Пример #1
0
def decode(secret_key, urlsafe_string, timeout):
    """
    Decode the url safe string and validate with secret key and timeout
    Return tuple of email address and true if it is validate
    """
    now = time.time()
    if not hasattr(urlsafe_string, 'translate'):
        # IE8 passes the key twice in the request
        if hasattr(urlsafe_string[0], 'translate'):
            urlsafe_string = urlsafe_string[0]
    try:
        # What is the minimum we should try?
        ticket = base64.urlsafe_b64decode(urlsafe_string)
        (digest, email, tokens, user_data, timestamp) = tktauth.splitTicket(
            ticket)
        is_validate = tktauth.validateTicket(secret_key, ticket,
                                             timeout=timeout, now=now)
    except (ValueError, TypeError) as e:
        # Log what went wrong.
        email = None
        is_validate = None
    return email, is_validate is not None
Пример #2
0
 def check_allowed(self):
     # check if content is protected
     if getattr(self.context, 'downloadable', False):
         # open for download
         return True
     # check if current user has general download permission
     #    this permission overrides the downloadable flag on the context
     if checkPermission('org.bccvl.DownloadDataset', self.context):
         return True
     # check if current user ticket has required token
     # TODO: maybe use local roles? http://docs.plone.org/develop/plone/security/dynamic_roles.html
     # assumes, that the cookie name is __ac and that it has already been
     # verified by PAS
     ticket = binascii.a2b_base64(self.request.get('__ac', '')).strip()
     try:
         (digest, userid, tokens, user_data, timestamp) = splitTicket(ticket)
         if 'org.bccvl.DownloadDataset' in tokens:
             return True
     except ValueError:
         # ignore token parse errors
         pass
     # nothing allows acces, so we deny it
     return False
Пример #3
0
 def check_allowed(self):
     # check if content is protected
     if getattr(self.context, 'downloadable', False):
         # open for download
         return True
     # check if current user has general download permission
     #    this permission overrides the downloadable flag on the context
     if checkPermission('org.bccvl.DownloadDataset', self.context):
         return True
     # check if current user ticket has required token
     # TODO: maybe use local roles? http://docs.plone.org/develop/plone/security/dynamic_roles.html
     # assumes, that the cookie name is __ac and that it has already been
     # verified by PAS
     ticket = binascii.a2b_base64(self.request.get('__ac', '')).strip()
     try:
         (digest, userid, tokens, user_data, timestamp) = splitTicket(ticket)
         if 'org.bccvl.DownloadDataset' in tokens:
             return True
     except ValueError:
         # ignore token parse errors
         pass
     # nothing allows acces, so we deny it
     return False