def run(self, data, user, session_key):
search_form = SearchForm(data=data)
filters_form = SearchFiltersForm(data=data)
search_form.is_valid()
filters_form.is_valid()
keywords = search_form.cleaned_data.get(
'keywords', '').lower().strip().split()
location = search_form.cleaned_data.get(
'location', '').lower().strip()
job_position = filters_form.cleaned_data.get('job_position')
experience_years = filters_form.cleaned_data.get('experience_years')
distance = filters_form.cleaned_data.get('distance')
full_time = filters_form.cleaned_data.get('full_time', False)
part_time = filters_form.cleaned_data.get('part_time', False)
visa = filters_form.cleaned_data.get('visa', False)
was_search_button_clicked = data.get('_search', '0') == '1'
self.user = user
results = dict(results=[])
if len(keywords) > 0 or location != '' or was_search_button_clicked:
queryset = self.get_queryset(keywords, location, job_position,
experience_years, distance, full_time, part_time, visa)
object_list = self.get_object_list(queryset)
results['results'] = dict(object_list=object_list)
session = SessionStore(session_key=session_key)
session[constants.RESULTS_BEACON_TASK_DONE_SESSION_KEY] = results
session.save()
def submit_upload(request):
global rlock
assert isinstance(request, HttpRequest)
try:
rlock.acquire()
key = request.POST["key"]
cID = request.POST["cID"]
index_ = request.POST["index"]
s = SessionStore(session_key=key)
if s["type"]:
pass
s.set_expiry(globe_time)
s.save()
if int(s["type"]) != 3:
raise Exception
submit_time = datetime.datetime.now()
deadline = Task.objects.filter(cid=int(cID),index=int(index_))[0].deadline
if submit_time > deadline:
raise Exception("beyond deadline!")
filename = str(request.FILES["Filedata"])
file_path = "Center/www/upload/" + filename
with connection.cursor() as cur:
cur.execute("UPDATE worksubmit set FilePath=%s WHERE sID=%s and cID=%s and TaskIndex=%s",
[file_path, int(s["ID"]), int(cID), int(index_)])
with open(file_path, "w+b") as fd:
fd.write(request.FILES["Filedata"].file.read())
rlock.release()
return HttpResponse("OK")
except Exception as er:
rlock.release()
print("submit_upload", er.__class__, er)
return HttpResponse("", status=400)
def test_post_success_creates_new_user_with_referrer(self):
referrer_url = 'http://facebook.com'
post_data = {'email' : '*****@*****.**'}
session = SessionStore()
session[referrer_url_session_key] = referrer_url
session[referring_user_id_session_key] = ''
session.save()
self.client.cookies[settings.SESSION_COOKIE_NAME] = session.session_key
self.assertEqual(User.objects.count(), 1)
self.assertEqual(SocialLaunchProfile.objects.count(), 0)
response = self.client.post(reverse('social_launch_index'), post_data, follow=True)
users = User.objects.all()
slps = SocialLaunchProfile.objects.all()
self.assertEquals(len(users), 2)
self.assertEquals(len(slps), 1)
user = users[1]
slp = slps[0]
self.assertRedirects(response, reverse('social_launch_referral', kwargs={'referring_user_id' : user.id}))
self.assertEquals(user.email, post_data['email'])
self.assertEquals(user.username, post_data['email'])
self.assertFalse(user.has_usable_password())
self.assertContains(response, user_successfully_created_msg)
self.assertEquals(slp.user, user)
self.assertEquals(slp.referrer_url, referrer_url)
self.assertEquals(slp.referring_user, None)
def submit_download(request):
global rlock
assert isinstance(request, HttpRequest)
try:
rlock.acquire()
key = request.GET["key"]
cID = request.GET["cID"]
sID = request.GET["sID"]
index_ = request.GET["index"]
s = SessionStore(session_key=key)
if s["type"]:
pass
s.set_expiry(globe_time)
s.save()
if int(s["type"]) != 2:
raise Exception
submit = Worksubmit.objects.filter(cid=int(cID), sid=int(sID), taskindex=int(index_))[0]
with open(submit.filepath, "r+b") as fd:
data = fd.read()
response = HttpResponse(data, content_type='application/octet-stream')
response['Content-Disposition'] = "attachment; filename=\"{0}\"".format(
urllib.parse.quote(submit.filepath.rsplit("/", 1)[-1], safe='/[]'))
rlock.release()
return response
except Exception as er:
rlock.release()
print("submit_upload", er.__class__, er)
return HttpResponse("", status=400)
def csv_progress(cls,
argument_dict,
request):
key = request.session.session_key
store = SessionStore(session_key=key)
chunk_size = store['CSV_CHUNK_LINE_COUNT']
length = store['input_csv_length']
if length < chunk_size:
store['csv_lines_processed'] = 0
store.save()
return 'kill_progress_bar'
lines_processed = store['csv_lines_processed']
# Boolean if less than 1000 lines left. Immediatly evaled.
remaining_less_than_chunk_size = ((length - lines_processed)
< chunk_size)
if remaining_less_than_chunk_size:
store['csv_lines_processed'] = 0
store.save()
return 'kill_progress_bar'
else:
bar_percent = round(lines_processed/length*100)
html = '<div class="progress">'
html += '<div class="progress-bar progress-bar-striped active" '
html += 'role="progressbar"'
html += ' aria-valuenow="' + str(bar_percent) + '"'
html += 'aria-valuemin="0" aria-valuemax="100" style="width:'
html += str(bar_percent) + '%">' + str(bar_percent) + '% complete'
html += '</div></div>'
return html
def view_course(request):
assert isinstance(request, HttpRequest)
try:
data = json.loads(request.body.decode())
key = data["key"]
s = SessionStore(session_key=key)
if s["type"]:
pass
s.set_expiry(globe_time)
s.save()
courses = []
if int(s["type"]) == 3:
courses_id = Studentcourse.objects.filter(sid=int(s["ID"]))
for course_id in courses_id:
c = Course.objects.filter(cid=course_id.cid.cid).values()[0]
c["endday"] = c["endday"].strftime("%Y-%m-%d-%H")
c["startday"] = c["startday"].strftime("%Y-%m-%d-%H")
c["tname"] = Teacher.objects.filter(tid=c["teacherid_id"])[0].tname
courses.append(c)
elif int(s["type"]) == 2:
for course in Course.objects.filter(teacherid=int(s["ID"])).values():
course["endday"] = course["endday"].strftime("%Y-%m-%d-%H")
course["startday"] = course["startday"].strftime("%Y-%m-%d-%H")
course["tname"] = Teacher.objects.filter(tid=course["teacherid_id"])[0].tname
courses.append(course)
except Exception as er:
print("view_course", er.__class__, er)
print(request.body)
return HttpResponse("", status=400)
return HttpResponse(json.dumps(courses))
def create_pre_authenticated_session(email):
user = User.objects.create(email=email)
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session.save()
return session.session_key
def logout_view(request):
p=SessionStore(session_key=request.session["idkey"])
p["estado"]="desconectado"
p["name"]=""
p.save()
logout(request)
return HttpResponseRedirect("/")
def confirm(request):
try:
session_s, user_mail, user = None, None, None
#Obtener llave de sesion y mail de usuario a partir del GET
if request.method == 'GET':
session_s = SessionStore(session_key=request.GET[''])
user_mail = request.GET['email']
else: return C_error.raise_error(C_error.PERMISSIONDENIED)
#Verificar que coinciden el email de sesion y el email que se entrega para obtener
#al usuario a traves del email
if session_s['user_mail'] == user_mail:
user = User.objects.get(email=session_s['user_mail'])
else: return C_error.raise_error(C_error.EXPIREDKEY)
#Verificar que el usuario no este activo para activarlo. Una vez activado se borra
#la sesion.
if(user.is_active == False):
user.is_active = True
user.save()
session_s.delete()
form = LoginForm()
c = { 'form': form, 'success':True}
return render_to_response('user_login.html', c,context_instance = RequestContext(request) )
else: return C_error.raise_error(C_error.USERALREADYACTIVE)
#Exceptions que se pueden producir por algun fallo durante la activacion de la cuenta.
except KeyError: return C_error.raise_error(C_error.INVALIDEXPIREDKEY)
except ObjectDoesNotExist: return C_error.raise_error(C_error.UNREGISTEREDUSER)
except Exception as e:
print '%s (%s)' % (e.message, type(e))
return C_error.raise_error(C_error.MAGICERROR)
def process_request2(self, request):
user = None
if request.path.startswith('/css') or request.path.startswith('/fav'):
return
#request.session.set_test_cookie()
if request.user.id is not None and request.user.id>0:
user = request.user.id
try:
sess=UserSession.objects.get(user__id=user)
sess.session_key=request.session.session_key
sess.time = datetime.now()
sess.save()
except:
if request.session.session_key is None or len(request.session.session_key) >40:
session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
s = SessionStore(session_key)
s['last_login'] = datetime.isoformat(datetime.now())
s.save()
request.COOKIES['last_login'] = s['last_login']
else:
s = request.session
sess,created=UserSession.objects.get_or_create(user_id=user,session_key=s.session_key,board_id=None,thread_id=None)
sess.time = datetime.now()
sess.session_key=s.session_key
sess.save()
request.session = s
d = timedelta(seconds=3600)
deldate = datetime.now()-d
UserSession.objects.filter(time__lt=deldate).delete()
# delete all sessions that are not in the sessiontable
UserSession.objects.raw('DELETE from users_usersession WHERE session_key not in (SELECT d.session_key FROM django_session d)')
def gr(request, id):
"""
Geo-Room: shows a group of users on the map
updating their position.
The Geo-Room MUST be created with the gr_new.
Check if the user is already present in this georoom
otherwise register inside it.
"""
gr = get_object_or_404(GeoRoom, idx=id)
if not request.session.session_key:
# if the user came for the first time then she doesn't have any cookie
# and session_key configured
# see <https://docs.djangoproject.com/en/1.4/topics/http/sessions/#using-sessions-out-of-views>
from django.contrib.sessions.backends.db import SessionStore
s = SessionStore()
s.save()
request.session = s
gruser, created = GRUser.objects.get_or_create(
session_key=request.session.session_key,
)
gr.users.add(gruser)
return render_to_response(
'places/gr.html',
{},
context_instance=RequestContext(request))
def resend_confirmation(request):
try:
if request.method == 'POST':
form = SendConfirmationForm(request.POST)
if form.is_valid():
session_s = SessionStore()
session_s['user_mail'] = form.cleaned_data['email']
session_s.set_expiry(SESSION_EXPIRY)
session_s.save(must_create=True)
user = User.objects.get(email=session_s['user_mail'])
if(user.is_active == False):
return send_registration_confirmation(session_s)
else: return C_error.raise_error(C_error.USERALREADYACTIVE)
else:
form = SendConfirmationForm()
c = { 'form': form }
c.update(csrf(request))
return render_to_response('register_form.html', c)
#Exceptions que se pueden producir por algun fallo durante el reenvio de la llave de confirmacion.
except ObjectDoesNotExist as e: return C_error.raise_error(C_error.UNREGISTEREDUSER)
except Exception:
print '%s (%s)' % (e.message, type(e))
return C_error.raise_error(C_error.MAGICERROR)
def test_get_or_create7(self):
"""User session object get_or_create workspace cornercase.
Defined user has preference over defined session."""
user = User(username='******', password='******')
user.save()
user2 = User(username='******', password='******')
user2.save()
session_store = SessionStore(session_key='other_session')
session_store.save()
user_session_object = UserSession.get_or_create(
self.other_session_key, user=user)
self.assertTrue(user_session_object.id)
user_session_object_user = UserSession.get_or_create(
self.session_key, user=user)
self.assertEquals(
user_session_object.id, user_session_object_user.id)
# Don't find anything: create new workspace
user_session_object_other = UserSession.get_or_create(
self.other_session_key, user=user2)
self.assertNotEquals(
user_session_object.id, user_session_object_other.id)
def auth_view(request):
params = request.GET
vk_token = params.get("vk_token")
if vk_token is not None:
user = get_user_by_vk(vk_token)
vkapi = vk.API(vk.Session(), access_token=vk_token)
audios = vkapi.audio.get(owner_id=user.vk_id)[1:]
genre_count = collections.defaultdict(int)
for audio in audios:
genre_count[audio.get("genre", 5000)] += 1
UserGenre.objects.filter(user=user).update(
count=0,
)
for genre, count in genre_count.items():
user_genre = UserGenre.objects.get_or_create(
user_id=user.id,
genre_id=genre,
)[0]
user_genre.count = count
user_genre.save()
else:
raise TripsExc("auth_error")
ss = SessionStore()
ss["user_id"] = user.id
ss.save()
return {
"auth_token": ss.session_key,
"user": user.get_data(),
}
def add_task(request):
assert isinstance(request, HttpRequest)
try:
data = json.loads(request.body.decode())
s = SessionStore(session_key=data["key"])
if s["type"]:
pass
s.set_expiry(globe_time)
s.save()
old = Task.objects.filter(name=data["TaskName"])
if len(old):
return HttpResponse({"index": old[0].index})
cid = int(data["cID"])
name = data["TaskName"]
request = data["Description"]
maxgrade = int(data["MaxPoint"])
release = datetime.datetime.now()
deadline = datetime.datetime.strptime(data["DeadLine"], "%Y-%m-%dT%H:%M")
index_ = -1
with connection.cursor() as cur:
cur.execute("insert into task VALUES (%s,%s,%s,%s,%s,%s,%s,%s)",
[cid, index_, name, request, release, deadline, "", maxgrade])
old_task = Task.objects.filter(cid__cid=cid, name=name)[0]
return HttpResponse(json.dumps({"index": old_task.index}))
except Exception as er:
print("add_task", er.__class__, er)
return HttpResponse("")
def task_upload(request):
global rlock
assert isinstance(request, HttpRequest)
try:
rlock.acquire()
key = request.POST["key"]
cID = int(request.POST["cID"])
index_ = int(request.POST["index"])
s = SessionStore(session_key=key)
if s["type"]:
pass
s.set_expiry(globe_time)
s.save()
if int(s["type"]) != 2:
raise Exception
filename = str(request.FILES["Filedata"])
attachment = "Center/www/upload/" + filename
with open(attachment, "w+b") as fd:
fd.write(request.FILES["Filedata"].file.read())
with connection.cursor() as cur:
cur.execute("update task set Attachment=%s WHERE cID=%s and `Index`=%s;",
[attachment, cID, index_])
rlock.release()
return HttpResponse("OK")
except Exception as er:
rlock.release()
print("task_upload", er.__class__, er)
return HttpResponse("", status=400)
def create_user_session(user):
# Then create the authenticated session using the new user credentials
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session[HASH_SESSION_KEY] = user.get_session_auth_hash()
session.save()
return session
def create_pre_authenticated_session(self, email):
user = User.objects.create(email=email)
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session.save()
self.browser.get(self.server_url + "/404_no_such_url/")
self.browser.add_cookie(dict(name=settings.SESSION_COOKIE_NAME, value=session.session_key,path='/',))
def newSessionHandler(argRequest, argUser):
tmpToken = md5Encoding(tokenGenerator(16))
argRequest.session['id'] = tmpToken
tmpSession = SessionStore()
tmpSession.save()
tmpSessionKey = tmpSession.session_key;
argRequest.session._session_key = tmpSessionKey
User.objects.filter(pk=argUser.id).update(session_key=tmpSessionKey)
def logout_view(request):
cookie=SessionStore(session_key=request.session["idkey"])
cookie["estado"]="desconectado"
#del request.cookie["idkey"]
cookie["name"]=""
cookie.save()
logout(request)
return HttpResponseRedirect("/")
def place_order(sender, **kwargs):
""" collect basket, user, shipping_method and address, order_number, total
and pass them to handle_order_placement, but first add payment events and
sources """
request = kwargs.get('request', None) or HttpRequest()
basket = sender
user = basket.owner if basket.owner else AnonymousUser()
guest_email = None
strategy = selector.strategy(user=user)
session_data = shipping_address = shipping_method = None
log.debug("initialising: \n basket = %s \n usr = %s \n strategy = %s",
basket, user, strategy)
basket.strategy = strategy
amount_allocated = kwargs['OutSum']
session_key = kwargs['session_key']
order_num = kwargs['order_num']
if session_key is not None:
session = SessionStore(session_key = session_key)
if len(session.items()):
log.debug("Session %s successfully restored", session)
request.session = session
request.user = user
session_data = CheckoutSessionData(request)
if isinstance(user, AnonymousUser):
guest_email = session_data.get_guest_email()
order_placement = RobokassaOrderPlacement()
order_placement.request = request
if session_data is not None:
order_placement.checkout_session = session_data
shipping_address = order_placement.get_shipping_address(basket)
shipping_method = order_placement.get_shipping_method(
basket, shipping_address)
total = order_placement.get_order_totals(basket, shipping_method)
else: # session not found, lets try to place order anyway
log.error(("Session was not restored, trying default order for "
"basket #%s"), basket.id)
basket.is_shipping_required = False
total = prices.Price(
currency=basket.currency,
excl_tax=basket.total_excl_tax, incl_tax=basket.total_incl_tax)
# now create payment source and events
source_type, is_created = SourceType.objects.get_or_create(
name=u'Робокасса', code='robokassa')
source = Source(source_type=source_type, amount_allocated=amount_allocated,
amount_debited=amount_allocated)
order_placement.add_payment_source(source)
order_placement.add_payment_event('allocated', amount_allocated)
order_placement.add_payment_event('debited', amount_allocated)
post_payment.send(sender=order_placement, user=user, source=source)
# all done lets place an order
order_placement.handle_order_placement(
order_num, user, basket, shipping_address, shipping_method,
total, guest_email=guest_email)
def upload_complete(self):
if self.cache_key:
try:
s = SessionStore(session_key = self.request.session.session_key)
except:
return None
data = s[self.cache_key]
data['state'] = 'done'
s.save()
def get_or_create(cls):
s = SessionStore()
try:
return s['google_sync']
except KeyError:
google_sync = cls()
s['google_sync'] = google_sync
s.save()
return google_sync
def get(self, request, *args, **kwargs): #what does a get do here? s = SessionStore() s['last_login'] = DateTools.getNowAsString() s['userid'] = 1 #this should be set to the user id returned from authentication s.save() response = s.session_key + " | Last_login: " + s['last_login'] return HttpResponse(response)
def test_sesh(request): sessions = Session.objects.all() for session in sessions: key = session.session_key sesh = SessionStore(session_key=key) sesh['room'] = 'newroom' sesh.save() print sesh return render(request, 'test.html')
def create_pre_authenticated_session(email, password, *args, **kwargs):
user = User.objects.create_user(username=email, email=email, password=password, *args, **kwargs)
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session.save()
return session.session_key
def themes_enabled(self, request):
"""
Check if themes are enabled for the current session/request.
"""
if settings.DEBUG and request.GET.get('theme') == 'none':
return False
if 'sessionid' not in request.COOKIES:
return True
session = SessionStore(session_key=request.COOKIES['sessionid'])
return session.get('django_diazo_theme_enabled', True)
def HandelSession(request):
try:
sessionid = request.COOKIES['sessionid']
except:
sessionid = None
if sessionid == None:
s = SessionStore()
s.save()
sessionid = s.session_key
def create_pre_authenticated_session(email):
"""
Creates fixture-like session to pass by authentication system
"""
user = User.objects.create(email=email)
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session.save()
return session.session_key
def enable_pre_authenticated_session(self, username):
session = SessionStore()
session[SESSION_KEY] = self.user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[3]
session.save()
### to set a cookie we need to first visit the domain
## 404 pages load the quickest
self.browser.get(self.server_url + "/404_no_such_url/")
self.browser.add_cookie(dict(name=settings.SESSION_COOKIE_NAME, value=session.session_key, path="/"))
def create_pre_authenticated_session(self, email):
user = User.objects.create(email=email)
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session.save()
# 为了设定cookie,我们要先访问网站
# 而404页面是加载最快的(django2.2.3报错 + '/404_no_such_url/')
self.driver.get(self.live_server_url)
self.driver.add_cookie(
dict(
name=settings.SESSION_COOKIE_NAME,
value=session.session_key,
path='/',
))
def create_pre_authenticated_session(self, email):
user = User.objects.create(email=email)
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session.save()
## to set a cookie we need to first visit the domain.
## 404 pages load the quickest!
self.browser.get(self.live_server_url + "/404_no_such_url/")
self.browser.add_cookie(
dict(
name=settings.SESSION_COOKIE_NAME,
value=session.session_key,
path='/',
))
def create_pre_authenticated_session(email):
"""
Creates session key
:param email: email to associate with session
:return: session key
"""
user = User.objects.create(email=email)
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session.save()
return session.session_key
def create_session_cookie(username, password):
user = User.objects.create_user(username=username, password=password)
profile = Profile.objects.get(user=user)
session = SessionStore()
session[SESSION_KEY] = profile.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session[HASH_SESSION_KEY] = user.get_session_auth_hash()
session.save()
cookies = {
"name": settings.SESSION_COOKIE_NAME,
"value": session.session_key,
"secure": False,
"path": "/",
}
return cookies
def create_pre_authenticated_session(self, user):
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session.save()
## to set a cookie we need fo first visit the domain.
## 404 pages load the quicktest!
self.browser.get('{0}/404_no_such_url/'.format(self.server_url))
self.browser.add_cookie(
dict(
name=settings.SESSION_COOKIE_NAME,
value=session.session_key,
path='/',
))
return session.session_key
def create_pre_authenticated_session(self, email):
user = User.objects.create(email=email)
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session.save()
## para definir um cookie, precisamos antes acessar o domínio.
## as páginas 404 são as que carregam mais rapidamente!
self.browser.get(self.live_server_url + "/404_no_such_url/")
self.browser.add_cookie(
dict(
name=settings.SESSION_COOKIE_NAME,
value=session.session_key,
path="/",
))
def authenticate_credentials(self, key):
session = SessionStore(session_key=key)
if not session.exists(key):
raise exceptions.AuthenticationFailed("Invalid token.")
user_id = session.get(SESSION_KEY)
if user_id is None:
raise exceptions.AuthenticationFailed("Invalid token.")
try:
user = User.objects.get(id=user_id)
except User.DoesNotExist:
raise exceptions.AuthenticationFailed("User inactive or deleted.")
if not user.is_active:
raise exceptions.AuthenticationFailed("User inactive or deleted.")
return (user, None)
def test_signup_completed_profile(self):
user = authenticate(username=self.user.username, password='******')
request = self.factory.request()
s = SessionStore()
s.save()
request.session = s
login(request, user)
request.user = user
self.pleb.email_verified = True
self.pleb.save()
res = signup_view(request)
self.assertIn(res.status_code,
[status.HTTP_200_OK, status.HTTP_302_FOUND])
self.pleb.email_verified = False
self.pleb.save()
def _update_current_session_key(self, r, request, user_str):
'''
本函数线程安全,django的wsgiserver是多线程的,当多个请求并发时此处要使用sychronized装饰器
:param r:
:param request:
:return:
'''
# 此处的last_session_key需要重新获取,因为可能被其他线程更新
last_session_key = r.get(user_str).decode()
if last_session_key != request.session.session_key:
r.set(user_str, request.session.session_key, ex=EXPIRE_TIME)
# delete session in db
last_session = SessionStore(last_session_key)
last_session.delete()
return
def test_email_verification_view_success(self):
cache.clear()
user = authenticate(username=self.user.username, password='******')
request = self.factory.request()
s = SessionStore()
s.save()
request.session = s
login(request, user)
request.user = user
pleb = Pleb.nodes.get(email=user.email)
token = self.token_gen.make_token(user, pleb)
res = email_verification(request, token)
self.assertEqual(res.status_code, status.HTTP_302_FOUND)
def create_pre_authenticated_session(self, email):
user = User.objects.create(email=email)
session = SessionStore()
session[SESSION_KEY] = user.pk
session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
session.save()
self.browser.get(self.server_url + '/404_no_such_url/')
self.browser.add_cookie(
dict(
name=settings.SESSION_COOKIE_NAME,
value=session.session_key,
path='/',
))
def log_in_master_admin(self):
master_admin_session = SessionStore()
master_admin_session[SESSION_KEY] = self.master_admin.pk
master_admin_session[
BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
master_admin_session[
HASH_SESSION_KEY] = self.master_admin.get_session_auth_hash()
master_admin_session.save()
self.visit('')
self.browser.add_cookie({
'name': settings.SESSION_COOKIE_NAME,
'value': master_admin_session.session_key,
'path': '/'
})
def save_off_message(request):
'''
@description: 保存客户端发来的离线消息,一条一条保存
@param {type} post={"session_id":session_id,"from_email":xxx,"to_email":xxxx,"msg_enc":xxxx}
@return: {"status":True,"msg":"保存成功"} or {"status":False,"msg":"网络错误"}
'''
if request.method=="POST":
session_id = request.POST.get("session_id","")
if request.session.exists(session_id):
# user_ip = get_ip(request)
s = SessionStore(session_key=session_id)
user_email = s["email"]
user = Users.objects.get(email=user_email) # 获取到发送者的id记录,作为from _id
msg = request.POST.get("msg",'')
data = json.loads(msg)
to_id = data["to_email"]
msg_enc = data["msg_enc"]
to_user = Users.objects.get(email=to_id)
# 保存离线消息到数据库
new_entry = Off_msg.objects.create()
new_entry.from_id=user_email
new_entry.to_id = to_id
new_entry.msg_enc=msg_enc
new_entry.save()
to_user.have_off_msg=1 # 设置对方有离线消息
to_user.save()
msg = {"status":True,"msg":"保存成功"}
else:
msg = {"status":False,"msg":"非法用户请求"}
else:
msg={"status":False,"msg":"请求方法错误"}
return HttpResponse(json.dumps(msg))
def del_friends(request):
'''
@description: 响应删除好友,同时删除双方的表friends
@param {type} POST:{"session_id":xxx,msg":{"friend_email":xxxx}} 请求一次删除email为friend_id的好友
@return: {"status":True,"msg":"删除成功"} or msg = {"status":False,"msg":"不存在该好友"} or {"status":False,"msg":"网络错误"}
'''
if request.method=="POST":
session_id = request.POST.get("session_id","")
# user_ip = get_ip(request)
if request.session.exists(session_id):
s = SessionStore(session_key=session_id)
user_email = s["email"]
user = Users.objects.get(email=user_email) # 获取到当前client的记录
msg = request.POST.get("msg",'') # 获取到client发来的消息,如要删除那个好友
data = json.loads(msg) # {"friend_email":....} 要删除的好友id
friend_email = data["friend_email"]
try:
friend_entry = Friends.objects.get(user_id=user_email,friend_id=friend_email)
friend_entry.delete()
friend_entry = Friends.objects.get(friend_id=user_email,user_id=friend_email)
friend_entry.delete()
msg = {"status":True,"msg":"删除成功"}
except Friends.DoesNotExist:
msg = {"status":False,"msg":"不存在该好友"}
else:
msg = {"status":False,"msg":"非法用户请求"}
else:
msg = {"status":False,"msg":"请求方法错误"}
return HttpResponse(json.dumps(msg))
def get(self, request, format=None):
try:
# Get the session of the current user.
session = SessionStore(session_key=request.COOKIES['sessionid'])
# Try and get the session token, return 401 unauthorized if unable to.
try:
token = session['plexjocke_token']
if token:
# See if the user only wants to see their requests
try:
useronly = request.GET['useronly']
if useronly == 'y':
requests = Request.objects.all().filter(
user=session['plexjocke_username']).order_by(
'-id')
else:
requests = Request.objects.all().order_by('-id')
except KeyError:
requests = Request.objects.all().order_by('-id')
serializer = MovieListSerializer(requests, many=True)
return Response(serializer.data)
else:
return Response(status=status.HTTP_401_UNAUTHORIZED)
except KeyError:
return Response(status=status.HTTP_401_UNAUTHORIZED)
except KeyError:
return Response(status=status.HTTP_401_UNAUTHORIZED)
def query_make_friends_requests_response(request):
'''
@description: 返回自己的好友申请记录的对方处理状态,[{"to_id":to_user_email,"result":1|2|3},{...},....],其中to_user_email是自己申请谁为好友,1,2,3分别代表为{未处理,已同意,已拒绝}
@param {type} POST {"session_id":session_id}
@return: {"status":True|False,"msg":[{"to_id":to_user_email,"result":1|2|3},{...},....]}
'''
if request.method == "POST":
session_id = request.POST.get("session_id")
if request.session.exists(session_id):
s = SessionStore(session_key=session_id)
user_email = s['email']
res_make_friend_requests_set = Make_friends_requests.objects.filter(from_id=user_email).order_by('-add_time')
msg_list = []
for res_make_friend_requests_entry in res_make_friend_requests_set:
if res_make_friend_requests_entry.handled == 0:
msg_list.append({"to_id":res_make_friend_requests_entry.to_id,"result":1})
else:
if res_make_friend_requests_entry.result == 1:
msg_list.append({"to_id":res_make_friend_requests_entry.to_id,"result":2})
else:
msg_list.append({"to_id":res_make_friend_requests_entry.to_id,"result":3})
msg = {"status":True,"msg":msg_list}
else:
msg = {"status":False,"msg":"非法用户请求"}
else:
msg = {"status":False,"msg":"请求方法错误"}
return HttpResponse(json.dumps(msg))
def friends(request):
'''
@description: 响应在线client的好友列表,返回好友列表(以状态位标志online是否在线),列表的组织形式:
@param {type} requests.POST(url,data={"session_id"=xxxx"})
@return: {"status":True,"msg":{[{"friend_email":xxxx,"online":0|1},{"friend_email":xxxx,"online":0|1},{......}]}} online = 1 表示该好友在线或者 {"status":False,"msg":错误提示} {"email":xxxx}为一个好友信息的返回
'''
if request.method == 'POST':
# user_ip = get_ip(request)
session_id = request.POST.get("session_id","")
if request.session.exists(session_id):
s = SessionStore(session_key=session_id)
user_email = s["email"]
try:
friends_list = [] # "msg":[{"user_id":email},...]
user = Users.objects.get(email=user_email)
friends_set = Friends.objects.filter(user_id=user_email) # 返回好友集合
for friend in friends_set:
friend_on_line = Users.objects.get(email=friend.friend_id)
if friend_on_line.is_online == 1:
friends_list.append({"friend_email":friend.friend_id,"online":1}) # 返回好友的id(email)
else:
friends_list.append({"friend_email":friend.friend_id,"online":0})
msg = {"status":True,"msg":friends_list}
except Users.DoesNotExist:
msg={"status":False,"msg":"连接数据库失败"}
else:
msg = {"status":False,"msg":"非法用户请求"}
else:
msg = {"status":False,"msg":"请求方法错误"}
return HttpResponse(json.dumps(msg))
def Sessions(request, imageid="1"):
image_list = Image.objects.all().order_by('?')[:259]
print type(request.session.session_key)
print request.session.session_key
if request.session.session_key:
person_id = Person.objects.get(
session__pk=request.session.session_key).id
else:
return redirect('person')
request.session["person_id"] = person_id
listdb = request.session.get("image_id", [])
print listdb
print type(listdb)
if len(listdb) == 1:
request.session.set_expiry(10)
listdb.append(imageid)
request.session["image_id"] = listdb
for i in Session.objects.all():
print SessionStore().decode(i.session_data)
return render(
request, 'image.html', {
'image_show': Image.objects.get(id=imageid),
'listdb': listdb,
'user_id': person_id,
'image_list': image_list
})
def setup_request(self):
"""
Utility function for flushing and setting up request object for testing
"""
self.request = HttpRequest()
self.request.user = AnonymousUser()
self.request.session = SessionStore()
def test_register_view_returns_redirect(rf, user, django_user_model):
# Get the request with the users data
request = rf.post(reverse('blog_admin:register'), {
'username': user.username,
'email': user.email,
'password': user.password
})
# Add session object for the proper work of login()
request.session = SessionStore()
request.session.create()
# Make a new user object in order to mock the registration form
new_user = django_user_model.objects.create_user(username=user.username,
password=user.password)
# Mock the Register form object
form = MagicMock()
form.save.return_value = new_user
# Get an instance of the view and initialize it
view = RegisterView()
view.setup(request)
response = view.form_valid(form)
# When the new user object is created, it's last_login date would be None
assert new_user.last_login is not None, \
"User is not logged in"
assert response.status_code == 302, \
"Response is not redirect response"
assert response.url == reverse('blog_admin:home'), \
"Response does not redirect to the correct page"
def wrapper(request, *args, **kwargs):
try:
uid = request.session['uid']
user = User.objects.get(pk=uid)
except KeyError:
user = None
except User.DoesNotExist:
return HttpResponseForbidden()
if user and user.is_authenticated():
request.user = user
return request_processor(request, *args, **kwargs)
else:
try:
data = json.loads(request.body)
username = data.get('username')
password = data.get('password')
user = auth_origin.authenticate(username=username,
password=password)
except ValueError:
user = None
if user and user.is_active:
if 'remember' in request.POST:
auth.login(request, user)
request.session = SessionStore()
request.session['uid'] = user.id
request.user = user
return request_processor(request, *args, **kwargs)
else:
return HttpResponseForbidden()
def delete(self, request, pk, format=None):
sonarr = Sonarr(settings.SONARR_HOST, settings.SONARR_PORT,
settings.SONARR_API_KEY)
try:
# Get the session of the current user.
session = SessionStore(session_key=request.COOKIES['sessionid'])
try:
token = session['plexjocke_token']
if token:
try:
show = Request.objects.get(pk=pk)
if sonarr.delete_show(show.sonarr_id):
show.delete()
return Response(sonarr.reply,
status=status.HTTP_204_NO_CONTENT)
else:
return Response(sonarr.reply,
status=status.HTTP_400_BAD_REQUEST)
except Request.DoesNotExist:
return Response(status=status.HTTP_404_NOT_FOUND)
else:
return Response(status=status.HTTP_401_UNAUTHORIZED)
except KeyError:
return Response(status=status.HTTP_401_UNAUTHORIZED)
except MultiValueDictKeyError:
return Response(status=status.HTTP_401_UNAUTHORIZED)
def test_login_blocked_for_non_standard_login_views_with_msg(self):
"""
Check that a view wich returns the expected status code and the
expected message is causing the IP to be locked out.
"""
@watch_login(status_code=401, msg='Invalid credentials')
def fake_api_401_login_view_without_msg(request):
""" Fake the api login with 401 """
return HttpResponse('Sorry, Invalid credentials',
status=401)
request_factory = RequestFactory()
request = request_factory.post('api/login')
request.user = AnonymousUser()
request.session = SessionStore()
request.META['HTTP_X_FORWARDED_FOR'] = '192.168.24.24'
for _ in range(3):
fake_api_401_login_view_without_msg(request)
data_out = utils.get_blocked_ips()
self.assertEqual(data_out, [])
fake_api_401_login_view_without_msg(request)
data_out = utils.get_blocked_ips()
self.assertEqual(data_out, ['192.168.24.24'])
def authenticate(self, request):
session_id = getSessionId(request)
sessionStore = SessionStore(session_key=session_id)
uid = sessionStore.get('_auth_user_id', '')
# Add the session object into request
request.session = sessionStore
if not uid:
raise exceptions.AuthenticationFailed('Invalid session id')
try:
user = AppUser.objects.get(id=uid, is_active=True)
except AppUser.DoesNotExist:
raise exceptions.AuthenticationFailed('Invalid session id')
return (user, None)
def repair_recommendations():
"""
Checks if the recommendations contain links to documents no longer
available. Removes those links when found.
"""
from django.contrib.sessions.models import Session
from django.contrib.sessions.backends.db import SessionStore
for session in Session.objects.all():
session_dict = session.get_decoded()
if 'tracker' in session_dict:
LOGGER.info("removing tracker for session '{}'".format(
session.session_key))
del session_dict['tracker']
session.session_data = SessionStore().encode(session_dict)
session.save()
for _dict in ResourceCountDict.objects.all():
try:
StorageObject.objects.get(identifier=_dict.lrid)
except StorageObject.DoesNotExist:
# remove recommendation
LOGGER.info("removing recommendations dictionary for {}".format(
_dict.lrid))
_dict.delete()
for _pair in ResourceCountPair.objects.all():
try:
StorageObject.objects.get(identifier=_pair.lrid)
except StorageObject.DoesNotExist:
# remove recommendation
LOGGER.info("removing recommendations entry for {}".format(
_pair.lrid))
_pair.delete()
def test_login_blocked_for_non_standard_login_views_without_msg(self):
"""
Check that a view wich returns the expected status code is causing
the user to be locked out when we do not expect a specific message
to be returned.
"""
@watch_login(status_code=401)
def fake_api_401_login_view_without_msg(request):
""" Fake the api login with 401 """
return HttpResponse(status=401)
request_factory = RequestFactory()
request = request_factory.post("api/login")
request.user = AnonymousUser()
request.session = SessionStore()
request.META["HTTP_X_FORWARDED_FOR"] = "192.168.24.24"
for _ in range(3):
fake_api_401_login_view_without_msg(request)
data_out = utils.get_blocked_ips()
self.assertEqual(data_out, [])
fake_api_401_login_view_without_msg(request)
data_out = utils.get_blocked_ips()
self.assertEqual(data_out, ["192.168.24.24"])
def login(self, **message):
if not self.handshake:
pass
else:
try:
self.timestamp = float(message['timestamp'])
except:
self.timestamp = None
self.request = HttpRequest()
self.request.path = message.get('url', '/')
# TODO(hamax): path_info is not always full path
self.request.path_info = self.request.path
self.request.method = 'GET'
self.request.GET = parse_params(message.get('GET', ''))
self.request.COOKIES = parse_cookies(message.get('cookies', ''))
# set to XMLHttpRequest so that request.is_ajax() returns True
self.request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
# auth
self.request.session = {}
self.request.user = AnonymousUser()
if 'sessionid' in self.request.COOKIES:
self.request.session = SessionStore(
session_key=self.request.COOKIES['sessionid'])
if '_auth_user_id' in self.request.session:
self.request.user = User.objects.get(
id=self.request.session['_auth_user_id'])
self.handshake = False
self.tracker.connect(self)
def query_make_friends_requests(request):
'''
@description: 被申请加为好友的对方登录查询好友申请记录,返回好友申请列表
@param {type} POST,{"session_id":xxxx}
@return: {"status":True,"msg":[{"from_user_email":xxxx},{"from_user_email":xxxx},{"from_user_email":xxxx},......]}或者{"status":False,"msg":"没有好友申请"}
'''
if request.method =="POST":
session_id = request.POST.get("session_id","")
if request.session.exists(session_id):
s = SessionStore(session_key=session_id)
user_email = s["email"]
# user_ip = get_ip(request)
user = Users.objects.get(email=user_email)
if user.have_friends_requests:
query_set = Make_friends_requests.objects.filter(to_id=user_email,handled=0) # 被申请人且未处理的好友申请记录列表返回
query_list = []
for query_entry in query_set:
from_user_email = query_entry.from_id
query_list.append({"from_user_email":from_user_email})
msg = {"status":True,"msg":query_list}
else:
msg = {"status":False,"msg":"没有好友申请"}
else:
msg = {"status":False,"msg":"非法用户请求"}
else:
msg = {"status":False,"msg":"请求方法错误"}
return HttpResponse(json.dumps(msg))
def request(self, **request):
request["user"] = None
request = super(RequestFactory, self).request(**request)
request.user = AnonymousUser()
request.session = SessionStore()
request._messages = FallbackStorage(request)
return request
def query_off_msg(request):
'''
@description: client知道存在离线消息,用户查询 离线消息集合 的转发
@param {type} {"session_id":session_id}
@return: {"status":True,"public_key":xxx,msg":[ {"msg_enc":xxxxxx}, {"msg_enc":xxxxx}...]}
'''
if request.method=="POST":
session_id = request.POST.get("session_id","")
if request.session.exists(session_id):
# user_ip = get_ip(request)
s = SessionStore(session_key=session_id)
user_email = s["email"]
user = Users.objects.get(email=user_email)
user_to_id = user_email
# off_msg_set = Off_msg.objects.filter(to_id=user_to_id,is_read=0)
off_msg_set = Off_msg.objects.filter(to_id=user_to_id)
off_msg_list=[]
for off_msg_entry in off_msg_set:
msg_entry = {"msg_enc":off_msg_entry.msg_enc}
off_msg_entry.is_read = 1
off_msg_entry.save()
off_msg_list.append(msg_entry)
user.have_off_msg = 0
user.save()
msg = {"status":True,"msg":off_msg_list}
else:
msg = {"status":False,"msg":"非法用户请求"}
else:
msg = {"status":False,"msg":"请求方法错误"}
return HttpResponse(json.dumps(msg))
