def openvas_details(request):
with open(openvas_data, 'r+') as f:
data = json.load(f)
ov_user = data['open_vas_user']
ov_pass = data['open_vas_pass']
ov_ip = data['open_vas_ip']
lod_ov_user = signing.loads(ov_user)
lod_ov_pass = signing.loads(ov_pass)
lod_ov_ip = signing.loads(ov_ip)
if request.method == 'POST':
scan_host = request.POST.get("scan_host", )
openvas_user = request.POST.get("openvas_user", )
openvas_password = request.POST.get("openvas_password", )
else:
scan_host = lod_ov_user
openvas_user = lod_ov_pass
openvas_password = lod_ov_ip
with open(openvas_data, 'r+') as f:
sig_ov_user = signing.dumps(openvas_user)
sig_ov_pass = signing.dumps(openvas_password)
sig_ov_ip = signing.dumps(scan_host)
data = json.load(f)
data['open_vas_user'] = sig_ov_user
data['open_vas_pass'] = sig_ov_pass
data['open_vas_ip'] = sig_ov_ip
f.seek(0)
json.dump(data, f, indent=4)
f.truncate()
messages.add_message(request, messages.SUCCESS, 'Openvas Setting Updated ')
return render(request, 'setting_form.html', )
def dispatch(self, request, token):
try:
signing.loads(token, max_age=20*60, salt='delete_account')
self.token = token
except signing.BadSignature:
return redirect(reverse('destroy_account'))
return super(DestroyConfirm, self).dispatch(request, token)
def loads_with_timestamp(value, salt):
"""Returns the unsigned value along with its timestamp, the time when it
got dumped."""
try:
signing.loads(value, salt=salt, max_age=-1)
except signing.SignatureExpired as e:
age = float(str(e).split('Signature age ')[1].split(' >')[0])
timestamp = timezone.now() - datetime.timedelta(seconds=age)
return timestamp, signing.loads(value, salt=salt)
def test_dumps_loads(self):
"dumps and loads be reversible for any JSON serializable object"
objects = [["a", "list"], "a unicode string \u2019", {"a": "dictionary"}]
if six.PY2:
objects.append(b"a byte string")
for o in objects:
self.assertNotEqual(o, signing.dumps(o))
self.assertEqual(o, signing.loads(signing.dumps(o)))
self.assertNotEqual(o, signing.dumps(o, compress=True))
self.assertEqual(o, signing.loads(signing.dumps(o, compress=True)))
def get(self, request):
signed_data = request.GET.get('data', None)
if request.user.is_authenticated() and signed_data:
assign_invitation(request.user, signing.loads(signed_data))
return HttpResponseRedirect(reverse('portal:frontpage'))
elif signed_data:
request.session['invite_data'] = signing.loads(signed_data)
return super(SignInView, self).get(request)
def check_token(token):
"""Check whether the one-time token is valid."""
if token is None:
return False, 'Missing one-time token'
try:
signing.loads(token, max_age=settings.TOKEN_EXPIRES)
return True, ''
except signing.SignatureExpired:
return False, 'Expired one-time token'
except signing.BadSignature:
return False, 'Invalid one-time token'
def test_dumps_loads(self):
"dumps and loads be reversible for any JSON serializable object"
objects = [
['a', 'list'],
'a unicode string \u2019',
{'a': 'dictionary'},
]
for o in objects:
self.assertNotEqual(o, signing.dumps(o))
self.assertEqual(o, signing.loads(signing.dumps(o)))
self.assertNotEqual(o, signing.dumps(o, compress=True))
self.assertEqual(o, signing.loads(signing.dumps(o, compress=True)))
def forming_data(data):
"""
Some actions with data.
:param data: [{'data': data, ...},...{...}]
:return: data
"""
for instance in data:
if instance.get('ssh_key_pub'):
instance['ssh_key_pub'] = signing.loads(instance['ssh_key_pub'], key=settings.SECRET_KEY,
salt=instance['user_salt'])[0]
if instance.get('ssh_key_privat'):
instance['ssh_key_privat'] = signing.loads(instance['ssh_key_privat'], key=settings.SECRET_KEY,
salt=instance['user_salt'])[0]
return data
def loads(key, max_age=None):
try:
signing.loads(key)
except signing.BadSignature:
# log.warning("Tampering detected for conversion key: %s", key)
raise ValueError
try:
data = signing.loads(key, max_age=max_age)
except signing.BadSignature:
# log.warning("Signature expired: %s", key)
raise KeyError
return data
def verify_email(request, token):
try:
signing.loads(token)
activation = Activation.objects.get(token=token)
except:
messages.warning(request, u'Неверный код.Возможно, это старое письмо.')
context = {'form': None}
return render(request, 'reg.html', context)
if activation.status == Activation.EMAIL_SENT:
activation.status = Activation.EMAIL_VERIFIED
activation.save()
elif activation.status == Activation.REGISTERED:
return redirect('login', token=token)
return redirect('reg', token=token)
def get_widget_or_404(self):
"""
Get and return widget from cache.
Raises:
Http404: If if the widget can not be found or no id is provided.
Returns:
ModelSelect2Mixin: Widget from cache.
"""
field_id = self.kwargs.get('field_id', self.request.GET.get('field_id', None))
if not field_id:
raise Http404('No "field_id" provided.')
try:
key = signing.loads(field_id)
except BadSignature:
raise Http404('Invalid "field_id".')
else:
cache_key = '%s%s' % (settings.SELECT2_CACHE_PREFIX, key)
widget_dict = cache.get(cache_key)
if widget_dict is None:
raise Http404('field_id not found')
if widget_dict.pop('url') != self.request.path:
raise Http404('field_id was issued for the view.')
qs, qs.query = widget_dict.pop('queryset')
self.queryset = qs.all()
widget_dict['queryset'] = self.queryset
widget_cls = widget_dict.pop('cls')
return widget_cls(**widget_dict)
def process_data(self, request):
xid = request.POST.get('MD')
if xid != self.payment.attrs.xid:
return redirect(self.payment.get_failure_url())
if self.payment.status in ['confirmed', 'preauth']:
return redirect(self.payment.get_success_url())
cc_data = request.GET.get('token')
try:
cc_data = signing.loads(cc_data)
except:
return redirect(self.payment.get_failure_url())
else:
expiration = cc_data['expiration']
cc_data['expiration'] = datetime.date(
expiration['year'], expiration['month'], 1)
params = self._prepare_payer_auth_validation_check(
cc_data, request.POST.get('PaRes'))
response = self._make_request(params)
self.payment.transaction_id = response.requestID
self._set_proper_payment_status_from_reason_code(
response.reasonCode)
if self.payment.status in ['confirmed', 'preauth']:
return redirect(self.payment.get_success_url())
else:
return redirect(self.payment.get_failure_url())
def test_signup_post(client, parser):
"""Check the verification email has correct format.
"""
client.post('/en-us/accounts/signup/', {
'email': '*****@*****.**',
'password1': '7K50M',
'password2': '7K50M',
}, follow=True)
user = User.objects.get(email='*****@*****.**')
email = mail.outbox[0]
# The message does contain the activation link
message_has_verification_link = re.search(
r'^\s*http://testserver/en-us/accounts/verify/(?P<key>[-:\w]+)/$',
email.body.strip(),
re.MULTILINE
)
# The message hints the email in use
message_has_account_email = user.email in email.body
assert message_has_verification_link, email.body.strip()
assert message_has_account_email, email.body.strip()
assert user.email == signing.loads(
message_has_verification_link.group('key'),
salt='Footage order-flow long-chain hydrocarbons hacker',
)
assert not email.alternatives
def get(self, request, *args, **kwargs):
if 'token' in request.GET:
User = get_user_model()
try:
token = signing.loads(request.GET['token'], max_age=7200)
user_pk = token['user_pk']
email = token['email']
site_pk = token['site_pk']
site = get_current_site(request)
if site.pk != site_pk:
raise ValueError
user = User.objects.get(pk=user_pk)
user.email = email
user.save()
messages.info(request, _('your request for changing your email for {0} '
'is successful').format(email))
except signing.SignatureExpired:
messages.error(request, _('your request for changing your email is too '
'old, try again'))
except signing.BadSignature:
messages.error(request, _('your request for changing your email is '
'invalid, try again'))
except ValueError:
messages.error(request, _('your request for changing your email was not '
'on this site, try again'))
except User.DoesNotExist:
messages.error(request, _('your request for changing your email is for '
'an unknown user, try again'))
return shortcuts.redirect(settings.LOGIN_REDIRECT_URL)
def mail_track(http_meta, encrypted):
from dbmail.models import MailLogTrack, MailLog
class Request(object):
META = http_meta
try:
request = Request()
mail_log_id = signing.loads(encrypted)
mail_log = MailLog.objects.get(log_id=mail_log_id)
track_log = MailLogTrack.objects.filter(mail_log=mail_log)
if not track_log.exists():
MailLogTrack.objects.create(
mail_log=mail_log,
ip=get_ip(request),
ua=request.META.get('HTTP_USER_AGENT'),
is_read=True,
)
else:
track_log[0].save()
except (signing.BadSignature, MailLog.DoesNotExist):
pass
except Exception as exc:
raise mail_track.retry(
retry=True, max_retries=SEND_RETRY,
countdown=SEND_RETRY_DELAY, exc=exc,
)
def validate(self, data):
if self.instance is None:
raise serializers.ValidationError("Cannot verify without a user instance")
if self.instance.keybase_username:
raise serializers.ValidationError("Cannot override existing keybase username")
public_key_provider = get_provider()
public_key_pem = public_key_provider.get_public_key(data["keybase_username"])
signed_message = data['signed_message']
with gpg_keyring(public_key_pem) as gpg:
verification = gpg.verify(signed_message)
validate_signature(verification)
message = gpg.decrypt(signed_message).data.strip()
try:
user_id = signing.loads(message, max_age=datetime.timedelta(minutes=10))
except signing.SignatureExpired:
raise serializers.ValidationError(
"Token expired. Please refresh and generate a new one."
)
except signing.BadSignature:
raise serializers.ValidationError(
"Could not validate token. Make sure you copied "
"the full token or refresh and try again."
)
if user_id != self.instance.id:
raise serializers.ValidationError("Mismatched user ID")
return data
def forgot_password_confirm(request, token):
# check token
try:
token_object = signing.loads(token, max_age=settings.FORGOT_PASSWORD_MAX_AGE)
email = token_object['email']
forgot_password = token_object['forgot-password']
except:
messages.error(request, u'Link inválido.')
return redirect('accounts_forgot_password')
# check for registered user
try:
user = User.objects.get(email=email)
except:
messages.error(request, u'E-mail não cadastrado.')
return redirect('accounts_forgot_password')
# process form
if request.method == 'POST':
form = ForgotPasswordConfirmForm(request.POST, user=user)
if form.is_valid():
form.save()
messages.success(request, u'Senha alterada com sucesso.')
return redirect('accounts_login')
else:
form = ForgotPasswordConfirmForm(user=user)
return render(request, 'accounts/forgot_password_confirm.html', {'form': form})
def confirm_email_address(request, token):
"""Confirms user's email address"""
success_url = getattr(settings, 'BASE_ACCOUNTS_CONFIRM_EMAIL_REDIRECT_URL', '/')
try:
pk = signing.loads(token, max_age=3600 * 48, salt='resend_email_confirmation')
except signing.BadSignature:
raise Http404
user = get_object_or_404(get_user_model(), pk=pk)
if user.confirmed:
raise Http404
user.confirmed = now()
user.save()
if request.user != user:
logout(request)
if not request.user.is_authenticated():
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
if user.is_active:
messages.success(request, _('You have confirmed your email address'))
return redirect(success_url)
else:
messages.success(request, _('Please confirm your email address'))
return redirect('password_reset_recover')
def template_source(request):
"""
Return the source of a template, syntax-highlighted by Pygments if
it's available.
"""
template_origin_name = request.GET.get('template_origin', None)
if template_origin_name is None:
return HttpResponseBadRequest('"template_origin" key is required')
try:
template_origin_name = signing.loads(template_origin_name)
except Exception:
return HttpResponseBadRequest('"template_origin" is invalid')
template_name = request.GET.get('template', template_origin_name)
final_loaders = []
loaders = Engine.get_default().template_loaders
for loader in loaders:
if loader is not None:
# When the loader has loaders associated with it,
# append those loaders to the list. This occurs with
# django.template.loaders.cached.Loader
if hasattr(loader, 'loaders'):
final_loaders += loader.loaders
else:
final_loaders.append(loader)
for loader in final_loaders:
if Origin: # django>=1.9
origin = Origin(template_origin_name)
try:
source = loader.get_contents(origin)
break
except TemplateDoesNotExist:
pass
else: # django<1.9
try:
source, _ = loader.load_template_source(template_name)
break
except TemplateDoesNotExist:
pass
else:
source = "Template Does Not Exist: %s" % (template_origin_name,)
try:
from pygments import highlight
from pygments.lexers import HtmlDjangoLexer
from pygments.formatters import HtmlFormatter
source = highlight(source, HtmlDjangoLexer(), HtmlFormatter())
source = mark_safe(source)
source.pygmentized = True
except ImportError:
pass
# Using SimpleTemplateResponse avoids running global context processors.
return SimpleTemplateResponse('debug_toolbar/panels/template_source.html', {
'source': source,
'template_name': template_name
})
def log_into_subdomain(request: HttpRequest, token: Text) -> HttpResponse:
try:
data = signing.loads(token, salt=_subdomain_token_salt, max_age=15)
except signing.SignatureExpired as e:
logging.warning('Subdomain cookie: {}'.format(e))
return HttpResponse(status=400)
except signing.BadSignature:
logging.warning('Subdomain cookie: Bad signature.')
return HttpResponse(status=400)
subdomain = get_subdomain(request)
if data['subdomain'] != subdomain:
logging.warning('Login attempt on invalid subdomain')
return HttpResponse(status=400)
email_address = data['email']
full_name = data['name']
is_signup = data['is_signup']
if is_signup:
# If we are signing up, user_profile should be None. In case
# email_address already exists, user will get an error message.
user_profile = None
return_data = {} # type: Dict[str, Any]
else:
# We can be reasonably confident that this subdomain actually
# has a corresponding realm, since it was referenced in a
# signed cookie. But we probably should add some error
# handling for the case where the realm disappeared in the
# meantime.
realm = get_realm(subdomain)
user_profile, return_data = authenticate_remote_user(realm, email_address)
invalid_subdomain = bool(return_data.get('invalid_subdomain'))
return login_or_register_remote_user(request, email_address, user_profile,
full_name, invalid_subdomain=invalid_subdomain,
is_signup=is_signup)
def unsubscribe(request, code):
"""unsubscribe"""
try:
medium_id, user_id, notice_type_label = signing.loads(code, max_age=UNSUBSCRIBE_TIMEOUT)
user = User.objects.get(pk=user_id)
medium_label = dict(NOTICE_MEDIA)[str(medium_id)]
except (signing.BadSignature, User.DoesNotExist, ValueError, KeyError):
raise Http404
notice_settings = NoticeSetting.objects.filter(
user=user,
medium=medium_id
)
if notice_type_label:
notice_settings = notice_settings.filter(notice_type__label=notice_type_label)
for ns in notice_settings:
ns.send = False
ns.save()
return render(request, 'notification/unsubscribed.html', {
'notice_settings': notice_settings,
'medium_id': medium_id,
'medium_label': medium_label,
'user': user,
})
def list(self, request):
# Check that the user in the requested URL matches the current user
# (or that the signed url matches)
requested_uri = request.headers.get('X-Original-URI')
requested_method = request.headers.get('X-Original-METHOD')
if requested_uri is None:
raise PermissionDenied("Missing X-Original-URI header")
path_regex = r'^/webdav/([^/]+)/'
m = re.match(path_regex, requested_uri)
if m is None:
raise PermissionDenied("Unrecognized URL pattern")
if m.group(1) == self.request.user.username:
r = Response({})
r['X-Real-User'] = m.group(1)
return r
else:
try:
real_username = signing.loads(m.group(1))['username']
except (KeyError, signing.BadSignature):
raise PermissionDenied("User does not have access to this resource")
else:
r = Response({})
r['X-Real-User'] = real_username
return r
def process_data(self, payment, request):
xid = request.POST.get('MD')
if xid != payment.attrs.xid:
return redirect(payment.get_failure_url())
if payment.status in [PaymentStatus.CONFIRMED, PaymentStatus.PREAUTH]:
return redirect(payment.get_success_url())
cc_data = request.GET.get('token')
try:
cc_data = signing.loads(cc_data)
except:
return redirect(payment.get_failure_url())
else:
expiration = cc_data['expiration']
cc_data['expiration'] = datetime.date(
expiration['year'], expiration['month'], 1)
params = self._prepare_payer_auth_validation_check(
payment, cc_data, request.POST.get('PaRes'))
response = self._make_request(payment, params)
payment.transaction_id = response.requestID
try:
self._set_proper_payment_status_from_reason_code(
payment, response.reasonCode)
except PaymentError as e:
pass
if payment.status in [PaymentStatus.CONFIRMED, PaymentStatus.PREAUTH]:
return redirect(payment.get_success_url())
else:
return redirect(payment.get_failure_url())
def dispatch(self, request, *args, **kwargs):
self.request = request
self.args = args
self.kwargs = kwargs
try:
unsigned_pk_hash = signing.loads(kwargs['token'],
max_age=self.token_expires,
salt=self.salt)
except signing.BadSignature:
return self.invalid()
try:
pk = unsigned_pk_hash['pk']
password = unsigned_pk_hash['psw']
except KeyError:
return self.invalid()
self.user = get_object_or_404(get_user_model(), pk=pk)
# Ensure the hashed password is same to prevent link to be reused
# TODO: this is assuming the password is changed
if password != self.hash_password(self.user.password):
return self.invalid()
return super(Reset, self).dispatch(request, *args, **kwargs)
def confirm_link(self, request, **kwargs):
try:
state = signing.loads(request.GET['state'])
pk = state['pk']
except (KeyError, signing.BadSignature):
raise ValidationError('Corrupted or missing state')
try:
code = request.GET['code']
except KeyError:
raise ValidationError('Bad or missing code')
try:
# We can't use self.get_queryset() here because are in an anonymous request, so self.request.user is
# not defined
gdrive_provider = GDriveProvider.objects.get(pk=pk)
except:
raise ValidationError('Corrupted or missing state')
try:
credentials_json = gdrive.step2_redeem_code_for_credentials(code)
except:
raise ValidationError('Invalid code')
gdrive_provider.credentials = credentials_json
gdrive_provider.save()
provider_pk = gdrive_provider.userstorageaccount_ptr_id
(check_credentials.si(provider_pk) | resync.si(provider_pk))()
return HttpResponseRedirect('/home/#/storage_providers')
def register(request, token):
# check token
try:
token_object = signing.loads(token, max_age=settings.REGISTER_MAX_AGE)
email = token_object['email']
register = token_object['register']
except:
messages.error(request, u'Link de ativação inválido.')
return redirect('accounts_register_confirm_email')
# check for registered user
if User.objects.filter(email=email):
messages.error(request, u'E-mail já cadastrado.')
return redirect('accounts_register_confirm_email')
# process form
if request.method == 'POST':
form = RegisterForm(request.POST)
if form.is_valid():
# get new user
new_user = form.save(email=email)
# login new user
auth_login(request, new_user)
# make message
messages.success(request, u'Conta criada com sucesso.')
# redirect to index
return redirect('staticpages_index')
else:
form = RegisterForm()
return render(request, 'accounts/register.html', {'form': form})
def load_login_token(site, site_url, token):
"""Verifies the login token.
Returns email encoded in the token if the token is valid, None
otherwise.
"""
try:
token_data = signing.loads(
token, salt=site_url, max_age=settings.AUTH_TOKEN_SECONDS_VALID)
# site_url in the token seems like an overkill. site_url is
# already used as salt which should give adequate protection
# against using a token for sites different than the one for
# which the token was generated.
if token_data['site'] != site_url:
return None
email = token_data['email']
timestamp = token_data['timestamp']
user = site.users.find_item_by_email(email)
if user is not None and user.last_login is not None:
if _datetime_to_timestamp(user.last_login) != timestamp:
return None
elif timestamp != 0:
return None
return email
except signing.BadSignature:
return None
def verify_token(self, request, *args, **kwargs):
"""
Use `token` to allow one-time access to a view.
Set the user as a class attribute or raise an `InvalidExpiredToken`.
Token expiry can be set in `settings` with `VERIFY_ACCOUNT_EXPIRY` and is
set in seconds.
"""
User = get_user_model()
try:
max_age = settings.VERIFY_ACCOUNT_EXPIRY
except AttributeError:
max_age = self.DEFAULT_VERIFY_ACCOUNT_EXPIRY
try:
email_data = signing.loads(kwargs['token'], max_age=max_age)
except signing.BadSignature:
raise self.invalid_exception_class
email = email_data['email']
try:
self.user = User.objects.get_by_natural_key(email)
except User.DoesNotExist:
raise self.invalid_exception_class
if self.user.email_verified:
raise self.permission_denied_class
def export_view(request, signature):
# Must have a valid signature that hasn't expired
try:
signed_value = signing.loads(signature, max_age=settings.SIGNED_URL_LIFETIME)
except BadSignature:
logger.exception("export signature validation failure")
return HttpResponseForbidden('this signature is not valid')
# what does this signature allow them to do?
if signed_value.get('what', None) != 'export':
return HttpResponseForbidden('this signature does not allow exports')
# The signature's data contains the userid of the authenticated user
# that the signature was given to
user_id = signed_value.get('u', -1)
User = get_user_model()
try:
user = User.objects.get(id=user_id)
except User.DoesNotExist:
logger.error("User in export URL does not exist")
return HttpResponseForbidden('this signature is not valid')
response = HttpResponse(status=OK, content_type='application/vnd.ms-excel')
response['Content-Disposition'] = 'attachment; filename="service_info.xls"'
book = get_export_workbook_for_user(user)
book.save(response)
return response
def get(self, request, *args, **kwargs):
if 'token' in request.GET:
User = compat.get_user_model()
try:
token = signing.loads(request.GET['token'], max_age=7200)
user_pk = token['user_pk']
email = token['email']
user = User.objects.get(pk=user_pk)
old_email = user.email
user.email = email
user.save()
messages.info(request, _('your request for changing your email for {0} '
'is successful').format(email))
logging.getLogger(__name__).info('user %s changed its email '
'from %s to %s', user,
old_email, email)
except signing.SignatureExpired:
messages.error(request, _('your request for changing your email is too '
'old, try again'))
except signing.BadSignature:
messages.error(request, _('your request for changing your email is '
'invalid, try again'))
except ValueError:
messages.error(request, _('your request for changing your email was not '
'on this site, try again'))
except User.DoesNotExist:
messages.error(request, _('your request for changing your email is for '
'an unknown user, try again'))
else:
return shortcuts.redirect('account_management')
return shortcuts.redirect('email-change')
def extract_data(self):
try:
payload = loads(self.token, max_age=timezone.timedelta(hours=8))
parent_user = self.parent_model.objects.get(
user__email=payload['parent_email'],
user__user_type=payload['parent_user_type']
)
if not parent_user.user_type in User.ALL_STAFF_USER + User.ALL_AGENTS:
raise PermissionDenied('Super user Does Not Exist')
except self.parent_model.DoesNotExist as e:
raise PermissionDenied('Super user Does Not Exist') from e
except SignatureExpired as e:
raise DisallowedHost("Link is expired. Request a new link") from e
return parent_user, payload
def load(self):
"""
We load the data from the key itself instead of fetching from
some external data store. Opposite of _get_session_key(),
raises BadSignature if signature fails.
"""
try:
return signing.loads(
self._session_key,
serializer=PickleSerializer,
max_age=settings.SESSION_COOKIE_AGE,
salt='django.contrib.sessions.backends.cookies')
except (signing.BadSignature, ValueError):
self.create()
return {}
def validate_key(self, activation_key):
try:
username = signing.loads(activation_key,
salt=REGISTRATION_SALT,
max_age=settings.ACCOUNT_ACTIVATION_DAYS *
86400)
return username
except signing.SignatureExpired:
raise ActivationError(self.EXPIRED_MESSAGE, code='expired')
messages.warning(self.request,
f'seems like your activation code has expired!')
except signing.BadSignature:
raise ActivationError(self.INVALID_KEY_MESSAGE,
code='invalid_key',
params={'activation_key': activation_key})
def form_valid(self, form):
token = self.kwargs.get('token')
user_pk = loads(
token,
max_age=self.timeout_seconds,
salt=getattr(settings, 'HASH_SALT'))
user = User.objects.get(pk=user_pk)
user.last_name = form.cleaned_data['last_name']
user.first_name = form.cleaned_data['first_name']
user.set_password(form.cleaned_data['new_password2'])
if not user.is_active:
# まだ仮登録なら本登録とする
user.is_active = True
user.save()
return super().form_valid(form)
def unsign(s, salt=None, max_age=None, abort=True):
args = dict(max_age=max_age)
if salt:
args['salt'] = salt
try:
unsign_res = signing.loads(s, **args)
except (signing.BadSignature, signing.SignatureExpired):
if abort:
raise Http404('Not Found')
return None
if not unsign_res or not isinstance(unsign_res, dict):
if abort:
raise Http404('Not Found')
return None
return unsign_res
def dispatch(self, request, *args, **kwargs):
self.request = request
self.args = args
self.kwargs = kwargs
self.user = None
try:
pk = signing.loads(kwargs['token'],
max_age=self.get_token_expires(),
salt=self.salt)
except signing.BadSignature:
return self.invalid()
self.user = get_object_or_404(get_user_model(), pk=pk)
return super(Reset, self).dispatch(request, *args, **kwargs)
def is_valid(self, user, signed_value):
try:
logger.debug("user uid1: %s",self._uid(user))
self.data = signing.loads(signed_value.replace(".", ":"), salt=__name__)
logger.debug("user uid2: %s",self.data['uid'])
except signing.BadSignature:
return False
if self.data['uid'] != self._uid(user):
return False
return True
def login_view(request, signed_data):
data = signing.loads(
signed_data, key=settings.AUTH_SECRET_KEY, max_age=settings.AUTH_MAX_AGE
)
email_addr = data["email_addr"]
name = data["name"]
try:
user = User.objects.get(email_addr=email_addr)
except User.DoesNotExist:
user = create_user(email_addr, name)
login(request, user)
return redirect(request.GET.get("next", "/"))
def validate_key(self, activation_key):
"""
Check if the activation_key is valid and not expired.
Return phone number if it is valid or None otherwise.
"""
try:
phone_number = signing.loads(
activation_key,
salt=SALT,
max_age=ACTIVATION_MINUTES * 60
)
return phone_number.get('phone_number')
except signing.BadSignature:
return None
def get(self, request, **kwargs):
token = kwargs.get('token')
try:
new_email = loads(token, max_age=self.timeout_seconds)
except SignatureExpired:
return HttpResponseBadRequest()
except BadSignature:
return HttpResponseBadRequest()
else:
User.objects.filter(email=new_email, is_active=False).delete()
request.user.email = new_email
request.user.save()
return super().get(request, **kwargs)
def from_key(cls, key):
try:
max_age = (
# 60 * 60 * 24 * app_settings.EMAIL_CONFIRMATION_EXPIRE_DAYS)
60 * 60 * 24 * 1)
pk = signing.loads(
key,
max_age=max_age,
# salt=app_settings.SALT)
salt=settings.SECRET_KEY)
ret = User.objects.get(pk=pk)
except (signing.SignatureExpired, signing.BadSignature,
User.DoesNotExist):
ret = None
return ret
def process_request(self, request):
authorization: str = request.META.get('HTTP_AUTHORIZATION')
if not authorization or not authorization.startswith('JWT'):
return
_, token = authorization.split()
try:
user_id = signing.loads(token)
except signing.BadSignature:
return
if not user_id or not isinstance(user_id, int):
return
request.user = User.objects.get(id=user_id)
def get(self, request, **kwargs):
param = kwargs.get('param')
token = kwargs.get('token')
try:
user_pk = loads(param, max_age=self.timeout_seconds)
new_email = loads(token, max_age=self.timeout_seconds)
except (SignatureExpired, BadSignature):
response = HttpResponseBadRequest()
else:
try:
user = User.objects.get(pk=user_pk)
except User.DoesNotExist:
response = HttpResponseBadRequest()
else:
# Check primary key of user
if user_pk == request.user.pk and user.is_active:
user.email = new_email
user.save()
response = super().get(request, **kwargs)
else:
response = HttpResponseBadRequest()
return response
def new_function(request, *args, **kwargs):
jwt = request.environ['HTTP_USER_JWT']
# this is the way of being the best, first i print the dict and then i
# copied that and structured that then with my knowledge i found how to access it
if jwt is not None:
loaded = signing.loads(jwt)
user = M.TourinoUser.objects.get(pk=loaded['id'])
else:
return JsonResponse({'msg': "access denied"}, status=403)
if user is None:
return JsonResponse({'msg': "access denied"}, status=403)
return old_fuction(request, *args, **kwargs)
def asssignInventories(request, data=None):
value = signing.loads(data)
user_inv_mapping_id = str(value['user_inv_mapping_id'])
user_inv_mapping = UserInventoryMapping.objects.get(id=user_inv_mapping_id)
inventory_item_list = InventoryItemList.objects.filter(
inventory_id=user_inv_mapping.item_id)
if len(request.POST) == 0:
if user_inv_mapping.is_pending == True:
return render(
request, 'inventory_items/assign_inventories.html.haml', {
'adminstatus': request.user.is_superuser,
'inventory_item_list': inventory_item_list,
'user_inv_mapping': user_inv_mapping
})
else:
return redirect('inventory/user_inventory_mapping')
else:
list_inventory_item_id = request.POST.getlist('inventory_item_id')
list_quantities_assigned = request.POST.getlist('quantity_list')
sum_quantity = 0
for quantity in list_quantities_assigned:
sum_quantity += int(quantity)
if sum_quantity > user_inv_mapping.item_quantity_requested:
return render(
request, 'inventory_items/assign_inventories.html.haml', {
'adminstatus':
request.user.is_superuser,
'inventory_item_list':
inventory_item_list,
'user_inv_mapping':
user_inv_mapping,
'errormsg':
'Quantities assigned cannot be greater than quantities requested'
})
else:
for item_id, quantity in zip(list_inventory_item_id,
list_quantities_assigned):
inventory_item_id = InventoryItemList.objects.get(id=item_id)
user_inv_item_mapping = UserInventoryItemMapping(
inventory_item_mapping_id=user_inv_mapping,
inventory_item_id=inventory_item_id,
quantity_assigned=int(quantity))
user_inv_item_mapping.save()
user_inv_mapping.is_pending = False
user_inv_mapping.is_accepted = True
user_inv_mapping.item_quantity_assigned = sum_quantity
user_inv_mapping.save()
return redirect('/inventory/user_inventory_mapping')
def reset_pin_operator(request, page, t):
"""
Reset del pin dell'operatore selezionato
:param page: pagina della lista degli operatori da mostrare
:param request: request
:param t: token
:return: HttpResponseRedirect di list_operator
"""
try:
username = request.session.get('username')
operator = get_operator_by_username(request.POST.get('username_op'))
admin = get_operator_by_username(username)
if admin and not admin.signStatus:
return HttpResponseRedirect(reverse('agency:logout_agency'))
if operator and operator.idRole.role is not RoleTag.ADMIN.value:
pin = request.POST.get('pinField')
status_code_reset, tmp_pin = reset_pin_api(pin, username, request.POST.get('username_op'))
if status_code_reset == StatusCode.OK.value:
status_code_disable = disable_operator_api(pin, username, request.POST.get('username_op'))
if status_code_disable == StatusCode.OK.value:
request.session['pin'] = tmp_pin
operator.signStatus = False
operator.save()
params_t = signing.loads(t)
params_t['operator'] = request.POST.get('username_op')
params_t['change_pin'] = True
t = signing.dumps(params_t)
result = send_recovery_link(request.POST.get('username_op'), PageRedirect.CHANGE_PIN.value)
if result == StatusCode.OK.value:
LOG.info("{} - Mail per cambio password inviata".format(username),
extra=agency.utils.utils.set_client_ip(request))
elif result == StatusCode.NOT_FOUND.value:
LOG.warning("{} - Utente non trovato".format(username),
extra=agency.utils.utils.set_client_ip(request))
elif result == StatusCode.ERROR.value:
LOG.warning("{} - Utente disabilitato".format(username),
extra=agency.utils.utils.set_client_ip(request))
else:
LOG.error("{} - Errore durante il recupero password utente".format(username),
extra=agency.utils.utils.set_client_ip(request))
except Exception as e:
LOG.error("Exception: {}".format(str(e)), extra=agency.utils.utils.set_client_ip(request))
return HttpResponseRedirect(reverse('agency:list_operator', kwargs={'page': page, 't': t}))
def na_privilege_login(request):
if request.user.is_authenticated():
return redirect(request.GET.get('next', '/'))
else:
title = "Login"
cookie_data = {
'is_ever_sign': True
}
cookie_key = '__na_cookie'
if request.method == 'POST':
form = NAPrivilegeLoginForm(request.POST or None)
if form.is_valid():
form.login(request)
try:
next_action = request.META.get('HTTP_REFERER').split('?')[1]
next_action = next_action.replace('next=', '')
except IndexError:
next_action = '/'
else:
try:
resolve(next_action)
except Resolver404:
next_action = '/'
response = JsonResponse({'redirect': next_action})
cookie_data.update({
'role': int(request.user.role)
})
cookie_value = signing.dumps(cookie_data) # Cryptographic: for security
response.set_cookie(key=cookie_key, value=cookie_value)
return response
else:
_, result = NAErrorHandler.handle_form_error(
form_error=form.errors,
as_dict=True
)
return JsonResponse(result, status=400)
form = NA_Permission_Form()
template_name = "app/NA_User/login.html"
if request.COOKIES.get(cookie_key):
cookie_data = signing.loads(request.COOKIES.get(cookie_key))
if int(cookie_data.get('role')) in [NAPrivilege.SUPER_USER, NAPrivilege.USER]:
template_name = "app/layout.html"
return render(
request,
template_name,
{"form": form, "title": title}
)
def acs(request, idp_slug):
idp = get_object_or_404(IdP, slug=idp_slug, is_active=True)
if request.POST.get("RelayState"):
# Login with state relayed from our application.
state = signing.loads(request.POST["RelayState"], max_age=300)
else:
# IdP-initiated login.
state = {"test": False, "verify": False, "redir": ""}
saml = OneLogin_Saml2_Auth(idp.prepare_request(request), old_settings=idp.settings)
saml.process_response()
errors = saml.get_errors()
if errors:
return render(
request,
"sp/error.html",
{"idp": idp, "state": state, "errors": errors, "reason": saml.get_last_error_reason()},
status=500,
)
else:
if state.get("test", False):
attrs = []
for saml_attr, value in saml.get_attributes().items():
attr, created = idp.attributes.get_or_create(saml_attribute=saml_attr)
attrs.append((attr, "; ".join(value)))
return render(
request,
"sp/test.html",
{"idp": idp, "attrs": attrs, "nameid": saml.get_nameid(), "nameid_format": saml.get_nameid_format()},
)
elif state.get("verify", False):
user = idp.authenticate(request, saml)
if user == request.user:
return redirect(idp.get_login_redirect(state.get("redir")))
else:
return render(
request, "sp/unauth.html", {"nameid": idp.get_nameid(saml), "idp": idp, "verify": True}, status=401
)
else:
user = idp.authenticate(request, saml)
if user:
idp.login(request, user, saml)
idp.last_login = timezone.now()
idp.save(update_fields=("last_login",))
return redirect(idp.get_login_redirect(state.get("redir")))
else:
return render(
request, "sp/unauth.html", {"nameid": idp.get_nameid(saml), "idp": idp, "verify": False}, status=401
)
def get(self, request, encoded_data):
try:
email_data = signing.loads(encoded_data)
if 'is_verified' in email_data.keys():
email_data.pop('is_verified')
email_verification_object = get_object_or_404(
models.EmailVerification, **email_data)
serializers.EmailVerificationSerializer().validate_foreign_keys(
email_data)
email_object_updated = serializers.EmailVerificationSerializer(
).update(email_verification_object, {'is_verified': True})
return render(request,
'messenger/v1/email_verification_success.html')
except Exception as e:
return render(request,
'messenger/v1/email_verification_failure.html')
def set_avatar(request):
token = signing.loads((request.META.get('HTTP_ANNOTATE_SYSTEM_TOKEN')))
username = token['username']
# 是否需要限制头像大小
avatar = request.FILES.get("avatar")
# 更新头像前应该把旧头像删除
# 为了防止头像被覆盖,即不同用户上传的头像名称相同,应考虑存储图片时图片的命名
UserInfo.objects.filter(username=username).update(avatar=avatar)
with open(os.path.join(os.getcwd(), 'upload_file/avatar', avatar.name),
'wb') as fw:
fw.write(avatar.read())
# 返回头像的链接地址
return ok({
"avatar":
str(request.build_absolute_uri('/')) + "media/avatar/" + avatar.name
})
def get(self, request, token):
try:
id_dict = signing.loads(token, max_age=settings.ACTIVATION_TIME)
id = id_dict['id']
user = User.objects.get(pk=id)
except:
user = None
if user is not None:
user.is_active = True
user.save()
login(request,
user,
backend='django.contrib.auth.backends.ModelBackend')
return redirect('accounts:home')
else:
return render(request, 'accounts/activation_error.html')
def zap_api_key(self):
"""
Loading ZAP API Key from setting file.
:return:
"""
apikey = None
try:
with open(self.setting_file, 'r+') as f:
data = json.load(f)
load_api_key = data['zap_api_key']
apikey = signing.loads(load_api_key)
except Exception as e:
print e
return apikey
def decode(self, session_data):
try:
return signing.loads(session_data, salt=self.key_salt, serializer=self.serializer)
# RemovedInDjango40Warning: when the deprecation ends, handle here
# exceptions similar to what _legacy_decode() does now.
except signing.BadSignature:
try:
# Return an empty session if data is not in the pre-Django 3.1
# format.
return self._legacy_decode(session_data)
except Exception:
logger = logging.getLogger('django.security.SuspiciousSession')
logger.warning('Session data corrupted')
return {}
except Exception:
return self._legacy_decode(session_data)
def get_user_from_token(token,salt): ''' verify token for user ''' try: value=signing.loads(token,salt=AuthTools.password_salt,max_age=900) except signing.SignatureExpired: return None except signing.BadSignature: return None user = User.objects.get(pk=value['pk']) if user is not None: return user return None
def post(self, request, *args, **kwargs):
email = request.data.get('email')
d = User.objects.filter(email__iexact=email)
print(d[0].id, d[0].email)
value = signing.dumps({"id": d[0].id})
send_mail(
'OTP TOKEN - STUDIO',
'%s Use this OTP Token to reset your password' % (value),
"*****@*****.**",
[d[0].email],
fail_silently=False,
)
# signing.loads(value)
PasswordReset.objects.create(send=d[0].id, receive=0)
data = {'token': signing.loads(value)}
return Response(data)
def validate_sign(self, value):
try:
self.signed_data = signing.loads(
value, max_age=PASSWORD_RESET_SIGNING_EXPIRATION)
except signing.SignatureExpired:
raise serializers.ValidationError('Signature expired.')
except signing.BadSignature:
raise serializers.ValidationError('Bad signature.')
try:
self.user = User.objects.get(
pk=self.signed_data.get('user_id', None))
except User.DoesNotExist:
raise serializers.ValidationError('User does not exist.')
return value
def get_latest_work(self):
works = Work.objects.filter(
user=self).order_by('-updated_at').values('work')
trueworks = []
for work in works:
data = work.get('work')
trueworks.append(data)
works = trueworks
try:
latest_work = works[0]
decrypted_work = signing.loads(latest_work)
return decrypted_work[0]
except:
return None
async def test_store_creds(comm):
await comm.send_json_to({
'action': 'provider_skype_login',
'username': '******',
'password': '******',
})
await comm.receive_json_from()
user = await get_user(comm.instance.scope)
creds = signing.loads(user.credentials)
assert creds['skype'] == {'username': '******', 'password': '******'}
await comm.disconnect()
def get(self, request, *args, **kwargs):
token = kwargs.get('token')
try:
user_pk = loads(token, max_age=60 * SignUpView.timeout_minutes)
except (SignatureExpired, BadSignature):
return HttpResponseBadRequest()
try:
user = get_user_model().objects.get(pk=user_pk)
except get_user_model().DoesNotExist:
return HttpResponseBadRequest()
else:
user.is_active = True
user.save()
LineProfile.objects.select_related('user').create(user=user)
return render(request, self.template_name, {'user': user})
def confirm_change_email(self, token, max_age=10 * 60):
'''确认签名, 修改邮箱'''
try:
data = signing.loads(token, max_age=max_age)
except Exception as e:
return False
if data.get('change_email') != self.id:
return False
new_email = data.get('new_email')
if new_email is None:
return False
if User.objects.filter(email=new_email):
return False
self.email = new_email
self.save()
return True