def Id(self):
"""Gets a unique questionnaire ID"""
if (request.path == '/submit' or request.path == '/savedraft'):
if session.get('qid') is not None and (
session['qid']).isalnum() and len(
session['qid']) == 12 and request.form.get(
'id', None) == session['qid']:
qid = session['qid']
else:
session['qid'] = randomizer.Id()
else:
session['qid'] = randomizer.Id()
return session['qid']
def Id(self):
"""Gets a unique questionnaire ID"""
qid = ''
if request is not None and request.path == '/vsaq.html':
if session.get('qid') is not None and (
session['qid']).isalnum() and len(session['qid']) == 12:
qid = session['qid']
else:
qid = randomizer.Id()
session['qid'] = qid
else:
qid = randomizer.Id()
session['qid'] = qid
return qid
def updateValues(self, values):
"""Updates objects(values) that may have been posted based on certain conditions"""
updatedValues = values.copy()
if request.path == "/submit" or request.path == "/savedraft":
qid = session['qid']
if not values.get('qid'):
updatedValues['qid'] = qid
if not values.get('q_version_0_1'):
updatedValues['q_version_0_2'] = "checked"
updatedValues[
'app_status'] = "Submitted" if request.path == "/submit" else "Draft"
updatedValues['login_user'] = session.get('_user')
updatedValues['login_userMail'] = session.get('_userMail')
updatedValues['timestamp'] = datetime.datetime.utcnow().strftime(
"%Y-%m-%d %H:%M:%S")
if request.path == "/loadone":
if values.get('qid'):
session['qid'] = values['qid']
else:
session['qid'] = randomizer.Id()
updatedValues['qid'] = session['qid']
if not values.get('q_version_0_1'):
updatedValues['q_version_0_1'] = "checked"
return updatedValues
def generate_questionnaireID():
if (request.method == "GET" and request.path == '/vsaq.html') or \
(request.method == "POST" and request.path == '/submit'):
if session.get('qid') is not None and (session['qid']).isalnum() and len(session['qid']) == 12:
qid = session['qid']
else:
session['qid'] = randomizer.Id()
return session['qid']
def handleLogin(self):
ldapServer = LDAPServer()
cryptor = Cryptor()
username = request.form['u']
if not re.match(self.app.config['ALLOWED_USERNAME_CHARACTERS'],
username):
logging.error(
'PostHandler.handle_request:HTTP Bad request. Characters not allowed:'
+ request.path + ':' + username)
abort(400)
elif len(username) > self.app.config['LDAP_USERNAME_MAX_LENGTH']:
logging.error(
'PostHandler.handle_request:HTTP Bad request. Username too lengthy:'
+ request.path + ':' + username)
abort(400)
if self.app.config['ENABLE_TEST_MODE'] == True and self.app.config[
'DEBUG'] == True:
if self.app.config['ENABLE_TEST_MODE_LOCAL_ONLY'] == True:
if request.remote_addr in nic.getNetworkIP():
results = ldapServer.testResponse()
else:
results = ldapServer.authenticateAndSearch(
request.form['u'], request.form['p'],
request.form['u'])
else:
results = ldapServer.testResponse()
else:
results = ldapServer.authenticateAndSearch(request.form['u'],
request.form['p'],
request.form['u'])
if (results.get('m') is not None):
session['_sessionId'] = randomizer.Id(128)
session['_userMail'] = results.get('m')
session['_userFullName'] = results.get('u')
session['_user'] = request.form['u']
session['_auth'] = results.get('a')
r = make_response('{\"csrf\":\"' + self.csrf_token + \
'\",\"a\":\"' + str(session['_auth']) + \
'\",\"u\":\"' + results.get('u') + '\"}')
r.set_cookie('u',
cryptor.encrypt(session['_user']),
httponly=True,
secure=True)
return r
else:
return '{\"csrf\":\"' + self.csrf_token + \
'\",\"u\":\"\"}'
def generate_csrf_token():
if '_csrf_token' not in session or session['_csrf_token'] == None:
session['_csrf_token'] = randomizer.Id(32)
return session['_csrf_token']