def record_entry(request):
authKey = request.POST.get("auth_key") #Such a hack, but I'm feeling lazy
if authKey != "adrifgyseirufgjseor8gy89werhguysodfy78aeyrfg678yw489ghwerytfge":
return JsonResponse({'authenticated': False, 'recorded': False})
search_code = request.POST["entry_code"]
recordListSlug= "Entry %s" % datetime.today().strftime("%Y-%m-%d")
queryListSlug = "club-entry"
queryList = QueryList.objects.get(slug=queryListSlug)
person = autoPerson(codeSearch(search_code))
queryListPeople = queryList.people
if not person:
return JsonResponse({'authenticated': True, 'recorded': False, 'found': False})
if person in queryListPeople:
entryList = autoList(recordListSlug, 'entry_list')
if entryList.list_type != 'entry_list':
log.warning("Entry record attempt into a non-entry list")
return JsonResponse({'authenticated': True, 'recorded': False, 'found': True, 'first_name': person.first_name, 'last_name': person.last_name, 'error': 'Entry record attempt into a non-entry list'})
entryList.people.add(person)
entryList.save()
log.info("Recording entry for %s into %s" % (person, entryList))
return JsonResponse({'authenticated': True, 'recorded': True, 'found': True, 'first_name': person.first_name, 'last_name': person.last_name})
else:
return JsonResponse({'authenticated': True, 'recorded': False, 'first_name': person.first_name, 'last_name': person.last_name, 'error': '{first:} {last:} is not allowed into the ballroom'.format(first=person.first_name, last=person.last_name)})
def remoteScan(request, id):
try:
endpoint = RemoteScanEndpoint.objects.get(pk=id)
except RemoteScanEndpoint.DoesNotExist:
return JsonResponse({"alert": "Endpoint ID does not exist, please re-configure remote scanner", "remove": True})
data = json.loads(request.body.decode("utf-8"))
testSignature = data["uuid"] + data["timestamp"] + data["code"]
remoteDigest = base64.decodebytes(data["signature"].encode())
localDigest = hmac.new(endpoint.auth_key.encode(), testSignature.encode(), hashlib.sha256).digest()
authPass = hmac.compare_digest(localDigest, remoteDigest)
if not authPass:
return JsonResponse({"alert_title": "Authentication Failure", "alert_message": "HMAC digest failure", "stop": True})
person = autoPerson(codeSearch(data["code"]))
if not person:
return JsonResponse({"remove": 10, "alert_title": "Search Error", "alert_message": "Person not found with search code {code:}".format(code=data["code"])})
if endpoint.allowed_list:
checkList = endpoint.allowed_list
checkPeople = endpoint.allowed_list.people
if not person in checkPeople:
return JsonResponse({"message": "Denied: {name:}".format(name=person.name), "remove": 10, "alert_title": "Entry Not Allowed", "alert_message": "{name} is not in {list}".format(name=person.name, list=endpoint.allowed_list.name)})
with transaction.atomic():
RemoteScanUUID(uuid=data["uuid"]).save()
if endpoint.scan_list:
scanList = endpoint.scan_list
else:
scanListSlug = "{prefix:} {date:}".format(prefix=endpoint.list_prefix, date=datetime.today().strftime("%Y-%m-%d"))
scanList = autoList(scanListSlug, "entry_list")
if person in scanList.people.all():
duplicate = True
else:
duplicate = False
scanList.people.add(person)
params = {"remove": 3, "sound": "beep"}
if duplicate:
params["message"] = "Duplicate: {name:}".format(name=person.name)
else:
params["message"] = "Allowed: {name:}".format(name=person.name)
return JsonResponse(params)
def person_info(request):
search = request.GET.get("person_info_search", None)
if not search:
return HttpResponseBadRequest("person_info_search is required")
o = lib.codeSearch(search)
person = lib.autoPerson(o)
if not person:
return HttpResponseNotFound("Person not found for %s" % search)
templateVars = {}
templateVars["person"] = person
registrations = list(person.registration_set.all())
registrations.sort(key=lambda x: lib.registrationCardCodeKey(x.registration_session.card_code))
registrations.reverse()
templateVars["registrations"] = registrations
allLists = List.objects.filter(people=person).order_by('name')
entryLists = allLists.filter(list_type='entry_list')
adminLists = allLists.filter(list_type='admin_list')
queryLists = []
for q in QueryList.objects.all():
if person in q.people:
queryLists.append(q)
queryLists.sort(key=lambda q: q.name)
templateVars["entry_lists"] = entryLists
templateVars["admin_lists"] = adminLists
templateVars["query_lists"] = queryLists
return render(request, 'dashboard_person_info.html', templateVars)
def person_info(request):
search = request.GET.get("person_info_search", None)
if not search:
return HttpResponseBadRequest("person_info_search is required")
o = lib.codeSearch(search)
person = lib.autoPerson(o)
if not person:
return HttpResponseNotFound("Person not found for %s" % search)
templateVars = {}
templateVars["person"] = person
registrations = list(person.registration_set.all())
registrations.sort(key=lambda x: lib.registrationCardCodeKey(x.registration_session.card_code))
registrations.reverse()
templateVars["registrations"] = registrations
allLists = List.objects.filter(people=person).order_by('name')
entryLists = allLists.filter(list_type='entry_list')
adminLists = allLists.filter(list_type='admin_list')
queryLists = []
for q in QueryList.objects.all():
if person in q.people:
queryLists.append(q)
queryLists.sort(key=lambda q: q.name)
templateVars["entry_lists"] = entryLists
templateVars["admin_lists"] = adminLists
templateVars["query_lists"] = queryLists
return render(request, 'dashboard_person_info.html', templateVars)
def record_entry(request):
authKey = request.POST.get("auth_key") #Such a hack, but I'm feeling lazy
if authKey != "adrifgyseirufgjseor8gy89werhguysodfy78aeyrfg678yw489ghwerytfge":
return JsonResponse({'authenticated': False, 'recorded': False})
search_code = request.POST["entry_code"]
recordListSlug = "Entry %s" % datetime.today().strftime("%Y-%m-%d")
queryListSlug = "club-entry"
queryList = QueryList.objects.get(slug=queryListSlug)
person = autoPerson(codeSearch(search_code))
queryListPeople = queryList.people
if not person:
return JsonResponse({
'authenticated': True,
'recorded': False,
'found': False
})
if person in queryListPeople:
entryList = autoList(recordListSlug, 'entry_list')
if entryList.list_type != 'entry_list':
log.warning("Entry record attempt into a non-entry list")
return JsonResponse({
'authenticated':
True,
'recorded':
False,
'found':
True,
'first_name':
person.first_name,
'last_name':
person.last_name,
'error':
'Entry record attempt into a non-entry list'
})
entryList.people.add(person)
entryList.save()
log.info("Recording entry for %s into %s" % (person, entryList))
return JsonResponse({
'authenticated': True,
'recorded': True,
'found': True,
'first_name': person.first_name,
'last_name': person.last_name
})
else:
return JsonResponse({
'authenticated':
True,
'recorded':
False,
'first_name':
person.first_name,
'last_name':
person.last_name,
'error':
'{first:} {last:} is not allowed into the ballroom'.format(
first=person.first_name, last=person.last_name)
})
def remoteScan(request, id):
try:
endpoint = RemoteScanEndpoint.objects.get(pk=id)
except RemoteScanEndpoint.DoesNotExist:
return JsonResponse({
"alert":
"Endpoint ID does not exist, please re-configure remote scanner",
"remove": True
})
data = json.loads(request.body.decode("utf-8"))
testSignature = data["uuid"] + data["timestamp"] + data["code"]
remoteDigest = base64.decodebytes(data["signature"].encode())
localDigest = hmac.new(endpoint.auth_key.encode(), testSignature.encode(),
hashlib.sha256).digest()
authPass = hmac.compare_digest(localDigest, remoteDigest)
if not authPass:
return JsonResponse({
"alert_title": "Authentication Failure",
"alert_message": "HMAC digest failure",
"stop": True
})
person = autoPerson(codeSearch(data["code"]))
if not person:
return JsonResponse({
"remove":
10,
"alert_title":
"Search Error",
"alert_message":
"Person not found with search code {code:}".format(
code=data["code"])
})
if endpoint.allowed_list:
checkList = endpoint.allowed_list
checkPeople = endpoint.allowed_list.people
if not person in checkPeople:
return JsonResponse({
"message":
"Denied: {name:}".format(name=person.name),
"remove":
10,
"alert_title":
"Entry Not Allowed",
"alert_message":
"{name} is not in {list}".format(
name=person.name, list=endpoint.allowed_list.name)
})
with transaction.atomic():
RemoteScanUUID(uuid=data["uuid"]).save()
if endpoint.scan_list:
scanList = endpoint.scan_list
else:
scanListSlug = "{prefix:} {date:}".format(
prefix=endpoint.list_prefix,
date=datetime.today().strftime("%Y-%m-%d"))
scanList = autoList(scanListSlug, "entry_list")
if person in scanList.people.all():
duplicate = True
else:
duplicate = False
scanList.people.add(person)
params = {"remove": 3, "sound": "beep"}
if duplicate:
params["message"] = "Duplicate: {name:}".format(name=person.name)
else:
params["message"] = "Allowed: {name:}".format(name=person.name)
return JsonResponse(params)