def use_token(request, token_str=None, **kwargs): if not token_str is None: #print "use_token: {}".format(token_str) token = get_object_or_404(Token, token=token_str) response = HttpResponseRedirect(token.url) if True or not token.used: # our tokens are not single use so never lock them out response = HttpResponseRedirect(token.url) token.used = True token.save() signal_token_used.send(sender=use_token, request=request, token=token) max_age = 2592000 expires_time = time.time() + max_age expires = cookie_date(expires_time) tokens_list = list(set(get_tokens_from_cookie(request) + [token.token])) tokens = '|'.join(tokens_list) response.set_cookie(TOKEN_COOKIE, tokens, max_age=max_age, expires=expires) # if token is used but user doesn't have token cookie so tell them NO elif not user_has_token_cookie(request, token_str=token.token): response = HttpResponseRedirect( reverse('token_used', kwargs={'token_str':token.token,})) # cookie's expired... answer is still no elif not token.valid_until is None and token.valid_until <= datetime.datetime.now(): response = HttpResponseRedirect(reverse('token_expired')) # user has a cookie with that token and it's still valid elif token.single_use: token.delete() signal_token_visited.send(sender=use_token, request=request, token=token) return response else: return direct_to_template(request, template='token_auth/token_invalid.html', **kwargs)
def process_request(self, request): CHECK_TOKEN = False try: view, args, kwargs = resolve(request.path) if "use_token" is view.__name__: CHECK_TOKEN = True except: pass if CHECK_TOKEN: pass elif request.path == reverse("login_form"): pass else: where_sql = "SUBSTR(%s, 1, LENGTH(url)) = url" if ProtectedURL.objects.extra(where=[where_sql], params=[request.path]): user_tokens = get_tokens_from_cookie(request) # get the user's tokens tokens = Token.active_objects.filter(token__in=user_tokens).order_by("url") if tokens: for token in tokens: if request.path.startswith(token.url): signal_token_visited.send(sender=self.__class__, request=request, token=token) request.valid_token = token break allowed = self.check_for_user_or_token(request) if not allowed: return HttpResponseRedirect(reverse("login_form"))
def process_request(self, request): CHECK_TOKEN = False try: view, args, kwargs = resolve(request.path) if 'use_token' is view.__name__: CHECK_TOKEN = True except: pass if CHECK_TOKEN: pass elif request.path == reverse('login_form'): pass else: where_sql = 'SUBSTR(%s, 1, LENGTH(url)) = url' if ProtectedURL.objects.extra(where=[where_sql], params=[request.path]): user_tokens = get_tokens_from_cookie( request) # get the user's tokens tokens = Token.active_objects.filter( token__in=user_tokens).order_by('url') if tokens: for token in tokens: if request.path.startswith(token.url): signal_token_visited.send(sender=self.__class__, request=request, token=token) request.valid_token = token break allowed = self.check_for_user_or_token(request) if not allowed: return HttpResponseRedirect(reverse('login_form'))
def use_token(request, token_str=None, **kwargs): if not token_str is None: token = get_object_or_404(Token, token=token_str) response = HttpResponseRedirect(token.url) if not token.used: response = HttpResponseRedirect(token.url) token.used = True token.save() signal_token_used.send(sender=use_token, request=request, token=token) max_age = 2592000 expires_time = time.time() + max_age expires = cookie_date(expires_time) tokens_list = list( set(get_tokens_from_cookie(request) + [token.token])) tokens = '|'.join(tokens_list) response.set_cookie(TOKEN_COOKIE, tokens, max_age=max_age, expires=expires) # if token is used but user doesn't have token cookie so tell them NO elif not user_has_token_cookie(request, token_str=token.token): response = HttpResponseRedirect( reverse('token_used', kwargs={ 'token_str': token.token, })) # cookie's expired... answer is still no elif not token.valid_until is None and token.valid_until <= datetime.datetime.now( ): response = HttpResponseRedirect(reverse('token_expired')) # user has a cookie with that token and it's still valid elif token.single_use: token.delete() signal_token_visited.send(sender=use_token, request=request, token=token) return response else: return direct_to_template(request, template='token_auth/token_invalid.html', **kwargs)