def get(self, request):
contest_id = request.GET.get("contest_id")
if not contest_id:
return self.error()
try:
contest = Contest.objects.get(id=contest_id, visible=True, password__isnull=False)
except Contest.DoesNotExist:
return self.error("Contest does not exist")
session_pass = request.session.get(CONTEST_PASSWORD_SESSION_KEY, {}).get(contest.id)
return self.success({"access": check_contest_password(session_pass, contest.password)})
def post(self, request):
data = request.data
try:
contest = Contest.objects.get(id=data["contest_id"], visible=True, password__isnull=False)
except Contest.DoesNotExist:
return self.error("Contest does not exist")
if not check_contest_password(data["password"], contest.password):
return self.error("Wrong password or password expired")
# password verify OK.
if CONTEST_PASSWORD_SESSION_KEY not in request.session:
request.session[CONTEST_PASSWORD_SESSION_KEY] = {}
request.session[CONTEST_PASSWORD_SESSION_KEY][contest.id] = data["password"]
# https://docs.djangoproject.com/en/dev/topics/http/sessions/#when-sessions-are-saved
request.session.modified = True
return self.success(True)
