Пример #1
0
def token_require(request):
    name = request.GET.get('app', '')
    service = Service.objects.filter(name=name).first()

    url = request.GET.get('url', '')
    dest = get_callback(request.user, service, url)

    alias = service.alias if service else url

    reason = 0
    if request.user.is_superuser:
        reason = 1
    elif name.startswith('sparcs') and not request.user.profile.sparcs_id:
        reason = 2
    elif not dest:
        reason = 3

    if reason:
        return render(request, 'api/denied.html', {
            'reason': reason,
            'alias': alias,
            'dest': dest
        })

    token = AccessToken.objects.filter(user=request.user,
                                       service=service).first()
    if token:
        logger.info('token.delete', {'r': request, 'hide': True})
        token.delete()

    m = ServiceMap.objects.filter(user=request.user, service=service).first()

    if (not m or m.unregister_time) and service:
        result = reg_service(request.user, service)
        if result:
            profile_logger.info('register.success: app=%s' % service.name,
                                {'r': request})
        else:
            d = service.cooltime - (timezone.now() - m.unregister_time).days
            profile_logger.warning('register.fail: app=%s' % service.name,
                                   {'r': request})
            return render(request, 'api/cooltime.html', {
                'service': service,
                'left': d
            })

    while True:
        tokenid = os.urandom(10).encode('hex')
        if not AccessToken.objects.filter(tokenid=tokenid,
                                          service=service).count():
            break

    token = AccessToken(tokenid=tokenid,
                        user=request.user,
                        service=service,
                        expire_time=timezone.now() + timedelta(seconds=5))
    token.save()
    logger.info('token.create: app=%s,url=%s' % (name, url), {'r': request})
    args = {'tokenid': token.tokenid}
    return redirect(dest + '?' + urllib.urlencode(args))
Пример #2
0
def token_require(request):
    client_id = request.GET.get('client_id', '')
    state = request.GET.get('state', '')

    service = Service.objects.filter(name=client_id).first()
    if not service:
        raise SuspiciousOperation('INVALID_SERVICE')

    if len(state) < 8:
        raise SuspiciousOperation('INVALID_STATE')

    user = request.user
    profile = user.profile
    flags = user.profile.flags

    reason = 0
    if flags['sysop']:
        reason = 1
    elif service.scope == 'SPARCS' and not flags['sparcs']:
        reason = 2
    elif service.scope == 'TEST' and not flags['test']:
        reason = 3
    elif service.scope != 'TEST' and flags['test-only']:
        reason = 4
    elif not (profile.email_authed or profile.facebook_id or profile.twitter_id
              or profile.kaist_id):
        reason = 5

    if reason:
        return render(request, 'api/denied.html', {
            'reason': reason,
            'alias': service.alias,
        })

    AccessToken.objects.filter(user=user, service=service).delete()
    m = ServiceMap.objects.filter(user=user, service=service).first()
    if not m or m.unregister_time:
        m_new = service_register(user, service)
        log_msg = 'success' if m_new else 'fail'
        logger.warning(
            f'register.{log_msg}', {
                'r':
                request,
                'extra': [
                    ('app', service.name),
                    ('sid', m_new.sid if m_new else ''),
                ],
            })
        if not m_new:
            left = service.cooltime - (timezone.now() - m.unregister_time).days
            return render(request, 'api/cooltime.html', {
                'service': service,
                'left': left,
            })

    while True:
        tokenid = token_hex(10)
        if not AccessToken.objects.filter(tokenid=tokenid).count():
            break

    token = AccessToken(
        tokenid=tokenid,
        user=user,
        service=service,
        expire_time=timezone.now() + timedelta(seconds=TIMEOUT),
    )
    token.save()
    logger.info('login.try', {
        'r': request,
        'hide': True,
        'extra': [('app', client_id)],
    })

    return redirect(service.login_callback_url + '?' +
                    urlencode({
                        'code': token.tokenid,
                        'state': state,
                    }))
Пример #3
0
def token_require(request):
    client_id = request.GET.get('client_id', '')
    state = request.GET.get('state', '')

    if len(state) < 8:
        raise SuspiciousOperation()

    service = Service.objects.filter(name=client_id).first()
    if not service:
        raise SuspiciousOperation()

    user = request.user
    profile = user.profile
    flags = user.profile.flags

    reason = 0
    if flags['sysop']:
        reason = 1
    elif service.scope == 'SPARCS' and not flags['sparcs']:
        reason = 2
    elif service.scope == 'TEST' and not flags['test']:
        reason = 3
    elif service.scope != 'TEST' and flags['test-only']:
        reason = 4
    elif not (profile.email_authed or profile.facebook_id or profile.twitter_id
              or profile.kaist_id):
        reason = 5

    if reason:
        return render(request, 'api/denied.html', {
            'reason': reason,
            'alias': service.alias
        })

    token = AccessToken.objects.filter(user=user, service=service).first()
    if token:
        logger.info('token.delete', {'r': request, 'hide': True})
        token.delete()

    m = ServiceMap.objects.filter(user=user, service=service).first()
    if not m or m.unregister_time:
        result = reg_service(user, service)
        if result:
            profile_logger.info('register.success: app=%s' % service.name,
                                {'r': request})
        else:
            d = service.cooltime - (timezone.now() - m.unregister_time).days
            profile_logger.warning('register.fail: app=%s' % service.name,
                                   {'r': request})
            return render(request, 'api/cooltime.html', {
                'service': service,
                'left': d
            })

    while True:
        tokenid = token_hex(10)
        if not AccessToken.objects.filter(tokenid=tokenid,
                                          service=service).count():
            break

    token = AccessToken(tokenid=tokenid,
                        user=user,
                        service=service,
                        expire_time=timezone.now() + timedelta(seconds=10))
    token.save()
    logger.info('token.create: app=%s' % client_id, {'r': request})

    args = {'code': token.tokenid, 'state': state}
    return redirect(service.login_callback_url + '?' + urlencode(args))