def decode(secret_key, urlsafe_string, timeout):
"""
Decode the url safe string and validate with secret key and timeout
Return tuple of email address and true if it is validate
"""
now = time.time()
if not hasattr(urlsafe_string, 'translate'):
# IE8 passes the key twice in the request
if hasattr(urlsafe_string[0], 'translate'):
urlsafe_string = urlsafe_string[0]
try:
# What is the minimum we should try?
ticket = base64.urlsafe_b64decode(urlsafe_string)
(digest, email, tokens, user_data, timestamp) = tktauth.splitTicket(
ticket)
is_validate = tktauth.validateTicket(secret_key, ticket,
timeout=timeout, now=now)
except (ValueError, TypeError) as e:
# Log what went wrong.
email = None
is_validate = None
return email, is_validate is not None
def check_allowed(self):
# check if content is protected
if getattr(self.context, 'downloadable', False):
# open for download
return True
# check if current user has general download permission
# this permission overrides the downloadable flag on the context
if checkPermission('org.bccvl.DownloadDataset', self.context):
return True
# check if current user ticket has required token
# TODO: maybe use local roles? http://docs.plone.org/develop/plone/security/dynamic_roles.html
# assumes, that the cookie name is __ac and that it has already been
# verified by PAS
ticket = binascii.a2b_base64(self.request.get('__ac', '')).strip()
try:
(digest, userid, tokens, user_data, timestamp) = splitTicket(ticket)
if 'org.bccvl.DownloadDataset' in tokens:
return True
except ValueError:
# ignore token parse errors
pass
# nothing allows acces, so we deny it
return False
def check_allowed(self):
# check if content is protected
if getattr(self.context, 'downloadable', False):
# open for download
return True
# check if current user has general download permission
# this permission overrides the downloadable flag on the context
if checkPermission('org.bccvl.DownloadDataset', self.context):
return True
# check if current user ticket has required token
# TODO: maybe use local roles? http://docs.plone.org/develop/plone/security/dynamic_roles.html
# assumes, that the cookie name is __ac and that it has already been
# verified by PAS
ticket = binascii.a2b_base64(self.request.get('__ac', '')).strip()
try:
(digest, userid, tokens, user_data, timestamp) = splitTicket(ticket)
if 'org.bccvl.DownloadDataset' in tokens:
return True
except ValueError:
# ignore token parse errors
pass
# nothing allows acces, so we deny it
return False