def parse_attachment(r, request):
message = request.body
# i need boundary to be in the message for email to parse it right
if 'boundary' not in message[:message.index("--")]:
if 'boundary' in request.META['CONTENT_TYPE']:
message = request.META['CONTENT_TYPE'] + message
else:
raise BadRequest(
"Could not find the boundary for the multipart content")
msg = email.message_from_string(message)
if msg.is_multipart():
parts = []
for part in msg.walk():
parts.append(part)
if len(parts) < 1:
raise ParamError(
"The content of the multipart request didn't contain a statement"
)
# ignore parts[0], it's the whole thing
# parts[1] better be the statement
r['body'] = convert_to_dict(parts[1].get_payload())
if len(parts) > 2:
r['payload_sha2s'] = []
for a in parts[2:]:
# attachments
thehash = a.get("X-Experience-API-Hash")
if not thehash:
raise BadRequest(
"X-Experience-API-Hash header was missing from attachment"
)
headers = defaultdict(str)
r['payload_sha2s'].append(thehash)
# Save msg object to cache
att_cache.set(thehash, a)
else:
raise ParamError(
"This content was not multipart for the multipart request.")
# see if the posted statements have attachments
att_stmts = []
if isinstance(r['body'], list):
for s in r['body']:
if 'attachments' in s:
att_stmts.append(s)
elif 'attachments' in r['body']:
att_stmts.append(r['body'])
if att_stmts:
# find if any of those statements with attachments have a signed statement
signed_stmts = [(s, a) for s in att_stmts
for a in s.get('attachments', None) if a['usageType']
== "http://adlnet.gov/expapi/attachments/signature"]
for ss in signed_stmts:
attmnt = att_cache.get(ss[1]['sha2']).get_payload(decode=True)
jws = JWS(jws=attmnt)
try:
if not jws.verify() or not jws.validate(ss[0]):
raise BadRequest("The JSON Web Signature is not valid")
except JWSException as jwsx:
raise BadRequest(jwsx)
def parse_attachment(r, request):
message = request.body
# i need boundary to be in the message for email to parse it right
if "boundary" not in message[: message.index("--")]:
if "boundary" in request.META["CONTENT_TYPE"]:
message = request.META["CONTENT_TYPE"] + message
else:
raise BadRequest("Could not find the boundary for the multipart content")
msg = email.message_from_string(message)
if msg.is_multipart():
parts = []
for part in msg.walk():
parts.append(part)
if len(parts) < 1:
raise ParamError("The content of the multipart request didn't contain a statement")
# ignore parts[0], it's the whole thing
# parts[1] better be the statement
r["body"] = convert_to_dict(parts[1].get_payload())
if len(parts) > 2:
r["payload_sha2s"] = []
for a in parts[2:]:
# attachments
thehash = a.get("X-Experience-API-Hash")
if not thehash:
raise BadRequest("X-Experience-API-Hash header was missing from attachment")
headers = defaultdict(str)
r["payload_sha2s"].append(thehash)
# Save msg object to cache
att_cache.set(thehash, a)
else:
raise ParamError("This content was not multipart for the multipart request.")
# see if the posted statements have attachments
att_stmts = []
if isinstance(r["body"], list):
for s in r["body"]:
if "attachments" in s:
att_stmts.append(s)
elif "attachments" in r["body"]:
att_stmts.append(r["body"])
if att_stmts:
# find if any of those statements with attachments have a signed statement
signed_stmts = [
(s, a)
for s in att_stmts
for a in s.get("attachments", None)
if a["usageType"] == "http://adlnet.gov/expapi/attachments/signature"
]
for ss in signed_stmts:
attmnt = att_cache.get(ss[1]["sha2"]).get_payload(decode=True)
jws = JWS(jws=attmnt)
try:
if not jws.verify() or not jws.validate(ss[0]):
raise BadRequest("The JSON Web Signature is not valid")
except JWSException as jwsx:
raise BadRequest(jwsx)
def parse_body(r, request):
if request.method == 'POST' or request.method == 'PUT':
# Parse out profiles/states if the POST dict is not empty
if 'multipart/form-data' in request.META['CONTENT_TYPE']:
if request.POST.dict().keys():
r['params'].update(request.POST.dict())
parser = MultiPartParser(request.META, StringIO.StringIO(request.raw_post_data),request.upload_handlers)
post, files = parser.parse()
r['files'] = files
# If it is multipart/mixed, parse out all data
elif 'multipart/mixed' in request.META['CONTENT_TYPE']:
message = request.body
# i need boundary to be in the message for email to parse it right
if 'boundary' not in message[:message.index("--")]:
if 'boundary' in request.META['CONTENT_TYPE']:
message = request.META['CONTENT_TYPE'] + message
else:
raise BadRequest("Could not find the boundary for the multipart content")
msg = email.message_from_string(message)
if msg.is_multipart():
parts = []
for part in msg.walk():
parts.append(part)
if len(parts) < 1:
raise ParamError("The content of the multipart request didn't contain a statement")
# ignore parts[0], it's the whole thing
# parts[1] better be the statement
r['body'] = convert_to_dict(parts[1].get_payload())
if len(parts) > 2:
r['payload_sha2s'] = []
for a in parts[2:]:
# attachments
thehash = a.get("X-Experience-API-Hash")
if not thehash:
raise BadRequest("X-Experience-API-Hash header was missing from attachment")
headers = defaultdict(str)
r['payload_sha2s'].append(thehash)
# Save msg object to cache
att_cache.set(thehash, a)
else:
raise ParamError("This content was not multipart for the multipart request.")
# see if the posted statements have attachments
att_stmts = []
if type(r['body']) == list:
for s in r['body']:
if 'attachments' in s:
att_stmts.append(s)
elif 'attachments' in r['body']:
att_stmts.append(r['body'])
if att_stmts:
# find if any of those statements with attachments have a signed statement
signed_stmts = [(s,a) for s in att_stmts for a in s.get('attachments', None) if a['usageType'] == "http://adlnet.gov/expapi/attachments/signature"]
for ss in signed_stmts:
attmnt = att_cache.get(ss[1]['sha2']).get_payload(decode=True)
jws = JWS(jws=attmnt)
try:
if not jws.verify() or not jws.validate(ss[0]):
raise BadRequest("The JSON Web Signature is not valid")
except JWSException as jwsx:
raise BadRequest(jwsx)
# Normal POST/PUT data
else:
if request.body:
# profile uses the request body
r['raw_body'] = request.body
# Body will be some type of string, not necessarily JSON
r['body'] = convert_to_dict(request.body)
else:
raise Exception("No body in request")
return r