예제 #1
0
def parse_attachment(r, request):
    message = request.body
    # i need boundary to be in the message for email to parse it right
    if 'boundary' not in message[:message.index("--")]:
        if 'boundary' in request.META['CONTENT_TYPE']:
            message = request.META['CONTENT_TYPE'] + message
        else:
            raise BadRequest(
                "Could not find the boundary for the multipart content")
    msg = email.message_from_string(message)
    if msg.is_multipart():
        parts = []
        for part in msg.walk():
            parts.append(part)
        if len(parts) < 1:
            raise ParamError(
                "The content of the multipart request didn't contain a statement"
            )
        # ignore parts[0], it's the whole thing
        # parts[1] better be the statement
        r['body'] = convert_to_dict(parts[1].get_payload())
        if len(parts) > 2:
            r['payload_sha2s'] = []
            for a in parts[2:]:
                # attachments
                thehash = a.get("X-Experience-API-Hash")
                if not thehash:
                    raise BadRequest(
                        "X-Experience-API-Hash header was missing from attachment"
                    )
                headers = defaultdict(str)
                r['payload_sha2s'].append(thehash)
                # Save msg object to cache
                att_cache.set(thehash, a)
    else:
        raise ParamError(
            "This content was not multipart for the multipart request.")
    # see if the posted statements have attachments
    att_stmts = []
    if isinstance(r['body'], list):
        for s in r['body']:
            if 'attachments' in s:
                att_stmts.append(s)
    elif 'attachments' in r['body']:
        att_stmts.append(r['body'])
    if att_stmts:
        # find if any of those statements with attachments have a signed statement
        signed_stmts = [(s, a) for s in att_stmts
                        for a in s.get('attachments', None) if a['usageType']
                        == "http://adlnet.gov/expapi/attachments/signature"]
        for ss in signed_stmts:
            attmnt = att_cache.get(ss[1]['sha2']).get_payload(decode=True)
            jws = JWS(jws=attmnt)
            try:
                if not jws.verify() or not jws.validate(ss[0]):
                    raise BadRequest("The JSON Web Signature is not valid")
            except JWSException as jwsx:
                raise BadRequest(jwsx)
예제 #2
0
def parse_attachment(r, request):
    message = request.body
    # i need boundary to be in the message for email to parse it right
    if "boundary" not in message[: message.index("--")]:
        if "boundary" in request.META["CONTENT_TYPE"]:
            message = request.META["CONTENT_TYPE"] + message
        else:
            raise BadRequest("Could not find the boundary for the multipart content")
    msg = email.message_from_string(message)
    if msg.is_multipart():
        parts = []
        for part in msg.walk():
            parts.append(part)
        if len(parts) < 1:
            raise ParamError("The content of the multipart request didn't contain a statement")
        # ignore parts[0], it's the whole thing
        # parts[1] better be the statement
        r["body"] = convert_to_dict(parts[1].get_payload())
        if len(parts) > 2:
            r["payload_sha2s"] = []
            for a in parts[2:]:
                # attachments
                thehash = a.get("X-Experience-API-Hash")
                if not thehash:
                    raise BadRequest("X-Experience-API-Hash header was missing from attachment")
                headers = defaultdict(str)
                r["payload_sha2s"].append(thehash)
                # Save msg object to cache
                att_cache.set(thehash, a)
    else:
        raise ParamError("This content was not multipart for the multipart request.")
    # see if the posted statements have attachments
    att_stmts = []
    if isinstance(r["body"], list):
        for s in r["body"]:
            if "attachments" in s:
                att_stmts.append(s)
    elif "attachments" in r["body"]:
        att_stmts.append(r["body"])
    if att_stmts:
        # find if any of those statements with attachments have a signed statement
        signed_stmts = [
            (s, a)
            for s in att_stmts
            for a in s.get("attachments", None)
            if a["usageType"] == "http://adlnet.gov/expapi/attachments/signature"
        ]
        for ss in signed_stmts:
            attmnt = att_cache.get(ss[1]["sha2"]).get_payload(decode=True)
            jws = JWS(jws=attmnt)
            try:
                if not jws.verify() or not jws.validate(ss[0]):
                    raise BadRequest("The JSON Web Signature is not valid")
            except JWSException as jwsx:
                raise BadRequest(jwsx)
예제 #3
0
def parse_body(r, request):
    if request.method == 'POST' or request.method == 'PUT':
        # Parse out profiles/states if the POST dict is not empty
        if 'multipart/form-data' in request.META['CONTENT_TYPE']:
            if request.POST.dict().keys():
                r['params'].update(request.POST.dict())
                parser = MultiPartParser(request.META, StringIO.StringIO(request.raw_post_data),request.upload_handlers)
                post, files = parser.parse()
                r['files'] = files
        # If it is multipart/mixed, parse out all data
        elif 'multipart/mixed' in request.META['CONTENT_TYPE']: 
            message = request.body
            # i need boundary to be in the message for email to parse it right
            if 'boundary' not in message[:message.index("--")]:
                if 'boundary' in request.META['CONTENT_TYPE']:
                    message = request.META['CONTENT_TYPE'] + message
                else:
                    raise BadRequest("Could not find the boundary for the multipart content")
            msg = email.message_from_string(message)
            if msg.is_multipart():
                parts = []
                for part in msg.walk():
                    parts.append(part)
                if len(parts) < 1:
                    raise ParamError("The content of the multipart request didn't contain a statement")
                # ignore parts[0], it's the whole thing
                # parts[1] better be the statement
                r['body'] = convert_to_dict(parts[1].get_payload())
                if len(parts) > 2:
                    r['payload_sha2s'] = []
                    for a in parts[2:]:
                        # attachments
                        thehash = a.get("X-Experience-API-Hash")
                        if not thehash:
                            raise BadRequest("X-Experience-API-Hash header was missing from attachment")
                        headers = defaultdict(str)
                        r['payload_sha2s'].append(thehash)
                        # Save msg object to cache
                        att_cache.set(thehash, a)
            else:
                raise ParamError("This content was not multipart for the multipart request.")
            # see if the posted statements have attachments
            att_stmts = []
            if type(r['body']) == list:
                for s in r['body']:
                    if 'attachments' in s:
                        att_stmts.append(s)
            elif 'attachments' in r['body']:
                att_stmts.append(r['body'])
            if att_stmts:
                # find if any of those statements with attachments have a signed statement
                signed_stmts = [(s,a) for s in att_stmts for a in s.get('attachments', None) if a['usageType'] == "http://adlnet.gov/expapi/attachments/signature"]
                for ss in signed_stmts:
                    attmnt = att_cache.get(ss[1]['sha2']).get_payload(decode=True)
                    jws = JWS(jws=attmnt)
                    try:
                        if not jws.verify() or not jws.validate(ss[0]):
                            raise BadRequest("The JSON Web Signature is not valid")
                    except JWSException as jwsx:
                        raise BadRequest(jwsx)
        # Normal POST/PUT data
        else:
            if request.body:
                # profile uses the request body
                r['raw_body'] = request.body
                # Body will be some type of string, not necessarily JSON
                r['body'] = convert_to_dict(request.body)
            else:
                raise Exception("No body in request")
    return r