def ssl_auth(request): """ SSL certificate authentication. """ ssl_auth_form = SSLCertLoginForm(request.POST) if not ssl_auth_form.is_valid(): return HttpResponseBadRequest('400 Bad Request') session_id = cipher.decrypt( base64.b64decode(ssl_auth_form.cleaned_data['session_id']), 32) next_uri = ssl_auth_form.cleaned_data['login_uri'] user = authenticate(request=request) if user and user.is_active: _login(request, user) init_otp(request) if request.user.is_verified(): # OTP disabled next_uri = ssl_auth_form.cleaned_data['next'] else: messages.error(request, 'Certificate authentication failed') # so, django will always start a new session for us. we need to copy # the data to the original session and preferably flush the new one. session = SessionStore(session_key=session_id) session.update(request.session) # always logout automatically from SSL-based auth # it's easy enough to log back in anyway if 'openid_request' in session: session['auto_logout'] = True session.save() request.session.flush() return redirect(next_uri)
def decrypt(self, eid): """ Return the SessionStore to which the encrypted identifier is pointing. Raises ValueError if the identifier is invalid. """ try: session_id = cipher.decrypt(ub64decode(eid), self.ciphertext_length) except (TypeError, ValueError): pass else: session_id = session_id[self.random_prefix_bytes:] session_id = ub64encode(session_id) session = SessionStore(session_key=session_id) if session.get('encrypted_id') == eid: # circular import from .models import RevokedToken # revoke to prevent replay attacks if RevokedToken.add(eid): del session['encrypted_id'] session.save() return session raise ValueError('Invalid session id')
def test_encrypt_decrypt(self): session = SessionStore() session['test'] = 'in-test' session.save() eid = sessionrefcipher.encrypt(session) sess = sessionrefcipher.decrypt(eid) self.assertEqual(sess.get('test'), 'in-test')
def test_unique_encrypted_are_generated_after_revocation(self): session = SessionStore() session['test'] = 'in-test' session.save() eid1 = sessionrefcipher.encrypt(session) session = sessionrefcipher.decrypt(eid1) eid2 = sessionrefcipher.encrypt(session) self.assertNotEqual(eid1, eid2)
def test_revoked_encrypted_id_raises_valueerror(self): session = SessionStore() session['test'] = 'in-test' session.save() eid1 = sessionrefcipher.encrypt(session) session = sessionrefcipher.decrypt(eid1) eid2 = sessionrefcipher.encrypt(session) if eid1 == eid2: raise SkipTest('Non-unique encrypted IDs generated') self.assertRaises(ValueError, sessionrefcipher.decrypt, eid1)
def test_request(self): user = User.objects.create_user('root', 'root') session = SessionStore() session.save() request = HttpRequest() request.user = user request.session = session usage.log('test', request=request, async=False) event = Log.objects.all()[0] self.assertEqual(event.user, user) self.assertEqual(event.session_key, request.session.session_key)
def processSession(skey): # get the latest session associated with this object session = SessionStore(skey) # do not go if the session has already been logged out if session.get('account') is None or SESSION_KEY not in session: return processCometReceivedDict(session, postDict) # need to save session to commit modifications session.modified = True session.save() # flag all threads with this session_key about the new stuff # same browser - different tabs CometSession.objects.update() for comet in CometSession.objects.filter(session_key=skey): comet.modified = True comet.save()
class SessionTestCase(TestCase): def setUp(self): self.session = SessionStore() def tearDown(self): self.session.delete() def test_set_and_get(self): self.session['spam'] = 'egg' self.assertEqual(self.session.get('spam'), 'egg') def test_set_and_pop(self): self.session['spam'] = 'egg' self.assertEqual(self.session.pop('spam'), 'egg') self.assertIsNone(self.session.get('spam')) def test_pop_no_default_keyerror_raised(self): with self.assertRaises(KeyError): self.session.pop('spam') def test_update(self): self.session.update({'update key': 1}) self.assertEqual(self.session.get('update key', None), 1) def test_has_key(self): self.session['spam'] = 'egg' self.assertIn('spam', self.session) def test_values(self): self.assertEqual(list(self.session.values()), []) self.session['spam'] = 'egg' self.assertEqual(list(self.session.values()), ['egg']) def test_keys(self): self.assertEqual(list(self.session.values()), []) self.session['spam'] = 'egg' self.assertEqual(list(self.session.keys()), ['spam']) def test_items(self): self.session['spam'] = 'egg' self.assertEqual(list(self.session.items()), [('spam', 'egg')]) def test_clear(self): self.session['spam'] = 'egg' self.session.clear() self.assertEqual(list(self.session.items()), []) def test_save(self): self.session.save() self.assertIs(self.session.exists(self.session.session_key), True) def test_delete(self): self.session.save() self.session.delete(self.session.session_key) self.assertIs(self.session.exists(self.session.session_key), False) def test_flush(self): self.session['spam'] = 'egg' self.session.save() prev_key = self.session.session_key self.session.flush() self.assertNotEqual(self.session.session_key, prev_key) self.assertIsNone(self.session.session_key)
def update_balance(request, update_type, obj=None): # 创建主题 if update_type == 'create': # 获取当前用户的id uid = request.session.get('user_info')['uid'] # 设置改变值 change_balance = -20 # 类型 balance_type = "创建主题" # 描述 marks = '创建了的主题 > <a href="{_uri}">{_title}</a>'.format(_uri=reverse('topic', args=(obj.topic_sn,)), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create( user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance ) # 更新session 中数据 request.session['user_info']['balance'] = user_obj.balance # 创建回复 elif update_type == 'reply': uid = request.session.get('user_info')['uid'] change_balance = -5 balance_type = "创建回复" marks = '在主题 > <a href="{_uri}">{_title}</a> 中创建了回复'.format(_uri=reverse('topic', args=(obj.topic_sn,)), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create( user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance ) # 更新session 中数据 request.session['user_info']['balance'] = user_obj.balance # 感谢主题 elif update_type == 'thanks': uid = request.session.get('user_info')['uid'] change_balance = -15 balance_type = "发送谢意" marks = '感谢 <a href="{_member_uri}">{_author}</a> 的 > <a href="{_uri}">{_title}</a> 主题'.format( _member_uri=reverse('member', args=(obj.author.username,)), _author=obj.author.username, _uri=reverse('topic', args=(obj.topic_sn,)), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create( user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance ) # 更新session 中数据 request.session['user_info']['balance'] = user_obj.balance # 收到感谢 elif update_type == 'recv_thanks': # 获取基础信息 uid = obj.author_id change_balance = 10 balance_type = "收到谢意" marks = '主题 > <a href="{_uri}">{_title}</a> 收到感谢'.format(_uri=reverse('topic', args=(obj.topic_sn,)), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create( user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance ) # 收到感谢,要查找是谁收到感谢,然后更新此用户的session数据 session = SessionStore(session_key=obj.author.session) # 如果用户在线,才更新 if session.get('user_info', None): session['user_info']['balance'] = user_obj.balance # 在外边使用session 要调用save 保存数据 session.save() # 主题收到回复 elif update_type == 'reply_recv': uid = obj.author_id change_balance = 5 balance_type = "主题回复收益" marks = '主题 > <a href="{_uri}">{_title}</a> 收到了回复'.format(_uri=reverse('topic', args=(obj.topic_sn,)), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create( user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance ) # 收到回复,要查找是谁收到回复,然后更新此用户的session数据 session = SessionStore(session_key=obj.author.session) if session.get('user_info', None): session['user_info']['balance'] = user_obj.balance # 在外边使用session 要调用save 保存数据 session.save() # 编辑主题 elif update_type == 'edit': uid = obj.author_id change_balance = -5 balance_type = "编辑主题" marks = '编辑了主题 > <a href="{_uri}">{_title}</a>'.format(_uri=reverse('topic', args=(obj.topic_sn,)), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create( user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance ) # 更新session 中数据 request.session['user_info']['balance'] = user_obj.balance
def update_balance(request, update_type, obj=None): # 创建话题 if update_type == 'create': # 获取当前用户的id uid = request.session.get('user_info')['uid'] # 设置改变值 change_balance = -20 # 类型 balance_type = "创建话题" # 描述 marks = '创建了新话题 > <a href="{_uri}">{_title}</a>'.format( _uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create(user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance) # 更新session 中数据 request.session['user_info']['balance'] = user_obj.balance # 创建回复 elif update_type == 'reply': uid = request.session.get('user_info')['uid'] change_balance = -5 balance_type = "创建回复" marks = '在话题 > <a href="{_uri}">{_title}</a> 中创建了回复'.format( _uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create(user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance) # 更新session 中数据 request.session['user_info']['balance'] = user_obj.balance # 感谢话题 elif update_type == 'thanks': uid = request.session.get('user_info')['uid'] change_balance = -15 balance_type = "发送谢意" marks = '感谢 <a href="{_member_uri}">{_author}</a> 的 > <a href="{_uri}">{_title}</a> 主题'.format( _member_uri=reverse('member', args=(obj.author.username, )), _author=obj.author.username, _uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create(user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance) # 更新session 中数据 request.session['user_info']['balance'] = user_obj.balance # 收到感谢 elif update_type == 'recv_thanks': # 获取基础信息 uid = obj.author_id change_balance = 10 balance_type = "收到谢意" marks = '话题 > <a href="{_uri}">{_title}</a> 收到感谢'.format( _uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create(user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance) # 收到感谢,要查找是谁收到感谢,然后更新此用户的session数据 session = SessionStore(session_key=obj.author.session) # 如果用户在线,才更新 if session.get('user_info', None): session['user_info']['balance'] = user_obj.balance # 在外边使用session 要调用save 保存数据 session.save() # 话题收到回复 elif update_type == 'reply_recv': uid = obj.author_id change_balance = 5 balance_type = "话题回复收益" marks = '话题 > <a href="{_uri}">{_title}</a> 收到了回复'.format( _uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create(user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance) # 收到回复,要查找是谁收到回复,然后更新此用户的session数据 session = SessionStore(session_key=obj.author.session) if session.get('user_info', None): session['user_info']['balance'] = user_obj.balance # 在外边使用session 要调用save 保存数据 session.save() # 编辑话题 elif update_type == 'edit': uid = obj.author_id change_balance = -5 balance_type = "编辑话题" marks = '编辑了话题 > <a href="{_uri}">{_title}</a>'.format( _uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title) # 更新数据库中的用户余额 UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance) # 获取此用户更新后的balance user_obj = UserDetails.objects.filter(user_id=uid).first() # 创建余额变动清单 BalanceInfo.objects.create(user_id=uid, balance_type=balance_type, balance=change_balance, marks=marks, last_balance=user_obj.balance) # 更新session 中数据 request.session['user_info']['balance'] = user_obj.balance