def challenge(http_request, factory): """ Generate a nonce for authentication. Arguments ~~~~~~~~~ * factory_name string (lowercase, normally from hostname) Return value ~~~~~~~~~~~~ * challenge dict The return value is a dict with the following keys: * algorithm string (sha1 or md5) * salt string (few random characters) * nonce string (random lowercase hexadecimal, length 32) See nonces.verify for how to encrypt your password with the nonce. """ hashkey = crypto.random_md5() ip = http_request.META['REMOTE_ADDR'] Nonce.objects.create(factory=factory, hashkey=hashkey, ip=ip) password = factory.admin.password if password.count('$'): algorithm, salt, hashed = password.split('$') else: algorithm, salt, hashed = 'md5', '', password return { 'algorithm': algorithm, 'salt': salt, 'nonce': hashkey, }
def email(http_request): """ Ask user for email address, then send verification message. """ ip = http_request.META['REMOTE_ADDR'] nonces_per_day = Nonce.objects.filter(ip=ip, email__isnull=False, created__gt=datetime.now() - timedelta(hours=24)).count() if nonces_per_day >= 3: return error_page(http_request, _("too many verification emails"), _("There were too many email requests from your IP in the last 24 hours."), _("Please try again later.")) form = EmailForm(http_request.POST or None) if not form.is_valid(): form_title = _("email verification") form_action = '/accounts/email/' form_submit = _("send email") form_javascript = "document.getElementById('id_email').focus()" return render_to_response('form.html', locals(), context_instance=RequestContext(http_request)) address = form.cleaned_data['email'] user = None users = User.objects.filter(email=address) if len(users): user = users[0] hashkey = crypto.random_md5() Nonce.objects.create(email=address, hashkey=hashkey, ip=ip) domain = Site.objects.get_current().domain message = email_message(domain, hashkey, user) try: send_mail("Browsershots email verification", message, settings.DEFAULT_FROM_EMAIL, [address], fail_silently=False) except smtplib.SMTPException, e: return error_page(http_request, _("email error"), _("Could not send email."), str(e))
def save_upload(screenshot): """ Save uploaded screenshot file and return hashkey. """ hashkey = crypto.random_md5() makedirs(png_path(hashkey)) outfile = file(png_filename(hashkey), 'wb') outfile.write(screenshot.data) outfile.close() return hashkey
def challengeUser(http_request, username): """ Generate a nonce for authentication. Arguments ~~~~~~~~~ * username string (your user account on the server) Return value ~~~~~~~~~~~~ * challenge dict The return value is a dict with the following keys: * algorithm string (sha1 or md5) * salt string (few random characters) * nonce string (random lowercase hexadecimal, length 32) See nonces.verifyUser for how to encrypt your password with the nonce. """ try: user = User.objects.get(username=username) except User.DoesNotExist: raise Fault(404, "User not found.") hashkey = crypto.random_md5() ip = http_request.META['REMOTE_ADDR'] Nonce.objects.create(email=username, hashkey=hashkey, ip=ip) password = user.password if password.count('$'): algorithm, salt, hashed = password.split('$') else: algorithm, salt, hashed = 'md5', '', password return { 'algorithm': algorithm, 'salt': salt, 'nonce': hashkey, }