def punch(request): if request.method == "POST": try: nump = int(request.POST['num_punches']) except ValueError: return HttpResponse(json.dumps({'error': 'float'}), content_type="application/json") settings = SESSION.get_settings(request.session) if nump > settings.get("punches_employee"): return HttpResponse(json.dumps({ 'error': 'over', 'limit': nump }), content_type="application/json") store = SESSION.get_store(request.session) data = { "store_location_id":\ SESSION.get_active_store_location_id(request.session), "store_id":store.objectId, "store_name":str(store.get('store_name')), "punch_code":str(request.POST['punch_code']), "num_punches":nump, } # Check if the user is an employee employee = request.session.get("employee") if employee: data['employee_id'] = employee.objectId res = cloud_call("punch", data) if 'error' not in res: res['patron_name'] = res['result'] # always make sure to get the latest session since the session # will be saved on return!!! request.session.clear() request.session.update(SessionStore(request.session.session_key)) return HttpResponse(json.dumps(res), content_type="application/json") else: if res['error'] == "PATRON_NOT_FOUND": request.session.clear() request.session.update( SessionStore(request.session.session_key)) return HttpResponse(json.dumps({"error":\ "PATRON_NOT_FOUND"}), content_type="application/json") # always make sure to get the latest session since the session # will be saved on return!!! request.session.clear() request.session.update(SessionStore(request.session.session_key)) return HttpResponse(json.dumps({'error': 'error'}), content_type="application/json")
def get_decoded_data(self): try: session_data = SessionStore().decode(self.session_data) except: session_data = {} finally: return session_data
def test_user_with_multiple_teams_is_redirected_home_on_successful_signin( self): user = UserAuth.objects.create_user(username='******', password='******') teams = [ Profile.objects.create(slug='team1'), Profile.objects.create(slug='team2') ] for team in teams: team.members.add(user.profile) assert_equal(user.profile.teams.all().count(), 2) url = reverse('app-signin') user_data = { 'username': '******', 'password': '******', } request = self.factory.post(url, data=user_data) request.user = AnonymousUser() request.session = SessionStore('session') response = signin_view(request) assert_equal(response.status_code, 302) assert_equal(response.url, reverse('app-user-profile'))
def make_request(self, method, url, data={}, ajax=False, user=None): """ Create a mock request object that supports messaging and session handling. """ factory = RequestFactory() f = getattr(factory, method) request = f(url, data) request.session = SessionStore() request.META['HTTP_HOST'] = '127.0.0.1' request._messages = FallbackStorage(request) # ajax if ajax: request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest' # user if user: request.user = user request.user_profile = self.get_user_profile(request.user) # changelog request.changelog = ChangeLogManager(request) return request
def migrate_sessions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): db_alias = schema_editor.connection.alias from django.contrib.sessions.backends.cache import KEY_PREFIX, SessionStore from django.core.cache import cache AuthenticatedSession = apps.get_model("authentik_core", "AuthenticatedSession") User = apps.get_model("authentik_core", "user") session_keys = cache.keys(KEY_PREFIX + "*") for key in session_keys: key = key.replace(KEY_PREFIX, "") store = SessionStore(key) data = store.load() if data == {} or "_auth_user_id" not in data: continue if ( AuthenticatedSession.objects.using(db_alias) .filter(session_key=key) .exists() ): continue users = User.objects.using(db_alias).filter(pk=data.get("_auth_user_id")) if not users.exists(): continue AuthenticatedSession.objects.using(db_alias).create( session_key=key, user=users.first(), expires=data.get("_session_expiry", now()), )
def pytest_request(rf, method, url, user=None, data=None, token=None): """ : Test 를 위한 request 생성하는 함수 - rf 설명: https://pytest-django.readthedocs.io/en/latest/helpers.html#rf-requestfactory """ content_type = 'application/json' caller = getattr(rf, method) request = caller(path=url, data=data, content_type=content_type) if not hasattr(request, 'session'): setattr(request, 'session', SessionStore()) # todo: Oauth2.0 test 로직 구현 해야함 force_authenticate(request=request, user=user, token=token) request.user = user # 실제 호출하는 url 에 대한 view 정보를 가져옴 _url = url.split('?') # 쿼리 파라미터를 url 에서 빼줘야함 resolver_match = resolve(_url[0]) test_func, test_args, test_kwargs = resolver_match request.resolver_match = resolver_match response = test_func(request, *test_args, **test_kwargs) return response
def terminate(request): """ Flags the looping thread in the pull view to exit. This simply deletes the CometSession bound to this instance. """ if request.method == "GET": t = parser.parse(request.GET["timestamp"]) timestamp = str(t.hour).zfill(2) + ":" +\ str(t.minute).zfill(2) + ":" + str(t.second).zfill(2) uid = request.GET['uid'] try: scomet = CometSession.objects.get(session_key=\ request.session.session_key, timestamp=timestamp, uid=uid) scomet.delete() except CometSession.DoesNotExist: pass # do nothing # make sure that the latest session data is saved! request.session.clear() request.session.update(SessionStore(\ request.session.session_key)) return HttpResponse("ok") return HttpResponse("")
def decrypt(self, eid): """ Return the SessionStore to which the encrypted identifier is pointing. Raises ValueError if the identifier is invalid. """ try: session_id = cipher.decrypt(ub64decode(eid), self.ciphertext_length) except (TypeError, ValueError): pass else: session_id = session_id[self.random_prefix_bytes:] session_id = ub64encode(session_id) session = SessionStore(session_key=session_id) if session.get('encrypted_id') == eid: # circular import from .models import RevokedToken # revoke to prevent replay attacks if RevokedToken.add(eid): del session['encrypted_id'] session.save() return session raise ValueError('Invalid session id')
def setUpTestData(cls): cls.user = get_user_model().objects.create(username='******') request = RequestFactory().get('/') request.session = SessionStore() request.user = AnonymousUser() cls.backend = MojeidOidcBackend() cls.backend.request = request
def get_view_handler_request(self, view, user, handler_name, method, url, data={}, ajax=False): factory = RequestFactory() f = getattr(factory, method) # create request with session store request = f(url, data) request.session = SessionStore() request.META['HTTP_HOST'] = '127.0.0.1' request._messages = FallbackStorage(request) # user if user and user.id: self.login(request, user) # ajax if ajax: request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest' # user, profile and backend request.user = user request.user_profile = self.get_user_profile(request.user) request.backend = Backend() # changelog request.changelog = ChangeLogManager(request) return request
def test_encrypt_decrypt(self): session = SessionStore() session['test'] = 'in-test' session.save() eid = sessionrefcipher.encrypt(session) sess = sessionrefcipher.decrypt(eid) self.assertEqual(sess.get('test'), 'in-test')
def init_request(): request = HttpRequest() request.method = 'GET' request.session = SessionStore() request.session.create() request._messages = BaseStorage(request) request.entree_user = AnonymousUser() return request
def test_unique_encrypted_are_generated_after_revocation(self): session = SessionStore() session['test'] = 'in-test' session.save() eid1 = sessionrefcipher.encrypt(session) session = sessionrefcipher.decrypt(eid1) eid2 = sessionrefcipher.encrypt(session) self.assertNotEqual(eid1, eid2)
def delete(request, employee_id): """ This will also remove the employee from the ACL, delete the employee object and also delete the Parse.User object if and only if it has no pointer to a Store or a Patron. """ # get from the employees_approved_list in session cache employees_approved_list = SESSION.get_employees_approved_list(\ request.session) i_remove, employee = 0, None for ind, m in enumerate(employees_approved_list): if m.objectId == employee_id: employee = m i_remove = ind break if not employee: return redirect(reverse('employees_index')+ "?%s" %\ urllib.urlencode({'success': 'Employee has already been removed.'})) employees_approved_list.pop(i_remove) request.session['employees_approved_list'] =\ employees_approved_list acc = Account.objects().get(Employee=employee.objectId) if not acc: # employee may have been deleted return redirect(reverse('employees_index')+ "?%s" %\ urllib.urlencode({'success': 'Employee has already been deleted.'})) # Always save session first whenever calling a cloud code request.session.save() res = cloud_call("delete_employee", {"employee_id": employee.objectId}) request.session.clear() request.session.update(SessionStore(request.session.session_key)) if 'error' not in res: store = SESSION.get_store(request.session) payload = {COMET_RECEIVE_KEY_NAME: COMET_RECEIVE_KEY} if acc.objectId in store.ACL and not store.is_owner(acc): del store.ACL[acc.objectId] store.update() payload["updatedStore"] = store.jsonify() request.session['store'] = store # only need to pass in the objectId deleted_employee = Employee(objectId=employee.objectId) payload["deletedEmployee"] = deleted_employee.jsonify() comet_receive(store.objectId, payload) return redirect(reverse('employees_index')+ "?%s" %\ urllib.urlencode({'success': 'Employee has been deleted.'})) return redirect(reverse('employees_index')+ "?%s" %\ urllib.urlencode({'success': 'Employee has already been deleted.'}))
def test_fflag_for_new_unauthorized_user(): fflag_set_part('fflag_1', 1) middleware = FFlagMiddleware(lambda request: HttpResponse('')) req = RequestFactory().get('/') req.session = SessionStore() middleware(req) assert req.fflag_enabled('fflag_1')
def deny(request, employee_id): """ same as delete except this uses the pending list """ # get from the employees_pending_list in session cache employees_pending_list = SESSION.get_employees_pending_list(\ request.session) i_remove, employee = 0, None for ind, m in enumerate(employees_pending_list): if m.objectId == employee_id: employee = m i_remove = ind break if not employee: return redirect(reverse('employees_index')+ "?%s" %\ urllib.urlencode({'success': 'Pending employee not found.'})) # update session cache for employees_pending_list employees_pending_list.pop(i_remove) request.session['employees_pending_list'] =\ employees_pending_list acc = Account.objects().get(Employee=employee.objectId) if not acc: # employee may have been deleted return redirect(reverse('employees_index')+ "?show_pending&%s" %\ urllib.urlencode({'success': 'Employee has already been denied.'})) # Always save session first whenever calling a cloud code request.session.save() res = cloud_call("delete_employee", {"employee_id": employee.objectId}) request.session.clear() request.session.update(SessionStore(request.session.session_key)) if 'error' not in res: payload = {COMET_RECEIVE_KEY_NAME: COMET_RECEIVE_KEY} store = SESSION.get_store(request.session) # no need to check acl here but just in case if acc.objectId in store.ACL and not store.is_owner(acc): del store.ACL[acc.objectId] store.update() payload["updatedStore"] = store.jsonify() request.session['store'] = store # only need to pass in the objectId deleted_employee = Employee(objectId=employee.objectId) payload["deletedEmployee"] = deleted_employee.jsonify() comet_receive(store.objectId, payload) return redirect(reverse('employees_index')+ "?show_pending&%s" %\ urllib.urlencode({'success': 'Employee has been denied.'})) return redirect(reverse('employees_index')+ "?%s" %\ urllib.urlencode({'success': 'Employee has already been deleted.'}))
def test_revoked_encrypted_id_raises_valueerror(self): session = SessionStore() session['test'] = 'in-test' session.save() eid1 = sessionrefcipher.encrypt(session) session = sessionrefcipher.decrypt(eid1) eid2 = sessionrefcipher.encrypt(session) if eid1 == eid2: raise SkipTest('Non-unique encrypted IDs generated') self.assertRaises(ValueError, sessionrefcipher.decrypt, eid1)
def checkSessionToken(request): """ 验证sessionToken """ session_key = request.COOKIES.get('sid', None) session = SessionStore(session_key) session_data = session.load() if session_data.get('stoken', None): session.delete() else: raise InvestError(3008)
def manage_admin_controls(request): """ To turn on god_mode: ...repunch.com/manage/admin-controls?action=god_mode&flag=1& [email protected]&key=9p8437wk34z5ymurukdp9w34px7iuhsruhio """ if request.method == "GET": params = request.GET.dict() key = params.get("key") action = params.get("action") if key == ADMIN_CONTROL_KEY: if action == "god_mode": flag = params.get("flag") email = params.get("email", "") acc = Account.objects().get(email=email, Store__ne=None, include="Store.Subscription") if not acc: return HttpResponse("User with email %s not found." %\ (email,)) sub = acc.store.subscription sub.god_mode = flag != "0" sub.update() payload = { COMET_RECEIVE_KEY_NAME: COMET_RECEIVE_KEY, "updatedSubscription": sub.jsonify(), } comet_receive(acc.store.objectId, payload) # go out with the latest session in case this user is # the one that triggered this action request.session.clear() request.session.update( SessionStore(request.session.session_key)) if sub.god_mode: on_off = "on" else: on_off = "off" return HttpResponse("Successfully turned god mode "+\ "%s for user with email %s" % (on_off, email)) else: return HttpResponse("Invalid action: %s" % (action, )) else: return HttpResponse("Wrong key: %s" % (key, )) return HttpResponse("Bad Request")
def test_fflag_enabled_for_unauthorized_user(user_id, expected): fflag_set_part_ids('fflag_1', [12]) middleware = FFlagMiddleware(lambda request: HttpResponse('')) req = RequestFactory().get('/') req.session = SessionStore() req.session['FFLAG_USER_ID'] = user_id middleware(req) assert req.fflag_enabled('fflag_1') == expected
def test_user_login(user_data, user): from django.contrib.auth import authenticate, login from django.http.request import HttpRequest from django.contrib.sessions.backends.cache import SessionStore assert user.activate('516bb9061d58280acd0c3900e18feaf5166f02ff') request = HttpRequest() request.session = SessionStore() user = authenticate(username=user_data['username'], password=user_data['password']) login(request, user) assert user.is_authenticated()
def info(self, user=None, backend=None): request = self.factory.get('/') request.session = SessionStore() if user: if backend: user.backend = '{0}.{1}'.format(backend.__module__, backend.__class__.__name__) auth.login(request, user) request.user = user info = views.Info.as_view() return info(request)
def test_lazy_request_args(self): # Ensure that request_args can be a lazy-evaluated dictionary. request = self.factory.get('/') request.user = AnonymousUser() request.session = SessionStore() info = browserid_info(request) d = pq(info) info_div = d('#browserid-info') self.assertEqual(info_div.attr('data-request-args'), '{"siteName": "asdf"}')
def test_backend_should_contain_error_messages_if_errors_have_been_raised(self): request = self.factory.get('/admin/') request.session = SessionStore() request._messages = FallbackStorage(request) # add some messages to filter. Add some non-error messages as well messages.add_message(request, messages.SUCCESS, 'SUCCESS') messages.add_message(request, messages.INFO, 'INFO') messages.add_message(request, messages.ERROR, 'ERROR') c = backend(request) self.assertEqual(['ERROR'], [m.message for m in c.get('error_messages')])
def test_request(self): user = User.objects.create_user('root', 'root') session = SessionStore() session.save() request = HttpRequest() request.user = user request.session = session usage.log('test', request=request, async=False) event = Log.objects.all()[0] self.assertEqual(event.user, user) self.assertEqual(event.session_key, request.session.session_key)
def test_defaults(self): request = self.factory.get('/') request.user = AnonymousUser() request.session = SessionStore() info = browserid_info(request) d = pq(info) info_div = d('#browserid-info') self.assertEqual(info_div.attr('data-user-email'), '') self.assertEqual(info_div.attr('data-request-args'), '{}') form = d('#browserid-form') self.assertEqual(form.attr('action'), '/browserid/login/')
def test_authenticated_visiting_user(user_factory, rf, session): """ Check that an authenticated user creates a recognized customer visiting the site. """ user = user_factory() with pytest.raises(Customer.DoesNotExist): Customer.objects.get(pk=user.pk) request = rf.get('/', follow=True) request.user = user request.session = SessionStore() customer = Customer.objects.get_from_request(request) assert isinstance(customer, Customer) assert customer.is_authenticated() is True assert customer.is_recognized() is True assert customer.is_registered() is True
def test_login_via_form_valid(self): data = { 'username': self.user.email, 'password': self.user_password, } self.request.entree_user = AnonymousUser() self.request.method = 'POST' self.request.POST = data self.request.session = SessionStore() ViewClass = csrf_exempt(LoginView.as_view()) ViewClass(self.request, origin_site=self.valid_site.pk) assert_equals(self.request.entree_user, self.user)
def test_logout_form_valid(self): data = { 'origin_site': self.valid_site.pk, 'next_url': '/', } self.request.method = 'POST' self.request.POST = data self.request.session = SessionStore() ViewClass = csrf_exempt(LogoutView.as_view()) ViewClass(self.request, site_id=self.valid_site.pk) assert_equals(self.request.entree_user.__class__, AnonymousUser)
def _create_spf_test_form(self): s = Settings() s.save() form = SettingsForm( self._create_settings_data( s, { 'enquiry_email': '*****@*****.**', 'enquiry_from': '*****@*****.**', 'enquiry_reply': '*****@*****.**' })) factory = RequestFactory() request = factory.post('/') request.session = SessionStore() request._messages = FallbackStorage(request) form.configure(request, s, edit=True) return (request, form)