def admin_home(request):
# Generate a random error page
a = HttpResponseForbidden(generate_http_error_page())
a['Server'] = "UnderFucking Server"
return a
def AutoDeploy(request):
ip = get_client_ip(request)
ips = requests.get(
'https://api.github.com/meta',
).json()
is_valid_ip = False
for hook_ip in ips['hooks']:
if ipaddress.ip_address(ip) in ipaddress.ip_network(hook_ip):
is_valid_ip = True
break
if not is_valid_ip:
send_deploy_email(
'Deploy git ejemplo (invalid ip)',
f"From ip: {ip}",
)
return HttpResponseForbidden('Permission denied.')
# Verify the request signature
header_signature = request.headers['X-Hub-Signature']
if header_signature is None:
return HttpResponseForbidden('Permission denied. (invalid signature)')
sha_name, signature = header_signature.split('=')
if sha_name != 'sha1':
return HttpResponseServerError('Operation not supported.', status=501)
mac = hmac.new(force_bytes(GIT_KEY), msg=force_bytes(request.body), digestmod=sha1)
if not hmac.compare_digest(force_bytes(mac.hexdigest()), force_bytes(signature)):
send_deploy_email(
'Deploy git ejemplo (invalid secret)',
f"From ip: {ip}",
)
return HttpResponseForbidden(f'Permission denied.')
g = git.cmd.Git(BASE_DIR)
res = g.pull()
command = f'./sincro_require_ddbb.sh'
process = subprocess.Popen(command.split(), cwd=BASE_DIR, stdout=subprocess.PIPE)
output, error = process.communicate()
result = [];
if output is not None:
result.append(output.decode('utf-8'))
if error is not None:
result.append(error.decode('utf-8'))
mig_and_req = '\n'.join(result)
send_deploy_email(
'Deploy git ejemplo',
f"From ip: {ip}\nResult git: \n{res}\nResult migrations and requirements: \n{mig_and_req}",
)
touch = Path(f'{BASE_DIR}/auto_deploy_github/wsgi.py').touch()
return HttpResponse('The proccess has been done succesfully.')
def dispatch(self, request, *args, **kwargs):
id = kwargs['pk']
team = get_object_or_404(Team, pk=id)
if team.teamleader != request.user.participant:
return HttpResponseForbidden()
return super(TeamUpdateView, self).dispatch(request, *args, **kwargs)
def permission_denied(request, exception, template_name='errors/403.html'):
return HttpResponseForbidden(render(request, template_name))
def _auth_download(request, download):
if not download.is_user_allowed(request.user):
return HttpResponseForbidden('Sorry, you cannot access this file')
return sendfile(request, download.file.path)
def project(request, code):
project = get_object_or_404(Project, code=code)
is_owner = project.owner_id == request.user.id
if request.user.is_superuser or is_owner:
is_manager = True
rw = True
else:
membership = get_object_or_404(Member,
project=project,
user=request.user)
is_manager = membership.role == Member.Role.MANAGER
rw = membership.is_rw
ctx = {
"page": "project",
"rw": rw,
"project": project,
"is_owner": is_owner,
"is_manager": is_manager,
"show_api_keys": "show_api_keys" in request.GET,
"enable_prometheus": settings.PROMETHEUS_ENABLED is True,
}
if request.method == "POST":
if "create_key" in request.POST:
if not rw:
return HttpResponseForbidden()
if request.POST["create_key"] == "api_key":
project.api_key = _new_key(24)
elif request.POST["create_key"] == "api_key_readonly":
project.api_key_readonly = _new_key(24)
elif request.POST["create_key"] == "ping_key":
project.ping_key = _new_key(16)
project.save()
ctx["key_created"] = True
ctx["api_status"] = "success"
ctx["show_keys"] = True
elif "revoke_key" in request.POST:
if not rw:
return HttpResponseForbidden()
if request.POST["revoke_key"] == "api_key":
project.api_key = ""
elif request.POST["revoke_key"] == "api_key_readonly":
project.api_key_readonly = ""
elif request.POST["revoke_key"] == "ping_key":
project.ping_key = None
project.save()
ctx["key_revoked"] = True
ctx["api_status"] = "info"
elif "show_keys" in request.POST:
if not rw:
return HttpResponseForbidden()
ctx["show_keys"] = True
elif "invite_team_member" in request.POST:
if not is_manager:
return HttpResponseForbidden()
form = forms.InviteTeamMemberForm(request.POST)
if form.is_valid():
email = form.cleaned_data["email"]
invite_suggestions = project.invite_suggestions()
if not invite_suggestions.filter(email=email).exists():
# We're inviting a new user. Are we within team size limit?
if not project.can_invite_new_users():
return HttpResponseForbidden()
# And are we not hitting a rate limit?
if not TokenBucket.authorize_invite(request.user):
return render(request, "try_later.html")
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = _make_user(email, with_project=False)
if project.invite(user, role=form.cleaned_data["role"]):
ctx["team_member_invited"] = email
ctx["team_status"] = "success"
else:
ctx["team_member_duplicate"] = email
ctx["team_status"] = "info"
elif "remove_team_member" in request.POST:
if not is_manager:
return HttpResponseForbidden()
form = forms.RemoveTeamMemberForm(request.POST)
if form.is_valid():
q = User.objects
q = q.filter(email=form.cleaned_data["email"])
q = q.filter(memberships__project=project)
farewell_user = q.first()
if farewell_user is None:
return HttpResponseBadRequest()
if farewell_user == request.user:
return HttpResponseBadRequest()
Member.objects.filter(project=project,
user=farewell_user).delete()
ctx["team_member_removed"] = form.cleaned_data["email"]
ctx["team_status"] = "info"
elif "set_project_name" in request.POST:
if not rw:
return HttpResponseForbidden()
form = forms.ProjectNameForm(request.POST)
if form.is_valid():
project.name = form.cleaned_data["name"]
project.save()
ctx["project_name_updated"] = True
ctx["project_name_status"] = "success"
elif "transfer_project" in request.POST:
if not is_owner:
return HttpResponseForbidden()
form = forms.TransferForm(request.POST)
if form.is_valid():
# Look up the proposed new owner
email = form.cleaned_data["email"]
try:
membership = project.member_set.filter(
user__email=email).get()
except Member.DoesNotExist:
return HttpResponseBadRequest()
# Revoke any previous transfer requests
project.member_set.update(transfer_request_date=None)
# Initiate the new request
membership.transfer_request_date = now()
membership.save()
# Send an email notification
profile = Profile.objects.for_user(membership.user)
profile.send_transfer_request(project)
ctx["transfer_initiated"] = True
ctx["transfer_status"] = "success"
elif "cancel_transfer" in request.POST:
if not is_owner:
return HttpResponseForbidden()
project.member_set.update(transfer_request_date=None)
ctx["transfer_cancelled"] = True
ctx["transfer_status"] = "success"
elif "accept_transfer" in request.POST:
tr = project.transfer_request()
if not tr or tr.user != request.user:
return HttpResponseForbidden()
if not tr.can_accept():
return HttpResponseBadRequest()
with transaction.atomic():
# 1. Reuse the existing membership, and change its user
tr.user = project.owner
tr.transfer_request_date = None
# The previous owner becomes a regular member
# (not readonly, not manager):
tr.role = Member.Role.REGULAR
tr.save()
# 2. Change project's owner
project.owner = request.user
project.save()
ctx["is_owner"] = True
ctx["is_manager"] = True
messages.success(request, "You are now the owner of this project!")
elif "reject_transfer" in request.POST:
tr = project.transfer_request()
if not tr or tr.user != request.user:
return HttpResponseForbidden()
tr.transfer_request_date = None
tr.save()
q = project.member_set.select_related("user").order_by("user__email")
ctx["memberships"] = list(q)
return render(request, "accounts/project.html", ctx)
def post(self, request):
if request.is_ajax():
source = request.POST['source']
# Handle Empty Source Case
source_empty_check(source)
print source
lang = request.POST['lang']
# Handle Invalid Language Case
lang_valid_check(lang)
proxy = callme.Proxy(server_id='fooserver2',
amqp_host='localhost',
timeout=3600)
resp = proxy.enveloppe_extract(source)
model = Algorithm
run_rank = model.objects.filter(
score__lte=int(resp['score'])).order_by('rank')
if len(run_rank) > 0:
rankobj = run_rank.last()
rank = rankobj.rank + 1
else:
rank = 1
run_rank_low = model.objects.filter(score__gt=int(resp['score']))
if len(run_rank_low) > 0:
for i in run_rank_low:
i.rank += 1
i.save()
else:
pass
b = Algorithm(username=request.user.username,
user=request.user,
rank=rank,
score=resp['score'],
time=resp['duration'],
source_code=source,
cpu=18)
b.save()
job_post = u'{0} has sent a job score: {1} rank: {2} :'.format(
request.user.username, resp['score'], rank)
resp = model.objects.all().order_by('rank')
values = resp.values('id')
for ind, item in enumerate(values):
if (item['id']) == b.id:
paging = divmod(ind, 5)[0]
feed = Feed(user=request.user,
post=job_post,
job_link='/leaderboard?q=foo&flop=flip&page=' +
str(paging + 1))
feed.save()
#request.user.profile.notify_job_done(b)
like = Activity(activity_type=Activity.RUN_PROCESSED,
feed=feed.pk,
user=request.user)
like.save()
user = request.user
user.profile.notify_liked_bis(feed)
print 'Notified'
return HttpResponse(render(request, 'hackIDE/index.html'))
else:
print('error')
return HttpResponseForbidden()
def show_result(request, collection_id):
"""show the ranking of a group (GET param) for collection_id"""
if not Group.objects.all():
# Show an informative message if there are not groups in the system
return render(
request, 'generic_error_message.html', {
'error': [
_('¡Lo sentimos! No existe ningún grupo para ver resultados'
)
]
})
position = 1
result_form = ResultForm(request.GET)
start = None
end = None
up_to_classification_date = None
from_classification_date = None
up_to_classification = datetime.today().strftime('%Y-%m-%d')
collection = get_object_or_404(Collection, pk=collection_id)
if request.user.is_staff and result_form.is_valid():
group_id = result_form.cleaned_data['group']
start = result_form.cleaned_data['start']
end = result_form.cleaned_data['end']
groups_user = Group.objects.all().order_by('name')
up_to_classification_date = end
from_classification_date = start
elif request.user.is_staff and not result_form.is_valid():
# Error 404 with all the validation errors as HTML
return HttpResponseNotFound(str(result_form.errors))
else:
if result_form.is_valid():
return HttpResponseForbidden("Forbidden")
groups_user = request.user.groups.all().order_by('name')
group_id = request.GET.get('group')
if group_id is None:
group_id = groups_user[0].id
group0 = get_object_or_404(Group, pk=group_id)
users = get_user_model().objects.filter(groups__name=group0.name)
if users.filter(id=request.user.id) or request.user.is_staff:
group0.name = group0.name
group0.id = group_id
groups_user = groups_user.exclude(id=group_id)
collection.problem_list = collection.problems()
collection.total_problem = collection.problem_list.count()
users = users.exclude(is_staff=True)
for user in users:
user.collection = []
user.resolved = 0
user.score = 0
user.n_achievements = ObtainedAchievement.objects.filter(
user=user.pk).count()
update_user_with_scores(request.user, user, collection, start, end)
users = sorted(users,
key=lambda x: (x.resolved, -x.score),
reverse=True)
length = len(users)
for i in range(length):
if i != len(users) - 1:
if pos(users[i], users[i + 1]):
users[i].pos = position
position = position + 1
else:
users[i].pos = position
else:
if pos(users[i], users[i - 1]):
users[i].pos = position
position = position + 1
else:
users[i].pos = position
return render(
request, 'results.html', {
'collection': collection,
'groups': groups_user,
'users': users,
'login': request.user,
'group0': group0,
'to_fixed': up_to_classification,
'from_date': from_classification_date,
'to_date': up_to_classification_date,
'end_date': end,
'start_date': start
})
return HttpResponseForbidden("Forbidden")
def download_ranking(request, collection_id):
"""Download excel with the results of submissions"""
result_form = ResultForm(request.GET)
if request.user.is_staff and result_form.is_valid():
html = show_result(request, collection_id).content.decode('utf-8')
soup = BeautifulSoup(html, 'html.parser')
col = 1
row = 1
work = openpyxl.Workbook()
book = work.active
# Takes collection and date
data = soup.find_all("h1")
for i in data:
book.cell(row=row, column=col, value=i.string.strip())
row += 1
# Takes group
option = soup.find(id='clase').find("option")
book.cell(row=row, column=col, value=option.string.strip())
row += 1
# Takes the first column of table (Pos, User, Exercises, Score, Solved)
ths = soup.find_all("th")
for i in ths:
if i.string is not None:
book.cell(row=row, column=col, value=i.string.strip())
col += 1
exercises = i.find_all("a")
for j in exercises:
if j.string is not None:
book.cell(row=row, column=col, value=j['title'].strip())
col += 1
col = 1
# Takes the information for each student
trs = soup.find_all("tr")
for i in trs:
tds = i.find_all("td")
# Information of a student (Pos, User, Exercises, Score, Solved)
for j in tds:
name = j.find('span', class_='ranking-username')
if name is not None:
book.cell(row=row, column=col, value=name.string.strip())
col += 1
if j.string is not None:
book.cell(row=row, column=col, value=j.string.strip())
col += 1
num_submissions = j.find_all("a")
for k in num_submissions:
if k.string is not None:
book.cell(row=row, column=col, value=k.string.strip())
col += 1
col = 1
row += 1
# create a temporary file to save the workbook with the results
temp = tempfile.NamedTemporaryFile(mode='w+b',
buffering=-1,
suffix='.xlsx')
file = pathlib.Path(temp.name)
name = file.name
work.save(name)
response = HttpResponse(open(name, 'rb').read())
response['Content-Type'] = 'application/xlsx'
response['Content-Disposition'] = "attachment; filename=ranking.xlsx"
temp.close()
os.remove(name)
return response
if request.user.is_staff and not result_form.is_valid():
return HttpResponseNotFound(str(result_form.errors))
return HttpResponseForbidden("Forbidden")
def manage_collection(request, id=None, name=None):
if id and name:
collection = get_object_or_404(
filter_by_access(request.user, Collection, manage=True),
id=id
)
elif request.user.has_perm('data.add_collection'):
collection = Collection(title='Untitled')
if not request.user.is_superuser:
collection.owner = request.user
collection.hidden = True
else:
raise Http404()
class CollectionForm(forms.ModelForm):
class UserField(forms.CharField):
widget = forms.TextInput(attrs={'class': 'autocomplete-user'})
def prepare_value(self, value):
try:
if not value or getattr(self, "_invalid_user", False):
return value
return User.objects.get(id=value).username
except ValueError:
return value
except ObjectDoesNotExist:
return None
def to_python(self, value):
try:
return User.objects.get(username=value) if value else None
except ObjectDoesNotExist:
self._invalid_user = True
raise ValidationError('User not found')
children = forms.ModelMultipleChoiceField(
queryset=filter_by_access(
request.user, Collection).exclude(id=collection.id),
widget=forms.CheckboxSelectMultiple,
required=False
)
owner = UserField(
widget=None if request.user.is_superuser else forms.HiddenInput,
required=False
)
def clean_owner(self):
if not request.user.is_superuser:
# non-admins cannot change collection owner
return collection.owner
else:
return self.cleaned_data['owner']
class Meta:
model = Collection
fields = (
'title', 'hidden', 'owner', 'description', 'agreement',
'children', 'order'
)
if request.method == "POST":
if request.POST.get('delete-collection'):
if not (
request.user.is_superuser or
request.user == collection.owner):
raise HttpResponseForbidden()
messages.add_message(
request,
messages.INFO,
message="Collection '%s' has been deleted." % collection.title
)
collection.delete()
return HttpResponseRedirect(reverse('data-collections-manage'))
else:
form = CollectionForm(request.POST, instance=collection)
if form.is_valid():
form.save()
return HttpResponseRedirect(
reverse(
'data-collection-manage',
kwargs=dict(
id=form.instance.id,
name=form.instance.name
)
)
)
else:
form = CollectionForm(instance=collection)
return render(request,
'data_collection_edit.html',
{
'form': form,
'collection': collection,
'can_delete': collection.id and (
request.user.is_superuser or collection.owner == request.user
),
}
)
def export_pdf(request, id, uidb64=None, token=None):
'''
Generates a PDF with the contents of a nutrition plan
See also
* http://www.blog.pythonlibrary.org/2010/09/21/reportlab
* http://www.reportlab.com/apis/reportlab/dev/platypus.html
'''
# Load the plan
if uidb64 is not None and token is not None:
if check_token(uidb64, token):
plan = get_object_or_404(NutritionPlan, pk=id)
else:
return HttpResponseForbidden()
else:
if request.user.is_anonymous():
return HttpResponseForbidden()
plan = get_object_or_404(NutritionPlan, pk=id, user=request.user)
plan_data = plan.get_nutritional_values()
# Create the HttpResponse object with the appropriate PDF headers.
response = HttpResponse(content_type='application/pdf')
# Create the PDF object, using the response object as its "file."
doc = SimpleDocTemplate(response,
pagesize=A4,
title=_('Nutrition plan'),
author='wger Workout Manager',
subject=_('Nutritional plan %s') % request.user.username)
# Background colour for header
# Reportlab doesn't use the HTML hexadecimal format, but has a range of
# 0 till 1, so we have to convert here.
header_colour = colors.Color(int('73', 16) / 255.0,
int('8a', 16) / 255.0,
int('5f', 16) / 255.0)
# container for the 'Flowable' objects
elements = []
data = []
# Iterate through the Plan
meal_markers = []
ingredient_markers = []
# Meals
i = 0
for meal in plan.meal_set.select_related():
i += 1
meal_markers.append(len(data))
if not meal.time:
p = Paragraph(u'<para align="center"><strong>{nr} {meal_nr}</strong></para>'
.format(nr=_('Nr.'), meal_nr=i),
styleSheet["Normal"])
else:
p = Paragraph(u'<para align="center"><strong>'
u'{nr} {meal_nr} - {meal_time}'
u'</strong></para>'
.format(nr=_('Nr.'), meal_nr=i, meal_time=meal.time.strftime("%H:%M")),
styleSheet["Normal"])
data.append([p])
# Ingredients
for item in meal.mealitem_set.select_related():
ingredient_markers.append(len(data))
p = Paragraph(u'<para>{0}</para>'.format(item.ingredient.name), styleSheet["Normal"])
if item.get_unit_type() == MEALITEM_WEIGHT_GRAM:
unit_name = 'g'
else:
unit_name = ' ' + item.weight_unit.unit.name
data.append([Paragraph(u"{0}{1}".format(item.amount, unit_name), styleSheet["Normal"]),
p])
# Set general table styles
table_style = []
# Set specific styles, e.g. background for title cells
for marker in meal_markers:
# Set background colour for headings
table_style.append(('BACKGROUND', (0, marker), (-1, marker), header_colour))
table_style.append(('BOX', (0, marker), (-1, marker), 1.25, colors.black))
# Make the headings span the whole width
table_style.append(('SPAN', (0, marker), (-1, marker)))
# has the plan any data?
if data:
t = Table(data, style=table_style)
# Manually set the width of the columns
t._argW[0] = 2.5 * cm
# There is nothing to output
else:
t = Paragraph(_('<i>This is an empty plan, what did you expect on the PDF?</i>'),
styleSheet["Normal"])
# Set the title (if available)
if plan.description:
p = Paragraph('<para align="center"><strong>%(description)s</strong></para>' %
{'description': plan.description},
styleSheet["Bold"])
elements.append(p)
# Filler
elements.append(Spacer(10*cm, 0.5*cm))
# append the table to the document
elements.append(t)
elements.append(Paragraph('<para> </para>', styleSheet["Normal"]))
# Create table with nutritional calculations
data = []
data.append([Paragraph(u'<para align="center">{0}</para>'.format(_('Nutritional data')),
styleSheet["Bold"])])
data.append([Paragraph(_('Macronutrients'), styleSheet["Normal"]),
Paragraph(_('Total'), styleSheet["Normal"]),
Paragraph(_('Percent of energy'), styleSheet["Normal"]),
Paragraph(_('g per body kg'), styleSheet["Normal"])])
data.append([Paragraph(_('Energy'), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['total']['energy']), styleSheet["Normal"])])
data.append([Paragraph(_('Protein'), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['total']['protein']), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['percent']['protein']), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['per_kg']['protein']), styleSheet["Normal"])])
data.append([Paragraph(_('Carbohydrates'), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['total']['carbohydrates']),
styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['percent']['carbohydrates']),
styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['per_kg']['carbohydrates']),
styleSheet["Normal"])])
data.append([Paragraph(_('Sugar content in carbohydrates'), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['total']['carbohydrates_sugar']),
styleSheet["Normal"])])
data.append([Paragraph(_('Fat'), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['total']['fat']), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['percent']['fat']), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['per_kg']['fat']), styleSheet["Normal"])])
data.append([Paragraph(_('Saturated fat content in fats'), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['total']['fat_saturated']),
styleSheet["Normal"])])
data.append([Paragraph(_('Fibres'), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['total']['fibres']), styleSheet["Normal"])])
data.append([Paragraph(_('Sodium'), styleSheet["Normal"]),
Paragraph(six.text_type(plan_data['total']['sodium']), styleSheet["Normal"])])
table_style = []
table_style.append(('BOX', (0, 0), (-1, -1), 1.25, colors.black))
table_style.append(('GRID', (0, 0), (-1, -1), 0.40, colors.black))
table_style.append(('SPAN', (0, 0), (-1, 0))) # Title
table_style.append(('SPAN', (1, 2), (-1, 2))) # Energy
table_style.append(('SPAN', (1, 5), (-1, 5))) # Sugar
table_style.append(('SPAN', (1, 7), (-1, 7))) # Saturated fats
table_style.append(('SPAN', (1, 8), (-1, 8))) # Fibres
table_style.append(('SPAN', (1, 9), (-1, 9))) # Sodium
t = Table(data, style=table_style)
t._argW[0] = 5 * cm
elements.append(t)
# Footer, date and info
elements.append(Spacer(10*cm, 0.5*cm))
created = datetime.date.today().strftime("%d.%m.%Y")
url = reverse('nutrition:plan:view', kwargs={'id': plan.id})
p = Paragraph('''<para align="left">
%(date)s -
<a href="%(url)s">%(url)s</a> -
%(created)s
%(version)s
</para>''' %
{'date': _("Created on the <b>%s</b>") % created,
'created': "wger Workout Manager",
'version': get_version(),
'url': request.build_absolute_uri(url), },
styleSheet["Normal"])
elements.append(p)
doc.build(elements)
response['Content-Disposition'] = 'attachment; filename=nutritional-plan.pdf'
response['Content-Length'] = len(response.content)
return response
def stu_enrollment(request):
qq = request.GET.get('stu_qq')
if request.method == "GET":
if qq:
try:
enroll_obj = models.Enrollment.objects.get(
customer__qq=qq, contract_agreed=False)
customer_form = forms.CustomerForm(
instance=enroll_obj.customer)
enroll_form = forms.EnrollmentForm(instance=enroll_obj)
return render(request, 'crm/enroll_page.html', {
'enroll_form': enroll_form,
'customer_form': customer_form
})
except ObjectDoesNotExist as e:
try:
enroll_obj = models.Enrollment.objects.get(customer__qq=qq)
if enroll_obj.contract_approved:
return HttpResponse("培训协议已生成,请到首页查询")
except ObjectDoesNotExist as e:
return HttpResponse("报名表不存在")
return HttpResponse("报名表正在审核中")
else:
return HttpResponse("请求错误,qq号未提供")
else:
if qq:
try:
enroll_obj = models.Enrollment.objects.get(
customer__qq=qq, contract_agreed=False)
upload_path = '%s/%s' % (settings.ENROLL_DATA_DIR,
enroll_obj.customer.id)
except ObjectDoesNotExist as e:
return HttpResponse(u"未查到相应的报名表,也有可能是报名表正在审批中,请到首页查询")
if request.FILES:
if not os.path.exists(upload_path):
os.mkdir(upload_path)
abs_filepath = "%s/%s" % (upload_path,
request.FILES['file'].name)
if len(os.listdir(upload_path)) < 4:
if request.FILES['file'].size < 5 * 1024 * 1024: #5MB
with open(abs_filepath, 'wb') as f:
for chunk in request.FILES['file'].chunks():
f.write(chunk)
return HttpResponse('upload success')
else:
return HttpResponseForbidden('文件大小不能超过5MB')
else:
return HttpResponseForbidden('最多上传不超过4个文件')
else:
enroll_form = forms.EnrollmentForm(request.POST,
instance=enroll_obj)
customer_form = forms.CustomerForm(
request.POST, instance=enroll_obj.customer)
if enroll_form.is_valid() and customer_form.is_valid():
#check whether file has uploaded or not
file_sources_upload_path = "%s/%s" % (
settings.ENROLL_DATA_DIR, enroll_obj.customer.id)
file_uploaded = False
try:
if len(os.listdir(file_sources_upload_path)
) > 0: #has file in this dir
new_check_password = ''.join(
random.sample(
'zyxwvutsrqponmlkjihgfedcba1234567890~!@#$%^&*',
8))
enroll_form.save()
customer_form.save()
enroll_obj.check_passwd = new_check_password
enroll_obj.save()
file_uploaded = True
except OSError as e:
file_uploaded = False
if file_uploaded == False:
return render(
request, 'crm/enroll_page.html', {
'enroll_form': enroll_form,
'customer_form': customer_form,
'file_upload_err': u'证件资料未上传!'
})
return HttpResponse(
'''<h4>报名表已提交,待审批通过后可到<a href="http://crm.oldboyedu.com/crm/training_contract/">培训协议查询</a>
查询生成的培训合同,查询密码为 <span style='color:red'>%s</span> </h4>'''
% new_check_password)
else:
uploaded_files = []
if os.path.exists(upload_path):
uploaded_files = os.listdir(upload_path)
return render(
request, 'crm/enroll_page.html', {
'enroll_form': enroll_form,
'customer_form': customer_form,
'uploaded_files': uploaded_files
})
from django.conf import settings
from django.http import HttpResponseForbidden
from guardian.decorators import permission_required_or_403
# shortcut
ok = permission_required_or_403
Http403 = HttpResponseForbidden()
def session_is_owner(request):
try:
if int(request.POST['user']) == request.user.id:
return True
except ValueError, e:
return False
def user_edit(request, username):
"""
View and edit user profile
"""
edit_user = get_object_or_404(User, username=username)
if not edit_user.allows_editing_by(request.user):
return HttpResponseForbidden()
# Map of form field names to tag namespaces
field_to_tag_ns = (('interests', 'profile:interest:'),
('expertise', 'profile:expertise:'))
already_subscribed = NewsletterForm.is_subscribed(edit_user.email)
if request.method != 'POST':
initial = {
'beta': edit_user.is_beta_tester,
'username': edit_user.username,
}
# Form fields to receive tags filtered by namespace.
for field, ns in field_to_tag_ns:
initial[field] = ', '.join(
tag.name.replace(ns, '') for tag in edit_user.tags.all_ns(ns))
subscription_initial = {}
if already_subscribed:
subscription_initial['newsletter'] = True
subscription_initial['agree'] = True
# Finally, set up the forms.
user_form = UserEditForm(instance=edit_user,
initial=initial,
prefix='user')
newsletter_form = NewsletterForm(locale=request.LANGUAGE_CODE,
already_subscribed=already_subscribed,
prefix='newsletter',
initial=subscription_initial)
else:
user_form = UserEditForm(data=request.POST,
files=request.FILES,
instance=edit_user,
prefix='user')
newsletter_form = NewsletterForm(locale=request.LANGUAGE_CODE,
already_subscribed=already_subscribed,
data=request.POST,
prefix='newsletter')
if user_form.is_valid() and newsletter_form.is_valid():
new_user = user_form.save()
try:
# Beta
beta_group = Group.objects.get(name=config.BETA_GROUP_NAME)
if user_form.cleaned_data['beta']:
beta_group.user_set.add(request.user)
else:
beta_group.user_set.remove(request.user)
except Group.DoesNotExist:
# If there's no Beta Testers group, ignore that logic
pass
# Update tags from form fields
for field, tag_ns in field_to_tag_ns:
field_value = user_form.cleaned_data.get(field, '')
tags = [tag.lower() for tag in parse_tags(field_value)]
new_user.tags.set_ns(tag_ns, *tags)
newsletter_form.subscribe(request, new_user.email)
return redirect(edit_user)
context = {
'edit_user': edit_user,
'user_form': user_form,
'newsletter_form': newsletter_form,
'INTEREST_SUGGESTIONS': INTEREST_SUGGESTIONS,
}
return render(request, 'users/user_edit.html', context)
def phaxio_callback(request):
"""Handle Phaxio callbacks"""
# pylint: disable=too-many-branches
url = 'https://%s%s' % (
settings.MUCKROCK_URL,
reverse('phaxio-callback'),
)
if not _validate_phaxio(
settings.PHAXIO_CALLBACK_TOKEN,
url,
request.POST,
request.FILES,
request.META['HTTP_X_PHAXIO_SIGNATURE'],
):
return HttpResponseForbidden()
logger.warning('In Phaxio Call Back %s', request.POST)
fax_info = json.loads(request.POST['fax'])
fax_id = fax_info['tags'].get('fax_id')
error_count = int(fax_info['tags'].get('error_count', 0))
if fax_id:
fax_comm = FaxCommunication.objects.filter(pk=fax_id).first()
else:
fax_comm = None
if not fax_comm:
logger.warning(
'No fax comm for phaxio callback: %s',
request.POST,
)
else:
if 'completed_at' in fax_info:
date = datetime.fromtimestamp(
int(fax_info['completed_at']),
tz=timezone.get_current_timezone(),
)
else:
date = timezone.now()
if request.POST['success'] == 'true':
fax_comm.confirmed_datetime = date
fax_comm.save()
else:
for recipient in fax_info['recipients']:
number, _ = PhoneNumber.objects.get_or_create(
number=recipient['number'],
defaults={'type': 'fax'},
)
FaxError.objects.create(
fax=fax_comm,
datetime=date,
recipient=number,
error_type=recipient['error_type'],
error_code=recipient['error_code'],
error_id=int(recipient['error_id']),
)
# the following phaxio error IDs all correspond to
# Phone Number Not Operational - all other errors are considered
# temporary for now
perm_error_ids = set([34, 47, 49, 91, 107, 109, 116, 123])
temp_failure = int(recipient['error_id']) not in perm_error_ids
logger.warning(
'Fax Error - Number: %s - ID: %s - Temp: %s - '
'error_count: %s - foia: %s - comm: %s',
number,
recipient['error_id'],
temp_failure,
error_count,
fax_comm.communication.foia.pk,
fax_comm.communication.pk,
)
if temp_failure and error_count < 4:
logger.warning('Fax Error Retrying...')
# retry with exponential back off
fax_comm.communication.foia.submit(
fax_error_count=error_count + 1)
else:
logger.warning('Fax Error Giving Up...')
number.status = 'error'
number.save()
ReviewAgencyTask.objects.ensure_one_created(
agency=fax_comm.communication.foia.agency,
resolved=False,
)
fax_comm.communication.foia.submit(switch=True)
return HttpResponse('OK')
def widget_edit(request, id, app_name=None, widget_name=None):
template_name = 'cosinnus/widgets/add_widget.html'
extra_context = {'form_view': 'edit'}
wc = get_object_or_404(WidgetConfig, id=int(id))
if wc.group and not check_ug_admin(request.user, wc.group) or \
wc.user and wc.user_id != request.user.pk:
return HttpResponseForbidden('Access denied!')
if app_name and widget_name and (wc.app_name != app_name
or wc.widget_name != widget_name):
#print ">>>>> THIS WIDGET WAS SET UP TO BE SWAPPED BY EDITING IT!"
#print ">> TODO: create new widget using create function, transfer important values, then delete this widget! "
# TODO: widget swapping disabled for now!
raise Exception("Swapping of widget types is not enabled. \
Delete this widget and create a new one if you want one of a different type!"
)
widget_class = widget_registry.get(wc.app_name, wc.widget_name)
if widget_class is None:
return render_to_response('cosinnus/widgets/not_found.html')
form_class = widget_class.get_setup_form_class()
widget = widget_class(request, wc)
if request.method == "POST":
form = form_class(request.POST, group=wc.group)
if form.is_valid():
widget.save_config(form.cleaned_data)
return HttpResponse(
widget.render(user=request.user,
request=request,
group=wc.group))
raise Exception("Form was invalid for widget edit: ", app_name,
widget_name, form_class)
else:
data = []
for app_name, widgets in widget_registry:
for widget_name in widgets:
form_active = False
widget_class = widget_registry.get(app_name, widget_name)
if widget_class is None:
#print ">>>>widg not found:", app_name, widget_name
continue
form_class = widget_class.get_setup_form_class()
if not getattr(form_class, "template_name", None):
#raise ImproperlyConfigured('Widget form "%s %s" has no attribute "template_name" configured!' % (app_name, widget_name))
#print '>> ignoring widget "%s %s" without template_name form: ' % (app_name, widget_name)
continue
if app_name == widget.app_name and widget_name == widget.widget_name:
# this is the form of the widget class that the editing widget is of
# init the form with the current widgets config, and set the active widget to this one
form_dict = dict([(k, v) for k, v in widget.config])
form_dict.update({
'sort_field': widget.config.sort_field,
})
context = {
'form': form_class(initial=form_dict, group=wc.group)
}
form_active = True
else:
# TODO: widget swapping disabled for now!
continue
#context = {'form': form_class(group=wc.group)}
widget_form_content = render(request, form_class.template_name,
context).content
data.append({
'app_name':
app_name,
'widget_name':
widget_name,
'widget_title':
widget_class.get_widget_title(),
'form_content':
widget_form_content,
'form_id':
'%s_%s_%d' % (app_name, widget_name, uuid1()),
'form_active':
form_active,
})
context = {
'widget_data': data,
'widget_conf_id': widget.id,
}
context.update(extra_context)
return render(request, template_name, context)
def post(self, request):
params = QueryDict(request.body)
if request.META.get('HTTP_X_FORWARDED_FOR'):
ip = request.META.get('HTTP_X_FORWARDED_FOR')
else:
ip = request.META.get('REMOTE_ADDR')
if ip in getattr(settings, 'BLOCKED_IPS', []):
return HttpResponseForbidden('<h1>Forbbidden</h1>')
user = ShangmiUser.objects.get(
pk=int(user_cache.get(params.get("token"))))
order_id = params.get('order_id')
amount = params.get("need")
log = UserPayLog.objects.get(id=order_id)
randuuid = uuid.uuid4()
nonce_str = str(randuuid).replace('-', '')
out_trade_no = log.wx_pay_num
# log.wx_pay_num = out_trade_no
# log.save()
url = 'https://api.mch.weixin.qq.com/pay/unifiedorder'
data = {}
data['body'] = 'ShangMi'.encode('utf-8')
data['mch_id'] = settings.MCHID
data['nonce_str'] = nonce_str
# data['device_info'] = 'WEB'
data['total_fee'] = str(int(amount))
data['spbill_create_ip'] = ip
# data['fee_type'] = 'CNY'
data['openid'] = user.openid
data['out_trade_no'] = out_trade_no
data['notify_url'] = 'https://sharemsg.cn/shangmi/api/v1/pay/notify'
data['appid'] = settings.PAY_APPID
data['trade_type'] = 'JSAPI'
data['sign'] = sign(data, settings.PAY_KEY)
template = """
<xml>
<appid>{appid}</appid>
<body>{body}</body>
<mch_id>{mch_id}</mch_id>
<nonce_str>{nonce_str}</nonce_str>
<notify_url>{notify_url}</notify_url>
<openid>{openid}</openid>
<out_trade_no>{out_trade_no}</out_trade_no>
<spbill_create_ip>{spbill_create_ip}</spbill_create_ip>
<total_fee>{total_fee}</total_fee>
<trade_type>{trade_type}</trade_type>
<sign>{sign}</sign>
</xml>
"""
content = template.format(**data)
headers = {'Content-Type': 'application/xml'}
raw = requests.post(url, data=content, headers=headers)
rdict = xml_response_to_dict(raw)
# print('=------',rdict, '--------------')
return_data = {}
if rdict['return_code'] == 'SUCCESS' and rdict[
'result_code'] == 'SUCCESS':
randuuid = uuid.uuid4()
nonce_str = str(randuuid).replace('-', '')
time_stamp = str(int(time.time()))
sign_data = {}
sign_data['appId'] = rdict['appid']
sign_data['nonceStr'] = nonce_str
sign_data['package'] = 'prepay_id=%s' % rdict['prepay_id']
sign_data['signType'] = 'MD5'
sign_data['timeStamp'] = time_stamp
paySign = sign(sign_data, settings.PAY_KEY)
return_data['appId'] = rdict['appid']
return_data['paySign'] = paySign
return_data['nonceStr'] = nonce_str
return_data['timeStamp'] = time_stamp
return_data['package'] = 'prepay_id=%s' % rdict['prepay_id']
return_data['signType'] = 'MD5'
return JsonResponse({'data': return_data, "code": 0})
else:
return JsonResponse({'code': 1, 'data': u'支付失败'})
def deploy_application(request):
match_list = ['list', 'grain', 'nodegroup', 'pcre', 'glob']
app_list = [
'zabbix', 'mysql', 'memcached', 'nginx', 'tomcat', 'system', 'redis',
'php'
]
if request.method == 'POST':
if not request.user.is_superuser:
return HttpResponseForbidden(request)
mapping = request.POST.get('map', '').replace(' ', '')
target = request.POST.get('target', '').replace(' ', '')
app = str(request.POST.get('app', '').replace(' ', ''))
if app == '' or target == '' or mapping == '':
return HttpResponseNotAllowed(request)
if mapping not in match_list or app not in app_list:
return HttpResponseNotAllowed(request)
result, info = parse_target_params(target, mapping)
if result is None:
return render_to_response('salt_deploy_application.html',
RequestContext(request, {'error': info}))
target = info
client = SaltByLocalApi('/etc/salt/master')
cmd = '%s.install' % app
output = client.client.cmd(target,
'state.sls', [cmd],
expr_form=mapping)
if output is None or output == {}:
return render_to_response(
'salt_deploy_application.html',
RequestContext(request, {'error': u'无效的目标主机'}))
error_dict = {}
error_log = ''
ok_dict = {}
all_dict = {}
for k, v in output.iteritems():
if isinstance(v, list):
return render_to_response(
'salt_deploy_application.html',
RequestContext(request, {'error': v[0]}))
tmp_list = []
for i, j in v.iteritems():
if 'name' not in j or 'duration' not in j or 'comment' not in j:
tmp_list.append(
[i, ' ', 0, j['result'], j['changes'], j['comment']])
else:
tmp_list.append([
i, j['name'], j['duration'], j['result'], j['changes'],
j['comment']
])
all_dict[k] = tmp_list
for k, v in all_dict.iteritems():
for i in v:
if not i[3]:
error_dict[k] = v
break
if len(error_dict) > 0:
host_error_dict = {}
for k, v in error_dict.iteritems():
host_error_list = []
for i in v:
if not i[3]:
host_error_list.append(i)
break
host_error_dict[k] = host_error_list
for k, v in host_error_dict.iteritems():
error_log = error_log + '''-----host name: %s error log -----\n''' % k
for i in v:
if i[4] != {} and isinstance(i[4], dict):
error_log = error_log + '''id: %s \n comment: %s \n name: %s \n %s \n''' % (
i[0], i[5], i[1], i[4]['stderr'])
else:
error_log = error_log + '''id: %s \n comment: %s \n name: %s \n %s \n''' % (
i[0], i[5], i[1], i[4])
all_key = all_dict.keys()
for key in all_key:
if key not in error_dict.keys():
ok_dict[key] = all_dict[key]
head_txt = '-' * 10 + '\n'
head_txt = head_txt + ''' total: %d , successed: %d , failed: %d \n''' % (
len(all_dict), len(ok_dict), len(error_dict))
head_txt = head_txt + '-' * 10 + '\n'
success_txt = '-' * 10 + 'success' + '-' * 10 + '\n'
error_txt = ''
total_error_spend_time = 0
total_ok_spend_time = 0
if len(ok_dict) > 0:
for k, v in ok_dict.iteritems():
ok_spend_time = 0
for i in v:
ok_spend_time = i[2] + ok_spend_time
ok_spend_time = ok_spend_time / 1000
total_ok_spend_time = total_ok_spend_time + ok_spend_time
success_txt = success_txt + ''' Host: %s | Spend time: %s Sec | Result: success \n''' % (
k, str(ok_spend_time))
success_txt = success_txt + '-----success-----\n'
if len(error_dict) > 0:
log = ''
for k, v in error_dict.iteritems():
error_spend_time = 0
for i in v:
if i[4] != {} and isinstance(i[4], dict):
log = log + '''name: %s \n --error_info--: %s \n ''' % (
i[1], i[4]['stderr'])
else:
log = log + '''name: %s \n --error_info--: %s \n ''' % (
i[1], i[4])
error_spend_time = i[2] + error_spend_time
error_spend_time = error_spend_time / 1000
total_error_spend_time = total_error_spend_time + error_spend_time
error_txt = error_txt + ''' Host: %s | Spend time: %s Sec | Result: failed \n ''' % (
k, str(error_spend_time))
#error_txt=error_txt+'''-----------host: %s error log-----------\n''' %k
error_txt = error_txt + '''%s \n ----------\n''' % error_log
if ok_dict.keys() == []:
success_hosts = ''
else:
success_hosts = ','.join(ok_dict.keys())
if error_dict.keys() == []:
failed_hosts = ''
else:
failed_hosts = ','.join(error_dict.keys())
total = len(all_key)
deploylog = AppDeployLogModel(
user=request.user,
time=datetime.now(),
target=target,
application=app,
mapping=mapping,
success_hosts=success_hosts,
failed_hosts=failed_hosts,
total=total,
log=head_txt + success_txt + error_txt,
duration=str(total_error_spend_time + total_ok_spend_time) + ' s')
try:
deploylog.save()
except:
pass
f = open('/tmp/.app_deploy.log', 'w')
f.write(head_txt + success_txt + error_txt)
f.close()
code, log = commands.getstatusoutput('cat /tmp/.app_deploy.log')
return render_to_response('salt_deploy_application.html',
RequestContext(request, {'log': log}))
return render_to_response('salt_deploy_application.html',
RequestContext(request))
def dispatch(self, *args, **kwargs):
if settings.DEBUG:
return super(UnitTestView, self).dispatch(*args, **kwargs)
else:
return HttpResponseForbidden()
def incoming_sms(request, username):
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return HttpResponse(status=404)
r = TwilioResponse()
# This request is unauthenticated; we'll need to fetch the user's
# store directly rather than looking it up via the auth cookie.
store = models.TaskStore.get_for_user(user)
if not store.twilio_auth_token:
log_args = (
"Incoming SMS for %s, but no auth token specified.",
user,
user,
)
logger.warning(*log_args)
store.log_error(*log_args)
return HttpResponse(status=404)
if store.sms_whitelist:
incoming_number = re.sub('[^0-9]', '', request.POST['From'])
valid_numbers = [
re.sub('[^0-9]', '', n)
for n in store.sms_whitelist.split('\n')
]
if incoming_number not in valid_numbers:
log_args = (
"Incoming SMS for %s, but phone number %s is not "
"in the whitelist.",
user,
incoming_number,
)
store.log_error(*log_args)
logger.warning(
*log_args,
extra={
'data': {
'incoming_number': incoming_number,
'whitelist': valid_numbers,
}
}
)
return HttpResponseForbidden()
try:
validator = RequestValidator(store.twilio_auth_token)
url = request.build_absolute_uri()
signature = request.META['HTTP_X_TWILIO_SIGNATURE']
except (AttributeError, KeyError) as e:
log_args = (
"Incoming SMS for %s, but error encountered while "
"attempting to build request validator: %s.",
user,
e,
)
logger.exception(*log_args)
store.log_error(*log_args)
return HttpResponseForbidden()
if not validator.validate(url, request.POST, signature):
log_args = (
"Incoming SMS for %s, but validator rejected message.",
user,
)
logger.warning(*log_args)
store.log_error(*log_args)
return HttpResponseForbidden()
with git_checkpoint(store, "Incoming SMS", sync=True):
from_ = request.POST['From']
body = request.POST['Body']
task_info = body[4:]
if not body.lower().startswith('add'):
if store.sms_replies >= store.REPLY_ERROR:
r.sms("Bad Request: Unknown command.")
log_args = (
"Incoming SMS from %s had no recognized command: '%s'." % (
from_,
body,
),
)
logger.warning(*log_args)
store.log_error(*log_args)
elif not task_info:
log_args = (
"Incoming SMS from %s had no content." % (
from_,
body,
),
)
logger.warning(*log_args)
store.log_error(*log_args)
if store.sms_replies >= store.REPLY_ERROR:
r.sms("Bad Request: Empty task.")
else:
task_uuid = str(uuid.uuid4())
task_args = (
['add'] +
shlex_without_quotes(store.sms_arguments) +
shlex_without_quotes(task_info)
)
task_args.append('uuid:%s' % task_uuid)
result = store.client._execute_safe(*task_args)
stdout, stderr = result
if store.sms_replies >= store.REPLY_ALL:
r.sms("Added.")
log_args = (
"Added task %s via SMS from %s; message '%s'; "
"automatic args: '%s';"
"response: '%s'." % (
task_uuid,
from_,
body,
store.sms_arguments,
stdout,
),
)
logger.info(*log_args)
store.log_message(*log_args)
return HttpResponse(str(r), content_type='application/xml')
def wrapper(request, *args, **kwargs):
if not user_has_alumni(request.user):
return HttpResponseForbidden(
'User missing Alumni. Contact Support if this is unexpected. ')
return view(request, *args, **kwargs)
def get(self, request): # pylint: disable=too-many-statements
""" Calculate basket totals given a list of sku's
Create a temporary basket add the sku's and apply an optional voucher code.
Then calculate the total price less discounts. If a voucher code is not
provided apply a voucher in the Enterprise entitlements available
to the user.
Query Params:
sku (string): A list of sku(s) to calculate
code (string): Optional voucher code to apply to the basket.
username (string): Optional username of a user for which to calculate the basket.
Returns:
JSON: {
'total_incl_tax_excl_discounts': basket.total_incl_tax_excl_discounts,
'total_incl_tax': basket.total_incl_tax,
'currency': basket.currency
}
Side effects:
If the basket owner does not have an LMS user id, tries to find it. If found, adds the id to the user and
saves the user. If the id cannot be found, writes custom metrics to record this fact.
"""
DEFAULT_REQUEST_CACHE.set(TEMPORARY_BASKET_CACHE_KEY, True)
partner = get_partner_for_site(request)
skus = request.GET.getlist('sku')
if not skus:
return HttpResponseBadRequest(_('No SKUs provided.'))
skus.sort()
code = request.GET.get('code', None)
try:
voucher = Voucher.objects.get(code=code) if code else None
except Voucher.DoesNotExist:
voucher = None
products = Product.objects.filter(stockrecords__partner=partner,
stockrecords__partner_sku__in=skus)
if not products:
return HttpResponseBadRequest(
_('Products with SKU(s) [{skus}] do not exist.').format(
skus=', '.join(skus)))
basket_owner = request.user
requested_username = request.GET.get('username', default='')
is_anonymous = request.GET.get('is_anonymous',
'false').lower() == 'true'
use_default_basket = is_anonymous
use_default_basket_case = 0
# validate query parameters
if requested_username and is_anonymous:
return HttpResponseBadRequest(
_('Provide username or is_anonymous query param, but not both')
)
if not requested_username and not is_anonymous:
logger.warning(
"Request to Basket Calculate must supply either username or is_anonymous query"
" param. Requesting user=%s. Future versions of this API will treat this "
"WARNING as an ERROR and raise an exception.",
basket_owner.username)
requested_username = request.user.username
# If a username is passed in, validate that the user has staff access or is the same user.
if requested_username:
if basket_owner.username.lower() == requested_username.lower():
pass
elif basket_owner.is_staff:
try:
basket_owner = User.objects.get(
username=requested_username)
except User.DoesNotExist:
# This case represents a user who is logged in to marketing, but
# doesn't yet have an account in ecommerce. These users have
# never purchased before.
use_default_basket = True
use_default_basket_case = 1
else:
return HttpResponseForbidden('Unauthorized user credentials')
if basket_owner.username == self.MARKETING_USER and not use_default_basket:
# For legacy requests that predate is_anonymous parameter, we will calculate
# an anonymous basket if the calculated user is the marketing user.
# TODO: LEARNER-5057: Remove this special case for the marketing user
# once logs show no more requests with no parameters (see above).
use_default_basket = True
use_default_basket_case = 2
if use_default_basket:
basket_owner = None
# If we have a basket owner, ensure they have an LMS user id
try:
if basket_owner:
called_from = u'calculation of basket total'
basket_owner.add_lms_user_id(
'ecommerce_missing_lms_user_id_calculate_basket_total',
called_from)
except MissingLmsUserIdException:
return self._report_bad_request(
api_exceptions.LMS_USER_ID_NOT_FOUND_DEVELOPER_MESSAGE.format(
user_id=basket_owner.id),
api_exceptions.LMS_USER_ID_NOT_FOUND_USER_MESSAGE)
cache_key = None
if use_default_basket:
# For an anonymous user we can directly get the cached price, because
# there can't be any enrollments or entitlements.
cache_key = get_cache_key(site_comain=request.site,
resource_name='calculate',
skus=skus)
cached_response = TieredCache.get_cached_response(cache_key)
logger.info(
'bundle debugging 2: request [%s] referrer [%s] url [%s] Cache key [%s] response [%s]'
'skus [%s] case [%s] basket_owner [%s]',
str(request),
str(request.META.get('HTTP_REFERER')),
str(request._request),
str(cache_key), # pylint: disable=protected-access
str(cached_response),
str(skus),
str(use_default_basket_case),
str(basket_owner))
if cached_response.is_found:
return Response(cached_response.value)
response = self._calculate_temporary_basket_atomic(
basket_owner, request, products, voucher, skus, code)
if response and use_default_basket:
logger.info(
'bundle debugging 3: request [%s] referrer [%s] url [%s] Cache key [%s] response [%s]'
'skus [%s] case [%s] basket_owner [%s]',
str(request),
str(request.META.get('HTTP_REFERER')),
str(request._request),
str(cache_key), # pylint: disable=protected-access
str(response),
str(skus),
str(use_default_basket_case),
str(basket_owner))
TieredCache.set_all_tiers(
cache_key, response,
settings.ANONYMOUS_BASKET_CALCULATE_CACHE_TIMEOUT)
return Response(response)
def recruitment_application_interview(
request,
year,
recruitment_period_pk,
pk,
template_name='recruitment/recruitment_application_interview.html'):
fair = get_object_or_404(Fair, year=year)
application = get_object_or_404(RecruitmentApplication, pk=pk)
user = request.user
if not user_can_access_recruitment_period(user,
application.recruitment_period):
return HttpResponseForbidden()
InterviewPlanningForm = modelform_factory(
RecruitmentApplication,
fields=('interviewer', 'interviewer2', 'slot', 'recommended_role',
'scorecard', 'drive_document', 'rating'),
widgets={
'rating':
forms.Select(choices=[('', '-------'), (1, 1), (2, 2), (3,
3), (5,
5)]),
'scorecard':
forms.TextInput(
attrs={'placeholder': 'Link to existing document'}),
'drive_document':
forms.TextInput(
attrs={'placeholder': 'Link to existing document'}),
},
labels={
'drive_document': _('Interview document'),
},
help_texts={
'slot':
'<strong>Note:</strong> If you select a slot with <strong>Other</strong> as the location you must book a location separately and communicate this location to the participants of the interview.'
},
)
profile_pic_form = None
profile = Profile.objects.get(user=application.user)
if Profile.objects.filter(user=application.user).first():
profile_pic_form = ProfilePictureForm(request.POST or None,
request.FILES or None,
instance=profile)
interviewers = application.recruitment_period.interviewers()
interview_planning_form = InterviewPlanningForm(request.POST or None,
instance=application)
interview_planning_form.fields[
'recommended_role'].queryset = application.recruitment_period.recruitable_roles
used_slots = []
for a in RecruitmentApplication.objects.select_related('slot').exclude(
slot=None).exclude(pk=application.pk):
used_slots.append(a.slot)
slots_by_day = [('', '---------')]
all_slots = Slot.objects.filter(
recruitment_period=application.recruitment_period)
local_tz = pytz.timezone('Europe/Stockholm')
for slot in all_slots:
found = False
slot_yyyymmdd = local_tz.localize(slot.start, is_dst=None)
slot_yyyymmdd = slot_yyyymmdd.strftime('%Y-%m-%d')
for slot_by_day in slots_by_day:
if slot_by_day[0] == slot_yyyymmdd:
found = True
break
if not found:
slots_by_day.append((slot_yyyymmdd, []))
for slot in all_slots:
if slot in used_slots and slot.location.name != 'Other': continue
slot_start = local_tz.localize(slot.start, is_dst=None)
slot_yyyymmdd = slot_start.strftime('%Y-%m-%d')
for slot_by_day in slots_by_day:
if slot_by_day[0] == slot_yyyymmdd:
slot_hhmm_start = slot_start.strftime('%H:%M')
slot_hhmm_end = slot_start + datetime.timedelta(
minutes=slot.length)
slot_hhmm_end = slot_hhmm_end.strftime('%H:%M')
slot_by_day[1].append(
(slot.pk, slot_hhmm_start + '-' + slot_hhmm_end + ' | ' +
str(slot.location)))
break
interview_planning_form.fields['slot'].choices = slots_by_day
languages = Language.objects.all()
interviewers_by_language = [(None, [])]
for language in languages:
interviewers_by_language.insert(0, (language, []))
for interviewer in interviewers:
p = Profile.objects.filter(user=interviewer).first()
for language in interviewers_by_language:
if language[0] == p.preferred_language:
language[1].append(
(interviewer.pk, interviewer.get_full_name()))
break
interviewers_by_language[len(interviewers_by_language) - 1] = (
'No preferred language',
interviewers_by_language[len(interviewers_by_language) - 1][1])
interviewers_by_language = [
x for x in interviewers_by_language if len(x[1]) > 0
]
interviewers_by_language.insert(0, ('', '---------'))
if 'interviewer' in interview_planning_form.fields:
interview_planning_form.fields[
'interviewer'].choices = interviewers_by_language
if 'interviewer2' in interview_planning_form.fields:
interview_planning_form.fields[
'interviewer2'].choices = interviewers_by_language
RoleDelegationForm = modelform_factory(
RecruitmentApplication,
fields=['delegated_role', 'superior_user', 'status'])
role_delegation_form = RoleDelegationForm(request.POST or None,
instance=application)
role_delegation_form.fields[
'delegated_role'].queryset = application.recruitment_period.recruitable_roles
role_delegation_form.fields['superior_user'].choices = [
('', '---------')
] + [(interviewer.pk, interviewer.get_full_name())
for interviewer in interviewers]
if request.POST:
application.recruitment_period.interview_questions.handle_answers_from_request(
request, application.user)
if interview_planning_form.is_valid():
interview_planning_form.save()
if role_delegation_form:
if role_delegation_form.is_valid():
role_delegation_form.save()
return redirect('recruitment_period', fair.year,
application.recruitment_period.pk)
else:
return redirect('recruitment_period', fair.year,
application.recruitment_period.pk)
if application.slot and application.interviewer and application.interviewer2 and (
request.user == application.interviewer
or request.user == application.interviewer2):
other = application.interviewer if application.interviewer != request.user else application.interviewer2
nicetime = local_tz.localize(slot.start, is_dst=None)
nicetime = nicetime.strftime("%Y-%m-%d %H:%M")
sms_english = "Hello! Thank you for applying to THS Armada. This is a confirmation of our interview arrangement. The interview is scheduled to take place on " + nicetime + " in " + str(
slot.location
) + ". If you have any questions or if you would like to change the date and time, don't hesitate to contact me. " + other.first_name + " " + other.last_name + " and I are looking forward to meet you. /" + request.user.first_name + " " + request.user.last_name
sms_swedish = "Hej! Tack för att du har sökt till THS Armada. Detta är en bekräftelse på vår överenskommelse. Intervjun är planerad till " + nicetime + " i " + str(
slot.location
) + ". Tveka inte att kontakta mig om du har några frågor eller om du vill ändra datum eller tid. " + other.first_name + " " + other.last_name + " och jag själv ser fram emot att få träffa dig. /" + request.user.first_name + " " + request.user.last_name
elif application.slot and application.interviewer and request.user == application.interviewer:
nicetime = local_tz.localize(slot.start, is_dst=None)
nicetime = nicetime.strftime("%Y-%m-%d %H:%M")
sms_english = "Hello! Thank you for applying to THS Armada. This is a confirmation of our interview arrangement. The interview is scheduled to take place on " + nicetime + " in " + str(
slot.location
) + ". If you have any questions or if you would like to change the date and time, don't hesitate to contact me. I am looking forward to meet you. /" + request.user.first_name + " " + request.user.last_name
sms_swedish = "Hej! Tack för att du har sökt till THS Armada. Detta är en bekräftelse på vår överenskommelse. Intervjun är planerad till " + nicetime + " i " + str(
slot.location
) + ". Tveka inte att kontakta mig om du har några frågor eller om du vill ändra datum eller tid. Jag ser fram emot att få träffa dig. /" + request.user.first_name + " " + request.user.last_name
else:
sms_english = None
sms_swedish = None
return render(
request, template_name, {
"profile_pic_form":
profile_pic_form,
"application":
application,
"application_questions_with_answers":
application.recruitment_period.application_questions.
questions_with_answers_for_user(application.user),
"interview_questions_with_answers":
application.recruitment_period.interview_questions.
questions_with_answers_for_user(application.user),
"interview_planning_form":
interview_planning_form,
"role_delegation_form":
role_delegation_form,
"profile":
profile,
"sms_english":
sms_english,
"sms_swedish":
sms_swedish,
"fair":
fair,
})
def get(self, request, *args, **kwargs):
if not self.model_admin.has_view_permission(request):
return HttpResponseForbidden("Interdit")
avec_acces = Q(
acces_application_parrainages__etat=AccesApplicationParrainages.
Etat.VALIDE)
est_elu = reduce(or_, (Q(**{f"elu_{m}": True}) for m in types_elus))
signataire_appel = Q(meta__subscriptions__NSP__mandat__isnull=False)
ps = (Person.objects.annotate_elus().filter(avec_acces | (
est_elu & signataire_appel)).annotate(
volontaire=Exists(
AccesApplicationParrainages.objects.filter(
person_id=OuterRef("id"),
etat=AccesApplicationParrainages.Etat.VALIDE,
), ),
en_cours=Count(
"rechercheparrainage",
filter=Q(rechercheparrainage__statut=RechercheParrainage.
Statut.EN_COURS),
),
fini=Count(
"rechercheparrainage",
filter=~Q(rechercheparrainage__statut__in=[
RechercheParrainage.Statut.EN_COURS,
RechercheParrainage.Statut.ANNULEE,
]),
),
))
spec = {
"email": "email",
"prenom": "first_name",
"nom": "last_name",
"téléphone": Coalesce("contact_phone.as_international",
default=None),
"code postal": "location_zip",
"ville": "location_city",
"volontaire": ("volontaire", {
True: "oui",
False: "non"
}.get),
"nombre de recherches en cours": "en_cours",
"nombre de recherches terminées": "fini",
}
df = pd.DataFrame(glom(ps, [spec]))
content = BytesIO()
df.to_excel(content, engine="xlsxwriter", index=False)
today = timezone.now().strftime("%Y-%m-%d")
res = HttpResponse(
content.getvalue(),
content_type=
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
)
res["Content-Disposition"] = f'attachment; filename="{today}-acces-parrainages.xlsx"'
return res
def recognize(request):
if request.method == 'POST':
user = request.user
profile = Profile.objects.get(user=user)
f = request.POST
form = ImageUploadForm(request.POST, request.FILES)
if form.is_valid():
catching = Catching.objects.create(
image=form.cleaned_data['image'],
senior=None,
profile=profile,
comment=""
)
catching.save()
image_url = 'http://150.95.135.222:8000' + catching.image.url
client = FaceClient('ac38c745411845ce89698e1e2469df79', '9d70c1da17fd49609327c8ca154061f1')
result = client.faces_recognize('all', image_url, namespace='senior')
try:
student_id1 = result['photos'][0]['tags'][0]['uids'][0]['uid'].split('@')[0]
confidence1 = result['photos'][0]['tags'][0]['uids'][0]['confidence']
senior1 = Senior.objects.get(student_id=student_id1)
senior1_name = senior1.name
student_id2 = result['photos'][0]['tags'][0]['uids'][1]['uid'].split('@')[0]
confidence2 = result['photos'][0]['tags'][0]['uids'][1]['confidence']
senior2 = Senior.objects.get(student_id=student_id2)
senior2_name = senior2.name
student_id3 = result['photos'][0]['tags'][0]['uids'][2]['uid'].split('@')[0]
confidence3 = result['photos'][0]['tags'][0]['uids'][2]['confidence']
senior3 = Senior.objects.get(student_id=student_id3)
senior3_name = senior3.name
catchsenior = f['catchsenior']
if len(result['photos'][0]['tags']) > 1:
student_id4 = result['photos'][0]['tags'][1]['uids'][0]['uid'].split('@')[0]
confidence4 = result['photos'][0]['tags'][1]['uids'][0]['confidence']
senior4 = Senior.objects.get(student_id=student_id4)
senior4_name = senior4.name
student_id5 = result['photos'][0]['tags'][1]['uids'][1]['uid'].split('@')[0]
confidence5 = result['photos'][0]['tags'][1]['uids'][1]['confidence']
senior5 = Senior.objects.get(student_id=student_id5)
senior5_name = senior5.name
student_id6 = result['photos'][0]['tags'][1]['uids'][2]['uid'].split('@')[0]
confidence6 = result['photos'][0]['tags'][1]['uids'][2]['confidence']
senior6 = Senior.objects.get(student_id=student_id6)
senior6_name = senior6.name
return render(request, 'software/recognize.html', {'catching': catching,
'image_url': image_url,
'senior1_name': senior1_name,
'confidence1': confidence1,
'student_id1': student_id1,
'senior2_name': senior2_name,
'confidence2': confidence2,
'student_id2': student_id2,
'senior3_name': senior3_name,
'confidence3': confidence3,
'student_id3': student_id3,
'senior4_name': senior4_name,
'confidence4': confidence4,
'student_id4': student_id4,
'senior5_name': senior5_name,
'confidence5': confidence5,
'student_id5': student_id5,
'senior6_name': senior6_name,
'confidence6': confidence6,
'student_id6': student_id6,
'catchsenior': catchsenior,
'person_num': '2',
})
return render(request, 'software/recognize.html', {'catching': catching,
'image_url': image_url,
'senior1_name': senior1_name,
'confidence1': confidence1,
'student_id1': student_id1,
'senior2_name': senior2_name,
'confidence2': confidence2,
'student_id2': student_id2,
'senior3_name': senior3_name,
'confidence3': confidence3,
'student_id3': student_id3,
'catchsenior': catchsenior,
'person_num': '1',
})
except IndexError as err:
return HttpResponse("Index Error - Please contact to kakaotalk ID : mnmnm059")
except Exception as err:
return HttpResponse(str(err) + "- Please contact to kakaotalk ID : mnmnm059")
else:
return HttpResponseForbidden('form is invalid')
else:
return HttpResponseForbidden('Allowed via POST')
def log_in(request, token_name=None, token=None, proxy_app_id=None):
""" Handle authentication in Vulture Portal
:param request: Django request object
:returns: Home page if user auth succeed. Logon page if auth failed
"""
cluster = Cluster.objects.get()
""" Check if URI arguments are valid """
if token_name and token_name != cluster.getTokenName():
logger.info("PORTAL::Authentication: Invalid token in URI " + str(token_name) + '/' + str(token))
return HttpResponseForbidden()
authentication_classes = {'form':POSTAuthentication, 'basic':BASICAuthentication, 'kerberos':KERBEROSAuthentication}
""" Retrieve token and cookies to instantiate Redis wrapper objects """
# Retrieve cookies required for authentication
portal_cookie_name = cluster.getPortalCookie()
portal_cookie = request.COOKIES.get(portal_cookie_name, None)
app_cookie = request.COOKIES.get(cluster.getAppCookie(), None)
try:
# Instantiate authentication object to retrieve application auth_type
authentication = Authentication(token_name, token, app_cookie, portal_cookie)
# And then instantiate the right authentication class with auth_type ('form','basic','kerberos')
authentication = authentication_classes[authentication.application.auth_type](token_name, token, app_cookie, portal_cookie)
logger.debug("PORTAL::log_in: Authentication successfully created")
# Application does not need authentication
except RedirectionNeededError as e:
logger.error("PORTAL::log_in: {}".format(str(e)))
return HttpResponseRedirect(e.redirect_url)
# Redis connection error
except RedisConnectionError as e:
logger.error("PORTAL::log_in: Unable to connect to Redis server : {}".format(str(e)))
return HttpResponseServerError()
# Token not found while instantiating RedisSession or RedisAppSession
except TokenNotFoundError as e:
logger.error("PORTAL::log_in: {}".format(str(e)))
try:
# Retrieve application object to redirect to application default uri
application = Application.objects(id=ObjectId(proxy_app_id)).only('listeners', 'public_name', 'public_dir').first()
return HttpResponseRedirect(application.get_redirect_uri())
# If "proxy_app_id" not found : FORBIDDEN
except (Application.DoesNotExist, InvalidId, ValidationError) as e:
logger.error("PORTAL::log_in: Application with id '{}' not found : {}".format(proxy_app_id, str(e)))
return HttpResponseForbidden()
# If redis_session.keys['application_id'] does not exists : FORBIDDEN
except (Application.DoesNotExist, ValidationError, InvalidId) as e:
logger.error("PORTAL::log_in: Application with id '{}' not found".format(authentication.redis_session.keys['application_id']))
return HttpResponseForbidden()
# If assertionError : Ask credentials by portal
except AssertionError as e:
logger.error("PORTAL::log_in: AssertionError while trying to create Authentication : ".format(e))
return authentication.ask_credentials_response(request=request)
""" If user is not authenticated : try to retrieve credentials and authenticate him on backend/fallback-backends """
# If the user is not authenticated and application need authentication
if not authentication.is_authenticated():
try:
backend_id = authentication.authenticate_on_backend()
if not backend_id:
# Retrieve credentials
authentication.retrieve_credentials(request)
logger.debug("PORTAL::log_in: Credentials successfully retrieved")
# Authenticate user with credentials retrieven
authentication_results = authentication.authenticate(request)
logger.debug("PORTAL::log_in: Authentication succeed on backend {}".format(authentication.backend_id))
# Register authentication results in Redis
app_cookie, portal_cookie, oauth2_token = authentication.register_user(authentication_results)
logger.debug("PORTAL::log_in: User {} successfully registered in Redis".format(authentication.credentials[0]))
if authentication_results['data'].get('password_expired', None):
logger.info("PORTAL::log_in: User '{}' must change its password, redirect to self-service portal".format(authentication.credentials[0]))
app_url = authentication.get_url_portal()
return response_redirect_with_portal_cookie(app_url+str(token_name)+'/self/change', portal_cookie_name, portal_cookie, app_url.startswith('https'), None)
# If the user is already authenticated (retrieven with RedisPortalSession ) => SSO
else:
app_cookie, portal_cookie, oauth2_token = authentication.register_sso(backend_id)
logger.info("PORTAL::log_in: User {} successfully SSO-powered !".format(authentication.credentials[0]))
except AssertionError as e:
logger.error("PORTAL::log_in: Bad captcha taped for username '{}' : {}".format(authentication.credentials[0], e))
return authentication.ask_credentials_response(request=request, error="Bad captcha")
except AccountLocked as e:
logger.error("PORTAL::log_in: Error while trying to authenticate user '{}' : {}".format(authentication.credentials[0], e))
return authentication.ask_credentials_response(request=request, error="Bad credentials")
except AuthenticationError as e:
logger.error("PORTAL::log_in: AuthenticationError while trying to authenticate user '{}' : {}".format(authentication.credentials[0], e))
return authentication.ask_credentials_response(request=request, error="Bad credentials")
except ACLError as e:
logger.error("PORTAL::log_in: ACLError while trying to authenticate user '{}' : {}".format(authentication.credentials[0], e))
return authentication.ask_credentials_response(request=request, error="Bad credentials")
except (DBAPIError, PyMongoError, LDAPError) as e:
logger.error("PORTAL::log_in: Repository driver Error while trying to authentication user '{}' : {}".format(authentication.credentials[0], e))
return authentication.ask_credentials_response(request=request, error="Bad credentials")
except (MultiValueDictKeyError, AttributeError, KeyError) as e:
#vltprtlsrnm is always empty during the initial redirection. Don't log that
logger.debug("PORTAL::log_in: Error while trying to authentication user '{}' : {}".format(authentication.credentials[0], e))
return authentication.ask_credentials_response(request=request)
except REDISWriteError as e:
logger.error("PORTAL::log_in: RedisWriteError while trying to register user '{}' informations : {}".format(authentication.credentials[0], e))
return HttpResponseServerError()
except Exception as e:
logger.exception(e)
return HttpResponseServerError()
""" If user is not double-authenticated and double-authentication needed : try to retrieve credentials and authenticate him on otp-backend """
# If the user is authenticated but not double-authenticated and double-authentication required
if authentication.double_authentication_required():
logger.info("PORTAL::log_in: Double authentication required for user '{}'".format(authentication.credentials[0]))
try:
# Instantiate DOUBLEAuthentication object
db_authentication = DOUBLEAuthentication(cluster.getTokenName(), token, app_cookie, portal_cookie)
logger.debug("PORTAL::log_in: DoubleAuthentication successfully created")
# And try to retrieve credentials
db_authentication.retrieve_credentials(request)
logger.debug("PORTAL::log_in: DoubleAuthentication credentials successfully retrieven")
# And use them to authenticate user
db_authentication.authenticate(request)
logger.info("PORTAL::log_in: User '{}' successfully double authenticated".format(authentication.credentials[0]))
except AssertionError as e:
""" If redis_portal_session does not exists or can't retrieve otp key in redis """
logger.error("PORTAL::log_in: DoubleAuthentication failure for username '{}' : {}".format(authentication.credentials[0], str(e)))
return authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="Portal cookie expired")
except (Application.DoesNotExist, ValidationError, InvalidId) as e:
""" Invalid POST 'vulture_two_factors_authentication' value """
logger.error("PORTAL::log_in: Double-authentication failure for username {} : {}".format(authentication.credentials[0], str(e)))
return HttpResponseForbidden("Intrusion attempt blocked")
except REDISWriteError as e:
""" Cannot register double-authentication in Redis : internal server error """
logger.error("PORTAL::log_in: Failed to write double-authentication results in Redis for username '{}' : {}".format(db_authentication.credentials[0], str(e)))
return HttpResponseServerError()
# If authentication failed : create double-authentication key and ask-it
except CredentialsError as e:
""" CredentialsError: no OTP credentials provided : ask-them """
logger.error("PORTAL::log_in: Double-authentication failure for username {} : {}".format(authentication.credentials[0], str(e)))
try:
db_authentication.create_authentication()
return db_authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name)
except (OTPError, REDISWriteError, RedisConnectionError) as e:
""" Error while sending/registering in Redis the OTP informations : display portal"""
logger.error("PORTAL::log_in: Failed to create/send double-authentication key : {}".format(str(e)))
db_authentication.deauthenticate_user()
logger.info("PORTAL::log_in: User '{}' successfully deauthenticated due to db-authentication error".format(authentication.credentials[0]))
return authentication.ask_credentials_response(request=request, error="<b> Error sending OTP Key </b> </br> "+str(e))
except AuthenticationError as e:
""" Bad OTP key """
logger.error("PORTAL::log_in: DoubleAuthentication failure for username {} : {}".format(authentication.credentials[0], str(e)))
try:
db_authentication.create_authentication()
db_authentication.authentication_failure()
logger.debug("PORTAL:log_in: DoubleAuthentication failure successfully registered in Redis")
return db_authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="<b> Bad OTP key </b>")
except TwoManyOTPAuthFailure as e:
logger.error("PORTAL::log_in: Two many OTP authentication failures for username'{}', redirecting to portal".format(authentication.credentials[0]))
db_authentication.deauthenticate_user()
logger.info("PORTAL::log_in: User '{}' successfully deauthenticated due to db-authentication error".format(authentication.credentials[0]))
return authentication.ask_credentials_response(request=request, error=e.args[0])
except (OTPError, REDISWriteError, RedisConnectionError) as e:
logger.error("PORTAL::log_in: Error while preparing double-authentication : {}".format(str(e)))
return db_authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="<b> Error sending OTP Key </b> </br> "+str(e))
except OTPError as e:
""" OTP Error while authenticating given token """
logger.error("PORTAL::log_in: Double-authentication failure for username {} : {}".format(authentication.credentials[0], str(e)))
return db_authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="<b> OTP Error </b> {}".format(str(e)))
except TwoManyOTPAuthFailure as e:
logger.error(
"PORTAL::log_in: Two many OTP authentication failures for username'{}', redirecting to portal".format(authentication.credentials[0]))
db_authentication.deauthenticate_user()
logger.info("PORTAL::log_in: User '{}' successfully deauthenticated due to db-authentication error".format(authentication.credentials[0]))
return authentication.ask_credentials_response(request=request, error=e.args[0])
# If we arrive here : the user is authenticated
# and double-authenticated if double-authentication needed
sso_methods = {
'form': SSOForwardPOST,
'basic': SSOForwardBASIC,
'kerberos':SSOForwardKERBEROS
}
""" If SSOForward enabled : perform-it """
if authentication.application.sso_enabled:
# Try to retrieve credentials from authentication object
try:
if not authentication.credentials[0] or not authentication.credentials[1]:
authentication.get_credentials(request)
# If we cannot retrieve them, ask credentials
if not authentication.credentials[0]:# or not authentication.credentials[1]:
return authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="Credentials not found")
logger.info("PORTAL::log_in: Credentials successfuly retrieven for SSO performing")
except Exception as e:
logger.error("PORTAL::log_in: Error while retrieving credentials for SSO : ")
logger.exception(e)
return authentication.ask_credentials_response(request=request, portal_cookie_name=portal_cookie_name, error="Credentials not found")
try:
# Instantiate SSOForward object with sso_forward type
sso_forward = sso_methods[authentication.application.sso_forward](request, authentication.application, authentication)
logger.info("PORTAL::log_in: SSOForward successfully created")
# Get credentials needed for sso forward : AutoLogon or Learning
sso_data, profiles_to_stock, url = sso_forward.retrieve_credentials(request)
logger.info("PORTAL::log_in: SSOForward credentials successfully retrieven")
# If credentials retrieven needs to be stocked
for profile_name,profile_value in profiles_to_stock.items():
sso_forward.stock_sso_field(authentication.credentials[0], profile_name, profile_value)
# Use 'sso_data' and 'url' to authenticate user on application
response = sso_forward.authenticate(sso_data, post_url=url, redis_session=authentication.redis_session)
logger.info("PORTAL::log_in: SSOForward performing success")
# Generate response depending on application.sso_forward options
final_response = sso_forward.generate_response(request, response, authentication.get_redirect_url())
logger.info("PORTAL::log_in: SSOForward response successfuly generated")
# If the user has not yet a portal cookie : give-it
if not request.COOKIES.get(portal_cookie_name, None) or not authentication.redis_base.hgetall(request.COOKIES.get(portal_cookie_name, None)):
final_response = set_portal_cookie(final_response, portal_cookie_name, portal_cookie, authentication.get_redirect_url())
return final_response
# If learning credentials cannot be retrieven : ask them
except CredentialsMissingError as e:
logger.error("PORTAL::log_in: Learning credentials missing : asking-them")
return authentication.ask_learning_credentials(request=request, portal_cookie_name=None if request.POST.get(portal_cookie_name, None) else portal_cookie_name, fields=e.fields_missing)
# If KerberosBackend object cannot be retrieven from mongo with the backend_id that the user is authenticated on
except InvalidId:
logger.error("PORTAL::log_in: The user is authenticated on a not Kerberos backend, cannot do SSOForward")
except (RequestsConnectionError,OpenSSLError) as e:
logger.error("PORTAL::log_in: ConnectionError while trying to SSO to backend : ")
logger.exception(e)
except Exception as e:
logger.error("PORTAL::log_in: Unexpected error while trying to perform SSO Forward :")
logger.exception(e)
""" If no response has been returned yet : redirect to the asked-uri/default-uri with portal_cookie """
redirection_url = authentication.get_redirect_url()
logger.info("PORTAL::log_in: Redirecting user to '{}'".format(redirection_url))
try:
kerberos_token_resp = authentication_results['data']['token_resp']
except:
kerberos_token_resp = None
return response_redirect_with_portal_cookie(redirection_url, portal_cookie_name, portal_cookie, redirection_url.startswith('https'), kerberos_token_resp)
def problem_submit(request, problem=None, submission=None):
if submission is not None and not request.user.has_perm('judge.resubmit_other') and \
get_object_or_404(Submission, id=int(submission)).user.user != request.user:
raise PermissionDenied()
profile = request.user.profile
if request.method == 'POST':
form = ProblemSubmitForm(request.POST, instance=Submission(user=profile))
if form.is_valid():
if (not request.user.has_perm('judge.spam_submission') and
Submission.objects.filter(user=profile, was_rejudged=False).exclude(
status__in=['D', 'IE', 'CE', 'AB']).count() > 2):
return HttpResponse('<h1>You submitted too many submissions.</h1>', status=503)
if not form.cleaned_data['problem'].allowed_languages.filter(
id=form.cleaned_data['language'].id).exists():
raise PermissionDenied()
if not form.cleaned_data['problem'].is_accessible_by(request.user):
user_logger.info('Naughty user %s wants to submit to %s without permission',
request.user.username, form.cleaned_data['problem'].code)
return HttpResponseForbidden('<h1>Do you want me to ban you?</h1>')
if not request.user.is_superuser and form.cleaned_data['problem'].banned_users.filter(
id=profile.id).exists():
return generic_message(request, _('Banned from submitting'),
_('You have been declared persona non grata for this problem. '
'You are permanently barred from submitting this problem.'))
with transaction.atomic():
if profile.current_contest is not None:
try:
contest_problem = form.cleaned_data['problem'].contests.get(contest=profile.current_contest.contest)
except ContestProblem.DoesNotExist:
model = form.save()
else:
max_subs = contest_problem.max_submissions
if max_subs and get_contest_submission_count(problem, profile) >= max_subs:
return generic_message(request, _('Too many submissions'),
_('You have exceeded the submission limit for this problem.'))
model = form.save()
contest = ContestSubmission(submission=model, problem=contest_problem,
participation=profile.current_contest)
contest.save()
else:
model = form.save()
# Create the SubmissionSource object
source = SubmissionSource(submission=model, source=form.cleaned_data['source'])
source.save()
profile.update_contest()
# Save a query
model.source = source
model.judge(rejudge=False)
return HttpResponseRedirect(reverse('submission_status', args=[str(model.id)]))
else:
form_data = form.cleaned_data
if submission is not None:
sub = get_object_or_404(Submission, id=int(submission))
else:
initial = {'language': profile.language}
if problem is not None:
initial['problem'] = get_object_or_404(Problem, code=problem)
problem_object = initial['problem']
if not problem_object.is_accessible_by(request.user):
raise Http404()
if submission is not None:
try:
sub = get_object_or_404(Submission.objects.select_related('source', 'language'), id=int(submission))
initial['source'] = sub.source.source
initial['language'] = sub.language
except ValueError:
raise Http404()
form = ProblemSubmitForm(initial=initial)
form_data = initial
if 'problem' in form_data:
form.fields['language'].queryset = (form_data['problem'].usable_languages.order_by('name', 'key')
.prefetch_related(Prefetch('runtimeversion_set', RuntimeVersion.objects.order_by('priority'))))
problem_object = form_data['problem']
if 'language' in form_data:
form.fields['source'].widget.mode = form_data['language'].ace
form.fields['source'].widget.theme = profile.ace_theme
if submission is not None:
default_lang = sub.language
else:
default_lang = request.user.profile.language
submission_limit = submissions_left = None
if profile.current_contest is not None:
try:
submission_limit = problem_object.contests.get(contest=profile.current_contest.contest).max_submissions
except ContestProblem.DoesNotExist:
pass
else:
if submission_limit:
submissions_left = submission_limit - get_contest_submission_count(problem, profile)
return render(request, 'problem/submit.html', {
'form': form,
'title': _('Submit to %(problem)s') % {
'problem': problem_object.translated_name(request.LANGUAGE_CODE),
},
'content_title': mark_safe(escape(_('Submit to %(problem)s')) % {
'problem': format_html('<a href="{0}">{1}</a>',
reverse('problem_detail', args=[problem_object.code]),
problem_object.translated_name(request.LANGUAGE_CODE))
}),
'langs': Language.objects.all(),
'no_judges': not form.fields['language'].queryset,
'submission_limit': submission_limit,
'submissions_left': submissions_left,
'ACE_URL': ACE_URL,
'default_lang': default_lang,
})
def wrapper(request):
"""Wrapper"""
if _verify(request.POST):
return function(request)
else:
return HttpResponseForbidden()
def colleurDonnees(request):
"""renvoie les colles des classes de l'utilisateur connecté au format json"""
user = request.user
if not checkcolleur(user):
return HttpResponseForbidden("not authenticated")
classes = user.colleur.classes.all()
colleurclasses = Colleur.objects.listeColleurClasse(user.colleur)
colleurmatieres = Colleur.objects.listeColleurMatiere(user.colleur)
creneaux = list(
Creneau.objects.filter(classe__in=classes).annotate(
nb=Count('colle')).filter(nb__gt=0).values_list(
'pk', 'classe__pk', 'jour', 'heure', 'salle'))
semaines = list(Semaine.objects.values_list('pk', 'numero', 'lundi'))
colles = Colle.objects.filter(creneau__classe__in=classes).values_list(
'pk', 'creneau', 'semaine', 'groupe', 'matiere', 'colleur', 'eleve')
colles = [[
pk, creneau, semaine, groupe or 0, matiere, colleur, eleve or 0
] for pk, creneau, semaine, groupe, matiere, colleur, eleve in colles]
groupes = list(
Groupe.objects.filter(classe__in=classes).values_list(
'pk', 'nom', 'classe__pk'))
matieres = list(
Matiere.objects.filter(
matieresclasse__in=classes).distinct().values_list(
'pk', 'nom', 'couleur', 'lv'))
eleves = []
for classe in classes:
eleves_classe = [[
eleve[0].pk, eleve[0].user.first_name.title() + " " +
eleve[0].user.last_name.upper(), eleve[1],
0 if not eleve[0].groupe else eleve[0].groupe.pk,
0 if not eleve[0].lv1 else eleve[0].lv1.pk,
0 if not eleve[0].lv2 else eleve[0].lv2.pk, classe.pk, order
] for order, eleve in enumerate(classe.loginsEleves())]
eleves.extend(eleves_classe)
colleurs = [[
colleur[0].pk, colleur[0].user.first_name.title() + " " +
colleur[0].user.last_name.upper(), colleur[1], order
] for order, colleur in enumerate(
classe.loginsColleurs(colleur=user.colleur))]
pp = Classe.objects.filter(profprincipal=user.colleur)
profs = Prof.objects.filter(
classe__in=user.colleur.classes.all(),
matiere__in=user.colleur.matieres.all()).values_list(
'colleur__pk', 'classe__pk', 'matiere__pk')
profspp = Prof.objects.filter(classe__in=pp).values_list(
'colleur__pk', 'classe__pk', 'matiere__pk')
return HttpResponse(
json.dumps(
{
'colleurmatieres':
colleurmatieres,
'colleurclasses':
colleurclasses,
'classes':
list(classes.values_list('id', 'nom')),
'pp':
list(pp.values_list('id')),
'profs':
list(profs | profspp),
'notes':
Note.objects.listeNotesApp(user.colleur),
'programmes':
list(
Programme.objects.filter(
classe__in=user.colleur.classes.all()).
order_by('-semaine__lundi').values_list(
'matiere__pk', 'classe__pk', 'semaine__numero',
'semaine__lundi', 'titre', 'detail', 'fichier')),
'creneaux':
creneaux,
'semaines':
semaines,
'colles':
colles,
'groupes':
groupes,
'matieres':
matieres,
'eleves':
eleves,
'colleurs':
colleurs
},
default=date_serial))
def post(self, request, project_id):
if 'add-new' in request.POST:
project = Event()
else:
project = Event.objects.get(pk=project_id)
if 'add-new' in request.POST:
project.name = request.POST['name']
project.save()
project.admins.add(request.user)
if 'group-id' in request.POST:
UserGroup.objects.get(pk=request.POST['group-id'])\
.projects.add(project)
CreationActivity().set_target(
'project', project.pk, project.name,
reverse('project:project_details',
args=[project.pk])).log_for(request.user,
event=project)
return redirect('project:project_details', project.pk)
elif "save" in request.POST or 'save-and-proceed' in request.POST:
if request.user not in project.get_admins():
return HttpResponseForbidden()
project.name = request.POST["project-name"]
project.description = request.POST["project-description"]
if request.POST.get('project-start-date') != '':
project.start_date = request.POST["project-start-date"]
else:
project.start_date = None
if request.POST.get('project-end-date') != '':
project.end_date = request.POST["project-end-date"]
else:
project.end_date = None
if project.is_acaps():
if request.POST.get('project-status') != '':
project.status = int(request.POST['project-status'])
if request.POST.get('disaster-type') != '':
project.disaster_type = \
DisasterType.objects.get(
pk=int(request.POST['disaster-type']))
else:
project.disaster_type = None
if request.POST.get('glide-number') != '':
project.glide_number = request.POST['glide-number']
else:
project.glide_number = None
if request.POST.get('spillover') != '':
project.spill_over = \
Event.objects.get(pk=int(request.POST['spillover']))
else:
project.spill_over = None
project.save()
if project.admins.count() == 0:
project.admins.add(request.user)
EditionActivity().set_target(
'project', project.pk, project.name,
reverse('project:project_details',
args=[project.pk])).log_for(request.user,
event=project)
project.admins.clear()
if request.POST.get("admins"):
for admin in request.POST.getlist("admins"):
project.admins.add(User.objects.get(pk=int(admin)))
project.members.clear()
if request.POST.get("members"):
for member in request.POST.getlist("members"):
project.members.add(User.objects.get(pk=int(member)))
project.countries.clear()
if request.POST.get("countries"):
for country in request.POST.getlist("countries"):
project.countries.add(Country.objects.get(pk=country))
prev_groups = project.usergroup_set.all()
for ug in prev_groups:
ug.projects.remove(project)
new_groups = []
if request.POST.get("user-groups"):
for pk in request.POST.getlist("user-groups"):
usergroup = UserGroup.objects.get(pk=pk)
usergroup.projects.add(project)
new_groups.append(usergroup)
if usergroup not in prev_groups:
AdditionActivity().set_target(
'project', project.pk, project.name,
reverse('project:project_details',
args=[project.pk
])).log_for(request.user,
event=project,
group=usergroup)
for ug in prev_groups:
if ug not in new_groups:
RemovalActivity().set_target(
'project', project.pk, project.name,
reverse('project:project_details',
args=[project.pk])).log_for(request.user,
event=project,
group=ug)
Country.objects.filter(event=None)\
.exclude(reference_country=None).delete()
if 'save-and-proceed' in request.POST:
return redirect('project:geo_area', project.pk)
else:
return redirect('project:project_details', project.pk)
elif "delete" in request.POST:
activity = DeletionActivity().set_target('project', project.pk,
project.name)
project.delete()
activity.log_for(request.user)
Country.objects.filter(event=None)\
.exclude(reference_country=None).delete()
EntryTemplate.objects.filter(usergroup=None, event=None).delete()
return redirect('user_profile', request.user.pk)
