def verify(request):
form = BrowserIDForm(data=request.POST)
if form.is_valid():
url = settings.BROWSERID_VERIFICATION_URL
audience = get_audience(request)
extra_params = {'experimental_forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER,
'experimental_allowUnverified': 'true'}
assertion = form.cleaned_data['assertion']
log.info('verifying Persona assertion. url: %s, audience: %s, '
'extra_params: %s, assertion: %s' % (url, audience,
extra_params, assertion))
result = verify_assertion(assertion, audience, extra_params)
if result:
log.info('Persona assertion ok: %s' % result)
email = result.get('unverified-email', result.get('email'))
user_hash = set_user(request, email)
redirect_url = check_pin_status(request)
return {
'needs_redirect': redirect_url is not None,
'redirect_url': redirect_url,
'user_hash': user_hash
}
log.error('Persona assertion failed.')
request.session.flush()
return http.HttpResponseBadRequest()
def verify(request):
form = BrowserIDForm(data=request.POST)
if form.is_valid():
url = settings.BROWSERID_VERIFICATION_URL
audience = get_audience(request)
extra_params = {
'experimental_forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER,
'experimental_allowUnverified': 'true'
}
assertion = form.cleaned_data['assertion']
log.info('verifying Persona assertion. url: %s, audience: %s, '
'extra_params: %s, assertion: %s' %
(url, audience, extra_params, assertion))
result = verify_assertion(assertion, audience, extra_params)
if result:
log.info('Persona assertion ok: %s' % result)
email = result.get('unverified-email', result.get('email'))
store_mkt_permissions(request, email, assertion, audience)
user_uuid = set_user(request, email)
redirect_url = check_pin_status(request)
return {
'needs_redirect': redirect_url is not None,
'redirect_url': redirect_url,
'user_hash': user_uuid
}
log.error('Persona assertion failed.')
request.session.flush()
return http.HttpResponseBadRequest()
def lobby(request):
sess = request.session
trans = None
if request.GET.get('req'):
# If it returns a response there was likely
# an error and we should return it.
res = process_pay_req(request)
if isinstance(res, http.HttpResponse):
return res
elif settings.TEST_PIN_UI:
# This won't get you very far but it lets you create/enter PINs
# and stops a traceback after that.
request.session['trans_id'] = trans_id()
elif not sess.get('is_simulation', False):
try:
trans = solitude.get_transaction(request.session.get('trans_id'))
except ObjectDoesNotExist:
if request.session.get('trans_id'):
log.info('Attempted to restart non-existent transaction {0}'
.format(request.session.get('trans_id')))
return _error(request, msg='req is required')
pin_form = VerifyPinForm()
if sess.get('uuid'):
auth_utils.update_session(request, sess.get('uuid'))
# Before we continue with the buy flow, let's save some
# time and get the transaction configured via Bango in the
# background.
log.info('configuring transaction {0} from lobby'
.format(request.session.get('trans_id')))
tasks.configure_transaction(request, trans=trans)
redirect_url = check_pin_status(request)
if redirect_url is not None:
return http.HttpResponseRedirect(redirect_url)
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get('uuid_needs_pin_reset'):
solitude.set_needs_pin_reset(sess['uuid'], False)
sess['uuid_needs_pin_reset'] = False
if sess.get('is_simulation', False):
sim_req = sess['notes']['pay_request']['request']['simulate']
log.info('Starting simulate %s for %s'
% (sim_req, sess['notes']['issuer_key']))
return render(request, 'pay/simulate.html', {
'simulate': sim_req
})
return render(request, 'pay/lobby.html', {
'action': reverse('pin.verify'),
'form': pin_form,
'title': _('Enter Pin')
})
def lobby(request):
sess = request.session
trans = None
if request.GET.get('req'):
# If it returns a response there was likely
# an error and we should return it.
res = process_pay_req(request)
if isinstance(res, http.HttpResponse):
return res
elif settings.TEST_PIN_UI:
# This won't get you very far but it lets you create/enter PINs
# and stops a traceback after that.
sess['trans_id'] = trans_id()
elif not sess.get('is_simulation', False):
try:
trans = solitude.get_transaction(sess.get('trans_id'))
except ObjectDoesNotExist:
if sess.get('trans_id'):
log.info(
'Attempted to restart non-existent transaction {0}'.format(
sess.get('trans_id')))
return _error(request, msg='req is required')
pin_form = VerifyPinForm()
if sess.get('uuid'):
auth_utils.update_session(request, sess.get('uuid'), False)
# Before we continue with the buy flow, let's save some
# time and get the transaction configured via Bango in the
# background.
log.info('configuring transaction {0} from lobby'.format(
sess.get('trans_id')))
tasks.configure_transaction(request, trans=trans)
redirect_url = check_pin_status(request)
if redirect_url is not None:
return http.HttpResponseRedirect('{0}?next={1}'.format(
reverse('pay.bounce'), redirect_url))
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get('uuid_needs_pin_reset'):
solitude.set_needs_pin_reset(sess['uuid'], False)
sess['uuid_needs_pin_reset'] = False
if sess.get('is_simulation', False):
sim_req = sess['notes']['pay_request']['request']['simulate']
log.info('Starting simulate %s for %s' %
(sim_req, sess['notes']['issuer_key']))
return render(request, 'pay/simulate.html', {'simulate': sim_req})
return render(request, 'pay/lobby.html', {
'action': reverse('pin.verify'),
'form': pin_form,
'title': _('Enter Pin')
})
def lobby(request):
sess = request.session
have_jwt = bool(request.GET.get('req'))
log.info('starting from JWT? {have_jwt}'.format(have_jwt=have_jwt))
if have_jwt:
# If it returns a response there was likely
# an error and we should return it.
res = process_pay_req(request)
if isinstance(res, http.HttpResponse):
return res
elif settings.TEST_PIN_UI:
# This won't get you very far but it lets you create/enter PINs
# and stops a traceback after that.
sess['trans_id'] = trans_id()
pin_form = VerifyPinForm()
if sess.get('uuid'):
auth_utils.update_session(request,
sess.get('uuid'),
False,
request.session.get('logged_in_user', None))
redirect_url = check_pin_status(request)
if redirect_url is not None:
return http.HttpResponseRedirect(
'{0}?next={1}'.format(reverse('pay.bounce'), redirect_url)
)
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get('uuid_needs_pin_reset'):
try:
solitude.set_needs_pin_reset(sess['uuid'], False)
except ResourceModified:
return system_error(request, code=msg.RESOURCE_MODIFIED)
sess['uuid_needs_pin_reset'] = False
if sess.get('is_simulation', False):
sim_req = sess['notes']['pay_request']['request']['simulate']
log.info('Starting simulate %s for %s'
% (sim_req, sess['notes']['issuer_key']))
return render(request, 'pay/simulate.html', {
'simulate': sim_req
})
return render(request, 'pay/lobby.html', {
'action': reverse('pin.verify'),
'form': pin_form,
'title': _('Enter Pin'),
'track_cancel': {
'action': 'pin cancel',
'label': 'Pin Entry Page',
},
})
def lobby(request):
sess = request.session
have_jwt = bool(request.GET.get('req'))
log.info('starting from JWT? {have_jwt}'.format(have_jwt=have_jwt))
if have_jwt:
# If it returns a response there was likely
# an error and we should return it.
res = process_pay_req(request)
if isinstance(res, http.HttpResponse):
return res
elif settings.TEST_PIN_UI:
# This won't get you very far but it lets you create/enter PINs
# and stops a traceback after that.
sess['trans_id'] = trans_id()
pin_form = VerifyPinForm()
if sess.get('uuid'):
auth_utils.update_session(request, sess.get('uuid'), False)
redirect_url = check_pin_status(request)
if redirect_url is not None:
return http.HttpResponseRedirect('{0}?next={1}'.format(
reverse('pay.bounce'), redirect_url))
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get('uuid_needs_pin_reset'):
try:
solitude.set_needs_pin_reset(sess['uuid'], False)
except ResourceModified:
return system_error(request, code=msg.RESOURCE_MODIFIED)
sess['uuid_needs_pin_reset'] = False
if sess.get('is_simulation', False):
sim_req = sess['notes']['pay_request']['request']['simulate']
log.info('Starting simulate %s for %s' %
(sim_req, sess['notes']['issuer_key']))
return render(request, 'pay/simulate.html', {'simulate': sim_req})
return render(
request, 'pay/lobby.html', {
'action': reverse('pin.verify'),
'form': pin_form,
'title': _('Enter Pin'),
'track_cancel': {
'action': 'pin cancel',
'label': 'Pin Entry Page',
},
})
def lobby(request):
sess = request.session
have_jwt = bool(request.GET.get("req"))
log.info("starting from JWT? {have_jwt}".format(have_jwt=have_jwt))
if have_jwt:
# If it returns a response there was likely
# an error and we should return it.
res = process_pay_req(request)
if isinstance(res, http.HttpResponse):
return res
elif settings.TEST_PIN_UI:
# This won't get you very far but it lets you create/enter PINs
# and stops a traceback after that.
sess["trans_id"] = trans_id()
pin_form = VerifyPinForm()
if sess.get("uuid"):
auth_utils.update_session(request, sess.get("uuid"), False)
redirect_url = check_pin_status(request)
if redirect_url is not None:
return http.HttpResponseRedirect("{0}?next={1}".format(reverse("pay.bounce"), redirect_url))
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get("uuid_needs_pin_reset"):
try:
solitude.set_needs_pin_reset(sess["uuid"], False)
except ResourceModified:
return system_error(request, code=msg.RESOURCE_MODIFIED)
sess["uuid_needs_pin_reset"] = False
if sess.get("is_simulation", False):
sim_req = sess["notes"]["pay_request"]["request"]["simulate"]
log.info("Starting simulate %s for %s" % (sim_req, sess["notes"]["issuer_key"]))
return render(request, "pay/simulate.html", {"simulate": sim_req})
return render(
request,
"pay/lobby.html",
{
"action": reverse("pin.verify"),
"form": pin_form,
"title": _("Enter Pin"),
"track_cancel": {"action": "pin cancel", "label": "Pin Entry Page"},
},
)
def lobby(request):
if request.GET.get('req'):
# If it returns a response there was likely
# an error and we should return it.
res = process_pay_req(request)
if isinstance(res, http.HttpResponse):
return res
elif settings.TEST_PIN_UI:
# This won't get you very far but it lets you create/enter PINs
# and stops a traceback after that.
request.session['trans_id'] = uuid.uuid4()
elif not 'notes' in request.session:
# A JWT was not passed in and no JWT is in the session.
return _error(request, msg='req is required')
pin_form = VerifyPinForm()
sess = request.session
if sess.get('uuid'):
auth_utils.update_session(request, sess.get('uuid'))
redirect_url = check_pin_status(request)
if redirect_url is not None:
return http.HttpResponseRedirect(redirect_url)
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get('uuid_needs_pin_reset'):
solitude.set_needs_pin_reset(sess['uuid'], False)
sess['uuid_needs_pin_reset'] = False
if sess.get('is_simulation', False):
sim_req = sess['notes']['pay_request']['request']['simulate']
log.info('Starting simulate %s for %s' %
(sim_req, sess['notes']['issuer_key']))
return render(request, 'pay/simulate.html', {'simulate': sim_req})
return render(request, 'pay/lobby.html', {
'action': reverse('pin.verify'),
'form': pin_form,
'title': _('Enter Pin')
})
def verify(request):
audience = get_audience(request)
assertion = request.POST.get('assertion')
email = native_fxa_authenticate(audience, assertion)
if email:
store_mkt_permissions(request, email, assertion, audience)
user_uuid = set_user(request, email)
redirect_url = check_pin_status(request)
return {
'needs_redirect': redirect_url is not None,
'redirect_url': redirect_url,
'user_hash': user_uuid
}
else:
log.error('Native FxA assertion failed.')
request.session.flush()
return http.HttpResponseBadRequest()
def verify(request):
form = BrowserIDForm(data=request.POST)
if form.is_valid():
url = settings.BROWSERID_VERIFICATION_URL
audience = get_audience(request)
extra_params = {
'experimental_forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER,
'experimental_allowUnverified': 'true'
}
assertion = form.cleaned_data['assertion']
log.info('verifying Persona assertion. url: %s, audience: %s, '
'extra_params: %s, assertion: %s' % (url, audience,
extra_params, assertion))
result = verify_assertion(assertion, audience, extra_params)
if result:
log.info('Persona assertion ok: %s' % result)
email = result.get('unverified-email', result.get('email'))
store_mkt_permissions(request, email, assertion, audience)
user_uuid = set_user(request, email)
redirect_url = check_pin_status(request)
# Before we verify the user's PIN let's save some
# time and get the transaction configured via Bango in the
# background.
log.info('configuring transaction {0} from auth'
.format(request.session.get('trans_id')))
if not pay_tasks.configure_transaction(request):
log.error('Configuring transaction failed.')
return {
'needs_redirect': redirect_url is not None,
'redirect_url': redirect_url,
'user_hash': user_uuid
}
log.error('Persona assertion failed.')
request.session.flush()
return http.HttpResponseBadRequest()
def verify(request):
form = BrowserIDForm(data=request.POST)
if form.is_valid():
url = settings.BROWSERID_VERIFICATION_URL
audience = get_audience(request)
extra_params = {
'experimental_forceIssuer': settings.BROWSERID_UNVERIFIED_ISSUER,
'experimental_allowUnverified': 'true'
}
assertion = form.cleaned_data['assertion']
log.info('verifying Persona assertion. url: %s, audience: %s, '
'extra_params: %s, assertion: %s' %
(url, audience, extra_params, assertion))
result = verify_assertion(assertion, audience, extra_params)
if result:
log.info('Persona assertion ok: %s' % result)
email = result.get('unverified-email', result.get('email'))
store_mkt_permissions(request, email, assertion, audience)
user_uuid = set_user(request, email)
redirect_url = check_pin_status(request)
# Before we verify the user's PIN let's save some
# time and get the transaction configured via Bango in the
# background.
log.info('configuring transaction {0} from auth'.format(
request.session.get('trans_id')))
pay_tasks.configure_transaction(request)
return {
'needs_redirect': redirect_url is not None,
'redirect_url': redirect_url,
'user_hash': user_uuid
}
log.error('Persona assertion failed.')
request.session.flush()
return http.HttpResponseBadRequest()
def verify(request):
form = BrowserIDForm(data=request.POST)
if form.is_valid():
url = settings.BROWSERID_VERIFICATION_URL
audience = get_audience(request)
extra_params = {
"experimental_forceIssuer": settings.BROWSERID_UNVERIFIED_ISSUER,
"experimental_allowUnverified": "true",
}
assertion = form.cleaned_data["assertion"]
log.info(
"verifying Persona assertion. url: %s, audience: %s, "
"extra_params: %s, assertion: %s" % (url, audience, extra_params, assertion)
)
result = verify_assertion(assertion, audience, extra_params)
if result:
log.info("Persona assertion ok: %s" % result)
email = result.get("unverified-email", result.get("email"))
store_mkt_permissions(request, email, assertion, audience)
user_uuid = set_user(request, email)
redirect_url = check_pin_status(request)
# Before we verify the user's PIN let's save some
# time and get the transaction configured via Bango in the
# background.
log.info("configuring transaction {0} from auth".format(request.session.get("trans_id")))
if not pay_tasks.configure_transaction(request):
log.error("Configuring transaction failed.")
return {"needs_redirect": redirect_url is not None, "redirect_url": redirect_url, "user_hash": user_uuid}
log.error("Persona assertion failed.")
request.session.flush()
return http.HttpResponseBadRequest()
def test_pin_is_locked(self):
self.request.session['uuid_pin_is_locked'] = True
eq_(utils.check_pin_status(self.request), reverse('pin.is_locked'))
def test_check_pin_status_is_confirmed(self, change_pin):
self.request.session["uuid_has_pin"] = True
self.request.session["uuid_has_confirmed_pin"] = True
eq_(utils.check_pin_status(self.request), None)
assert not change_pin.called
def test_check_pin_status_not_confirmed(self, change_pin):
self.request.session["uuid_has_pin"] = True
self.request.session["uuid_has_confirmed_pin"] = False
eq_(utils.check_pin_status(self.request), reverse("pin.create"))
assert change_pin.called
assert not self.request.session["uuid_has_pin"]
def test_pin_entered_after_timeout(self):
self.request.session["last_pin_success"] = datetime.now() - timedelta(seconds=settings.PIN_UNLOCK_LENGTH + 60)
eq_(utils.check_pin_status(self.request), None)
def test_locked_out_but_pin_recently_entered_successfully(self):
self.request.session["last_pin_success"] = datetime.now()
self.request.session["uuid_pin_is_locked"] = True
eq_(utils.check_pin_status(self.request), reverse("pin.is_locked"))
def test_pin_recently_entered_successfully(self):
self.request.session["last_pin_success"] = datetime.now()
eq_(utils.check_pin_status(self.request), get_wait_url(mock.Mock(session={})))
def test_pin_was_locked(self):
self.request.session["uuid_pin_was_locked"] = True
eq_(utils.check_pin_status(self.request), reverse("pin.was_locked"))
def test_pin_recently_entered_successfully(self):
self.request.session['last_pin_success'] = datetime.now()
eq_(utils.check_pin_status(self.request), get_payment_url())
def test_pin_recently_entered_successfully(self):
self.request.session['last_pin_success'] = datetime.now()
eq_(utils.check_pin_status(self.request),
get_wait_url(mock.Mock(session={})))
.format(tx=sess.get('trans_id')))
pin_form = VerifyPinForm()
if sess.get('uuid'):
auth_utils.update_session(request, sess.get('uuid'), False)
# Before we continue with the buy flow, let's save some
# time and get the transaction configured via Bango in the
# background.
log.info('configuring transaction {0} from lobby'
.format(sess.get('trans_id')))
if not tasks.configure_transaction(request, trans=trans):
log.error('Configuring transaction failed.')
redirect_url = check_pin_status(request)
if redirect_url is not None:
return http.HttpResponseRedirect(
'{0}?next={1}'.format(reverse('pay.bounce'), redirect_url)
)
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get('uuid_needs_pin_reset'):
try:
solitude.set_needs_pin_reset(sess['uuid'], False)
except ResourceModified:
return system_error(request, code=msg.RESOURCE_MODIFIED)
sess['uuid_needs_pin_reset'] = False
def test_locked_out_but_pin_recently_entered_successfully(self):
self.request.session['last_pin_success'] = datetime.now()
self.request.session['uuid_pin_is_locked'] = True
eq_(utils.check_pin_status(self.request), reverse('pin.is_locked'))
def test_pin_entered_after_timeout(self):
self.request.session['last_pin_success'] = (
datetime.now() - timedelta(seconds=settings.PIN_UNLOCK_LENGTH + 60)
)
eq_(utils.check_pin_status(self.request), None)
def test_check_pin_status_is_confirmed(self, change_pin):
self.request.session['uuid_has_pin'] = True
self.request.session['uuid_has_confirmed_pin'] = True
eq_(utils.check_pin_status(self.request), None)
assert not change_pin.called
def test_check_pin_status_not_confirmed(self, change_pin):
self.request.session['uuid_has_pin'] = True
self.request.session['uuid_has_confirmed_pin'] = False
eq_(utils.check_pin_status(self.request), reverse('pin.create'))
assert change_pin.called
assert not self.request.session['uuid_has_pin']
def test_no_pin_not_confirmed(self, change_pin):
self.request.session['uuid_has_pin'] = False
self.request.session['uuid_has_confirmed_pin'] = False
eq_(utils.check_pin_status(self.request), reverse('pin.create'))
assert not change_pin.called
def test_pin_was_locked(self):
self.request.session['uuid_pin_was_locked'] = True
eq_(utils.check_pin_status(self.request), reverse('pin.was_locked'))
