def get(self, request): contest_id = request.GET.get("contest_id") if not contest_id: return self.error() try: contest = Contest.objects.get(id=contest_id, visible=True, password__isnull=False) except Contest.DoesNotExist: return self.error("Contest does not exist") session_pass = request.session.get(CONTEST_PASSWORD_SESSION_KEY, {}).get(contest.id) return self.success({"access": check_contest_password(session_pass, contest.password)})
def post(self, request): data = request.data try: contest = Contest.objects.get(id=data["contest_id"], visible=True, password__isnull=False) except Contest.DoesNotExist: return self.error("Contest does not exist") if not check_contest_password(data["password"], contest.password): return self.error("Wrong password or password expired") # password verify OK. if CONTEST_PASSWORD_SESSION_KEY not in request.session: request.session[CONTEST_PASSWORD_SESSION_KEY] = {} request.session[CONTEST_PASSWORD_SESSION_KEY][contest.id] = data["password"] # https://docs.djangoproject.com/en/dev/topics/http/sessions/#when-sessions-are-saved request.session.modified = True return self.success(True)