def __get__(self, request, *args, **kwargs):
if '_session_security' not in request.session:
return response.HttpResponse('logout')
last_activity = get_last_activity(request.sessoin)
idle_time = (datetime.now() - last_activity).seconds
return response.HttpResponse(idle_time)
def test_that_middleware_does_nothing_to_js_requests(self):
resp = response.HttpResponse(mimetype='text/javascript',
content='var blah = [];')
mware = middleware.AngularJsonVulnerabilityMiddleware()
mware.process_response(request.HttpRequest(), resp)
self.assertEqual(resp.content, 'var blah = [];')
def test_that_middleware_adds_prefix_to_valid_json_requests(self):
resp = response.HttpResponse(mimetype='application/json',
content='[1, 2, 3]')
mware = middleware.AngularJsonVulnerabilityMiddleware()
mware.process_response(request.HttpRequest(), resp)
self.assertEqual(resp.content, mware.CONTENT_PREFIX + '[1, 2, 3]')
def test_that_middleware_does_nothing_to_html_requests(self):
resp = response.HttpResponse(mimetype='text/html',
content='<html></html>')
mware = middleware.AngularJsonVulnerabilityMiddleware()
mware.process_response(request.HttpRequest(), resp)
self.assertEqual(resp.content, '<html></html>')
def xsd(request, schema_name):
ret = render_to_string(
schema_name + '.xsd',
request=request,
context={'url': '{}://{}'.format(request.scheme, request.get_host())}
)
return response.HttpResponse(ret, content_type='text/xml')
def auto_response(resp):
if isinstance(resp, text_type):
return response.HttpResponse(resp)
elif isinstance(resp, dict):
return response.JsonResponse(resp)
else:
return resp
def login_bak(request):
# resp=HttpResponse()
if request.method == 'POST':
user = json.dumps(request.body)
# 异常,要在settings文件中,放行
mytoken = request.META.get('HTTP_TOKEN')
print(mytoken)
result = {
"code": "800"
}
# data body部分
resp = response.HttpResponse(json.dumps(result), status=200, charset='utf-8', content_type='application/json')
date_int = datetime.utcnow() + timedelta(hours=1)
# resp.set_cookie('token','1234567890',expires=date_int)
# 把token放在header中传给客户端
# data header部分
resp['token'] = '888888888888888888888888888'
resp['Access-Control-Expose-Headers'] = 'token'
return resp
else:
# return HttpResponse('{"code":"404"}')
result = {
"code": "800"
}
resp = JsonResponse(result, status=200, charset='utf-8', content_type='application/json')
date_int = datetime.utcnow() + timedelta(hours=1)
resp.set_cookie('token', '1234567890'.encode('utf-8'), expires=date_int)
return resp
def test_session(self):
"""测试授权后session状态保持"""
openid = "12345"
rf = RequestFactory()
request = rf.get("/test?code=123")
view = lambda request, *args, **kwargs: response.HttpResponse(
request.wechat.openid)
handler = self._make_handler(request, view=view)
with oauth_api(openid):
resp = handler.dispatch(request)
self.assertEqual(resp.content, openid.encode())
# 首次授权后不再授权
session_key = "wechat_test_user"
def ban_api(*args, **kwargs):
self.assertFalse(True)
request = rf.get("/test?code=123")
request.COOKIES[session_key] = resp.cookies[session_key].value
with oauth_api(openid, ban_api):
resp = handler.dispatch(request)
request = rf.get("/")
request.COOKIES[session_key] = resp.cookies[session_key].value
with oauth_api(openid, ban_api):
resp = handler.dispatch(request)
def regist(request):
data = json.loads(request.body)
user = {
"uname":
data['uname'],
"telephone":
data['telephone'],
"password":
generate_password_hash(data['password'],
method='pbkdf2:sha1:2000',
salt_length=8),
"pub_time":
datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
"email":
data['email']
}
print(user)
if request.method == 'POST':
try:
result = {"code": "808"}
uu = models.UserBase.objects.create(**user)
resp = response.HttpResponse(json.dumps(result),
status=200,
charset='utf-8',
content_type='application/json')
resp['token'] = jwtEncoding(data['telephone'])
resp['Access-Control-Expose-Headers'] = 'token'
return resp
except Exception as ex:
return JsonResponse({"code": "408"})
else:
return JsonResponse({"code": "408"})
def login(request):
data = json.loads(request.body)
user = {
"telphone":
data['telphone'],
"password":
generate_password_hash(data['password'],
method='pbkdf2:sha1:2000',
salt_length=8)
}
if request.method == 'POST':
try:
u = models.UserBase.objects.filter(
telephone=user['telphone']).values('password')
print(u[0]['password'])
print(data['password'])
if u and check_password_hash(u[0]['password'], data['password']):
result = {"code": "808"}
resp = response.HttpResponse(json.dumps(result),
status=200,
charset='utf-8',
content_type='application/json')
resp['token'] = jwtEncoding(data['telphone'])
resp['Access-Control-Expose-Headers'] = 'token'
return resp
else:
return JsonResponse({"code": "404"})
except Exception as ex:
return JsonResponse({"code": "408"})
else:
return JsonResponse({"code": "408"})
def login_view(request: request.HttpRequest):
form = forms.AuthenticationForm()
if request.method != 'POST':
return render(
request=request,
template_name='user-login.html',
context={
'form': form,
}
)
user = authenticate(
username=request.POST['username'],
password=request.POST['password']
)
if not user:
return render(
request=request,
template_name='user-login.html',
context={
'login_error': 'Имя пользователя и пароль не совпадают. \
Введите правильные данные.',
'form': form,
}
)
if user.is_active:
login(request, user)
return redirect(to='index')
return response.HttpResponse({'error': 'Аккаунт заблокирован'})
def finalize_response(self, request, response, *args, **kwargs):
if isinstance(response, text_type):
response = django_response.HttpResponse(response)
elif isinstance(response, dict):
response = django_response.JsonResponse(response)
return super(WeChatViewMixin, self).finalize_response(
request, response, *args, **kwargs)
def user_profile_details(self, user_profile_dto):
user_profile_response = {
"user_id": user_profile_dto.user_id,
"name": user_profile_dto.name,
"is_admin": user_profile_dto.is_admin
}
return response.HttpResponse(json.dumps(user_profile_response),
status=201)
def get_added_washing_machine_details(self, washing_machine_dto):
added_washing_machine_response = {
"washing_machine_id": washing_machine_dto.washing_machine_id,
"washing_machine_status":
washing_machine_dto.washing_machine_status
}
return response.HttpResponse(
json.dumps(added_washing_machine_response), status=200)
def test_that_middleware_does_nothing_to_invalid_json_requests(self):
resp = response.HttpResponse(mimetype='application/json',
content='[1, 2, 3]',
status=400)
mware = middleware.AngularJsonVulnerabilityMiddleware()
mware.process_response(request.HttpRequest(), resp)
self.assertEqual(resp.content, '[1, 2, 3]')
def send_text(request):
response = request.GET['content'] + " Reply STOP to stop SMS notifications."
message = client.messages.create(from_=twilio_number,
body=response,
to="+" + request.GET['dest'])
return httpresponse.HttpResponse("Successful")
def user_login_response(self, token_dto, user_is_admin):
# print("\n"*10,UserAuthTokensDTO)
print("**********", "\n", token_dto)
login_response = {
"access_token": token_dto.access_token,
"is_admin": user_is_admin
}
return response.HttpResponse(json.dumps(login_response), status=200)
def raise_exception_for_user_is_admin(self):
response_object = response.HttpResponse(json.dumps(
{
"response": USER_IS_ADMIN[0],
"http_status_code": USER_IS_ADMIN[1],
"res_status": 404
}
), status=404)
return response_object
def raise_exception_for_invalid_washing_machine_id(self):
response_object = response.HttpResponse(json.dumps(
{
"response": WASHING_MACHINE_NUMBER_INVALID[0],
"http_status_code": WASHING_MACHINE_NUMBER_INVALID[1],
"res_status": 403
}
), status=403)
return response_object
def raise_exception_for_invalid_date(self):
response_object = response.HttpResponse(json.dumps(
{
"response": DATE_INVALID[0],
"http_status_code": DATE_INVALID[1],
"res_status": 404
}
), status=404)
return response_object
def server_info_xml(request):
ret = textwrap.dedent("""
<bmltInfo>
<serverVersion>
<readableString>5.0.0</readableString>
</serverVersion>
</bmltInfo>
""")
return response.HttpResponse(ret, content_type='application/xml')
def algorithms_post_handler(request):
post_param = request.POST
method = post_param['method']
params = post_param['params']
result = 'none'
if method == compute_network_graph.__name__:
result = compute_network_graph(params)
return response.HttpResponse(result)
def post(self, request):
request = WeChatMessageInfo.patch_request(request)
reply = self._handle(request.wechat)
if reply:
xml = reply.render()
if request.wechat.app.crypto:
xml = request.wechat.app.crypto.encrypt_message(
xml, request.GET["nonce"], request.GET["timestamp"])
return response.HttpResponse(xml, content_type="text/xml")
return ""
def payload_too_large():
HTTP_RESPONSE_PAYLOAD_TOO_LARGE = 413
payload = _get_error_payload(
'Payload Too Long',
'Payload Too Long',
str(HTTP_RESPONSE_PAYLOAD_TOO_LARGE))
return django_resp.HttpResponse(
content=json.dumps(payload),
status=HTTP_RESPONSE_PAYLOAD_TOO_LARGE,
content_type=const.HTTP_RESPONSE_CONTENT_TYPE)
def unsupported_media_type():
HTTP_RESPONSE_UNSUPPORTED_MEDIA_TYPE = 415
payload = _get_error_payload(
'Unsupported Media Type',
'Unsupported Media Type',
str(HTTP_RESPONSE_UNSUPPORTED_MEDIA_TYPE))
return django_resp.HttpResponse(
content=json.dumps(payload),
status=HTTP_RESPONSE_UNSUPPORTED_MEDIA_TYPE,
content_type=const.HTTP_RESPONSE_CONTENT_TYPE)
def invalid_accept():
HTTP_RESPONSE_INVALID_ACCEPT = 406
payload = _get_error_payload(
'Not Acceptable',
'Not Acceptable',
str(HTTP_RESPONSE_INVALID_ACCEPT))
return django_resp.HttpResponse(
content=json.dumps(payload),
status=HTTP_RESPONSE_INVALID_ACCEPT,
content_type=const.HTTP_RESPONSE_CONTENT_TYPE)
def get_booked_slot_details(self, booked_slot_dto):
slot_booking_response = {
"slot_start_time": booked_slot_dto.slot_start_time,
"slot_end_time": booked_slot_dto.slot_end_time,
"slot_date": booked_slot_dto.slot_date,
"washing_machine_id": booked_slot_dto.washing_machine_id,
"slot_status": booked_slot_dto.slot_status,
}
return response.HttpResponse(json.dumps(slot_booking_response),
status=200)
def post(self, request):
return response.HttpResponse(
'<?xml version="1.0" encoding="UTF-8"?>'
'<PostResponse>'
'<Location>https://localhost/test.png</Location>'
'<Bucket>AWS_STORAGE_BUCKET_NAME</Bucket>'
'<Key>_upload/test.png</Key>'
'<ETag>"1e2580c388265551922a1f73ae5954a3"</ETag>'
'</PostResponse>',
status=201)
def raise_invalid_password_exception(self):
import json
from gyaan_auth.constants.exception_messages import INVALID_PASSWORD
data = json.dumps({
"response": INVALID_PASSWORD[0],
"http_status_code": 400,
"res_status": INVALID_PASSWORD[1]
})
response_object = response.HttpResponse(data, status=400)
return response_object
def raise_invalid_username_exception(self):
import json
from gyaan_auth.constants.exception_messages import INVALID_USERNAME
data = json.dumps({
"response": INVALID_USERNAME[0],
"http_status_code": 404,
"res_status": INVALID_USERNAME[1]
})
response_object = response.HttpResponse(data, status=404)
return response_object
