Exemplo n.º 1
0
Arquivo: views.py Projeto: brownplt/k3
 def get(self, granted):
   instance = granted.relationship
   launch_info = instance.launch_info
   response = {}
   response['domain'] = launch_info.domain
   response['url'] = launch_info.url
   response['private_data'] = bcap.dataPostProcess(launch_info.private_data)
   response['public_data'] = bcap.dataPostProcess(launch_info.public_data)
   return bcap.bcapResponse(response)
Exemplo n.º 2
0
Arquivo: views.py Projeto: brownplt/k3
def check_login(request):
  if request.method != 'POST':
    return HttpResponseNotAllowed(['POST'])

  args = bcap.dataPostProcess(request.read())
  response = {}

  if not ('session' in request.COOKIES):
    response['loggedIn'] = False
    return bcap.bcapResponse(response)

  if not (args.has_key('sessionID')):
    return logWith404(logger, "check_login: request didn't pass sessionID arg") 

  session_id = request.COOKIES['session']
  req_session_id = args['sessionID']
  if req_session_id != session_id:
    return logWith404(logger, "check_login: request session_id %s didn't match cookie\
        session_id %s" % (req_session_id, session_id))

  sessions = BelaySession.objects.filter(session_id=session_id)
  if len(sessions) > 1:
    return logWith404(logger, "check_login: fatal error, duplicate BelaySessions", level='error')

  response['loggedIn'] = (len(sessions) > 0)
  return bcap.bcapResponse(response)
Exemplo n.º 3
0
Arquivo: views.py Projeto: brownplt/k3
def check_uname(request):
  if request.method != 'POST':
    return HttpResponseNotAllowed(['POST'])
  args = bcap.dataPostProcess(request.read())
  uname = args['username']
  available = not unameExists(uname)
  return bcap.bcapResponse({ "available" : available }) 
Exemplo n.º 4
0
Arquivo: views.py Projeto: brownplt/k3
def plt_login(request):
  if request.method != 'POST':
    return HttpResponseNotAllowed(['POST'])

  args = bcap.dataPostProcess(request.read())
  if not args.has_key('username'):
    return logWith404(logger, 'plt_login: post data missing username')
  if not args.has_key('password'):
    return logWith404(logger, 'plt_login: post data missing password')

  username = args['username']
  rawpassword = args['password']

  credentials = PltCredentials.objects.filter(username=username)
  if len(credentials) > 1:
    return logWith404(logger, 'plt_login: fatal error: duplicate credentials', level='error')

  if len(credentials) == 0:
    return bcap.bcapResponse({'loggedIn' : False})
  c = credentials[0]

  hashed_password = get_hashed(rawpassword, c.salt)
  if hashed_password != c.hashed_password:
    return bcap.bcapResponse({'loggedIn' : False})

  session_id = str(uuid.uuid4())
  session = BelaySession(session_id=session_id, account=c.account)
  session.save()

  response = {
    'station': bcap.Capability(c.account.station_url),
    'makeStash': bcap.regrant('make-stash', c.account)
  }
  return bcap.bcapResponse(response)
Exemplo n.º 5
0
Arquivo: views.py Projeto: brownplt/k3
def request_plt_account_silent(request):
  """Allows requests only from those listed in settings.REQUESTING_DOMAINS
    Currently, used by Resume as a trusted channel to ask for new accounts
    so that service isn't exposed to arbitrary clients, and can be controlled
    through emails sent from Resume"""
  logger.error('Reached request_account')
  def request_allowed():
    return request.META['REMOTE_ADDR'] in settings.REQUESTING_DOMAINS
    
  if request.method != 'POST':
    return HttpResponseNotAllowed(['POST'])
  args = bcap.dataPostProcess(request.read())
  logger.error('Belay: got account request: %s' % args)
  logger.error('Request is from: %s' % request.META['REMOTE_ADDR'])

  if not request_allowed():
    return logWith404(logger, 'request_silent: bad request %s' %\
      request.META['REMOTE_ADDR'])

  pa = PendingAccount(email = args['email'])
  pa.save()
  create_cap = bcap.grant('create-account', pa)
  logger.error('Belay: successful create: %s' % create_cap.serialize())

  return bcap.bcapResponse({'create': create_cap})
Exemplo n.º 6
0
Arquivo: views.py Projeto: brownplt/k3
def create_plt_account(request):
  if request.method != 'POST':
    return HttpResponseNotAllowed(['POST'])

  args = bcap.dataPostProcess(request.read())
  if not args.has_key('username'):
    return logWith404(logger, 'create_plt_account: post data missing username')

  if not args.has_key('password'):
    return logWith404(logger, 'create_plt_account: post data missing password')

  username = args['username']
  rawpassword = args['password']

  if len(username) > 20:
    return logWith404(logger, 'create_plt_account: bad username')

  if len(rawpassword) < 8:
    return logWith404(logger, 'create_plt_account: bad password')

  salt = str(uuid.uuid4())
  hashed_password = get_hashed(rawpassword, salt)

  station_cap = newStationCap()
  account = BelayAccount(station_url=station_cap.serialize())
  account.save()
  credentials = PltCredentials(username=username, \
    salt=salt, \
    hashed_password=hashed_password, \
    account=account)
  credentials.save()

  session_id = str(uuid.uuid4())

  session = BelaySession(session_id=session_id, account=account)
  session.save()

  response = {
    'station': station_cap,
    'makeStash': bcap.regrant('make-stash', account)
  }
  return bcap.bcapResponse(response)
Exemplo n.º 7
0
Arquivo: views.py Projeto: brownplt/k3
def request_plt_account(request):
  if request.method != 'POST':
    return HttpResponseNotAllowed(['POST'])
  args = bcap.dataPostProcess(request.read())
  logger.info('request: %s' % args)
  if not args.has_key('email'):
    return logWith404(logger, 'request_account: post data missing email')

  pa = PendingAccount(email = args['email'])
  pa.save()
  create_cap = bcap.grant('create-account', pa)

  message = """
Hi!  You've requested an account with Resume at the Brown University Department of Computer Science.

Visit this link to get started:

%s/new-applicant/#%s
""" % (settings.APPURL, create_cap.serialize())

  emailResponse = sendLogEmail('Resume Account Request', message, args['email'], 'Lauren Clarke <*****@*****.**>')
  if emailResponse: return emailResponse

  return bcap.bcapResponse({'success': True})
Exemplo n.º 8
0
Arquivo: views.py Projeto: brownplt/k3
def newStationCap():
  generated = urllib2.urlopen(settings.STATION_DOMAIN + '/generate/')
  return bcap.dataPostProcess(generated.read())
Exemplo n.º 9
0
Arquivo: views.py Projeto: brownplt/k3
 def get(self, granted):
   stash = granted.stash
   return bcap.bcapResponse(bcap.dataPostProcess(stash.stashed_content))