def get(self):
logging.debug('self.request=' + str(self.request))
templateValues = {
# Pass configuration data from server to client.
'minLengthRequest': conf.minLengthRequest,
'minLengthProposal': conf.minLengthProposal,
'minLengthReason': conf.minLengthReason,
'TOO_SHORT': conf.TOO_SHORT,
'REASON_TOO_SHORT': conf.REASON_TOO_SHORT,
'NO_COOKIE': conf.NO_COOKIE,
'NO_LOGIN': conf.NO_LOGIN,
'BAD_CRUMB': conf.BAD_CRUMB,
'BAD_LINK': conf.BAD_LINK,
'NOT_OWNER': conf.NOT_OWNER,
'HAS_RESPONSES': conf.HAS_RESPONSES,
'STOP_WORDS': json.dumps({w: True
for w in conf.STOP_WORDS}),
'VOTER_ID_LOGIN_SIG_LENGTH': conf.VOTER_ID_LOGIN_SIG_LENGTH,
'VOTER_ID_LOGIN_REQUEST_ID_LENGTH':
conf.VOTER_ID_LOGIN_REQUEST_ID_LENGTH,
'loginApplicationId': secrets.loginApplicationId,
'LOGIN_URL': conf.LOGIN_URL_DEV if conf.isDev else conf.LOGIN_URL,
'IS_DEV': 'true' if conf.isDev else 'false',
}
# Dont set cookie at this time, because javascript-browser-fingerprint not available to sign cookie
httpServer.outputTemplate('main.html', templateValues, self.response)
def post(self):
logging.debug( 'LoginReturn.post() request.body=' + self.request.body )
# Collect inputs
requestLogId = os.environ.get( conf.REQUEST_LOG_ID )
responseData = { 'success':False, 'requestLogId':requestLogId }
inputData = urlparse.parse_qs( self.request.body )
logging.debug( 'LoginReturn.post() inputData=' + str(inputData) )
requestId = inputData['requestId'][0]
responseSignature = inputData['responseSignature'][0]
voterId = inputData['voterId'][0]
city = inputData['city'][0]
# Check that browser-id exists
# Cannot check browser crumb/fingerprint, because they do not exist in the referring page
# Send fingerprint via ajax before auto-closing tab
cookieData = httpServer.validate( self.request, inputData, responseData, self.response, crumbRequired=False, signatureRequired=False )
if not cookieData.browserId: return
browserId = cookieData.browserId
# Check responseSignature
expectedResponseSignature = user.signLoginResult( requestId, voterId, city )
logging.debug( 'LoginReturn.post() expectedResponseSignature=' + str(expectedResponseSignature) )
if (responseSignature != expectedResponseSignature): return httpServer.outputJson( cookieData, responseData, self.response, errorMessage='responseSignature does not match expected' )
# Check stored browserId -> loginRequestId , check timeout, then delete record
browserRecord = browser.BrowserRecord.get_by_id( browserId )
logging.debug( 'LoginReturn.post() browserRecord=' + str(browserRecord) )
now = int( time.time() )
if not browserRecord: return httpServer.outputJson( cookieData, responseData, self.response, errorMessage='login browserRecord=null' )
if browserRecord.voterLoginRequestId != requestId: return httpServer.outputJson( cookieData, responseData, self.response, errorMessage='login requestId does not match expected' )
if browserRecord.loginRequestTime + conf.VOTER_ID_TIMEOUT_SEC < now: return httpServer.outputJson( cookieData, responseData, self.response, errorMessage='login past timeout' )
browserRecordKey = ndb.Key( browser.BrowserRecord, browserId )
browserRecordKey.delete()
# Send login-id to browser now, with response-page cookie, instead of server storing a mapping
# To set crumbForLogin into original page's javascript variable, have to use separate getLoginCrumb call
# Add voter-id to persistent cookie
appVoterId = user.voterIdToApp( voterId )
cookieData.dataNew[ conf.COOKIE_FIELD_VOTER_ID ] = appVoterId
cookieData.dataNew[ conf.COOKIE_FIELD_VOTER_CITY ] = city
# Send page that closes tab
responseData.update( {
'SITE_NAME': conf.SITE_NAME ,
'crumb': user.createCrumb( browserId ) ,
'city': city
} )
httpServer.outputTemplate( 'loginReturn.html', responseData, self.response, cookieData=cookieData )
def get(self):
templateValues = {
# Pass configuration data from server to client.
'minLengthSurveyIntro': conf.minLengthSurveyIntro,
'minLengthQuestion': conf.minLengthQuestion,
'minLengthAnswer': conf.minLengthAnswer,
'TOO_SHORT': conf.TOO_SHORT,
'NO_COOKIE': conf.NO_COOKIE,
'NO_LOGIN': conf.NO_LOGIN,
'BAD_CRUMB': conf.BAD_CRUMB,
'BAD_LINK': conf.BAD_LINK,
'NOT_OWNER': conf.NOT_OWNER,
'HAS_RESPONSES': conf.HAS_RESPONSES,
'ERROR_DUPLICATE': conf.ERROR_DUPLICATE,
'STOP_WORDS': json.dumps({w: True
for w in conf.STOP_WORDS}),
'loginApplicationId': secrets.loginApplicationId,
'LOGIN_URL': getattr(conf, 'LOGIN_URL_DEV', conf.LOGIN_URL),
'IS_DEV': 'true' if conf.isDev else 'false',
}
httpServer.outputTemplate('autocomplete/main.html', templateValues,
self.response)
def get(self):
templateValues = {}
httpServer.outputTemplate('siteList.html', templateValues,
self.response)