def apisolr():
acsrf = request.query['antiCSRF']
ses_id = request.query['session_id']
if (not auth.is_valid_acsrf(ses_id)):
dict = {0: {"status": "BadAuthentication"}}
return dict;
auth.update_acsrf(ses_id)
portfolio = request.query['portfolio']
print "portfolio = "+portfolio
r = requests.get(URL_TO_MORRIS_PORTFOLIOS_API+"/decoration/"+portfolio)
content = r.text
d = ast.literal_eval(r.text)
p3ids = d['data']
payload = { 'username' : PricesPaidAPIUsername,\
'password' : PricesPaidAPIPassword,\
'p3ids' : pickle.dumps(p3ids)
}
r = requests.post(URLToPPSearchApiSolr+"/fromIds", data=payload, \
auth=(PricesPaidAPIBasicAuthUsername, PricesPaidAPIBasicAuthPassword), verify=False)
LogActivity.logDebugInfo("Got Past Post to :"+URLToPPSearchApiSolr)
content = r.text
d = ast.literal_eval(content)
html = ""
for key, vdict in d.iteritems():
# Turn this into a function!
html = html + produceHTML(vdict)
# Actually, here we need to loop over a template, but I will try this first!
return html
def apisolr():
acsrf = request.forms.get('antiCSRF')
ses_id = request.forms.get('session_id')
if (not auth.is_valid_acsrf(ses_id)):
dict = {0: {"status": "BadAuthentication"}}
return dict;
auth.update_acsrf(ses_id)
portfolio = request.forms.get('portfolio')
print "portfolio = "+portfolio
r = requests.get(URL_TO_MORRIS_PORTFOLIOS_API+"/decoration/"+portfolio)
content = r.text
d = ast.literal_eval(r.text)
p3ids = d['data']
payload = { 'username' : PricesPaidAPIUsername,\
'password' : PricesPaidAPIPassword,\
'p3ids' : pickle.dumps(p3ids)
}
r = requests.post(URLToPPSearchApiSolr+"/fromIds", data=payload, \
auth=(PricesPaidAPIBasicAuthUsername, PricesPaidAPIBasicAuthPassword), verify=False)
LogActivity.logDebugInfo("Got Past Post to :"+URLToPPSearchApiSolr)
content = r.text
# This is inefficient, but I can't seem to get Bottle to
# let me procure a correct JSON response with out using a dictionary.
# I tried using BaseResponse. This could be my weakness
# with Python or confusion in Bottle.
d = ast.literal_eval(content)
return d
def logoutViaGet():
LogActivity.logPageTurn("nosession","Logout")
acsrf = request.forms.get('antiCSRF')
ses_id = request.forms.get('session_id')
auth.del_session(ses_id)
return template('Logout',goog_anal_script=GoogleAnalyticsInclusionScript)
def apisolr():
acsrf = request.query['antiCSRF']
ses_id = request.query['session_id']
if (not auth.is_valid_acsrf(ses_id)):
dict = {0: {"status": "BadAuthentication"}}
return dict;
auth.update_acsrf(ses_id)
portfolio = request.query['portfolio']
print "portfolio = "+portfolio
r = requests.get(URL_TO_MORRIS_PORTFOLIOS_API+"/decoration/"+portfolio)
content = r.text
d = ast.literal_eval(r.text)
p3ids = d['data']
payload = { 'username' : PricesPaidAPIUsername,\
'password' : PricesPaidAPIPassword,\
'p3ids' : pickle.dumps(p3ids)
}
r = requests.post(URLToPPSearchApiSolr+"/fromIds", data=payload, \
auth=(PricesPaidAPIBasicAuthUsername, PricesPaidAPIBasicAuthPassword), verify=False)
LogActivity.logDebugInfo("Got Past Post to :"+URLToPPSearchApiSolr)
content = r.text
d = ast.literal_eval(content)
html = ""
for key, vdict in d.iteritems():
# Turn this into a function!
html = html + produceHTML(vdict)
# Actually, here we need to loop over a template, but I will try this first!
return html
def apisolr():
acsrf = request.forms.get('antiCSRF')
ses_id = request.forms.get('session_id')
if (not auth.is_valid_acsrf(ses_id)):
dict = {0: {"status": "BadAuthentication"}}
return dict;
auth.update_acsrf(ses_id)
portfolio = request.forms.get('portfolio')
print "portfolio = "+portfolio
r = requests.get(URL_TO_MORRIS_PORTFOLIOS_API+"/decoration/"+portfolio)
content = r.text
d = ast.literal_eval(r.text)
p3ids = d['data']
payload = { 'username' : PricesPaidAPIUsername,\
'password' : PricesPaidAPIPassword,\
'p3ids' : pickle.dumps(p3ids)
}
r = requests.post(URLToPPSearchApiSolr+"/fromIds", data=payload, \
auth=(PricesPaidAPIBasicAuthUsername, PricesPaidAPIBasicAuthPassword), verify=False)
LogActivity.logDebugInfo("Got Past Post to :"+URLToPPSearchApiSolr)
content = r.text
# This is inefficient, but I can't seem to get Bottle to
# let me procure a correct JSON response with out using a dictionary.
# I tried using BaseResponse. This could be my weakness
# with Python or confusion in Bottle.
d = ast.literal_eval(content)
return d
def logoutViaGet():
LogActivity.logPageTurn("nosession","Logout")
acsrf = request.forms.get('antiCSRF')
ses_id = request.forms.get('session_id')
auth.del_session(ses_id)
return template('Logout',goog_anal_script=GoogleAnalyticsInclusionScript)
def is_valid_acsrf(session_id):
if (session_id in GLOBAL_SESSION_DICT):
timestamp = GLOBAL_SESSION_DICT[session_id][1]
timenow = datetime.datetime.now()
timedelta = timenow - timestamp
if (timedelta < datetime.timedelta(seconds=TokenTimeout)):
return True
else:
LogActivity.logTimeout(session_id)
return False
else:
LogActivity.logMissingSession(session_id)
return False
def is_valid_acsrf(session_id):
if (session_id in GLOBAL_SESSION_DICT):
timestamp = GLOBAL_SESSION_DICT[session_id][1]
timenow = datetime.datetime.now()
timedelta = timenow - timestamp
if (timedelta < datetime.timedelta(seconds=TokenTimeout)):
return True
else:
LogActivity.logTimeout(session_id)
return False
else:
LogActivity.logMissingSession(session_id)
return False;
def render_portfolio():
acsrf = request.forms.get('antiCSRF')
ses_id = request.forms.get('session_id')
if (not auth.is_valid_acsrf(ses_id)):
return template('Login',message='Improper Credentials or Timeout.',goog_anal_script=GoogleAnalyticsInclusionScript)
auth.update_acsrf(ses_id)
LogActivity.logPageTurn(ses_id,"Portfolio")
portfolio = request.forms.get('portfolio')
return template('Portfolio',acsrf=auth.get_acsrf(ses_id),\
session_id=ses_id,\
portfolio=portfolio,\
feedback_url=LocalURLToRecordFeedback,\
goog_anal_script=GoogleAnalyticsInclusionScript)
def pptriv():
acsrf = request.forms.get('antiCSRF')
ses_id = request.forms.get('session_id')
if (not auth.is_valid_acsrf(ses_id)):
return template('Login',message='Improper Credentials or Timeout.',goog_anal_script=GoogleAnalyticsInclusionScript)
auth.update_acsrf(ses_id)
search_string = request.forms.get('search_string')
search_string = search_string if search_string is not None else "Dell Latitude"
commodity_id = request.forms.get('commodity_id')
print 'COMMODITY_ID = '+commodity_id
LogActivity.logPageTurn(ses_id,"MainPage")
return template('MainPage',search_string=search_string,\
acsrf=auth.get_acsrf(ses_id),\
session_id=ses_id,\
feedback_url=LocalURLToRecordFeedback,\
commodity_id=commodity_id,goog_anal_script=GoogleAnalyticsInclusionScript)
def render_main_page(acsf,ses_id):
if (not auth.is_valid_acsrf(ses_id)):
return template('Login',message='Improper Credentials or Timeout.',
footer_html=FOOTER_HTML,
goog_anal_script=GoogleAnalyticsInclusionScript)
auth.update_acsrf(ses_id)
search_string = request.forms.get('search_string')
search_string = search_string if search_string is not None else ""
commodity_id = request.forms.get('commodity_id')
LogActivity.logPageTurn(ses_id,"MainPage")
return template('MainPage',search_string=search_string,\
acsrf=auth.get_acsrf(ses_id),\
session_id=ses_id,\
feedback_url=LocalURLToRecordFeedback,\
footer_html=FOOTER_HTML,\
column_dropdown=COLUMN_DROPDOWN_HTML,\
commodity_id=commodity_id,goog_anal_script=GoogleAnalyticsInclusionScript)
def does_authenticate(username, password):
hashes = loadHashes()
if username in GLOBAL_BAD_LOGIN:
timenow = datetime.datetime.now()
timestamp = GLOBAL_BAD_LOGIN[username][1]
timedelta = timenow - timestamp
if (timedelta >= datetime.timedelta(seconds=LIMIT_TIME_TO_RETRY)):
# An hour has gone by, so we givem them a pass....
GLOBAL_BAD_LOGIN.pop(username, None)
if username in GLOBAL_BAD_LOGIN:
count = GLOBAL_BAD_LOGIN[username][0]
if (count >= LIMIT_NUMBER_BAD_LOGINS):
# Probably should have a separate log message for this..
LogActivity.logTooManyLoginAttempts(username)
return False
if username not in hashes:
LogActivity.logBadCredentials(username)
record_bad_login(username)
return False
if hashes[username] == hashlib.sha256(password + P3APISALT).hexdigest():
return True
else:
LogActivity.logBadCredentials(username)
record_bad_login(username)
return False
def does_authenticate(username,password):
hashes = loadHashes()
if username in GLOBAL_BAD_LOGIN:
timenow = datetime.datetime.now()
timestamp = GLOBAL_BAD_LOGIN[username][1]
timedelta = timenow - timestamp
if (timedelta >= datetime.timedelta(seconds=LIMIT_TIME_TO_RETRY)):
# An hour has gone by, so we givem them a pass....
GLOBAL_BAD_LOGIN.pop(username, None)
if username in GLOBAL_BAD_LOGIN:
count = GLOBAL_BAD_LOGIN[username][0]
if (count >= LIMIT_NUMBER_BAD_LOGINS):
# Probably should have a separate log message for this..
LogActivity.logTooManyLoginAttempts(username)
return False;
if username not in hashes:
LogActivity.logBadCredentials(username)
record_bad_login(username)
return False;
if hashes[username] == hashlib.sha256(password+P3APISALT).hexdigest():
return True;
else:
LogActivity.logBadCredentials(username)
record_bad_login(username)
return False;
def feedback():
acsrf = request.forms.get('antiCSRF')
ses_id = request.forms.get('session_id')
LogActivity.logDebugInfo("acsrf ses_d :"+acsrf+ses_id)
if (not auth.is_valid_acsrf(ses_id)):
dict = {0: {"status": "BadAuthentication"}}
return dict;
LogActivity.logDebugInfo("authenticated !")
LogActivity.logFeedback(ses_id)
message = request.forms.get('message')
name = request.forms.get('name')
radio_list_value = request.forms.get('radio_list_value')
LogFeedback.logFeedback(name,message,radio_list_value);
return "true";
def feedback():
acsrf = request.forms.get('antiCSRF')
ses_id = request.forms.get('session_id')
LogActivity.logDebugInfo("acsrf ses_d :"+acsrf+ses_id)
if (not auth.is_valid_acsrf(ses_id)):
dict = {0: {"status": "BadAuthentication"}}
return dict;
LogActivity.logDebugInfo("authenticated !")
LogActivity.logFeedback(ses_id)
message = request.forms.get('message')
name = request.forms.get('name')
radio_list_value = request.forms.get('radio_list_value')
LogFeedback.logFeedback(name,message,radio_list_value);
return "true";
def is_valid_acsrf(session_id,acsrf):
if (session_id in GLOBAL_SESSION_DICT):
timestamp = GLOBAL_SESSION_DICT[session_id][1]
timenow = datetime.datetime.now()
timedelta = timenow - timestamp
if (timedelta < datetime.timedelta(seconds=TokenTimeout)):
if (acsrf != GLOBAL_SESSION_DICT[session_id][0]):
LogActivity.logDebugInfo("ACSRF Mismatch provided vs. stored :"+acsrf+","+GLOBAL_SESSION_DICT[session_id][0])
return False
else:
return True
else:
LogActivity.logTimeout(session_id)
return False
else:
LogActivity.logMissingSession(session_id)
return False;
def pptriv():
username = request.forms.get('username')
password = request.forms.get('password')
# just a little throttle to slow down any denial of service attack..
time.sleep(1.0);
if (not auth.does_authenticate(username,password)):
LogActivity.logBadCredentials(username)
return template('Login',message='Improper Credentials.',goog_anal_script=GoogleAnalyticsInclusionScript)
search_string = request.forms.get('search_string')
search_string = search_string if search_string is not None else "Dell Latitude"
psc_pattern = request.forms.get('psc_pattern')
ses_id = auth.create_session_id()
LogActivity.logSessionBegin(username,ses_id)
LogActivity.logPageTurn(ses_id,"StartPage")
return template('StartPage',search_string=search_string,\
acsrf=auth.get_acsrf(ses_id),\
username=username, \
session_id=ses_id,\
psc_pattern=psc_pattern,goog_anal_script=GoogleAnalyticsInclusionScript)
def apisolr():
acsrf = request.forms.get('antiCSRF')
ses_id = request.forms.get('session_id')
if (not auth.is_valid_acsrf(ses_id)):
dict = {0: {"status": "BadAuthentication"}}
return dict;
auth.update_acsrf(ses_id)
search_string = request.forms.get('search_string')
psc_pattern = request.forms.get('psc_pattern')
max_results = request.forms.get('numRows')
LogActivity.logSearchBegun(ses_id,psc_pattern,search_string)
payload = { 'username' : PricesPaidAPIUsername,\
'password' : PricesPaidAPIPassword,\
'search_string': search_string,\
'psc_pattern': psc_pattern,\
'numRows': max_results }
r = requests.post(URLToPPSearchApiSolr, data=payload, \
auth=(PricesPaidAPIBasicAuthUsername, PricesPaidAPIBasicAuthPassword), verify=False)
LogActivity.logDebugInfo("Got Past Post to :"+URLToPPSearchApiSolr)
content = r.text
# This is inefficient, but I can't seem to get Bottle to
# let me procure a correct JSON response with out using a dictionary.
# I tried using BaseResponse. This could be my weakness
# with Python or confusion in Bottle.
d = ast.literal_eval(content)
LogActivity.logSearchDone(ses_id,psc_pattern,search_string)
return d
def apisolr():
acsrf = request.forms.get('antiCSRF')
ses_id = request.forms.get('session_id')
if (not auth.is_valid_acsrf(ses_id)):
dict = {0: {"status": "BadAuthentication"}}
return dict;
auth.update_acsrf(ses_id)
search_string = request.forms.get('search_string')
psc_pattern = request.forms.get('psc_pattern')
LogActivity.logSearchBegun(ses_id,psc_pattern,search_string)
payload = { 'username' : PricesPaidAPIUsername,\
'password' : PricesPaidAPIPassword,\
'search_string': search_string,\
'psc_pattern': psc_pattern}
r = requests.post(URLToPPSearchApiSolr, data=payload, \
auth=(PricesPaidAPIBasicAuthUsername, PricesPaidAPIBasicAuthPassword), verify=False)
LogActivity.logDebugInfo("Got Past Post to :"+URLToPPSearchApiSolr)
content = r.text
# This is inefficient, but I can't seem to get Bottle to
# let me procure a correct JSON response with out using a dictionary.
# I tried using BaseResponse. This could be my weakness
# with Python or confusion in Bottle.
d = ast.literal_eval(content)
LogActivity.logSearchDone(ses_id,psc_pattern,search_string)
return d
def login():
LogActivity.logPageTurn("nosession","LoginPage")
return template('Login',message='',goog_anal_script=GoogleAnalyticsInclusionScript)
def del_session(session_id):
obj = (GLOBAL_SESSION_DICT.pop(session_id, None))
if session_id in GLOBAL_SESSION_DICT:
LogActivity.logMissingSession(str(session_id) + "failed to remove")
else:
LogActivity.logMissingSession(str(session_id) + "removed")
def del_session(session_id):
obj = (GLOBAL_SESSION_DICT.pop(session_id, None))
if session_id in GLOBAL_SESSION_DICT:
LogActivity.logMissingSession(str(session_id)+"failed to remove")
else:
LogActivity.logMissingSession(str(session_id)+"removed")
def login():
LogActivity.logPageTurn("nosession","LoginPage")
return template('Login',message='',
footer_html=FOOTER_HTML,
extra_login_methods=EXTRA_LOGIN_METHODS,
goog_anal_script=GoogleAnalyticsInclusionScript)
def legalNotice():
LogActivity.logPageTurn("nosession","LegalNotice")
return template('LegalNotice',goog_anal_script=GoogleAnalyticsInclusionScript)
def searchHelp():
LogActivity.logPageTurn("nosession","SearchHelp")
return template('SearchHelp',goog_anal_script=GoogleAnalyticsInclusionScript)
def get_portfolios():
LogActivity.logDebugInfo("Begin Create Portfolios")
r = requests.get(URL_TO_MORRIS_PORTFOLIOS_API+"/decoration")
d = ast.literal_eval(r.text)
return d
def searchHelp():
LogActivity.logPageTurn("nosession","SearchHelp")
return template('SearchHelp',goog_anal_script=GoogleAnalyticsInclusionScript)
def legalNotice():
LogActivity.logPageTurn("nosession","LegalNotice")
return template('LegalNotice',goog_anal_script=GoogleAnalyticsInclusionScript)
def update_new_acsrf(session_id,acsrf):
timestamp = datetime.datetime.now();
GLOBAL_SESSION_DICT[session_id] = [acsrf,timestamp]
LogActivity.logDebugInfo("SETTING ACSRF session, acsrf "+session_id+"."+GLOBAL_SESSION_DICT[session_id][0])
return session_id;
def get_portfolios():
LogActivity.logDebugInfo("Begin Create Portfolios")
r = requests.get(URL_TO_MORRIS_PORTFOLIOS_API+"/decoration")
d = ast.literal_eval(r.text)
return d
