def decrypt(self, eid):
"""
Return the SessionStore to which the encrypted identifier is
pointing. Raises ValueError if the identifier is invalid.
"""
try:
session_id = cipher.decrypt(ub64decode(eid),
self.ciphertext_length)
except (TypeError, ValueError):
pass
else:
session_id = session_id[self.random_prefix_bytes:]
session_id = ub64encode(session_id)
session = SessionStore(session_key=session_id)
if session.get('encrypted_id') == eid:
# circular import
from .models import RevokedToken
# revoke to prevent replay attacks
if RevokedToken.add(eid):
del session['encrypted_id']
session.save()
return session
raise ValueError('Invalid session id')
def ssl_auth(request):
""" SSL certificate authentication. """
ssl_auth_form = SSLCertLoginForm(request.POST)
if not ssl_auth_form.is_valid():
return HttpResponseBadRequest('400 Bad Request')
session_id = cipher.decrypt(
base64.b64decode(ssl_auth_form.cleaned_data['session_id']),
32)
next_uri = ssl_auth_form.cleaned_data['login_uri']
user = authenticate(request=request)
if user and user.is_active:
_login(request, user)
init_otp(request)
if request.user.is_verified(): # OTP disabled
next_uri = ssl_auth_form.cleaned_data['next']
else:
messages.error(request, 'Certificate authentication failed')
# so, django will always start a new session for us. we need to copy
# the data to the original session and preferably flush the new one.
session = SessionStore(session_key=session_id)
session.update(request.session)
# always logout automatically from SSL-based auth
# it's easy enough to log back in anyway
if 'openid_request' in session:
session['auto_logout'] = True
session.save()
request.session.flush()
return redirect(next_uri)
def decrypt(self, eid):
"""
Return the SessionStore to which the encrypted identifier is
pointing. Raises ValueError if the identifier is invalid.
"""
try:
session_id = cipher.decrypt(ub64decode(eid),
self.ciphertext_length)
except (TypeError, ValueError):
pass
else:
session_id = session_id[self.random_prefix_bytes:]
session_id = ub64encode(session_id)
session = SessionStore(session_key=session_id)
if session.get('encrypted_id') == eid:
# circular import
from .models import RevokedToken
# revoke to prevent replay attacks
if RevokedToken.add(eid):
del session['encrypted_id']
session.save()
return session
raise ValueError('Invalid session id')
def migrate_sessions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
db_alias = schema_editor.connection.alias
from django.contrib.sessions.backends.cache import KEY_PREFIX, SessionStore
from django.core.cache import cache
AuthenticatedSession = apps.get_model("authentik_core", "AuthenticatedSession")
User = apps.get_model("authentik_core", "user")
session_keys = cache.keys(KEY_PREFIX + "*")
for key in session_keys:
key = key.replace(KEY_PREFIX, "")
store = SessionStore(key)
data = store.load()
if data == {} or "_auth_user_id" not in data:
continue
if (
AuthenticatedSession.objects.using(db_alias)
.filter(session_key=key)
.exists()
):
continue
users = User.objects.using(db_alias).filter(pk=data.get("_auth_user_id"))
if not users.exists():
continue
AuthenticatedSession.objects.using(db_alias).create(
session_key=key,
user=users.first(),
expires=data.get("_session_expiry", now()),
)
def test_encrypt_decrypt(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid = sessionrefcipher.encrypt(session)
sess = sessionrefcipher.decrypt(eid)
self.assertEqual(sess.get('test'), 'in-test')
def test_encrypt_decrypt(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid = sessionrefcipher.encrypt(session)
sess = sessionrefcipher.decrypt(eid)
self.assertEqual(sess.get('test'), 'in-test')
def test_unique_encrypted_are_generated_after_revocation(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid1 = sessionrefcipher.encrypt(session)
session = sessionrefcipher.decrypt(eid1)
eid2 = sessionrefcipher.encrypt(session)
self.assertNotEqual(eid1, eid2)
def test_unique_encrypted_are_generated_after_revocation(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid1 = sessionrefcipher.encrypt(session)
session = sessionrefcipher.decrypt(eid1)
eid2 = sessionrefcipher.encrypt(session)
self.assertNotEqual(eid1, eid2)
def punch(request):
if request.method == "POST":
try:
nump = int(request.POST['num_punches'])
except ValueError:
return HttpResponse(json.dumps({'error': 'float'}),
content_type="application/json")
settings = SESSION.get_settings(request.session)
if nump > settings.get("punches_employee"):
return HttpResponse(json.dumps({
'error': 'over',
'limit': nump
}),
content_type="application/json")
store = SESSION.get_store(request.session)
data = {
"store_location_id":\
SESSION.get_active_store_location_id(request.session),
"store_id":store.objectId,
"store_name":str(store.get('store_name')),
"punch_code":str(request.POST['punch_code']),
"num_punches":nump,
}
# Check if the user is an employee
employee = request.session.get("employee")
if employee:
data['employee_id'] = employee.objectId
res = cloud_call("punch", data)
if 'error' not in res:
res['patron_name'] = res['result']
# always make sure to get the latest session since the session
# will be saved on return!!!
request.session.clear()
request.session.update(SessionStore(request.session.session_key))
return HttpResponse(json.dumps(res),
content_type="application/json")
else:
if res['error'] == "PATRON_NOT_FOUND":
request.session.clear()
request.session.update(
SessionStore(request.session.session_key))
return HttpResponse(json.dumps({"error":\
"PATRON_NOT_FOUND"}),
content_type="application/json")
# always make sure to get the latest session since the session
# will be saved on return!!!
request.session.clear()
request.session.update(SessionStore(request.session.session_key))
return HttpResponse(json.dumps({'error': 'error'}),
content_type="application/json")
def test_revoked_encrypted_id_raises_valueerror(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid1 = sessionrefcipher.encrypt(session)
session = sessionrefcipher.decrypt(eid1)
eid2 = sessionrefcipher.encrypt(session)
if eid1 == eid2:
raise SkipTest('Non-unique encrypted IDs generated')
self.assertRaises(ValueError, sessionrefcipher.decrypt, eid1)
def checkSessionToken(request):
"""
验证sessionToken
"""
session_key = request.COOKIES.get('sid', None)
session = SessionStore(session_key)
session_data = session.load()
if session_data.get('stoken', None):
session.delete()
else:
raise InvestError(3008)
def test_revoked_encrypted_id_raises_valueerror(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid1 = sessionrefcipher.encrypt(session)
session = sessionrefcipher.decrypt(eid1)
eid2 = sessionrefcipher.encrypt(session)
if eid1 == eid2:
raise SkipTest('Non-unique encrypted IDs generated')
self.assertRaises(ValueError, sessionrefcipher.decrypt, eid1)
def test_request(self):
user = User.objects.create_user('root', 'root')
session = SessionStore()
session.save()
request = HttpRequest()
request.user = user
request.session = session
usage.log('test', request=request, async=False)
event = Log.objects.all()[0]
self.assertEqual(event.user, user)
self.assertEqual(event.session_key, request.session.session_key)
def terminate(request):
"""
Flags the looping thread in the pull view to exit.
This simply deletes the CometSession bound to this instance.
"""
if request.method == "GET":
t = parser.parse(request.GET["timestamp"])
timestamp = str(t.hour).zfill(2) + ":" +\
str(t.minute).zfill(2) + ":" + str(t.second).zfill(2)
uid = request.GET['uid']
try:
scomet = CometSession.objects.get(session_key=\
request.session.session_key,
timestamp=timestamp, uid=uid)
scomet.delete()
except CometSession.DoesNotExist:
pass # do nothing
# make sure that the latest session data is saved!
request.session.clear()
request.session.update(SessionStore(\
request.session.session_key))
return HttpResponse("ok")
return HttpResponse("")
def get_view_handler_request(self,
view,
user,
handler_name,
method,
url,
data={},
ajax=False):
factory = RequestFactory()
f = getattr(factory, method)
# create request with session store
request = f(url, data)
request.session = SessionStore()
request.META['HTTP_HOST'] = '127.0.0.1'
request._messages = FallbackStorage(request)
# user
if user and user.id:
self.login(request, user)
# ajax
if ajax:
request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
# user, profile and backend
request.user = user
request.user_profile = self.get_user_profile(request.user)
request.backend = Backend()
# changelog
request.changelog = ChangeLogManager(request)
return request
def setUpTestData(cls):
cls.user = get_user_model().objects.create(username='******')
request = RequestFactory().get('/')
request.session = SessionStore()
request.user = AnonymousUser()
cls.backend = MojeidOidcBackend()
cls.backend.request = request
def test_user_with_multiple_teams_is_redirected_home_on_successful_signin(
self):
user = UserAuth.objects.create_user(username='******',
password='******')
teams = [
Profile.objects.create(slug='team1'),
Profile.objects.create(slug='team2')
]
for team in teams:
team.members.add(user.profile)
assert_equal(user.profile.teams.all().count(), 2)
url = reverse('app-signin')
user_data = {
'username': '******',
'password': '******',
}
request = self.factory.post(url, data=user_data)
request.user = AnonymousUser()
request.session = SessionStore('session')
response = signin_view(request)
assert_equal(response.status_code, 302)
assert_equal(response.url, reverse('app-user-profile'))
def get_decoded_data(self):
try:
session_data = SessionStore().decode(self.session_data)
except:
session_data = {}
finally:
return session_data
def pytest_request(rf, method, url, user=None, data=None, token=None):
"""
: Test 를 위한 request 생성하는 함수
- rf 설명: https://pytest-django.readthedocs.io/en/latest/helpers.html#rf-requestfactory
"""
content_type = 'application/json'
caller = getattr(rf, method)
request = caller(path=url, data=data, content_type=content_type)
if not hasattr(request, 'session'):
setattr(request, 'session', SessionStore())
# todo: Oauth2.0 test 로직 구현 해야함
force_authenticate(request=request, user=user, token=token)
request.user = user
# 실제 호출하는 url 에 대한 view 정보를 가져옴
_url = url.split('?') # 쿼리 파라미터를 url 에서 빼줘야함
resolver_match = resolve(_url[0])
test_func, test_args, test_kwargs = resolver_match
request.resolver_match = resolver_match
response = test_func(request, *test_args, **test_kwargs)
return response
def make_request(self, method, url, data={}, ajax=False, user=None):
"""
Create a mock request object that supports messaging and session
handling.
"""
factory = RequestFactory()
f = getattr(factory, method)
request = f(url, data)
request.session = SessionStore()
request.META['HTTP_HOST'] = '127.0.0.1'
request._messages = FallbackStorage(request)
# ajax
if ajax:
request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
# user
if user:
request.user = user
request.user_profile = self.get_user_profile(request.user)
# changelog
request.changelog = ChangeLogManager(request)
return request
def delete(request, employee_id):
"""
This will also remove the employee from the ACL,
delete the employee object and also delete the Parse.User object
if and only if it has no pointer to a Store or a Patron.
"""
# get from the employees_approved_list in session cache
employees_approved_list = SESSION.get_employees_approved_list(\
request.session)
i_remove, employee = 0, None
for ind, m in enumerate(employees_approved_list):
if m.objectId == employee_id:
employee = m
i_remove = ind
break
if not employee:
return redirect(reverse('employees_index')+ "?%s" %\
urllib.urlencode({'success': 'Employee has already been removed.'}))
employees_approved_list.pop(i_remove)
request.session['employees_approved_list'] =\
employees_approved_list
acc = Account.objects().get(Employee=employee.objectId)
if not acc: # employee may have been deleted
return redirect(reverse('employees_index')+ "?%s" %\
urllib.urlencode({'success': 'Employee has already been deleted.'}))
# Always save session first whenever calling a cloud code
request.session.save()
res = cloud_call("delete_employee", {"employee_id": employee.objectId})
request.session.clear()
request.session.update(SessionStore(request.session.session_key))
if 'error' not in res:
store = SESSION.get_store(request.session)
payload = {COMET_RECEIVE_KEY_NAME: COMET_RECEIVE_KEY}
if acc.objectId in store.ACL and not store.is_owner(acc):
del store.ACL[acc.objectId]
store.update()
payload["updatedStore"] = store.jsonify()
request.session['store'] = store
# only need to pass in the objectId
deleted_employee = Employee(objectId=employee.objectId)
payload["deletedEmployee"] = deleted_employee.jsonify()
comet_receive(store.objectId, payload)
return redirect(reverse('employees_index')+ "?%s" %\
urllib.urlencode({'success': 'Employee has been deleted.'}))
return redirect(reverse('employees_index')+ "?%s" %\
urllib.urlencode({'success': 'Employee has already been deleted.'}))
def init_request():
request = HttpRequest()
request.method = 'GET'
request.session = SessionStore()
request.session.create()
request._messages = BaseStorage(request)
request.entree_user = AnonymousUser()
return request
def processSession(skey):
# get the latest session associated with this object
session = SessionStore(skey)
# do not go if the session has already been logged out
if session.get('account') is None or SESSION_KEY not in session:
return
processCometReceivedDict(session, postDict)
# need to save session to commit modifications
session.modified = True
session.save()
# flag all threads with this session_key about the new stuff
# same browser - different tabs
CometSession.objects.update()
for comet in CometSession.objects.filter(session_key=skey):
comet.modified = True
comet.save()
def test_fflag_for_new_unauthorized_user():
fflag_set_part('fflag_1', 1)
middleware = FFlagMiddleware(lambda request: HttpResponse(''))
req = RequestFactory().get('/')
req.session = SessionStore()
middleware(req)
assert req.fflag_enabled('fflag_1')
def deny(request, employee_id):
""" same as delete except this uses the pending list """
# get from the employees_pending_list in session cache
employees_pending_list = SESSION.get_employees_pending_list(\
request.session)
i_remove, employee = 0, None
for ind, m in enumerate(employees_pending_list):
if m.objectId == employee_id:
employee = m
i_remove = ind
break
if not employee:
return redirect(reverse('employees_index')+ "?%s" %\
urllib.urlencode({'success': 'Pending employee not found.'}))
# update session cache for employees_pending_list
employees_pending_list.pop(i_remove)
request.session['employees_pending_list'] =\
employees_pending_list
acc = Account.objects().get(Employee=employee.objectId)
if not acc: # employee may have been deleted
return redirect(reverse('employees_index')+ "?show_pending&%s" %\
urllib.urlencode({'success': 'Employee has already been denied.'}))
# Always save session first whenever calling a cloud code
request.session.save()
res = cloud_call("delete_employee", {"employee_id": employee.objectId})
request.session.clear()
request.session.update(SessionStore(request.session.session_key))
if 'error' not in res:
payload = {COMET_RECEIVE_KEY_NAME: COMET_RECEIVE_KEY}
store = SESSION.get_store(request.session)
# no need to check acl here but just in case
if acc.objectId in store.ACL and not store.is_owner(acc):
del store.ACL[acc.objectId]
store.update()
payload["updatedStore"] = store.jsonify()
request.session['store'] = store
# only need to pass in the objectId
deleted_employee = Employee(objectId=employee.objectId)
payload["deletedEmployee"] = deleted_employee.jsonify()
comet_receive(store.objectId, payload)
return redirect(reverse('employees_index')+ "?show_pending&%s" %\
urllib.urlencode({'success': 'Employee has been denied.'}))
return redirect(reverse('employees_index')+ "?%s" %\
urllib.urlencode({'success': 'Employee has already been deleted.'}))
def manage_admin_controls(request):
"""
To turn on god_mode:
...repunch.com/manage/admin-controls?action=god_mode&flag=1&
[email protected]&key=9p8437wk34z5ymurukdp9w34px7iuhsruhio
"""
if request.method == "GET":
params = request.GET.dict()
key = params.get("key")
action = params.get("action")
if key == ADMIN_CONTROL_KEY:
if action == "god_mode":
flag = params.get("flag")
email = params.get("email", "")
acc = Account.objects().get(email=email,
Store__ne=None,
include="Store.Subscription")
if not acc:
return HttpResponse("User with email %s not found." %\
(email,))
sub = acc.store.subscription
sub.god_mode = flag != "0"
sub.update()
payload = {
COMET_RECEIVE_KEY_NAME: COMET_RECEIVE_KEY,
"updatedSubscription": sub.jsonify(),
}
comet_receive(acc.store.objectId, payload)
# go out with the latest session in case this user is
# the one that triggered this action
request.session.clear()
request.session.update(
SessionStore(request.session.session_key))
if sub.god_mode:
on_off = "on"
else:
on_off = "off"
return HttpResponse("Successfully turned god mode "+\
"%s for user with email %s" % (on_off, email))
else:
return HttpResponse("Invalid action: %s" % (action, ))
else:
return HttpResponse("Wrong key: %s" % (key, ))
return HttpResponse("Bad Request")
def test_fflag_enabled_for_unauthorized_user(user_id, expected):
fflag_set_part_ids('fflag_1', [12])
middleware = FFlagMiddleware(lambda request: HttpResponse(''))
req = RequestFactory().get('/')
req.session = SessionStore()
req.session['FFLAG_USER_ID'] = user_id
middleware(req)
assert req.fflag_enabled('fflag_1') == expected
def test_user_login(user_data, user):
from django.contrib.auth import authenticate, login
from django.http.request import HttpRequest
from django.contrib.sessions.backends.cache import SessionStore
assert user.activate('516bb9061d58280acd0c3900e18feaf5166f02ff')
request = HttpRequest()
request.session = SessionStore()
user = authenticate(username=user_data['username'],
password=user_data['password'])
login(request, user)
assert user.is_authenticated()
def test_lazy_request_args(self):
# Ensure that request_args can be a lazy-evaluated dictionary.
request = self.factory.get('/')
request.user = AnonymousUser()
request.session = SessionStore()
info = browserid_info(request)
d = pq(info)
info_div = d('#browserid-info')
self.assertEqual(info_div.attr('data-request-args'),
'{"siteName": "asdf"}')
def info(self, user=None, backend=None):
request = self.factory.get('/')
request.session = SessionStore()
if user:
if backend:
user.backend = '{0}.{1}'.format(backend.__module__,
backend.__class__.__name__)
auth.login(request, user)
request.user = user
info = views.Info.as_view()
return info(request)
def test_backend_should_contain_error_messages_if_errors_have_been_raised(self):
request = self.factory.get('/admin/')
request.session = SessionStore()
request._messages = FallbackStorage(request)
# add some messages to filter. Add some non-error messages as well
messages.add_message(request, messages.SUCCESS, 'SUCCESS')
messages.add_message(request, messages.INFO, 'INFO')
messages.add_message(request, messages.ERROR, 'ERROR')
c = backend(request)
self.assertEqual(['ERROR'], [m.message for m in c.get('error_messages')])
def test_defaults(self):
request = self.factory.get('/')
request.user = AnonymousUser()
request.session = SessionStore()
info = browserid_info(request)
d = pq(info)
info_div = d('#browserid-info')
self.assertEqual(info_div.attr('data-user-email'), '')
self.assertEqual(info_div.attr('data-request-args'), '{}')
form = d('#browserid-form')
self.assertEqual(form.attr('action'), '/browserid/login/')
def test_authenticated_visiting_user(user_factory, rf, session):
"""
Check that an authenticated user creates a recognized customer visiting the site.
"""
user = user_factory()
with pytest.raises(Customer.DoesNotExist):
Customer.objects.get(pk=user.pk)
request = rf.get('/', follow=True)
request.user = user
request.session = SessionStore()
customer = Customer.objects.get_from_request(request)
assert isinstance(customer, Customer)
assert customer.is_authenticated() is True
assert customer.is_recognized() is True
assert customer.is_registered() is True
def test_login_via_form_valid(self):
data = {
'username': self.user.email,
'password': self.user_password,
}
self.request.entree_user = AnonymousUser()
self.request.method = 'POST'
self.request.POST = data
self.request.session = SessionStore()
ViewClass = csrf_exempt(LoginView.as_view())
ViewClass(self.request, origin_site=self.valid_site.pk)
assert_equals(self.request.entree_user, self.user)
def test_logout_form_valid(self):
data = {
'origin_site': self.valid_site.pk,
'next_url': '/',
}
self.request.method = 'POST'
self.request.POST = data
self.request.session = SessionStore()
ViewClass = csrf_exempt(LogoutView.as_view())
ViewClass(self.request, site_id=self.valid_site.pk)
assert_equals(self.request.entree_user.__class__, AnonymousUser)
def _create_spf_test_form(self):
s = Settings()
s.save()
form = SettingsForm(
self._create_settings_data(
s, {
'enquiry_email': '*****@*****.**',
'enquiry_from': '*****@*****.**',
'enquiry_reply': '*****@*****.**'
}))
factory = RequestFactory()
request = factory.post('/')
request.session = SessionStore()
request._messages = FallbackStorage(request)
form.configure(request, s, edit=True)
return (request, form)
def comet(session_copy):
# used by more than 1 (note that it is ok to retrieve all of
# the lists since they are all pointers - not the actual list!
employees_pending_list_copy =\
SESSION.get_employees_pending_list(session_copy)
employees_approved_list_copy =\
SESSION.get_employees_approved_list(session_copy)
messages_received_list_copy =\
SESSION.get_messages_received_list(session_copy)
redemptions_pending_copy =\
SESSION.get_redemptions_pending(session_copy)
redemptions_past_copy =\
SESSION.get_redemptions_past(session_copy)
# this is the latest session data
session = SessionStore(request.session.session_key)
employees_pending_list =\
SESSION.get_employees_pending_list(session)
employees_approved_list =\
SESSION.get_employees_approved_list(session)
messages_received_list =\
SESSION.get_messages_received_list(session)
redemptions_pending =\
SESSION.get_redemptions_pending(session)
redemptions_past =\
SESSION.get_redemptions_past(session)
# put the diffs between session_copy and session here
data = {}
#############################################################
# FEEDBACKS_UNREAD ##################################
fbs_unread_copy = [ fb.objectId for fb in\
messages_received_list_copy if not fb.is_read ]
fbs_unread = [ fb.objectId for fb in\
messages_received_list if not fb.is_read ]
# get the difference between the two
feedbacks_unread =\
tuple(set(fbs_unread) - set(fbs_unread_copy))
if feedbacks_unread:
fb_unread = []
messages_received_ids =\
[ fb.objectId for fb in messages_received_list ]
for feedback_id in feedbacks_unread:
for fb in messages_received_list:
if fb.objectId == feedback_id:
fb_unread.append(fb.jsonify())
break
if len(fb_unread) > 0:
fb_count = 0
for fb in messages_received_list:
if not fb.get("is_read"):
fb_count += 1
data['feedbacks_unread'] = fb_unread
data['feedback_unread_count'] = fb_count
#############################################################
# EMPLOYEES_PENDING ##################################
# must also check if employee is already approved!
emps_pending_copy = [ emp.objectId for emp in
employees_pending_list_copy ]
emps_pending = [ emp.objectId for emp in
employees_pending_list ]
employees_pending =\
tuple(set(emps_pending) - set(emps_pending_copy))
if employees_pending:
pending = []
for emp_id in employees_pending:
for emp in employees_pending_list:
if emp.objectId == emp_id:
pending.append(emp.jsonify())
break
if len(pending) > 0:
data['employees_pending_count'] =\
len(employees_pending_list)
data['employees_pending'] = pending
#############################################################
# EMPLOYEES APPROVED (pending to approved) #################
emps_approved_copy = [ emp.objectId for emp in\
employees_approved_list_copy]
emps_approved = [ emp.objectId for emp in\
employees_approved_list]
appr_emps =\
tuple(set(emps_approved) - set(emps_approved_copy))
if appr_emps:
approved = []
for appr_emp_id in appr_emps:
for emp in employees_approved_list:
if emp.objectId == appr_emp_id:
approved.append(emp.jsonify())
break
if len(approved) > 0:
data['employees_approved'] = approved
data['employees_pending_count'] =\
len(employees_pending_list)
#############################################################
# EMPLOYEES DELETED/DENIED/REJECTED (pending/approved to pop)!
# need to compare approved and pending!
emps_copy = emps_approved_copy[:]
emps_copy.extend(emps_pending_copy)
emps = emps_approved[:]
emps.extend(emps_pending)
# emps_copy has the same or more items that emps
del_emps = tuple(set(emps_copy) - set(emps))
if del_emps:
deleted = []
for demp_id in del_emps:
if demp_id in emps_approved_copy:
emps_list = employees_approved_list_copy
else:
emps_list = employees_pending_list_copy
for emp in emps_list:
if emp.objectId == demp_id:
deleted.append(emp.jsonify())
break
if len(deleted) > 0:
data['employees_pending_count'] =\
len(employees_pending_list)
data['employees_deleted'] = deleted
#############################################################
# REDEMPTIONS PENDING
reds_pending_copy = [ r.objectId for r in\
redemptions_pending_copy ]
reds_pending = [ r.objectId for r in redemptions_pending ]
reds = tuple(set(reds_pending) - set(reds_pending_copy))
if reds:
redemps = []
for r_id in reds:
for redemp in redemptions_pending:
if redemp.objectId == r_id:
redemps.append(redemp.jsonify())
break
if len(redemps) > 0:
data['redemption_pending_count'] =\
len(redemptions_pending)
data['redemptions_pending'] = redemps
#############################################################
# REDEMPTIONS APPROVED (pending to history)
reds_past_copy = [ r.objectId for r in\
redemptions_past_copy ]
reds_past = [ r.objectId for r in redemptions_past ]
appr_redemps =\
tuple(set(reds_past) - set(reds_past_copy))
if appr_redemps:
redemp_js = []
for red_id in appr_redemps:
for redemp in redemptions_past:
if redemp.objectId == red_id:
redemp_js.append(redemp.jsonify())
break
if len(redemp_js) > 0:
data['redemption_pending_count'] =\
len(redemptions_pending)
data['redemptions_approved'] = redemp_js
#############################################################
# REDEMPTIONS DELETED ##############################
# remove from pending (should not be in history!)
reds_copy = reds_past_copy[:]
reds_copy.extend(reds_pending_copy)
reds = reds_past[:]
reds.extend(reds_pending)
# reds_copy has the same or more items that reds
del_redemps = tuple(set(reds_copy) - set(reds))
if del_redemps:
redemp_js = []
for red_id in del_redemps:
reds_list = []
if red_id in reds_past_copy:
reds_list = redemptions_past_copy
elif red_id in reds_pending_copy:
reds_list = redemptions_pending_copy
for redemp in reds_list:
if redemp.objectId == red_id:
redemp_js.append(redemp.jsonify())
break
if len(redemp_js) > 0:
data['redemption_pending_count'] =\
len(redemptions_pending)
data['redemptions_deleted'] = redemp_js
#############################################################
# SETTINGS UPDATED ##############################
settings_copy = session_copy.get("settings")
settings = session.get("settings")
if settings_copy.get("retailer_pin") !=\
settings.get("retailer_pin"):
data['retailer_pin'] = settings.get("retailer_pin")
#############################################################
# REWARDS UPDATED ##############################
rewards_copy = session_copy.get("store").get("rewards")
rewards_copy =\
{ reward['reward_id']:reward for reward in rewards_copy }
rewards = session.get("store").get("rewards")
rewards = { reward['reward_id']:reward for reward in rewards }
updated_rewards = []
for reward_id, rew_copy in rewards_copy.iteritems():
# Note that some rewards may have been deleted!
rew = rewards.get(reward_id)
if rew and rew_copy['redemption_count'] !=\
rew['redemption_count']:
# only the redemtpion_count and reward_id are used
# in the client side
updated_rewards.append({
"reward_id": reward_id,
"redemption_count": rew['redemption_count'],
})
if updated_rewards:
data['rewards'] = updated_rewards
#############################################################
# PATRONSTORE_COUNT ##################################
patronStore_count_copy =int(session_copy["patronStore_count"])
patronStore_count = int(session["patronStore_count"])
if patronStore_count_copy != patronStore_count:
data['patronStore_count'] = patronStore_count
#############################################################
# ACTIVE_STORE_LOCATION_ID ############################
if session['active_store_location_id'] !=\
session_copy['active_store_location_id']:
data['active_store_location_id'] =\
session['active_store_location_id']
# IMPORTANT! The request.session is the same as the
# SessionStore(session_key)! so we must use the
# request.session because it is automatically saved at the end
# of each request- thereby overriding/undoing any changes made
# to the SessionStore(session_key) key!
# need to check if we are still logged in
session = SessionStore(request.session.session_key)
if 'account' in session and SESSION_KEY in session:
request.session.clear()
request.session.update(session)
else:
flush(request.session)
############################################################
# Respond ###########################################
try:
return HttpResponse(json.dumps(data),
content_type="application/json")
except (IOError, socket.error) as e: # broken pipe/socket.
thread.exit() # exit silently
def update_balance(request, update_type, obj=None):
# 创建主题
if update_type == 'create':
# 获取当前用户的id
uid = request.session.get('user_info')['uid']
# 设置改变值
change_balance = -20
# 类型
balance_type = "创建主题"
# 描述
marks = '创建了的主题 > <a href="{_uri}">{_title}</a>'.format(_uri=reverse('topic', args=(obj.topic_sn,)),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
# 创建回复
elif update_type == 'reply':
uid = request.session.get('user_info')['uid']
change_balance = -5
balance_type = "创建回复"
marks = '在主题 > <a href="{_uri}">{_title}</a> 中创建了回复'.format(_uri=reverse('topic', args=(obj.topic_sn,)),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
# 感谢主题
elif update_type == 'thanks':
uid = request.session.get('user_info')['uid']
change_balance = -15
balance_type = "发送谢意"
marks = '感谢 <a href="{_member_uri}">{_author}</a> 的 > <a href="{_uri}">{_title}</a> 主题'.format(
_member_uri=reverse('member', args=(obj.author.username,)), _author=obj.author.username,
_uri=reverse('topic', args=(obj.topic_sn,)), _title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
# 收到感谢
elif update_type == 'recv_thanks':
# 获取基础信息
uid = obj.author_id
change_balance = 10
balance_type = "收到谢意"
marks = '主题 > <a href="{_uri}">{_title}</a> 收到感谢'.format(_uri=reverse('topic', args=(obj.topic_sn,)),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 收到感谢,要查找是谁收到感谢,然后更新此用户的session数据
session = SessionStore(session_key=obj.author.session)
# 如果用户在线,才更新
if session.get('user_info', None):
session['user_info']['balance'] = user_obj.balance
# 在外边使用session 要调用save 保存数据
session.save()
# 主题收到回复
elif update_type == 'reply_recv':
uid = obj.author_id
change_balance = 5
balance_type = "主题回复收益"
marks = '主题 > <a href="{_uri}">{_title}</a> 收到了回复'.format(_uri=reverse('topic', args=(obj.topic_sn,)),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 收到回复,要查找是谁收到回复,然后更新此用户的session数据
session = SessionStore(session_key=obj.author.session)
if session.get('user_info', None):
session['user_info']['balance'] = user_obj.balance
# 在外边使用session 要调用save 保存数据
session.save()
# 编辑主题
elif update_type == 'edit':
uid = obj.author_id
change_balance = -5
balance_type = "编辑主题"
marks = '编辑了主题 > <a href="{_uri}">{_title}</a>'.format(_uri=reverse('topic', args=(obj.topic_sn,)),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
