def maskurl(given_url, *args, **kwargs): """ Probable usage: - {% url 'main' %} -> {% maskurl 'main' %} - {% url 'list' 4 %} -> {% maskurl 'main' 4 %} - {% url 'list' 'blah' %} -> {% maskurl 'main' 'blah' %} - {% url 'list' object.id %} -> {% maskurl 'main' object.id %} - {% url 'list' obj1.id obj2.id %} -> {% maskurl 'main' obj1.id obj2.id %} - {% url 'list' obj1.name|title obj2.id|lower %} -> {% maskurl 'main' obj1.id|title obj2.id|lower %} - {{ reversed_url }} -> {% maskurl reversed_url %} After Django 1.7.0 version url built in templatetag returns quoted paths """ maskedurl = "" match = given_url.find("/") == -1 if match: reversed_url = url_reverse(given_url, args=args, kwargs=kwargs) resolved_url = urlunquote(reversed_url) maskedurl = dumps(resolved_url.lstrip('/')) else: maskedurl = dumps(given_url.lstrip('/')) if DJANGO_VERSION >= 170: maskedurl = urlquote(maskedurl) return '/%s' % maskedurl
def add_key(request): """ Add key. Get data and save it in database. :param request: object, POST (user_salt, ssh_key_pub, ssh_key_privat, description) :return: 'SSHKeyStoreApp/add_key.html', form """ if request.method == 'POST': form = ProfileAddEditForm(request.POST) if form.is_valid(): user_salt = form.cleaned_data['user_salt'] ssh_key_pub = form.cleaned_data['ssh_key_pub'] ssh_key_privat = form.cleaned_data['ssh_key_privat'] description = form.cleaned_data['description'] store = SSHStore() user = User.objects.get(pk=request.user.id) store.user_link = user store.user_salt = user_salt value_pub = signing.dumps((ssh_key_pub,), key=settings.SECRET_KEY, salt=user_salt) store.ssh_key_pub = value_pub if ssh_key_privat: value_private = signing.dumps((ssh_key_privat,), key=settings.SECRET_KEY, salt=user_salt) store.ssh_key_privat = value_private store.description = description store.save() return HttpResponseRedirect(reverse('profile:user')) else: form = ProfileAddEditForm() return render(request, 'SSHKeyStoreApp/add_key.html', {'form': form})
def openvas_details(request): with open(openvas_data, 'r+') as f: data = json.load(f) ov_user = data['open_vas_user'] ov_pass = data['open_vas_pass'] ov_ip = data['open_vas_ip'] lod_ov_user = signing.loads(ov_user) lod_ov_pass = signing.loads(ov_pass) lod_ov_ip = signing.loads(ov_ip) if request.method == 'POST': scan_host = request.POST.get("scan_host", ) openvas_user = request.POST.get("openvas_user", ) openvas_password = request.POST.get("openvas_password", ) else: scan_host = lod_ov_user openvas_user = lod_ov_pass openvas_password = lod_ov_ip with open(openvas_data, 'r+') as f: sig_ov_user = signing.dumps(openvas_user) sig_ov_pass = signing.dumps(openvas_password) sig_ov_ip = signing.dumps(scan_host) data = json.load(f) data['open_vas_user'] = sig_ov_user data['open_vas_pass'] = sig_ov_pass data['open_vas_ip'] = sig_ov_ip f.seek(0) json.dump(data, f, indent=4) f.truncate() messages.add_message(request, messages.SUCCESS, 'Openvas Setting Updated ') return render(request, 'setting_form.html', )
def edit_key(request, code): """ Edit data and save it in database. :param request: object, POST (user_salt, ssh_key_pub, ssh_key_privat, description) :param code: models.SSHStore.id :return: Http404 or redirect to views.profile() or "SSHKeyStoreApp/edit_key.html" with form, code """ data = SSHStore.objects.filter(user_link=request.user.id).filter(id=code).values('user_salt', 'ssh_key_pub', 'ssh_key_privat', 'description') if not data: raise Http404("Key error") if request.method == "POST": form = ProfileAddEditForm(request.POST) if form.is_valid(): user_salt = form.cleaned_data['user_salt'] ssh_key_pub = form.cleaned_data['ssh_key_pub'] ssh_key_privat = form.cleaned_data['ssh_key_privat'] description = form.cleaned_data['description'] value_pub = signing.dumps((ssh_key_pub,), key=settings.SECRET_KEY, salt=user_salt) value_private = signing.dumps((ssh_key_privat,), key=settings.SECRET_KEY, salt=user_salt) store = SSHStore.objects.filter(user_link=request.user.id).filter(id=code)[0] store.user_salt = user_salt store.ssh_key_pub = value_pub store.ssh_key_privat = value_private store.description = description store.save() return HttpResponseRedirect(reverse('profile:user')) else: data = forming_data(data) form = ProfileAddEditForm(data[0]) return render(request, "SSHKeyStoreApp/edit_key.html", {'form': form, 'code': code})
def test_dumps_loads(self): "dumps and loads be reversible for any JSON serializable object" objects = [["a", "list"], "a unicode string \u2019", {"a": "dictionary"}] if six.PY2: objects.append(b"a byte string") for o in objects: self.assertNotEqual(o, signing.dumps(o)) self.assertEqual(o, signing.loads(signing.dumps(o))) self.assertNotEqual(o, signing.dumps(o, compress=True)) self.assertEqual(o, signing.loads(signing.dumps(o, compress=True)))
def test_dumps_loads(self): "dumps and loads be reversible for any JSON serializable object" objects = ( ['a', 'list'], 'a string', u'a unicode string \u2019', {'a': 'dictionary'}, ) for o in objects: self.assertNotEqual(o, signing.dumps(o)) self.assertEqual(o, signing.loads(signing.dumps(o)))
def jira_setting(request): if request.method == 'POST': jira_url = request.POST.get('jira_url') jira_username = request.POST.get('jira_username') jira_password = request.POST.get('jira_password') username = signing.dumps(jira_username) password = signing.dumps(jira_password) save_data = jirasetting(jira_server=jira_url, jira_username=username, jira_password=password) save_data.save() return render(request, 'jira_setting_form.html')
def test_dumps_loads(self): "dumps and loads be reversible for any JSON serializable object" objects = [ ['a', 'list'], 'a unicode string \u2019', {'a': 'dictionary'}, ] if six.PY2: objects.append(b'a byte string') for o in objects: self.assertNotEqual(o, signing.dumps(o)) self.assertEqual(o, signing.loads(signing.dumps(o))) self.assertNotEqual(o, signing.dumps(o, compress=True)) self.assertEqual(o, signing.loads(signing.dumps(o, compress=True)))
def form_valid(self, form): self.user = form.cleaned_data['user'] self.search_fields[0] == 'username' email = self.user.username self.mail_signature = signing.dumps(email, salt=self.url_salt) context = { 'site': RequestSite(self.request), 'user': self.user, 'token': signing.dumps(self.user.pk, salt=self.salt), 'secure': self.request.is_secure(), } return render(self.request, 'password_reset/password_reset_message.html', {'context': context} )
def make_request(self, request): """ We need this to be a method and not a function, since we need to have a reference to the shop interface """ order = self.shop.get_order(request) base_url = '%s://%s' % ('https' if request.is_secure() else 'http', request.get_host()) signed_order = signing.dumps({'order_id': order.pk}) xml_request = render_to_string('shop_sofortpayment/xml/new_transaction.xml', { 'project_id': settings.SHOP_SOFORT_PROJECT_ID, 'language_code': get_language(), 'interface_version': 'django-shop-sofortpayment-' + __version__, 'amount': order.order_total, 'currency': settings.SHOP_SOFORT_CURRENCY, 'order_number': order.pk, 'user_name': order.billing_address_text, 'success_url': '%s%s?s=%s' % (base_url, reverse('sofort_success'), signed_order), 'notification_url': '%s%s?s=%s' % (base_url, reverse('sofort_notify'), signed_order), 'abort_url': base_url + reverse('cart'), 'customer_protection': '1' if settings.SHOP_SOFORT_ENABLE_CUSTOMER_PROTECTION else '0', }) response = requests.post( settings.SHOP_SOFORT_API_ENDPOINT, data=xml_request.encode('utf-8'), headers={'Content-Type': 'application/xml; charset=UTF-8'}, auth=(settings.SHOP_SOFORT_CUSTOMER_NUMBER, settings.SHOP_SOFORT_API_KEY), ) if response.status_code == 200: doc = xmltodict.parse(response.content) transaction = SofortTransaction.objects.create( order=order, transaction_number=doc['new_transaction']['transaction'], ) return HttpResponseRedirect(doc['new_transaction']['payment_url']) return render_to_response("shop_sofortpayment/payment.html", context)
def _get_action_url(url_name, user): token = signing.dumps(user.pk, salt=settings.URL_ENCODE_SECRET_KEY) # remove teh token; because signing creates a token with datetime invlved # and tometimes out tests woudl fail because of the time diff involved in # the testing process; so simply generate teh url but remove the token so # at least we guarantee that the url is in the body return ABSOLUTE_BASE_URL(reverse(url_name, kwargs={'token': token})).replace(token, '')
def function_wrapper(request, *args, **kwargs): # Check if the key for the LinkedIn session is in the user's session # and deletes it if it is present. if SESSION_KEY in request.session: del request.session[SESSION_KEY] # Tries to create a LinkedIn client for the current user. try: client = LinkedInClient(request.user.linkedinoauthprofile) except: client = None # If the client for this user was successfully created and the # user's data is not retrieved yet from LinkedIn: checks the # validity of the current access token, if the token is valid # retrieves the data from LinkedIn, if the token is invalid then # requests a new token. if client and SESSION_KEY not in request.COOKIES: if not client.debug_access_token(): return HttpResponseRedirect(reverse( 'socialnetworks:linkedin:login')) else: # Retrieves the data from LinkedIn. data = client.get('people/~:(%s)' % SESSION_FIELDS) # Protects the user potentially sensible data. data = signing.dumps(data) # Stores the retrieved data temporarily in the user session # if required to access it in the view. request.session[SESSION_KEY] = data # Creates the response object and stores the retrieved data # in a signed cookie that its valid only for the seconds # specified in settings. response = function(request, *args, **kwargs) response.set_signed_cookie( SESSION_KEY, value=data, httponly=True, max_age=COOKIE_MAX_AGE ) return response # If there is no client for the current user but it has data stored # in its session (when a user disconnects its profile), removes # the data from its cookies. elif not client and SESSION_KEY in request.COOKIES: # Stores temporarily a empty data for the session, this way # we can check quickly in the view if the user has disconnected # its profile. request.session[SESSION_KEY] = None # Creates the response object and deletes the cookie from it. response = function(request, *args, **kwargs) response.delete_cookie(SESSION_KEY) return response return function(request, *args, **kwargs)
def charge(self, data): if self._capture: params = self._prepare_sale(data) else: params = self._prepare_preauth(data) response = self._make_request(params) self.payment.attrs.capture = self._capture self.payment.transaction_id = response.requestID if response.reasonCode == AUTHENTICATE_REQUIRED: xid = response.payerAuthEnrollReply.xid self.payment.attrs.xid = xid self.payment.change_status( 'waiting', message=_('3-D Secure verification in progress')) action = response.payerAuthEnrollReply.acsURL cc_data = dict(data) expiration = cc_data.pop('expiration') cc_data['expiration'] = { 'month': expiration.month, 'year': expiration.year} cc_data = signing.dumps(cc_data) payload = { 'PaReq': response.payerAuthEnrollReply.paReq, 'TermUrl': self.get_return_url({'token': cc_data}), 'MD': xid} form = BaseForm(data=payload, action=action, autosubmit=True) raise ExternalPostNeeded(form) else: self._set_proper_payment_status_from_reason_code( response.reasonCode)
def get_token_for_user(user): """ Generate a new signed token containing a specified user. """ data = {"user_id": user.id} return signing.dumps(data)
def confirm_user(id, username): token = signing.dumps({'user_id': id}) url = reverse('user:confirm', kwargs={'token': token}) subject = '{}, 激活你的帐户'.format(username) message = render_to_string('user/confirm.tpl', {'url': url}) mail_sent = send_mail(subject, message, settings.EMAIL_HOST_USER, ['*****@*****.**']) return mail_sent
def test_activation_signal(self): self.client.post( reverse('registration_register'), data=self.valid_data ) activation_key = signing.dumps( obj=self.valid_data[self.user_model.USERNAME_FIELD], salt=REGISTRATION_SALT ) with self.assertSignalSent(signals.user_activated, required_kwargs=['user', 'request']) as cm: self.client.get( reverse( 'registration_activate', args=(), kwargs={'activation_key': activation_key} ) ) self.assertEqual( getattr(cm.received_kwargs['user'], self.user_model.USERNAME_FIELD), self.valid_data[self.user_model.USERNAME_FIELD] ) self.assertTrue( isinstance(cm.received_kwargs['request'], HttpRequest) )
def test_activation(self): """ Activation of an account functions properly. """ resp = self.client.post( reverse('registration_register'), data=self.valid_data ) activation_key = signing.dumps( obj=self.valid_data[self.user_model.USERNAME_FIELD], salt=REGISTRATION_SALT ) with self.assertSignalSent(signals.user_activated): resp = self.client.get( reverse( 'registration_activate', args=(), kwargs={'activation_key': activation_key} ) ) self.assertRedirects(resp, reverse('registration_activation_complete'))
def form_valid(self, form): email = form.cleaned_data['email'] token = signing.dumps({ 'email': email, 'user_pk': self.request.user.pk, }) link = '{0}?token={1}'.format( reverse('email-change-verify'), token) link = self.request.build_absolute_uri(link) ctx = {'email': email, 'user': self.request.user, 'link': link, 'domain': self.request.get_host(), } subject = render_to_string(self.subject_template, ctx).strip() body = render_to_string(self.body_template, ctx) mail.EmailMessage(subject=subject, body=body, to=[email]).send() messages.info(self.request, _('Your request for changing your email ' 'is received. An email of validation ' 'was sent to you. Please click on the ' 'link contained inside.')) logging.getLogger(__name__).info('email change request by %s', self.request.user) return super(EmailChangeView, self).form_valid(form)
def test_nonexistent_activation(self): """ A nonexistent username in an activation key will fail to activate. """ activation_key = signing.dumps( obj='parrot', salt=REGISTRATION_SALT ) with self.assertSignalNotSent(signals.user_activated): resp = self.client.get( reverse( 'registration_activate', args=(), kwargs={'activation_key': activation_key} ) ) self.assertEqual(200, resp.status_code) self.assertTemplateUsed(resp, 'registration/activate.html') self.assertTrue('activation_error' in resp.context) self.assertEqual( resp.context['activation_error'], {'message': ActivationView.BAD_USERNAME_MESSAGE, 'code': 'bad_username', 'params': None} )
def get(self, *args, **kwargs): data = signing.dumps(self.get_data(self.request)) response = super(SwitchAccount, self).get(*args, **kwargs) response.set_cookie('switch_account', data) return response
def send_registration_mail(request, email, template_names, next_url=None, ctx=None, **kwargs): '''Send a registration mail to an user. All given kwargs will be used to completed the user model. Can raise an smtplib.SMTPException ''' if isinstance(template_names, basestring): template_names = [template_names] # signed token data = kwargs.copy() data['email'] = email data[REDIRECT_FIELD_NAME] = next_url registration_token = signing.dumps(data) activate_url = request.build_absolute_uri(reverse('registration_activate', kwargs={'registration_token': registration_token})) # ctx for rendering the templates ctx = ctx.copy() ctx.update({ 'registration_url': activate_url, 'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'email': email, 'request': request, 'site': request.get_host() }) send_templated_mail(email, template_names, ctx)
def register_view(request): form = UserRegistrationForm(request.POST or None, request.FILES or None) if request.user.is_authenticated(): return redirect('login_view') if request.method == 'POST': if form.is_valid(): form.save() email = form.cleaned_data['email'] password = form.cleaned_data['password1'] activation_key = signing.dumps({'email': email}) user = User.objects.get(email=email) UserActivation.objects.filter(user=user).delete() new_activation = UserActivation(user=user, activation_key=activation_key, request_time=timezone.now()) new_activation.save() mailing.confirm_email(email, activation_key) notification = Notification(user=user, text='Пожалуйста, активируйте ваш профиль, перейдя по ссылке в письме на вашем почтовом ящике') notification.save() user = auth.authenticate(username=email, password=password) auth.login(request, user) return redirect('index_view') else: messages.warning(request, "Здесь есть неверно заполненные поля!") return render(request, 'reg.html', {'form': form}) return render(request, 'reg.html', {'form': form})
def generate_api_token(user): """Generate a new API token for a given user.""" data = { 'auth_hash': user.get_session_auth_hash(), 'user_id': user.pk, } return signing.dumps(data, salt=WebTokenAuthentication.salt)
def sendmail(self, payment): __dir__ = os.path.dirname(os.path.abspath(__file__)) if payment.status == 'success': mailfile = "mailsuccess.txt" status = "оплачен" if payment.status == 'waitAccept': mailfile = "mailpending.txt" status = "в обработке" if payment.status == 'canceled': mailfile = "mailcancel.txt" status = "отменен" signer = Signer() value = signing.dumps({"id": payment.paymentid}) link = 'http://biblio.land/payment/' + value with open(os.path.join(__dir__, mailfile), "r") as myfile: message = myfile.read().format( link, payment.email, payment.paymentid) send_mail('Магазин электронных книг Библиоленд. Заказ №{0} {1}.'.format( payment.paymentid, status), message, '*****@*****.**', (payment.email,))
def test_provider_redirects_on_success_preauth_payment( self, mocked_request, mocked_redirect): provider = CyberSourceProvider( merchant_id=MERCHANT_ID, password=PASSWORD, org_id=ORG_ID, capture=False) transaction_id = 1234 xid = 'abc' self.payment.attrs.xid = xid response = MagicMock() response.requestID = transaction_id response.reasonCode = ACCEPTED mocked_request.return_value = response request = MagicMock() request.POST = {'MD': xid} request.GET = {'token': signing.dumps({ 'expiration': {'year': 2020, 'month': 9}, 'name': 'John Doe', 'number': '371449635398431', 'cvv2': '123' })} provider.process_data(self.payment, request) self.assertEqual(self.payment.status, 'preauth') self.assertEqual(self.payment.captured_amount, 0) self.assertEqual(self.payment.transaction_id, transaction_id)
def start(request): if request.method == 'POST': # no_bans = bool(request.POST.get('no_bans')) # picks_first = bool(request.POST.get('picks_first')) first_user = PickUser() second_user = PickUser() first_user.battle_tag = request.POST.get('battle_tag') second_user.battle_tag = request.POST.get('opponent_battle_tag') first_user.save() second_user.save() new_pick = Pick(first_user=first_user, second_user=second_user) # new_pick.no_bans = no_bans # new_pick.picks_first = picks_first # if no_bans: # new_pick.picks_first = True # new_pick.first_bans_finished = True # new_pick.second_bans_finished = True new_pick.save() # Create urlsafe sha1 signed base64 string data_container = dict() # Contains info about database object and user role data_container['pk'] = new_pick.pk data_container['role'] = 'first' first_link = signing.dumps(data_container) return redirect(reverse('classpicker:main', kwargs={'code': first_link})) pick_start_form = PickStartForm return render(request, 'classpicker/start.html', {'pick_start_form': pick_start_form})
def test_no_auth_hash_in_payload(self): data = { 'user_id': self.user.pk, } token = signing.dumps(data, salt=WebTokenAuthentication.salt) with self.assertRaises(AuthenticationFailed): self._authenticate(token)
def form_valid(self, form, formset): # We allow users to preview their purchase. # We serialize all form data into one json object that is then # signed using django.core.signing self.stage = 'preview' serialized_data = self.serialize(form, formset) signed_data = signing.dumps(serialized_data, salt=self.salt, compress=True) purchase = form.cleaned_data tickets = [] payment_total = 0.0 for tform in formset.changed_forms: t = tform.cleaned_data # Copy for template access t['ticket_type'] = t['ticket_type_id'] t['user'] = t['user_id'] t['sponsor'] = t['sponsor_id'] payment_total += t['ticket_type_id'].fee tickets.append(t) purchase['payment_total'] = payment_total ctx = self.get_context_data(signed_data=signed_data, purchase=purchase, tickets=tickets) return self.render_to_response(ctx)
def get_token_for_user(user, scope): """ Generate a new signed token containing a specified user limited for a scope (identified as a string). """ data = {"user_%s_id" % (scope): user.id} return signing.dumps(data)
def forget_password(self, request, **kwargs): try: self.method_check(request, allowed=('post',)) data = self.deserialize(request, request.body, format=request.META.get('CONTENT_TYPE', 'application/json')) user = User.objects(email=data.get('email')).first() if user is None: return self.create_response(request, {'error_message': 'email error'}, HttpBadRequest) token = signing.dumps(user.id, key=SECRET_KEY) PwdRstToken.objects(user=user).update_one( set__token = token, set__generated_at = datetime.utcnow(), set__expires = 10, set__validated = False, upsert = True ) if DEBUG: link = reverse('api_reset_password', kwargs={'resource_name': self._meta.resource_name, 'api_name': 'v1', 'user_id': user.id}) else: link = u'http://{}/{}/api/v1/user/{}/rstpwd/'.format(HOST, APP_NAME, user.id) url = u'{}?token={}&format=json'.format(request.build_absolute_uri(link), token) c = Context({'user': user, 'APP_NAME': APP_NAME, 'url': url}) html_content = loader.get_template('fgtpwd.html').render(c) email = EmailMultiAlternatives(u'验证登录邮箱【{}安全中心 】'.format(APP_NAME), '', EMAIL_HOST_USER, [user.email]) email.attach_alternative(html_content, "text/html") email.send() return self.create_response(request, {'success': True}) except: traceback.print_exc() raise
def sign_submission_metadata(data): return signing.dumps(data, salt=SUBMISSION_RECEIVED_SALT, compress=True)
def generate_token(user_id: int, **kwargs): j = dict(user_id=user_id) j.update(kwargs) value = signing.dumps(j, salt=settings.SECRET_KEY) return value
def make_local_part(conversation, user): signed_part = signing.dumps([conversation.id, user.id]) signed_part = signed_part.encode('utf8') encoded = b64encode(signed_part) return encoded.decode('utf8')
def _get_activation_key(phone_number): return signing.dumps(obj={'phone_number': str(phone_number)}, salt=SALT)
def user_secret_switch_key(self): return signing.dumps({settings.SWITCH_HASH_KEY: self.pk})
def function_wrapper(request, *args, **kwargs): # Check if the key for the Moves app session is in the user's session # and deletes it if it is present. if SESSION_KEY in request.session: del request.session[SESSION_KEY] # Tries to create a Moves app client for the current user. try: client = MovesAppClient(request.user.movesappoauthprofile) except: client = None # If the client for this user was successfully created and the # user's data is not retrieved yet from Moves app: checks the # validity of the current access token, if the token is valid # retrieves the data from Moves app, if the token is invalid then # requests a new token. if client and SESSION_KEY not in request.COOKIES: if not client.debug_access_token(): return HttpResponseRedirect( reverse('socialnetworks:moves-app:login')) else: # Retrieves the data from Moves app. data = client.get('user/profile') # Protects the user potentially sensible data. data = signing.dumps(data) # Stores the retrieved data temporarily in the user session # if required to access it in the view. request.session[SESSION_KEY] = data # Creates the response object and stores the retrieved data # in a signed cookie that its valid only for the seconds # specified in settings. response = function(request, *args, **kwargs) response.set_signed_cookie(SESSION_KEY, value=data, httponly=True, max_age=COOKIE_MAX_AGE) return response # If there is no client for the current user but it has data stored # in its session (when a user disconnects its profile), removes # the data from its cookies. elif not client and SESSION_KEY in request.COOKIES: # Stores temporarily a empty data for the session, this way # we can check quickly in the view if the user has disconnected # its profile. request.session[SESSION_KEY] = None # Creates the response object and deletes the cookie from it. response = function(request, *args, **kwargs) response.delete_cookie(SESSION_KEY) return response return function(request, *args, **kwargs)
def get(self, request): user = request.user thing_to_sign = {'u': user.id, 'what': 'export'} signature = signing.dumps(thing_to_sign) export_url = reverse('export', kwargs={'signature': signature}) return Response({'url': export_url})
def sign(self) -> None: self._signed_data = signing.dumps(self._body)
def generate_sign(self): return signing.dumps(self.pk)
def handleRequest(request): form = request.POST response_dict = dict() checksum = "" for i in form.keys(): response_dict[i] = form[i] if i == "CHECKSUMHASH": checksum = form[i] verify = Checksum.verify_checksum(response_dict, MERCHANT_KEY, checksum) if verify: if response_dict["RESPCODE"] == "01": messages.success(request, "Payment Successful ") email = response_dict["ORDERID"][:-16] print("----email----", email) mail_dict = { 'email': email, 'response_dict': response_dict, 'STATUS': response_dict["STATUS"] } print(mail_dict) subject = "XpressXerox:- Order Placed" html_message = render_to_string('action/Transaction_Mail.html', mail_dict) message = 'strip_tags(html_message)' sender = EMAIL_HOST_USER receiver = email send_mail(subject=subject, message=message, from_email=sender, recipient_list=[receiver], html_message=html_message) print("transaction is completed and , Mail has been send") trans = response_dict["ORDERID"].replace("@", "-") + currentTime() print("------trans------", trans) trans = signing.dumps(trans, key="secreat_key_for_url", salt="more_encryption_@9160") url = "https://xpressxerox.pythonanywhere.com/action/userDashboard/?tran=" + trans return HttpResponsePermanentRedirect(url) elif response_dict["RESPCODE"] == "400" or response_dict[ "RESPCODE"] == "402": messages.error(request, "Payment is Pending ") email = response_dict["ORDERID"][:-16] print("----email----", email) mail_dict = { 'email': email, 'response_dict': response_dict, 'STATUS': response_dict["STATUS"] } print(mail_dict) subject = "XpressXerox:- Transaction is Pending" html_message = render_to_string('action/Transaction_Mail.html', mail_dict) message = 'strip_tags(html_message)' sender = EMAIL_HOST_USER receiver = email send_mail(subject=subject, message=message, from_email=sender, recipient_list=[receiver], html_message=html_message) print("transaction is Pending and , Mail has been send") url = "https://xpressxerox.pythonanywhere.com/action/userDashboard/?tran=pending&OID={}".format( response_dict["ORDERID"]) return HttpResponsePermanentRedirect(url) else: messages.error(request, response_dict['RESPMSG']) return HttpResponsePermanentRedirect( "https://xpressxerox.pythonanywhere.com/action/userDashboard/?tran=fail" ) else: return redirect("action:userDashboard")
def get_download_url(self): from zentral.utils.api_views import API_SECRET token = signing.dumps({"pk": self.pk}, salt="monolith", key=API_SECRET) return "{}{}".format( settings["api"]["tls_hostname"], reverse("monolith:download_printer_ppd", args=(token, )))
def encrypt(data): return signing.dumps(data)
def form_valid(self, form): identifier = form.cleaned_data["email"] # Identify user user = None if self.looks_like_email(identifier): user = models.CoreUser.objects.filter(email=identifier).first() if not user: user = models.CoreUser.objects.filter( username=identifier).first() # Check reset method if user: # Check if this user has been locked out if is_user_already_locked(user.username): return lockout_response(self.request) # Store the id of the user that we found in our search self.request.session["lookup_user_id"] = str(user.id) # Check if user has email or security questions. if user.email: form.cleaned_data["email"] = user.email elif user.has_security_questions: self.success_url = reverse("reset_password_security_questions") else: # This should never be the case. print("User %s cannot reset their password." % identifier) elif not user: client_id = utils.get_session_data( self.request, constants.SessionKeys.CLIENT_ID ) if client_id: # Let it raise a DoesNotExist error. Something is very wrong # if that is the case. client = Client.objects.get(id=client_id) try: user = TemporaryMigrationUserStore.objects.get( username=identifier, client_id=client.client_id ) if not user.answer_one and not user.answer_two: # If the user does not have a single answer, add a # message and redirect back to the current view. messages.warning( self.request, _("We are sorry, your account can not perform this action") ) # Redirect to current url with entire querystring # present. return redirect(self.request.get_full_path()) token = signing.dumps( user.id, salt="ge-migration-user-pwd-reset" ) # TODO: Client will raise eventually, after pwd reset there # is no way to enter back into login flow. Outside the # scope of GE-1085 to add. That is the current expected # behaviour. #querystring = urllib.parse.quote_plus( # self.request.GET.get("persist_query", "") #) url = reverse( "user_migration:question_gate", kwargs={ "token": token } ) return redirect(url) except TemporaryMigrationUserStore.DoesNotExist: pass return HttpResponseRedirect(reverse("password_reset_done")) return super(ResetPasswordView, self).form_valid(form)
def get_activation_key(user): return signing.dumps(obj=getattr(user, user.USERNAME_FIELD), salt=SIGNUP_SALT)
def encryption(self, *args, **kwargs): time_stamp = TimestampSigner() data = signing.dumps(kwargs) data = time_stamp.sign(data) return data
def Encrypt(value): data = signing.dumps(value) data = signing.b64_encode(data.encode()).decode() return data
def get_activation_key(self, user): return signing.dumps(obj=user.get_username(), salt=REGISTRATION_SALT)
def get_renewal_link(self): return reverse('members:corporate-members-renew', kwargs={'token': signing.dumps(self.pk)})
def post(self, request, **kwargs): """ --- parameters: - name: slug type: string paramType: path description: The slug of the issuer whose roles to modify. required: true - name: action type: string paramType: form description: The action to perform on the user. Must be one of 'add', 'modify', or 'remove'. required: true - name: username type: string paramType: form description: The username of the user to add or remove from this role. required: false - name: email type: string paramType: form description: A verified email address of the user to add or remove from this role. required: false - name: role type: string paramType: form description: Role to set user as. One of 'owner', 'editor', or 'staff' defaultValue: staff required: false """ # validate POST data serializer = IssuerRoleActionSerializerV1(data=request.data) if not serializer.is_valid(): return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) current_issuer = self.get_object(request, **kwargs) if not self.has_object_permissions(request, current_issuer): return Response( "Issuer not found. Authenticated user must be Issuer's owner to modify user permissions.", status=status.HTTP_404_NOT_FOUND) if not request.user.is_superuser and request.user not in current_issuer.owners: raise PermissionDenied( "Must be an owner of an issuer profile to modify permissions") try: if serializer.validated_data.get('username'): user_id = serializer.validated_data.get('username') user_to_modify = get_user_model().objects.get(username=user_id) else: user_id = serializer.validated_data.get('email') matching_email = [ email for email in CachedEmailAddress.objects.filter( email=user_id, verified=True) if email.user.has_surf_conext_social_account() ] if not matching_email: raise CachedEmailAddress.DoesNotExist user_to_modify = matching_email[0].user except ( get_user_model().DoesNotExist, CachedEmailAddress.DoesNotExist, ): error_text = "User not found. Email must be verified and correspond to an existing user with a teacher account." if user_id is None: error_text = 'User not found. Neither email address or username was provided.' return Response(error_text, status=status.HTTP_404_NOT_FOUND) if user_to_modify == request.user: return Response( "Cannot modify your own permissions on an issuer profile", status=status.HTTP_400_BAD_REQUEST) action = serializer.validated_data.get('action') if action == 'add': role = serializer.validated_data.get('role') if IssuerStaff.objects.filter(user=user_to_modify, issuer=current_issuer, role=role).exists(): raise ValidationError( "Could not add user to staff list. User already in staff list." ) else: value = json_dumps({ 'issuer_pk': current_issuer.pk, 'staff_pk': user_to_modify.pk, 'role': role }) code = signing.dumps(obj=value, salt=getattr(settings, 'ACCOUNT_SALT', 'salty_stuff')) url = urljoin( user_to_modify.get_badgr_app().public_pages_redirect, '/accept-staff-membership/' + code) message = EmailMessageMaker.create_staff_member_addition_email( url, current_issuer, role, expiration=settings.STAFF_MEMBER_CONFIRMATION_EXPIRE_DAYS) user_to_modify.email_user( subject='You have been added to an Issuer', message=message) return Response( "Succesfully invited user to become staff member.", status=status.HTTP_200_OK) elif action == 'modify': role = serializer.validated_data.get('role') try: staff_instance = IssuerStaff.objects.get(user=user_to_modify, issuer=current_issuer) staff_instance.role = role staff_instance.save(update_fields=('role', )) except IssuerStaff.DoesNotExist: raise ValidationError( "Cannot modify staff record. Matching staff record does not exist." ) elif action == 'remove': staff_instance = IssuerStaff.objects.get(user=user_to_modify, issuer=current_issuer) if staff_instance.is_signer: raise ValidationError( "Cannot remove staff member who is a signer.") staff_instance.delete() if not user_to_modify.staff_memberships(): user_to_modify.loses_permission('view_issuer_tab', BadgeUser) user_to_modify.save() current_issuer.publish() user_to_modify.publish() return Response("User %s has been removed from %s staff." % (user_to_modify.username, current_issuer.name), status=status.HTTP_200_OK) # update cached issuers and badgeclasses for user user_to_modify.save() return Response(IssuerStaffSerializerV1(staff_instance).data)
def timestamp_sign(string): # double signing because the timestamp signer leaves the plaintext string prefixing its output return signing.dumps(dict(timestamped_username=TimestampSigner().sign(string)))
import json from unittest.mock import Mock, patch from django.contrib.auth import get_user_model from django.core.signing import dumps from django.urls import reverse from microsoft_auth.views import AuthenticateCallbackView from . import TestCase TOKEN = "e4675ea8d28a41b8b416fe9ed1fb52b1e4675ea8d28a41b8b416fe9ed1fb52b1" STATE = dumps({"token": TOKEN}, salt="microsoft_auth") EXPIRED_STATE = ( "e4675ea8d28a41b8b416fe9ed1fb52b1e4675ea8d28a41b8b416fe9ed1fb52b1:" "1h5CgL:G-QiLZ3hetUPgrdpJlvAfXkZ2RQ") TEST_ERROR = "test" TEST_ERROR_DESCRIPTION = "some_error" class ViewsTests(TestCase): def setUp(self): super().setUp() User = get_user_model() self.user = User.objects.create(username="******") def test_authenticate_callback_bad_method(self): response = self.client.get(reverse("microsoft_auth:auth-callback"))
def get_answers(request, form_id): d_form = Discourse_form.objects.get(id=form_id) text = d_form.text clean_text = clean_spaces(text.splitlines()) if request.method == 'POST': form = TeacherDiscourseForm(request.POST) if form.is_valid(): # save form answer email = form.cleaned_data['email'] dialogic_list = form.cleaned_data['dialogic'] ans_form, created = Form_answer.objects.get_or_create(form=d_form, user=email) ans_form.dialogic = "-".join(dialogic_list) if created: ans_form.save() else: # delete all subjects related to ans_form Answered_subject.objects.filter(ans_form=ans_form).delete() # delete all copus code with this stuff Answered_copus_code.objects.filter(ans_form=ans_form).delete() # delete all copus code with this stuff Answered_dialogic_phrases.objects.filter( ans_form=ans_form).delete() # ans_form.done = False ans_form.save() # save subject subject = form.cleaned_data['subject'] subject_NA = False for s in subject: if str(s) == 'Ninguna de las anteriores': subject_NA = True ans_sub = Answered_subject(ans_form=ans_form, subject=s) ans_sub.save() # save copus codes copus_codes = form.cleaned_data['copus_code'] for code in copus_codes: ans_copus = Answered_copus_code(ans_form=ans_form, copus_code=code) ans_copus.save() cc_phrases_name = 'input_id_copus_code_' + str( ans_copus.copus_code.pk - 1) for key, value in request.POST.items(): if key.startswith(cc_phrases_name): if type(value) == list: for element in value: index_phrases = clean_text.index(element) + 1 ans_phrases = Answered_copus_phrases( copus=ans_copus, ans_form=ans_form, phrases=element, code=index_phrases) ans_phrases.save() else: index_phrases = clean_text.index(value) + 1 ans_phrases = Answered_copus_phrases( copus=ans_copus, ans_form=ans_form, phrases=value, code=index_phrases) ans_phrases.save() if not 'NA' in dialogic_list: for dialogic in dialogic_list: if dialogic.startswith('A'): dialogic_id = 0 else: dialogic_id = 1 d_phrases_name = 'input_id_dialogic_' + str(dialogic_id) print(d_phrases_name) for key, value in request.POST.items(): if key.startswith(d_phrases_name): if type(value) == list: for element in value: index_phrases = clean_text.index( element) + 1 ans_phrases = Answered_dialogic_phrases( dialogic=dialogic, ans_form=ans_form, phrases=element, code=index_phrases) ans_phrases.save() else: index_phrases = clean_text.index(value) + 1 ans_phrases = Answered_dialogic_phrases( dialogic=dialogic, ans_form=ans_form, phrases=value, code=index_phrases) ans_phrases.save() # redirect to next form crypted_mail = signing.dumps(email) if subject_NA: # Ningun subject ans_form.done = True ans_form.save() return HttpResponseRedirect(reverse('discourse_form:thanks')) return HttpResponseRedirect( reverse('discourse_form:question_2', kwargs={ 'form_id': form_id, 'user': crypted_mail })) # if a GET (or any other method) we'll create a blank form else: form = TeacherDiscourseForm() return render(request, 'formulario.html', { 'form': form, 'text': clean_text, 'form_id': form_id }) #[x if x!=" " else "-" for x in text.splitlines()]})
def test_user_absent_wrong_token(client): token = signing.dumps({"user_id": 1, "event_id": 2}, salt="unknown") resp = client.get(reverse("event:user_absent", args=[token])) assert resp.status_code == 302 assert resp["Location"] == reverse("event:list")
def generate_validation_token(self): """Generate user token for account validation.""" data = {'email': self.email} return signing.dumps(data)
def generate_confirm_token(self): '''生成用户确认签名''' token = signing.dumps({'confirm': self.id}) return token
def _get_pk_val(self): if self.xtd_comment: return self.xtd_comment._get_pk_val() else: content_type = "%s.%s" % self.content_type.natural_key() return signing.dumps("%s:%s" % (content_type, self.object_pk))
def mutate(root, info, auth): user = User.objects.filter(username=auth.username).first() if not user or not user.check_password(auth.password): raise GraphQLError('username or password is invalid.') return CreateToken(token=signing.dumps(user.id))
import os from django.core import signing # 引入环境变量DjangoTest2.settings os.environ['DJANGO_SETTINGS_MODULE'] = 'DjangoTest2.settings' value = signing.dumps({"foo": "bar"}) src = signing.loads(value) print(value) print(src) print(type(src))
def get_verification_key(self): key = signing.dumps( obj=getattr(self, self.USERNAME_FIELD), salt=settings.SECRET_KEY, ) return key
def key(self): return signing.dumps(obj=self.email_address.pk, salt='~28cUebFxB!FUiei')