidence2, 'student_id2': student_id2, 'senior3_name': senior3_name, 'confidence3': confidence3, 'student_id3': student_id3, 'catchsenior': catchsenior, 'person_num': '1', }) except IndexError as err: return HttpResponse("Index Error - Please contact to kakaotalk ID : mnmnm059") except Exception as err: return HttpResponse(str(err) + "- Please contact to kakaotalk ID : mnmnm059") else: return HttpResponseForbidden('form is invalid') else: return HttpResponseForbidden('Allowed via POST')
def log_in(request, token_name=None, token=None, proxy_app_id=None): """ Handle authentication in Vulture Portal :param request: Django request object :returns: Home page if user auth succeed. Logon page if auth failed """ cluster = Cluster.objects.get() """ Check if URI arguments are valid """ if token_name and token_name != cluster.getTokenName(): logger.info("PORTAL::Authentication: Invalid token in URI " + str(token_name) + '/' + str(token)) return HttpResponseForbidden() authentication_classes = {'form':POSTAuthentication, 'basic':BASICAuthentication, 'kerberos':KERBEROSAuthentication} """ Retrieve token and cookies to instantiate Redis wrapper objects """ # Retrieve cookies required for authentication portal_cookie_name = cluster.getPortalCookie() portal_cookie = request.COOKIES.get(portal_cookie_name, None) app_cookie = request.COOKIES.get(cluster.getAppCookie(), None) try: # Instantiate authentication object to retrieve application auth_type authentication = Authentication(token_name, token, app_cookie, portal_cookie) # And then instantiate the right authentication class with auth_type ('form','basic','kerberos') authentication = authentication_classes[authentication.application.auth_type](token_name, token, app_cookie, portal_cookie) logger.debug("PORTAL::log_in: Authentication successfully created") # Application does not need authentication except RedirectionNeededError as e: logger.error("PORTAL::log_in: {}".format(str(e))) return HttpResponseRedirect(e.redirect_url) # Redis connection error except RedisConnectionError as e: logger.error("PORTAL::log_in: Unable to connect to Redis server : {}".format(str(e))) return HttpResponseServerError() # Token not found while instantiating RedisSession or RedisAppSession except TokenNotFoundError as e: logger.error("PORTAL::log_in: {}".format(str(e))) try: # Retrieve application object to redirect to application default uri application = Application.objects(id=ObjectId(proxy_app_id)).only('listeners', 'public_name', 'public_dir').first() return HttpResponseRedirect(application.get_redirect_uri()) # If "proxy_app_id" not found : FORBIDDEN except (Application.DoesNotExist, InvalidId, ValidationError) as e: logger.error("PORTAL::log_in: Application with id '{}' not found : {}".format(proxy_app_id, str(e))) return HttpResponseForbidden() # If redis_session.keys['application_id'] does not exists : FORBIDDEN except (Application.DoesNotExist, ValidationError, InvalidId) as e: logger.error("PORTAL::log_in: Application with id '{}' not found".format(authentication.redis_session.keys['application_id'])) return HttpResponseForbidden() # If assertionError : Ask credentials by portal except AssertionError as e: logger.error("PORTAL::log_in: AssertionError while trying to create Authentication : ".format(e)) return authentication.ask_credentials_response(request=request) """ If user is not authenticated : try to retrieve credentials and authenticate him on backend/fallback-backends """ # If the user is not authenticated and application need authentication if not authentication.is_authenticated(): try: backend_id = authentication.authenticate_on_backend() if not backend_id: # Retrieve credentials authentication.retrieve_credentials(request) logger.debug("PORTAL::log_in: Credentials successfully retrieved") # Authenticate user with credentials retrieven authentication_results = authentication.authenticate(request) logger.debug("PORTAL::log_in: Authentication succeed on backend {}".format(authentication.backend_id)) # Register authentication results in Redis app_cookie, portal_cookie, oauth2_token = authentication.register_user(authentication_results) logger.debug("PORTAL::log_in: User {} successfully registered in Redis".format(authentication.credentials[0])) if authentication_results['data'].get('password_expired', None): logger.info("PORTAL::log_in: User '{}' must change its password, redirect to self-service portal".format(authentication.credentials[0])) app_url = authentication.get_url_portal() return response_redirect_with_portal_cookie(app_url+str(token_name)+'/self/change', portal_cookie_name, portal_cookie, app_url.startswith('https'), None) # If the user is already authenticated (retrieven with RedisPortalSession ) => SSO else: app_cookie, portal_cookie, oauth2_token = authentication.register_sso(backend_id) logger.info("PORTAL::log_in: User {} successfully SSO-powered !".format(authentication.credentials[0])) except AssertionError as e: logger.error("PORTAL::log_in: Bad captcha taped for username '{}' : {}".format(authentication.credentials[0], e)) return authentication.ask_credentials_response(request=request, error="Bad captcha") except AccountLocked as e: logger.error("PORTAL::log_in: Error while trying to authenticate user '{}' : {}".format(authentication.credentials[0], e)) return authentication.ask_credentials_response(request=request, error="Bad credentials") except AuthenticationError as e: logger.error("PORTAL::log_in: AuthenticationError while trying to authenticate user '{}' : {}".format(authentication.credentials[0], e)) return authentication.ask_credentials_response(request=request, error="Bad credentials") except ACLError as e: logger.error("PORTAL::log_in: ACLError while trying to authenticate user '{}' : {}".format(authentication.credentials[0], e)) return authentication.ask_credentials_response(request=request, error="Bad credentials") except (DBAPIError, PyMongoError, LDAPError) as e: logger.error("PORTAL::log_in: Repository driver Error while trying to authentication user '{}' : {}".format(authentication.credentials[0], e)) return authentication.ask_credentials_response(request=request, error="Bad credentials") except (MultiValueDictKeyError, AttributeError, KeyError) as e: #vltprtlsrnm is always empty during the initial redirection. Don't log that logger.debug("PORTAL::log_in: Error while trying to authentication user '{}' : {}".format(authentication.credentials[0], e)) return authentication.ask_credentials_response(request=request) except REDISWriteError as e: logger.error("PORTAL::log_in: RedisWriteError while trying to register user '{}' informations : {}".format(authentication.credentials[0], e)) return HttpResponseServerError() except Exception as e: logger.exception(e) return HttpResponseServerError() """ If user is not double-authenticated and double-authentication needed : try to retrieve credentials and authenticate him on otp-backend """ # If the user is authenticated but not double-authenticated and double-authentication required if authentication.double_authentication_required(): logger.info("PORTAL::log_in: Double authentication required for user '{}'".format(authentication.credentials[0])) try: # Instantiate DOUBLEAuthentication object db_authentication = DOUBLEAuthentication(cluster.getTokenName(), token, app_cookie, portal_cookie) logger.debug("PORTAL::log_in: DoubleAuthentication successfully created") # And try to retrieve credentials db_authentication.retrieve_credentials(request) logger.debug("PORTAL::log_in: DoubleAuthentication credentials successfully retrieven") # And use them to authenticate user db_authentication.authenticate(request) logger.info("PORTAL::log_in: User '{}' successfully double authenticated".format(authentication.credentials[0])) except AssertionError as e: """ If redis_portal_session does not exists or can't retrieve otp key in redis """ logger.error("PORTAL::log_in: DoubleAuthentication failure for username '{}' : {}".format(authentication.credentials[0], str(e))) return authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="Portal cookie expired") except (Application.DoesNotExist, ValidationError, InvalidId) as e: """ Invalid POST 'vulture_two_factors_authentication' value """ logger.error("PORTAL::log_in: Double-authentication failure for username {} : {}".format(authentication.credentials[0], str(e))) return HttpResponseForbidden("Intrusion attempt blocked") except REDISWriteError as e: """ Cannot register double-authentication in Redis : internal server error """ logger.error("PORTAL::log_in: Failed to write double-authentication results in Redis for username '{}' : {}".format(db_authentication.credentials[0], str(e))) return HttpResponseServerError() # If authentication failed : create double-authentication key and ask-it except CredentialsError as e: """ CredentialsError: no OTP credentials provided : ask-them """ logger.error("PORTAL::log_in: Double-authentication failure for username {} : {}".format(authentication.credentials[0], str(e))) try: db_authentication.create_authentication() return db_authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name) except (OTPError, REDISWriteError, RedisConnectionError) as e: """ Error while sending/registering in Redis the OTP informations : display portal""" logger.error("PORTAL::log_in: Failed to create/send double-authentication key : {}".format(str(e))) db_authentication.deauthenticate_user() logger.info("PORTAL::log_in: User '{}' successfully deauthenticated due to db-authentication error".format(authentication.credentials[0])) return authentication.ask_credentials_response(request=request, error="<b> Error sending OTP Key </b> </br> "+str(e)) except AuthenticationError as e: """ Bad OTP key """ logger.error("PORTAL::log_in: DoubleAuthentication failure for username {} : {}".format(authentication.credentials[0], str(e))) try: db_authentication.create_authentication() db_authentication.authentication_failure() logger.debug("PORTAL:log_in: DoubleAuthentication failure successfully registered in Redis") return db_authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="<b> Bad OTP key </b>") except TwoManyOTPAuthFailure as e: logger.error("PORTAL::log_in: Two many OTP authentication failures for username'{}', redirecting to portal".format(authentication.credentials[0])) db_authentication.deauthenticate_user() logger.info("PORTAL::log_in: User '{}' successfully deauthenticated due to db-authentication error".format(authentication.credentials[0])) return authentication.ask_credentials_response(request=request, error=e.args[0]) except (OTPError, REDISWriteError, RedisConnectionError) as e: logger.error("PORTAL::log_in: Error while preparing double-authentication : {}".format(str(e))) return db_authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="<b> Error sending OTP Key </b> </br> "+str(e)) except OTPError as e: """ OTP Error while authenticating given token """ logger.error("PORTAL::log_in: Double-authentication failure for username {} : {}".format(authentication.credentials[0], str(e))) return db_authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="<b> OTP Error </b> {}".format(str(e))) except TwoManyOTPAuthFailure as e: logger.error( "PORTAL::log_in: Two many OTP authentication failures for username'{}', redirecting to portal".format(authentication.credentials[0])) db_authentication.deauthenticate_user() logger.info("PORTAL::log_in: User '{}' successfully deauthenticated due to db-authentication error".format(authentication.credentials[0])) return authentication.ask_credentials_response(request=request, error=e.args[0]) # If we arrive here : the user is authenticated # and double-authenticated if double-authentication needed sso_methods = { 'form': SSOForwardPOST, 'basic': SSOForwardBASIC, 'kerberos':SSOForwardKERBEROS } """ If SSOForward enabled : perform-it """ if authentication.application.sso_enabled: # Try to retrieve credentials from authentication object try: if not authentication.credentials[0] or not authentication.credentials[1]: authentication.get_credentials(request) # If we cannot retrieve them, ask credentials if not authentication.credentials[0]:# or not authentication.credentials[1]: return authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="Credentials not found") logger.info("PORTAL::log_in: Credentials successfuly retrieven for SSO performing") except Exception as e: logger.error("PORTAL::log_in: Error while retrieving credentials for SSO : ") logger.exception(e) return authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="Credentials not found") try: # Instantiate SSOForward object with sso_forward type sso_forward = sso_methods[authentication.application.sso_forward](request, authentication.application, authentication) logger.info("PORTAL::log_in: SSOForward successfully created") # Get credentials needed for sso forward : AutoLogon or Learning sso_data, profiles_to_stock, url = sso_forward.retrieve_credentials(request) logger.info("PORTAL::log_in: SSOForward credentials successfully retrieven") # If credentials retrieven needs to be stocked for profile_name,profile_value in profiles_to_stock.items(): sso_forward.stock_sso_field(authentication.credentials[0], profile_name, profile_value) # Use 'sso_data' and 'url' to authenticate user on application response = sso_forward.authenticate(sso_data, post_url=url, redis_session=authentication.redis_session) logger.info("PORTAL::log_in: SSOForward performing success") # Generate response depending on application.sso_forward options final_response = sso_forward.generate_response(request, response, authentication.get_redirect_url()) logger.info("PORTAL::log_in: SSOForward response successfuly generated") # If the user has not yet a portal cookie : give-it if not request.COOKIES.get(portal_cookie_name, None) or not authentication.redis_base.hgetall(request.COOKIES.get(portal_cookie_name, None)): final_response = set_portal_cookie(final_response, portal_cookie_name, portal_cookie, authentication.get_redirect_url()) return final_response # If learning credentials cannot be retrieven : ask them except CredentialsMissingError as e: logger.error("PORTAL::log_in: Learning credentials missing : asking-them") return authentication.ask_learning_credentials(request=request, portal_cookie_name=None if request.POST.get(portal_cookie_name, None) else portal_cookie_name, fields=e.fields_missing) # If KerberosBackend object cannot be retrieven from mongo with the backend_id that the user is authenticated on except InvalidId: logger.error("PORTAL::log_in: The user is authenticated on a not Kerberos backend, cannot do SSOForward") except (RequestsConnectionError,OpenSSLError) as e: logger.error("PORTAL::log_in: ConnectionError while trying to SSO to backend : ") logger.exception(e) except Exception as e: logger.error("PORTAL::log_in: Unexpected error while trying to perform SSO Forward :") logger.exception(e) """ If no response has been returned yet : redirect to the asked-uri/default-uri with portal_cookie """ redirection_url = authentication.get_redirect_url() logger.info("PORTAL::log_in: Redirecting user to '{}'".format(redirection_url)) try: kerberos_token_resp = authentication_results['data']['token_resp'] except: kerberos_token_resp = None return response_redirect_with_portal_cookie(redirection_url, portal_cookie_name, portal_cookie, redirection_url.startswith('https'), kerberos_token_resp)
def problem_submit(request, problem=None, submission=None): if submission is not None and not request.user.has_perm('judge.resubmit_other') and \ get_object_or_404(Submission, id=int(submission)).user.user != request.user: raise PermissionDenied() profile = request.user.profile if request.method == 'POST': form = ProblemSubmitForm(request.POST, instance=Submission(user=profile)) if form.is_valid(): if (not request.user.has_perm('judge.spam_submission') and Submission.objects.filter(user=profile, was_rejudged=False).exclude( status__in=['D', 'IE', 'CE', 'AB']).count() > 2): return HttpResponse('<h1>You submitted too many submissions.</h1>', status=503) if not form.cleaned_data['problem'].allowed_languages.filter( id=form.cleaned_data['language'].id).exists(): raise PermissionDenied() if not form.cleaned_data['problem'].is_accessible_by(request.user): user_logger.info('Naughty user %s wants to submit to %s without permission', request.user.username, form.cleaned_data['problem'].code) return HttpResponseForbidden('<h1>Do you want me to ban you?</h1>') if not request.user.is_superuser and form.cleaned_data['problem'].banned_users.filter( id=profile.id).exists(): return generic_message(request, _('Banned from submitting'), _('You have been declared persona non grata for this problem. ' 'You are permanently barred from submitting this problem.')) with transaction.atomic(): if profile.current_contest is not None: try: contest_problem = form.cleaned_data['problem'].contests.get(contest=profile.current_contest.contest) except ContestProblem.DoesNotExist: model = form.save() else: max_subs = contest_problem.max_submissions if max_subs and get_contest_submission_count(problem, profile) >= max_subs: return generic_message(request, _('Too many submissions'), _('You have exceeded the submission limit for this problem.')) model = form.save() contest = ContestSubmission(submission=model, problem=contest_problem, participation=profile.current_contest) contest.save() else: model = form.save() # Create the SubmissionSource object source = SubmissionSource(submission=model, source=form.cleaned_data['source']) source.save() profile.update_contest() # Save a query model.source = source model.judge(rejudge=False) return HttpResponseRedirect(reverse('submission_status', args=[str(model.id)])) else: form_data = form.cleaned_data if submission is not None: sub = get_object_or_404(Submission, id=int(submission)) else: initial = {'language': profile.language} if problem is not None: initial['problem'] = get_object_or_404(Problem, code=problem) problem_object = initial['problem'] if not problem_object.is_accessible_by(request.user): raise Http404() if submission is not None: try: sub = get_object_or_404(Submission.objects.select_related('source', 'language'), id=int(submission)) initial['source'] = sub.source.source initial['language'] = sub.language except ValueError: raise Http404() form = ProblemSubmitForm(initial=initial) form_data = initial if 'problem' in form_data: form.fields['language'].queryset = (form_data['problem'].usable_languages.order_by('name', 'key') .prefetch_related(Prefetch('runtimeversion_set', RuntimeVersion.objects.order_by('priority')))) problem_object = form_data['problem'] if 'language' in form_data: form.fields['source'].widget.mode = form_data['language'].ace form.fields['source'].widget.theme = profile.ace_theme if submission is not None: default_lang = sub.language else: default_lang = request.user.profile.language submission_limit = submissions_left = None if profile.current_contest is not None: try: submission_limit = problem_object.contests.get(contest=profile.current_contest.contest).max_submissions except ContestProblem.DoesNotExist: pass else: if submission_limit: submissions_left = submission_limit - get_contest_submission_count(problem, profile) return render(request, 'problem/submit.html', { 'form': form, 'title': _('Submit to %(problem)s') % { 'problem': problem_object.translated_name(request.LANGUAGE_CODE), }, 'content_title': mark_safe(escape(_('Submit to %(problem)s')) % { 'problem': format_html('<a href="{0}">{1}</a>', reverse('problem_detail', args=[problem_object.code]), problem_object.translated_name(request.LANGUAGE_CODE)) }), 'langs': Language.objects.all(), 'no_judges': not form.fields['language'].queryset, 'submission_limit': submission_limit, 'submissions_left': submissions_left, 'ACE_URL': ACE_URL, 'default_lang': default_lang, })
def wrapper(request): """Wrapper""" if _verify(request.POST): return function(request) else: return HttpResponseForbidden()
def colleurDonnees(request): """renvoie les colles des classes de l'utilisateur connecté au format json""" user = request.user if not checkcolleur(user): return HttpResponseForbidden("not authenticated") classes = user.colleur.classes.all() colleurclasses = Colleur.objects.listeColleurClasse(user.colleur) colleurmatieres = Colleur.objects.listeColleurMatiere(user.colleur) creneaux = list( Creneau.objects.filter(classe__in=classes).annotate( nb=Count('colle')).filter(nb__gt=0).values_list( 'pk', 'classe__pk', 'jour', 'heure', 'salle')) semaines = list(Semaine.objects.values_list('pk', 'numero', 'lundi')) colles = Colle.objects.filter(creneau__classe__in=classes).values_list( 'pk', 'creneau', 'semaine', 'groupe', 'matiere', 'colleur', 'eleve') colles = [[ pk, creneau, semaine, groupe or 0, matiere, colleur, eleve or 0 ] for pk, creneau, semaine, groupe, matiere, colleur, eleve in colles] groupes = list( Groupe.objects.filter(classe__in=classes).values_list( 'pk', 'nom', 'classe__pk')) matieres = list( Matiere.objects.filter( matieresclasse__in=classes).distinct().values_list( 'pk', 'nom', 'couleur', 'lv')) eleves = [] for classe in classes: eleves_classe = [[ eleve[0].pk, eleve[0].user.first_name.title() + " " + eleve[0].user.last_name.upper(), eleve[1], 0 if not eleve[0].groupe else eleve[0].groupe.pk, 0 if not eleve[0].lv1 else eleve[0].lv1.pk, 0 if not eleve[0].lv2 else eleve[0].lv2.pk, classe.pk, order ] for order, eleve in enumerate(classe.loginsEleves())] eleves.extend(eleves_classe) colleurs = [[ colleur[0].pk, colleur[0].user.first_name.title() + " " + colleur[0].user.last_name.upper(), colleur[1], order ] for order, colleur in enumerate( classe.loginsColleurs(colleur=user.colleur))] pp = Classe.objects.filter(profprincipal=user.colleur) profs = Prof.objects.filter( classe__in=user.colleur.classes.all(), matiere__in=user.colleur.matieres.all()).values_list( 'colleur__pk', 'classe__pk', 'matiere__pk') profspp = Prof.objects.filter(classe__in=pp).values_list( 'colleur__pk', 'classe__pk', 'matiere__pk') return HttpResponse( json.dumps( { 'colleurmatieres': colleurmatieres, 'colleurclasses': colleurclasses, 'classes': list(classes.values_list('id', 'nom')), 'pp': list(pp.values_list('id')), 'profs': list(profs | profspp), 'notes': Note.objects.listeNotesApp(user.colleur), 'programmes': list( Programme.objects.filter( classe__in=user.colleur.classes.all()). order_by('-semaine__lundi').values_list( 'matiere__pk', 'classe__pk', 'semaine__numero', 'semaine__lundi', 'titre', 'detail', 'fichier')), 'creneaux': creneaux, 'semaines': semaines, 'colles': colles, 'groupes': groupes, 'matieres': matieres, 'eleves': eleves, 'colleurs': colleurs }, default=date_serial))
def post(self, request, project_id): if 'add-new' in request.POST: project = Event() else: project = Event.objects.get(pk=project_id) if 'add-new' in request.POST: project.name = request.POST['name'] project.save() project.admins.add(request.user) if 'group-id' in request.POST: UserGroup.objects.get(pk=request.POST['group-id'])\ .projects.add(project) CreationActivity().set_target( 'project', project.pk, project.name, reverse('project:project_details', args=[project.pk])).log_for(request.user, event=project) return redirect('project:project_details', project.pk) elif "save" in request.POST or 'save-and-proceed' in request.POST: if request.user not in project.get_admins(): return HttpResponseForbidden() project.name = request.POST["project-name"] project.description = request.POST["project-description"] if request.POST.get('project-start-date') != '': project.start_date = request.POST["project-start-date"] else: project.start_date = None if request.POST.get('project-end-date') != '': project.end_date = request.POST["project-end-date"] else: project.end_date = None if project.is_acaps(): if request.POST.get('project-status') != '': project.status = int(request.POST['project-status']) if request.POST.get('disaster-type') != '': project.disaster_type = \ DisasterType.objects.get( pk=int(request.POST['disaster-type'])) else: project.disaster_type = None if request.POST.get('glide-number') != '': project.glide_number = request.POST['glide-number'] else: project.glide_number = None if request.POST.get('spillover') != '': project.spill_over = \ Event.objects.get(pk=int(request.POST['spillover'])) else: project.spill_over = None project.save() if project.admins.count() == 0: project.admins.add(request.user) EditionActivity().set_target( 'project', project.pk, project.name, reverse('project:project_details', args=[project.pk])).log_for(request.user, event=project) project.admins.clear() if request.POST.get("admins"): for admin in request.POST.getlist("admins"): project.admins.add(User.objects.get(pk=int(admin))) project.members.clear() if request.POST.get("members"): for member in request.POST.getlist("members"): project.members.add(User.objects.get(pk=int(member))) project.countries.clear() if request.POST.get("countries"): for country in request.POST.getlist("countries"): project.countries.add(Country.objects.get(pk=country)) prev_groups = project.usergroup_set.all() for ug in prev_groups: ug.projects.remove(project) new_groups = [] if request.POST.get("user-groups"): for pk in request.POST.getlist("user-groups"): usergroup = UserGroup.objects.get(pk=pk) usergroup.projects.add(project) new_groups.append(usergroup) if usergroup not in prev_groups: AdditionActivity().set_target( 'project', project.pk, project.name, reverse('project:project_details', args=[project.pk ])).log_for(request.user, event=project, group=usergroup) for ug in prev_groups: if ug not in new_groups: RemovalActivity().set_target( 'project', project.pk, project.name, reverse('project:project_details', args=[project.pk])).log_for(request.user, event=project, group=ug) Country.objects.filter(event=None)\ .exclude(reference_country=None).delete() if 'save-and-proceed' in request.POST: return redirect('project:geo_area', project.pk) else: return redirect('project:project_details', project.pk) elif "delete" in request.POST: activity = DeletionActivity().set_target('project', project.pk, project.name) project.delete() activity.log_for(request.user) Country.objects.filter(event=None)\ .exclude(reference_country=None).delete() EntryTemplate.objects.filter(usergroup=None, event=None).delete() return redirect('user_profile', request.user.pk)