def ssl_auth(request):
""" SSL certificate authentication. """
ssl_auth_form = SSLCertLoginForm(request.POST)
if not ssl_auth_form.is_valid():
return HttpResponseBadRequest('400 Bad Request')
session_id = cipher.decrypt(
base64.b64decode(ssl_auth_form.cleaned_data['session_id']),
32)
next_uri = ssl_auth_form.cleaned_data['login_uri']
user = authenticate(request=request)
if user and user.is_active:
_login(request, user)
init_otp(request)
if request.user.is_verified(): # OTP disabled
next_uri = ssl_auth_form.cleaned_data['next']
else:
messages.error(request, 'Certificate authentication failed')
# so, django will always start a new session for us. we need to copy
# the data to the original session and preferably flush the new one.
session = SessionStore(session_key=session_id)
session.update(request.session)
# always logout automatically from SSL-based auth
# it's easy enough to log back in anyway
if 'openid_request' in session:
session['auto_logout'] = True
session.save()
request.session.flush()
return redirect(next_uri)
def decrypt(self, eid):
"""
Return the SessionStore to which the encrypted identifier is
pointing. Raises ValueError if the identifier is invalid.
"""
try:
session_id = cipher.decrypt(ub64decode(eid),
self.ciphertext_length)
except (TypeError, ValueError):
pass
else:
session_id = session_id[self.random_prefix_bytes:]
session_id = ub64encode(session_id)
session = SessionStore(session_key=session_id)
if session.get('encrypted_id') == eid:
# circular import
from .models import RevokedToken
# revoke to prevent replay attacks
if RevokedToken.add(eid):
del session['encrypted_id']
session.save()
return session
raise ValueError('Invalid session id')
def decrypt(self, eid):
"""
Return the SessionStore to which the encrypted identifier is
pointing. Raises ValueError if the identifier is invalid.
"""
try:
session_id = cipher.decrypt(ub64decode(eid),
self.ciphertext_length)
except (TypeError, ValueError):
pass
else:
session_id = session_id[self.random_prefix_bytes:]
session_id = ub64encode(session_id)
session = SessionStore(session_key=session_id)
if session.get('encrypted_id') == eid:
# circular import
from .models import RevokedToken
# revoke to prevent replay attacks
if RevokedToken.add(eid):
del session['encrypted_id']
session.save()
return session
raise ValueError('Invalid session id')
def test_encrypt_decrypt(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid = sessionrefcipher.encrypt(session)
sess = sessionrefcipher.decrypt(eid)
self.assertEqual(sess.get('test'), 'in-test')
def test_encrypt_decrypt(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid = sessionrefcipher.encrypt(session)
sess = sessionrefcipher.decrypt(eid)
self.assertEqual(sess.get('test'), 'in-test')
def test_unique_encrypted_are_generated_after_revocation(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid1 = sessionrefcipher.encrypt(session)
session = sessionrefcipher.decrypt(eid1)
eid2 = sessionrefcipher.encrypt(session)
self.assertNotEqual(eid1, eid2)
def test_unique_encrypted_are_generated_after_revocation(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid1 = sessionrefcipher.encrypt(session)
session = sessionrefcipher.decrypt(eid1)
eid2 = sessionrefcipher.encrypt(session)
self.assertNotEqual(eid1, eid2)
def test_revoked_encrypted_id_raises_valueerror(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid1 = sessionrefcipher.encrypt(session)
session = sessionrefcipher.decrypt(eid1)
eid2 = sessionrefcipher.encrypt(session)
if eid1 == eid2:
raise SkipTest('Non-unique encrypted IDs generated')
self.assertRaises(ValueError, sessionrefcipher.decrypt, eid1)
def test_revoked_encrypted_id_raises_valueerror(self):
session = SessionStore()
session['test'] = 'in-test'
session.save()
eid1 = sessionrefcipher.encrypt(session)
session = sessionrefcipher.decrypt(eid1)
eid2 = sessionrefcipher.encrypt(session)
if eid1 == eid2:
raise SkipTest('Non-unique encrypted IDs generated')
self.assertRaises(ValueError, sessionrefcipher.decrypt, eid1)
def test_request(self):
user = User.objects.create_user('root', 'root')
session = SessionStore()
session.save()
request = HttpRequest()
request.user = user
request.session = session
usage.log('test', request=request, async=False)
event = Log.objects.all()[0]
self.assertEqual(event.user, user)
self.assertEqual(event.session_key, request.session.session_key)
def processSession(skey):
# get the latest session associated with this object
session = SessionStore(skey)
# do not go if the session has already been logged out
if session.get('account') is None or SESSION_KEY not in session:
return
processCometReceivedDict(session, postDict)
# need to save session to commit modifications
session.modified = True
session.save()
# flag all threads with this session_key about the new stuff
# same browser - different tabs
CometSession.objects.update()
for comet in CometSession.objects.filter(session_key=skey):
comet.modified = True
comet.save()
def processSession(skey):
# get the latest session associated with this object
session = SessionStore(skey)
# do not go if the session has already been logged out
if session.get('account') is None or SESSION_KEY not in session:
return
processCometReceivedDict(session, postDict)
# need to save session to commit modifications
session.modified = True
session.save()
# flag all threads with this session_key about the new stuff
# same browser - different tabs
CometSession.objects.update()
for comet in CometSession.objects.filter(session_key=skey):
comet.modified = True
comet.save()
class SessionTestCase(TestCase):
def setUp(self):
self.session = SessionStore()
def tearDown(self):
self.session.delete()
def test_set_and_get(self):
self.session['spam'] = 'egg'
self.assertEqual(self.session.get('spam'), 'egg')
def test_set_and_pop(self):
self.session['spam'] = 'egg'
self.assertEqual(self.session.pop('spam'), 'egg')
self.assertIsNone(self.session.get('spam'))
def test_pop_no_default_keyerror_raised(self):
with self.assertRaises(KeyError):
self.session.pop('spam')
def test_update(self):
self.session.update({'update key': 1})
self.assertEqual(self.session.get('update key', None), 1)
def test_has_key(self):
self.session['spam'] = 'egg'
self.assertIn('spam', self.session)
def test_values(self):
self.assertEqual(list(self.session.values()), [])
self.session['spam'] = 'egg'
self.assertEqual(list(self.session.values()), ['egg'])
def test_keys(self):
self.assertEqual(list(self.session.values()), [])
self.session['spam'] = 'egg'
self.assertEqual(list(self.session.keys()), ['spam'])
def test_items(self):
self.session['spam'] = 'egg'
self.assertEqual(list(self.session.items()), [('spam', 'egg')])
def test_clear(self):
self.session['spam'] = 'egg'
self.session.clear()
self.assertEqual(list(self.session.items()), [])
def test_save(self):
self.session.save()
self.assertIs(self.session.exists(self.session.session_key), True)
def test_delete(self):
self.session.save()
self.session.delete(self.session.session_key)
self.assertIs(self.session.exists(self.session.session_key), False)
def test_flush(self):
self.session['spam'] = 'egg'
self.session.save()
prev_key = self.session.session_key
self.session.flush()
self.assertNotEqual(self.session.session_key, prev_key)
self.assertIsNone(self.session.session_key)
def update_balance(request, update_type, obj=None):
# 创建主题
if update_type == 'create':
# 获取当前用户的id
uid = request.session.get('user_info')['uid']
# 设置改变值
change_balance = -20
# 类型
balance_type = "创建主题"
# 描述
marks = '创建了的主题 > <a href="{_uri}">{_title}</a>'.format(_uri=reverse('topic', args=(obj.topic_sn,)),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
# 创建回复
elif update_type == 'reply':
uid = request.session.get('user_info')['uid']
change_balance = -5
balance_type = "创建回复"
marks = '在主题 > <a href="{_uri}">{_title}</a> 中创建了回复'.format(_uri=reverse('topic', args=(obj.topic_sn,)),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
# 感谢主题
elif update_type == 'thanks':
uid = request.session.get('user_info')['uid']
change_balance = -15
balance_type = "发送谢意"
marks = '感谢 <a href="{_member_uri}">{_author}</a> 的 > <a href="{_uri}">{_title}</a> 主题'.format(
_member_uri=reverse('member', args=(obj.author.username,)), _author=obj.author.username,
_uri=reverse('topic', args=(obj.topic_sn,)), _title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
# 收到感谢
elif update_type == 'recv_thanks':
# 获取基础信息
uid = obj.author_id
change_balance = 10
balance_type = "收到谢意"
marks = '主题 > <a href="{_uri}">{_title}</a> 收到感谢'.format(_uri=reverse('topic', args=(obj.topic_sn,)),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 收到感谢,要查找是谁收到感谢,然后更新此用户的session数据
session = SessionStore(session_key=obj.author.session)
# 如果用户在线,才更新
if session.get('user_info', None):
session['user_info']['balance'] = user_obj.balance
# 在外边使用session 要调用save 保存数据
session.save()
# 主题收到回复
elif update_type == 'reply_recv':
uid = obj.author_id
change_balance = 5
balance_type = "主题回复收益"
marks = '主题 > <a href="{_uri}">{_title}</a> 收到了回复'.format(_uri=reverse('topic', args=(obj.topic_sn,)),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 收到回复,要查找是谁收到回复,然后更新此用户的session数据
session = SessionStore(session_key=obj.author.session)
if session.get('user_info', None):
session['user_info']['balance'] = user_obj.balance
# 在外边使用session 要调用save 保存数据
session.save()
# 编辑主题
elif update_type == 'edit':
uid = obj.author_id
change_balance = -5
balance_type = "编辑主题"
marks = '编辑了主题 > <a href="{_uri}">{_title}</a>'.format(_uri=reverse('topic', args=(obj.topic_sn,)),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') + change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(
user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance
)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
def update_balance(request, update_type, obj=None):
# 创建话题
if update_type == 'create':
# 获取当前用户的id
uid = request.session.get('user_info')['uid']
# 设置改变值
change_balance = -20
# 类型
balance_type = "创建话题"
# 描述
marks = '创建了新话题 > <a href="{_uri}">{_title}</a>'.format(
_uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') +
change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
# 创建回复
elif update_type == 'reply':
uid = request.session.get('user_info')['uid']
change_balance = -5
balance_type = "创建回复"
marks = '在话题 > <a href="{_uri}">{_title}</a> 中创建了回复'.format(
_uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') +
change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
# 感谢话题
elif update_type == 'thanks':
uid = request.session.get('user_info')['uid']
change_balance = -15
balance_type = "发送谢意"
marks = '感谢 <a href="{_member_uri}">{_author}</a> 的 > <a href="{_uri}">{_title}</a> 主题'.format(
_member_uri=reverse('member', args=(obj.author.username, )),
_author=obj.author.username,
_uri=reverse('topic', args=(obj.topic_sn, )),
_title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') +
change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
# 收到感谢
elif update_type == 'recv_thanks':
# 获取基础信息
uid = obj.author_id
change_balance = 10
balance_type = "收到谢意"
marks = '话题 > <a href="{_uri}">{_title}</a> 收到感谢'.format(
_uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') +
change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance)
# 收到感谢,要查找是谁收到感谢,然后更新此用户的session数据
session = SessionStore(session_key=obj.author.session)
# 如果用户在线,才更新
if session.get('user_info', None):
session['user_info']['balance'] = user_obj.balance
# 在外边使用session 要调用save 保存数据
session.save()
# 话题收到回复
elif update_type == 'reply_recv':
uid = obj.author_id
change_balance = 5
balance_type = "话题回复收益"
marks = '话题 > <a href="{_uri}">{_title}</a> 收到了回复'.format(
_uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') +
change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance)
# 收到回复,要查找是谁收到回复,然后更新此用户的session数据
session = SessionStore(session_key=obj.author.session)
if session.get('user_info', None):
session['user_info']['balance'] = user_obj.balance
# 在外边使用session 要调用save 保存数据
session.save()
# 编辑话题
elif update_type == 'edit':
uid = obj.author_id
change_balance = -5
balance_type = "编辑话题"
marks = '编辑了话题 > <a href="{_uri}">{_title}</a>'.format(
_uri=reverse('topic', args=(obj.topic_sn, )), _title=obj.title)
# 更新数据库中的用户余额
UserDetails.objects.filter(user_id=uid).update(balance=F('balance') +
change_balance)
# 获取此用户更新后的balance
user_obj = UserDetails.objects.filter(user_id=uid).first()
# 创建余额变动清单
BalanceInfo.objects.create(user_id=uid,
balance_type=balance_type,
balance=change_balance,
marks=marks,
last_balance=user_obj.balance)
# 更新session 中数据
request.session['user_info']['balance'] = user_obj.balance
