示例#1
0
 def test_adzerk_returns_none_sponsored(self):
     self.populate_es()
     signer = TimestampSigner()
     with mock.patch('olympia.shelves.views.get_addons_from_adzerk') as get:
         get.return_value = {
             str(self.sponsored_ext.id): {
                 'impression': '123456',
                 'click': 'abcdef'},
             str(self.sponsored_theme.id): {
                 'impression': '012345',
                 'click': 'bcdefg'},
             str(self.verified_ext.id): {
                 'impression': '55656',
                 'click': 'efef'},
             str(self.not_promoted.id): {
                 'impression': '735754',
                 'click': 'jydh'},
             '0': {
                 'impression': '',
                 'click': ''},
         }
         data = self.perform_search()
         get.assert_called_with(6)
     # non sponsored are ignored
     assert data['count'] == 2
     assert len(data['results']) == 2
     assert data['impression_data'] == signer.sign('123456,012345')
     assert {(itm['id'], itm['click_data']) for itm in data['results']} == {
         (self.sponsored_ext.pk, signer.sign('abcdef')),
         (self.sponsored_theme.pk, signer.sign('bcdefg')),
     }
示例#2
0
    def test_impression_endpoint(self, ping_mock):
        url = reverse_ns('sponsored-shelf-impression')
        # no data
        response = self.client.post(url)
        assert response.status_code == 400, response.content
        ping_mock.assert_not_called()

        # bad data
        response = self.client.post(url, {'impression_data': 'dfdfd:3434'})
        assert response.status_code == 400
        ping_mock.assert_not_called()

        # good data
        signer = TimestampSigner()
        impressions = ['i.gif?e=assfsf', 'i.gif?e=fwafsf']
        data = signer.sign(','.join(impressions))
        response = self.client.post(url, {'impression_data': data})
        assert response.status_code == 202
        ping_mock.assert_has_calls([
            mock.call(
                f'https://e-10521.adzerk.net/{im}', type='impression')
            for im in impressions])
        assert response.content == b''

        # good data but stale
        ping_mock.reset_mock()
        with freeze_time('2020-01-01') as freezer:
            data = signer.sign(','.join(impressions))
            freezer.tick(delta=timedelta(seconds=61))
            response = self.client.post(url, {'impression_data': data})
            assert response.status_code == 400
            ping_mock.assert_not_called()
示例#3
0
    def test_click_endpoint(self, ping_mock):
        url = reverse_ns('sponsored-shelf-click')
        # no data
        response = self.client.post(url)
        assert response.status_code == 400
        ping_mock.assert_not_called()

        # bad data
        response = self.client.post(url, {'click_data': 'r?dfdfd:3434'})
        assert response.status_code == 400
        ping_mock.assert_not_called()

        # good data
        signer = TimestampSigner()
        click = 'sdwwdw'
        data = signer.sign(click)
        response = self.client.post(url, {'click_data': data})
        assert response.status_code == 202, response.content
        ping_mock.assert_called_with(
            f'https://e-10521.adzerk.net/{click}', type='click')
        assert response.content == b''

        # good data but stale
        ping_mock.reset_mock()
        with freeze_time('2020-01-01') as freezer:
            data = signer.sign(click)
            freezer.tick(delta=timedelta(days=1, minutes=1))
            response = self.client.post(url, {'click_data': data})
            assert response.status_code == 400
            ping_mock.assert_not_called()
示例#4
0
 def test_adzerk_returns_none_sponsored(self):
     self.populate_es()
     signer = TimestampSigner()
     log_msg = (
         'Addon id [%s] returned from Adzerk, but not in a valid Promoted '
         'group [%s]')
     log_groups = 'Sponsored; Verified; By Firefox'
     with mock.patch('olympia.shelves.views.get_addons_from_adzerk') as get:
         get.return_value = {
             str(self.sponsored_ext.id): {
                 'impression': '123456',
                 'click': 'abcdef'
             },
             str(self.sponsored_theme.id): {
                 'impression': '012345',
                 'click': 'bcdefg',
             },
             str(self.verified_ext.id): {
                 'impression': '55656',
                 'click': 'efef'
             },
             str(self.recommended_ext.id): {
                 'impression': '9494',
                 'click': '4839'
             },
             str(self.not_promoted.id): {
                 'impression': '735754',
                 'click': 'jydh'
             },
             '0': {
                 'impression': '',
                 'click': ''
             },
         }
         with mock.patch('django_statsd.clients.statsd.incr') as incr_mock:
             with mock.patch('olympia.shelves.views.log.error') as log_mock:
                 data = self.perform_search()
         incr_mock.assert_any_call('services.adzerk.elasticsearch_miss', 3)
         log_mock.assert_has_calls((
             mock.call(log_msg, str(self.recommended_ext.id), log_groups),
             mock.call(log_msg, str(self.not_promoted.id), log_groups),
             mock.call(log_msg, '0', log_groups),
         ))
         get.assert_called_with(6)
     # non .can_be_returned_from_azerk are ignored
     assert data['count'] == 3
     assert len(data['results']) == 3
     assert data['impression_data'] == signer.sign('123456,012345,55656')
     assert {(itm['id'], itm['click_data'])
             for itm in data['results']} == {
                 (self.sponsored_ext.pk, signer.sign('abcdef')),
                 (self.sponsored_theme.pk, signer.sign('bcdefg')),
                 (self.verified_ext.pk, signer.sign('efef')),
             }
示例#5
0
def dumps_qs_query(query):
    serialized_str = base64.b64encode(zlib.compress(
        pickle.dumps(query))).decode()
    signer = TimestampSigner()
    signed_data = signer.sign(serialized_str)
    payload = {'data': signed_data}
    return mark_safe(json.dumps(payload))
示例#6
0
    def provision(self, prefix="", user=None):
        nonce = self.random_nonce(prefix)
        user_id = user.pk if user else ""
        payload = "%s:%s" % (nonce, user_id)

        signer = TimestampSigner()
        return signer.sign(payload)
    def post(self, request, *args, **kwargs):
        try:
            data = confirm(request)
        except PaymentError as e:
            messages.error(self.request, str(e))
            self.restore_frozen_basket()
            logger.exception(e)
            return TemplateResponse(request, 'worldpay/worldpay_response.html', {'url': self.request.build_absolute_uri(reverse("worldpay-fail") + "?error=%s" % str(e))})

        basket = Basket.objects.get(pk=data['M_basket'])
        basket.strategy = Selector().strategy()
        
        if data['M_user'] == 'None':
            user = AnonymousUser()
        else:
            user = User.objects.get(pk=data['M_user'])
        
        # Fetch submission data out of session
        order_number = data['cartId']
        total = Decimal(data['amount'])
        
        # Record payment source
        source_type, is_created = SourceType.objects.get_or_create(name='WorldPay')
        source = Source(source_type=source_type,
                        currency=data['currency'],
                        amount_allocated=total,
                        amount_debited=total,
                        reference=data['transId'])
        self.add_payment_source(source)
        self.add_payment_event('paid', total, reference=data['transId'])
        
        shipping_address = ShippingAddress.objects.get(pk=data['M_shipping_address'])
        if data['M_billing_address'] == 'None':
            billing_address = None
        else:
            billing_address = BillingAddress.objects.get(pk=data['M_billing_address'])
        
        shipping_methods = Repository().get_shipping_methods(basket, user=user, shipping_addr=shipping_address)
        shipping_method = [method for method in shipping_methods if method.code == data['M_shipping_method']][0]
        
        order_kwargs = json.loads(data['M_order_kwargs'])
        # Place order
        calc_total = self.get_order_totals(basket, shipping_method.calculate(basket))
        self.handle_order_placement(
            order_number,
            user,
            basket,
            shipping_address,
            shipping_method,
            shipping_method.calculate(basket),
            billing_address,
            calc_total,
            **order_kwargs
        )
        
        signer = TimestampSigner()
        order_number = signer.sign(order_number)
        success_url = self.request.build_absolute_uri(reverse("worldpay-success") + '?order_number=%s' % (order_number))
        
        return TemplateResponse(request, 'worldpay/worldpay_response.html', {'url': success_url})
示例#8
0
def check_email(request):
    """Function"""
    email = request.POST.get('email')

    if User.objects.filter(email__iexact=email).exists():
        msg = u"이미 존재하는 이메일 주소입니다. 비밀번호 찾기를 이용해 보세요."
        data = {
            'msg': msg,
        }
        return JsonResponse(data, status=201)

    signer = TimestampSigner()
    value = signer.sign(email)
    subject = u'[노룩뉴스] 회원가입 인증 메일입니다.'
    body = u'인증코드(이메일주소 포함): %s' % value

    try:
        send_mail(subject, body, settings.EMAIL_HOST_USER, [email], fail_silently=False)
        msg = u"인증코드를 이메일로 발송했습니다."
        data = {
            'msg': msg,
        }
        return JsonResponse(data, status=201)
    except SMTPException:
        return JsonResponse({'status': 'false'}, status=400)
示例#9
0
def task(request, task_id):
    task = get_object_or_404(Task.objects.select_related('task_group', 'tg_set'), id=task_id)
    role = task.task_group.check_membership(request.user)

    if role == 'user' and not task.published:
        raise Http404('Task not found')

    submissions = Submission.objects.filter(user=request.user, task_id=task_id)

    context = {
        'title': task.name,
        'task': task,
        'group': task.task_group,
        'submissions': submissions,
        'evaluations': {},
        'tokens': {},
        'limits': task.get_user_limits(request.user.id),
        'deadline': task.get_deadline_data()
    }

    evaluations = SubmissionEvaluation.objects.filter(submission__uuid__in=[sbm.uuid for sbm in submissions])

    signer = TimestampSigner()

    for submission in submissions:
        context['tokens'][submission.uuid] = signer.sign(submission.uuid)

    for evaluation in evaluations:
        context['evaluations'][evaluation.submission_id] = evaluation

    return render(request, 'webapp/task.html', context)
示例#10
0
 def gen_token(self):
     '''
     生成接口认证的token
     '''
     signer = TimestampSigner()
     token = signer.sign(self.id)
     return token
示例#11
0
 def test_basic(self):
     self.populate_es()
     signer = TimestampSigner()
     with mock.patch('olympia.shelves.views.get_addons_from_adzerk') as get:
         get.return_value = {
             str(self.sponsored_ext.id): {
                 'impression': '123456',
                 'click': 'abcdef',
                 'conversion': 'ddfdfdf',
             },
             str(self.sponsored_theme.id): {
                 'impression': '012345',
                 'click': 'bcdefg',
                 'conversion': 'eeer',
             },
         }
         data = self.perform_search()
         get.assert_called_with(6), get.call_args
     assert data['count'] == 2
     assert len(data['results']) == 2
     assert data['impression_data'] == signer.sign('123456,012345')
     assert {itm['id']
             for itm in data['results']} == {
                 self.sponsored_ext.pk,
                 self.sponsored_theme.pk,
             }
示例#12
0
    def get_download_url_temp(self, obj):
        signer = TimestampSigner()
        value = signer.sign(obj.pid)

        relative_url = reverse("api_temp_download_url", kwargs={"spid": value})

        return f"{getattr(settings, 'FTL_ONLY_OFFICE_INTERNAL_DOWNLOAD_SERVER_URL', '')}{relative_url}"
示例#13
0
def send_all_emails(request):
    all_faculty = Faculty.objects.all()
    signer = TimestampSigner()
    msgs = []
    subject = "Scheduled email"
    for faculty in all_faculty:
        token = signer.sign(slugify(faculty.name + '_' + str(faculty.pk)))
        name, token = token.split(':', 1)
        url = reverse('faculty_schedule',
                      kwargs={
                          'name': name,
                          'token': token
                      })
        body = """
        Update your free schedule for the current week.
        %s
        The above link will be valid for next 5 days.

        Regards
        digiVIT team
        """ % (request.build_absolute_uri(url))
        msg = (subject, body, '*****@*****.**', [faculty.email])
        msgs.append(msg)
    send_mass_mail(msgs)
    messages.add_message(request, messages.SUCCESS,
                         "Emails sent successfully!")

    return redirect(reverse('home'))
示例#14
0
文件: db.py 项目: Emilnurg/anas.ru
    def provision(self, prefix='', user=None):
        nonce = self.random_nonce(prefix)
        user_id = user.pk if user else ''
        payload = '%s:%s' % (nonce, user_id)

        signer = TimestampSigner()
        return signer.sign(payload)
示例#15
0
def get_verification_code(request):
    """API get_verification_code"""
    email = request.POST.get('email')

    if User.objects.filter(email__iexact=email).exists():
        msg = _('E-mail exists. Why don\'t you try to find your password?')
        data = {
            'result': False,
            'msg': msg,
        }
        return JsonResponse(data, status=201)

    signer = TimestampSigner()
    value = signer.sign(email)
    subject = _('[%(site_name)s] Verification code for signing in') % {
        'site_name': settings.SITE_NAME
    }
    body = value

    try:
        send_mail(subject, body, settings.EMAIL_HOST_USER, [email], fail_silently=False)
        msg = _('Verification code sent. Please check your E-mail.')
        data = {
            'result': True,
            'msg': msg,
        }
        return JsonResponse(data, status=201)
    except SMTPException:
        return JsonResponse({'status': 'false'}, status=400)
示例#16
0
 def _build_hook_signature(self, method, url, body):
     signer = TimestampSigner(settings.WATERCOOLER_SECRET)
     value = '{method}:{url}:{body}'.format(method=method.lower(),
                                            url=url,
                                            body=hashlib.sha256(
                                                body or b'').hexdigest())
     return signer.sign(value)
示例#17
0
文件: views.py 项目: kfarr2/myinfo
def index(request):
    error_message = None
    reset_request = ResetRequestForm(request.POST or None)
    email_response = False
    
    try:
        if reset_request.is_valid():
            if reset_request.cleaned_data['email'] != '':
                user_data = ContactInformation.objects.get(alternate_email=reset_request.cleaned_data['email'])
                email_response = True
            else:
                user_data = ContactInformation.objects.get(cell_phone=reset_request.cleaned_data['cell'])
    
            signer = TimestampSigner()
            token = signer.sign(user_data.psu_uuid)
            
            if email_response == True:
                password_reset_email(user_data.psu_uuid, user_data.alternate_email, token)
            else:
                shortcode = TextMessageShortCode()
                shortcode.token = token
                shortcode.save()
                
                password_reset_sms(user_data.cell_phone, shortcode.code)
            
            return HttpResponseRedirect(reverse("PasswordReset:reset_notoken"))
            
    except (ContactInformation.DoesNotExist, ContactInformation.MultipleObjectsReturned):
        # Either we couldn't find it or we couldn't uniquely identify it.
        logger.info("service=myinfo email=" + reset_request.cleaned_data['email'] + " cell=" + reset_request.cleaned_data['cell'] + "error = \"Unable to identify.\"")
        error_message = "We were unable to find an identity that matched your information."
    
    return render(request, 'PasswordReset/index.html', {'form' : reset_request, 'error' : error_message,})
示例#18
0
def index(request):
    limited = getattr(request, 'limited', False)
    if limited:
        return HttpResponseRedirect(reverse('rate_limited'))

    error_message = None
    reset_request = ResetRequestForm(request.POST or None)
    email_response = False
    
    try:
        if reset_request.is_valid():
            if reset_request.cleaned_data['email'] != '':
                user_data = ContactInformation.objects.get(alternate_email=reset_request.cleaned_data['email'])
                email_response = True
            else:
                user_data = ContactInformation.objects.get(cell_phone=reset_request.cleaned_data['cell'])
    
            signer = TimestampSigner()
            token = signer.sign(user_data.psu_uuid)
            
            if email_response is True:
                r = password_reset_email(user_data.psu_uuid, user_data.alternate_email, token)

            else:
                short_code = TextMessageShortCode()
                short_code.token = token
                short_code.save()
                
                r = password_reset_sms(user_data.cell_phone, short_code.code)

            if r is not True:
                raise APIException("Reset code not sent. Email? " + str(email_response))

            logger.info(
                "service=myinfo page=passwordreset action=reset_request status=success email={0} cell={1}".format(
                    reset_request.cleaned_data['email'], reset_request.cleaned_data['cell']))
            return HttpResponseRedirect(reverse("PasswordReset:reset_notoken"))
            
    except (ContactInformation.DoesNotExist, ContactInformation.MultipleObjectsReturned) as e:
        # Either we couldn't find it or we couldn't uniquely identify it.
        if isinstance(e, ContactInformation.DoesNotExist):
            status = "id_not_found"
        else:
            status = "multiple_matches"
        logger.info(
            "service=myinfo page=passwordreset action=reset_request status={0} email={1} cell={2}".format(
                status, reset_request.cleaned_data['email'], reset_request.cleaned_data['cell']))

        error_message = ("We could not uniquely identify a user with this information. "
                         "Ensure this information is correct and please try again. "
                         "If you continue to have difficulty, contact the Helpdesk (503-725-4357) for assistance.")
    except APIException:

        logger.info(
            "service=myinfo page=passwordreset action=reset_request status=code_not_sent email={0} cell={1}".format(
                reset_request.cleaned_data['email'], reset_request.cleaned_data['cell']))

        error_message = "Sorry, we were unable to send a reset code. Please try again later."
    
    return render(request, 'PasswordReset/index.html', {'form': reset_request, 'error': error_message, })
示例#19
0
    def send_restore_password(self):
        signer = TimestampSigner()
        value = signer.sign(self.user.username)
        x = value.index(':')
        key = value[x+1:]
        
        self.password_restore_key = key
        self.save()

        sender = '*****@*****.**' 
        msg = {}
        msg['subject'] = 'Восстановление пароля' 
        magic_url = 'http://draftwatcher.pythonanywhere.com/'
        msg['body'] = '''
        Вы запросили восстановление пароля. Если Вы хотите
        сбросить пароль, перейдите по ссылке:
        {url}.
        Ссылка будет активна в течение пяти минут.
        
        Если вы не иницировали отправление этого сообщения, 
        просто проигнорируйте его.
        '''.format(
                url=''.join(
                    (magic_url,'restore_password/', key)))

        send_mail(msg['subject'], msg['body'], sender,
            [self.user.email], fail_silently=False)
        return key
示例#20
0
 def generate_activation_code(self):
     email = self.player.email if self.player else self.placeholder.first().email
     value = '{0}:{1}'.format(email, self.team.name)
     signer = TimestampSigner()
     self.activation_code = signer.sign(value)
     self.save()
     return self.activation_code
示例#21
0
def microsoft(request):
    """ Adds global template variables for microsoft_auth """
    login_type = None
    if config.MICROSOFT_AUTH_LOGIN_TYPE == LOGIN_TYPE_XBL:
        login_type = _("Xbox Live")
    else:
        login_type = _("Microsoft")

    if config.DEBUG:  # pragma: no branch
        expected_domain = Site.objects.get_current().domain
        current_domain = request.get_host()
        if expected_domain != current_domain:  # pragma: no branch
            logger.warning(
                "\nWARNING:\nThe domain configured for the sites framework "
                "does not match the domain you are accessing Django with. "
                "Microsoft authentication may not work.\n")

        do_warning = get_scheme(
            request) == "http" and not current_domain.startswith("localhost")
        if do_warning:  # pragma: no branch
            logger.warning(
                "\nWARNING:\nYou are not using HTTPS. Microsoft "
                "authentication only works over HTTPS unless the hostname for "
                "your `redirect_uri` is `localhost`\n")

    # initialize Microsoft client using CSRF token as state variable
    signer = TimestampSigner()
    state = signer.sign(get_token(request))
    microsoft = MicrosoftClient(state=state, request=request)
    auth_url = microsoft.authorization_url()[0]
    return {
        "microsoft_login_enabled": config.MICROSOFT_AUTH_LOGIN_ENABLED,
        "microsoft_authorization_url": mark_safe(auth_url),
        "microsoft_login_type_text": login_type,
    }
示例#22
0
def notify_survey(survey_tracker, request):
    if survey_tracker.intern_info:
        name = survey_tracker.intern_info.applicant.applicant.public_name
        email = survey_tracker.intern_info.applicant.applicant.email_address()
        community = survey_tracker.intern_info.project.project_round.community.name
        internstarts = survey_tracker.intern_info.project.project_round.participating_round.internstarts
        internends = survey_tracker.intern_info.project.project_round.participating_round.internends
    elif survey_tracker.alumni_info:
        name = survey_tracker.alumni_info.name
        email = Address(name, addr_spec=survey_tracker.alumni_info.email)
        community = survey_tracker.alumni_info.community
        internstarts = survey_tracker.alumni_info.page.round_start
        internends = survey_tracker.alumni_info.page.round_end
    else:
        return
    signer = TimestampSigner()
    token = signer.sign(survey_tracker.pk)

    send_group_template_mail('home/email/alum_survey.txt', {
        'name': name,
        'email': email,
        'community': community,
        'internstarts': internstarts,
        'internends': internends,
        'token': token,
        },
        request=request,
        recipient_list=[email])
示例#23
0
def handle_accounts_reigster(msg):
    """ 处理用户点击注册/绑定的事件"""
    open_id = msg['FromUserName']
    we_user = WeProfile.objects.get(open_id=open_id)
    signer = TimestampSigner()
    encrypt_id = base64.b64encode(signer.sign(open_id))

    return response_text_msg(msg, u'欢迎光临')
示例#24
0
 def _build_hook_signature(self, method, url, body):
     signer = TimestampSigner(settings.WATERCOOLER_SECRET)
     value = '{method}:{url}:{body}'.format(
         method=method.lower(),
         url=url,
         body=hashlib.sha256(body or b'').hexdigest()
     )
     return signer.sign(value)
示例#25
0
def get_signed_impression_blob_from_results(adzerk_results):
    impressions = [
        result.get('impression') for result in adzerk_results.values()
        if result.get('impression')]
    if not impressions:
        return None
    signer = TimestampSigner()
    return signer.sign(','.join(impressions))
 def get_authentication_url(self, next=None):
     signer = TimestampSigner()
     return build_absolute_url(
         reverse('users-authenticate'),
         parse.urlencode({
             'sig': signer.sign(self.email),
             'next': next or '',
         }))
示例#27
0
def accountkitheadjs():
    signer = TimestampSigner()
    state = signer.sign(accountkit_app_id)
    html = '''
<!-- HTTPS required. HTTP will give a 403 forbidden response -->
<script src="https://sdk.accountkit.com/{}/sdk.js"></script>
'''.format(accountkit_language_code)
    return mark_safe(html)
示例#28
0
 def get_grade_token(self, request, pk):
     from django.core.signing import TimestampSigner
     signer = TimestampSigner(salt=str(pk))
     from datetime import datetime, timedelta
     import json, base64
     expire_time = datetime.now() + timedelta(days=7)
     d = dict(exam=pk, expire=expire_time.isoformat())
     token = signer.sign(base64.b64encode(json.dumps(d)))
     return response.Response(dict(token=token))
    def setUp(self):
        super().setUp()
        self.channel = Channel(project=self.project, kind="email")
        self.channel.value = "*****@*****.**"
        self.channel.save()

        signer = TimestampSigner(salt="alerts")
        signed_token = signer.sign(self.channel.make_token())
        self.url = f"/integrations/{self.channel.code}/unsub/{signed_token}/"
示例#30
0
    def generate_api_token(user, expiry_seconds=EXPIRY_SECONDS):
        signer = TimestampSigner()
        token = signer.sign(user.username)

        api_token = ApiToken(user=user,
                             expiry_seconds=expiry_seconds,
                             token=token)
        api_token.save()
        return api_token
示例#31
0
class TestWelcomeCommenter(GitmateTestCase):
    def setUp(self):
        self.signer = TimestampSigner()
        super().setUpWithPlugin('welcome_commenter')

    @patch.object(GitHubMergeRequest, 'add_comment')
    def test_github(self, mock_add_comment):
        data = {
            'repository': {
                'full_name': environ['GITHUB_TEST_REPO'],
                'id': 49558751
            },
            'pull_request': {
                'number': 7
            },
            'action': 'opened'
        }
        response = self.simulate_github_webhook_call('pull_request', data)

        self.assertEqual(response.status_code, status.HTTP_200_OK)
        sign = self.signer.sign('')
        msg = ('\n\n(Powered by [GitMate.io](https://gitmate.io))\n\n'
               '<!-- Timestamp signature `{}` -->'.format(sign))
        mock_add_comment.assert_called_once_with(msg)

    @patch.object(GitLabMergeRequest, 'add_comment')
    def test_gitlab(self, mock_add_comment):
        data = {
            'object_attributes': {
                'target': {
                    'path_with_namespace': environ['GITLAB_TEST_REPO']
                },
                'action': 'open',
                'iid': 2
            }
        }
        response = self.simulate_gitlab_webhook_call('Merge Request Hook',
                                                     data)

        self.assertEqual(response.status_code, status.HTTP_200_OK)
        sign = self.signer.sign('')
        msg = ('\n\n(Powered by [GitMate.io](https://gitmate.io))\n\n'
               '<!-- Timestamp signature `{}` -->'.format(sign))
        mock_add_comment.assert_called_once_with(msg)
示例#32
0
def timestampsigner_test():
    from django.core.signing import TimestampSigner
    signer = TimestampSigner()
    value = signer.sign('hello')
    print(value)
    original = signer.unsign(value)
    print(original)

    original = signer.unsign(value, max_age=10)
    print(original)
    def setUp(self):
        self.user_details_record = mock_identity_record

        self.nanny_application_record = mock_nanny_application

        self.personal_details_record = mock_personal_details_record

        signer = TimestampSigner()
        signed_email = signer.sign('*****@*****.**')
        self.client.cookies = SimpleCookie({'_ofs': signed_email})
示例#34
0
def test_send_event_ping(incr_mock):
    click = r'r%3Fe%3DeyJ2IjLtg%26Bug'
    responses.add(responses.GET,
                  settings.ADZERK_EVENT_URL + 'r?e=eyJ2IjLtg&Bug')

    signer = TimestampSigner()
    send_event_ping(signer.sign(click), 'foo')
    incr_mock.assert_called_with('services.adzerk.foo.success')
    assert responses.calls[0].request.url == (settings.ADZERK_EVENT_URL +
                                              'r?e=eyJ2IjLtg&Bug')
    def test_fresh_signature_does_not_autosubmit(self):
        signer = TimestampSigner(salt="alerts")
        signed_token = signer.sign(self.channel.make_token())

        url = "/integrations/%s/unsub/%s/" % (self.channel.code, signed_token)

        r = self.client.get(url)
        self.assertContains(r,
                            "Please press the button below to unsubscribe",
                            status_code=200)
        self.assertNotContains(r, "submit()", status_code=200)
示例#36
0
    def save(self, *args, **kwargs):
        # COLOCAR AQUI CONSUMIR EL REST DE ORGANIGRAMA
        # Envio un uid y me devuelve el uid del jefe, si este esta inactivo me devuelve la del superior
        self.jefe = User.objects.get(pk=1)

        # Crear un Token Para confirmacion de Permiso mediante correo, por temas de la url cambio el separador por -
        from django.core.signing import TimestampSigner
        signer = TimestampSigner(salt="4g3t1c")
        self.token_mail = signer.sign(self.pk)

        super(DesignacionPermiso, self).save(*args, **kwargs)
示例#37
0
	def form_valid(self, form):
		'''
		'''
		user = get_object_or_404(UserProfile, username=form.cleaned_data['username'])
		signer = TimestampSigner()
		recovery_key = signer.sign(str(user))
		self.send_recovery_mail(user)
		messages.success(self.request, _('An email has been sent to your email account.'))
		response = super(PasswordRecovery, self).form_valid(form)
		response.set_signed_cookie('recovery_key', recovery_key, max_age=1200)
		return response
示例#38
0
 def get_links(self, obj):
     request = self.context['request']
     signer = TimestampSigner(settings.WEBSOCKET_SECRET)
     channel = signer.sign(obj.pk)
     return {
         'self': reverse('sprint-detail', kwargs={'pk': obj.pk}, request=request),
         'tasks': reverse('task-list', request=request) + '?sprint={}'.format(obj.pk),
         'channel': '{proto}://{server}/socket?channel={channel}'.format(
                                                             proto='wss' if settings.WEBSOCKET_SECURE else 'ws',
                                                             server=settings.WEBSOCKET_SERVER, channel=channel),
     }
示例#39
0
	def get_context_data(self, **kwargs):
		context = super(IndexView, self).get_context_data(**kwargs)
		signer = TimestampSigner(settings.SOCKET_SECRET)
		channel = signer.sign(1) # el 1 deberia ser el ID de la empresa
		url = '{protocol}://{server}/socket?channel={channel}'.format(
			protocol = 'wss' if settings.SOCKET_SECURE else 'ws',
			server = settings.SOCKET_SERVER,
			channel = channel
		)
		context.update(socket_url=url)
		return context
示例#40
0
def authorise(request):
    client_id = request.GET.get("client_id", None)
    state = request.GET.get("state", None)
    if not (client_id and state):
        response = PrettyJsonResponse({
            "ok": False,
            "error": "incorrect parameters supplied"
        })
        response.status_code = 400
        return response

    try:
        # We only allow the process to happen if the app exists and has not
        # been flagged as deleted
        app = App.objects.filter(client_id=client_id, deleted=False)[0]
    except IndexError:
        response = PrettyJsonResponse({
            "ok":
            False,
            "error":
            "App does not exist for client id"
        })
        response.status_code = 400
        return response

    if app.callback_url is None or app.callback_url.strip() == "":
        response = PrettyJsonResponse({
            "ok":
            False,
            "error": ("This app does not have a callback URL set. "
                      "If you are the developer of this app, "
                      "please ensure you have set a valid callback "
                      "URL for your application in the Dashboard. "
                      "If you are a user, please contact the app's "
                      "developer to rectify this.")
        })
        response.status_code = 400
        return response

    # Sign the app and state pair before heading to Shibboleth to help protect
    # against CSRF and XSS attacks
    signer = TimestampSigner()
    data = app.client_id + state
    signed_data = signer.sign(data)

    # Build Shibboleth callback URL
    url = os.environ.get("SHIBBOLETH_ROOT") + "/Login?target="
    target = request.build_absolute_uri(
        "/oauth/shibcallback?appdata={}".format(signed_data))
    target = quote(target)
    url += target

    # Send the user to Shibboleth to log in
    return redirect(url)
 def get_links(self, obj):
     request = self.context["request"]
     signer = TimestampSigner(settings.WATERCOOLER_SECRET)
     channel = signer.sign(obj.pk)
     return {
         "self": reverse("sprint-detail", kwargs={"pk": obj.pk}, request=request),
         "tasks": reverse("task-list", request=request) + "?sprint={}".format(obj.pk),
         "channel": "{proto}://{server}/socket?channel={channel}".format(
             proto="wss" if settings.WATERCOOLER_SECURE else "ws",
             server=settings.WATERCOOLER_SERVER,
             channel=channel,
         ),
     }
示例#42
0
 def get_absolute_file_url(self, authenticated=False):
     if not self.name:
         return ''
     url = reverse('foirequest-auth_message_attachment',
         kwargs={
             'message_id': self.belongs_to_id,
             'attachment_name': self.name
         })
     if settings.FOI_MEDIA_TOKENS and authenticated:
         signer = TimestampSigner()
         value = signer.sign(url).split(':', 1)[1]
         return '%s?token=%s' % (url, value)
     return url
示例#43
0
 def send_password_reset_email(self, request, user):
     signer = TimestampSigner()
     reset_token = signer.sign(user.get_username())
     context = {
         "request": request,
         "user": user,
         "project_name": get_configuration("QS_PROJECT_NAME"),
         "project_url": get_configuration("QS_PROJECT_URL"),
         "reset_token": reset_token,
     }
     mails = template_mail.MagicMailBuilder()
     email = mails.password_reset(user, context)
     email.send()
示例#44
0
 def send_activation_email(self, request, user):
     signer = TimestampSigner()
     context = {
         'request': request,
         'user': user,
         'activation_key': signer.sign(user.get_username()),
         'project_name': get_configuration("QS_PROJECT_NAME"),
         'project_url': get_configuration("QS_PROJECT_URL"),
         'expiration_days': get_configuration("QS_SIGNUP_TOKEN_EXPIRATION_DAYS"),
     }
     mails = template_mail.MagicMailBuilder()
     email = mails.activation(user, context)
     email.send()
示例#45
0
    def handle(self, *args, **options):
        """
        With no arguments, find the first user in the system with the
        is_superuser or is_staff flag set to true, or just the first user in
        the system period.

        With a single argument, look for the user with that value as the
        USERNAME_FIELD value.

        When a user is found, print out a URL slug you can paste into your
        browser to login as the user.
        """
        user_model = get_user_model()

        if len(args) == 0:
            # find the first superuser, or staff member or user
            filters = [{"is_superuser": True}, {"is_staff": True}, {}]
            user = None
            for f in filters:
                try:
                    user = user_model._default_manager.filter(**f).order_by("pk").first()
                    if user:
                        break
                except FieldError as e:
                    pass

            if user is None:
                raise CommandError("No users found!")

        elif len(args) == 1:
            # find the user with the email field or USERNAME_FIELD equal to the command line
            # argument
            key = args[0]
            user = user_model._default_manager.filter(email=key).order_by("-is_active").first()
            if not user:
                try:
                    user = user_model._default_manager.get_by_natural_key(key)
                except user_model.DoesNotExist as e:
                    raise CommandError("The user does not exist")
        else:
            raise CommandError("You passed me too many arguments")

        signer = TimestampSigner()
        signature = signer.sign(str(user.pk))

        self.stdout.write(reverse(login, args=(signature,)))
def new_temporary_file(filename, mimetype, prefix=''):
    dir = secure_join(settings.MEDIA_ROOT, 'temporary')
    if not os.path.exists(dir):
        os.makedirs(dir)
    f = NamedTemporaryFile(
        mode='wb',
        prefix=prefix,
        suffix=os.path.splitext(filename)[1],
        delete=False,
        dir=dir)
    CleanupTemporary().apply_async((f.name,), countdown=TEMPORARY_FILE_TTL)
    signer = TimestampSigner(sep=':')
    url = reverse('filesystem-temporary-download', kwargs={
        'token': signer.sign(b64_encode('%s,%s,%s' % (os.path.basename(f.name), filename, mimetype))),
        'filename': filename,
    })
    return f, url
示例#47
0
    def send_password_reset (self, request, **kwargs):
        kwargs.setdefault("subject", "Reset Your Password")
        kwargs.setdefault("body", "You can reset your password with this link: {0}.\n\nThis link will expire in 60 minutes.")
        kwargs.setdefault("from", settings.SERVER_EMAIL)

        chars = 'abcdefghijklmnopqrstuvwxyz'
        signer = TimestampSigner()
        password_reset = get_random_string(50, chars)
        self.password_reset = signer.sign(password_reset)
        self.save()
        logger.info(self.password_reset)
        reset_url = request.build_absolute_uri(reverse("sv-reset",
            kwargs={ "code" : self.password_reset }))
        subject = kwargs.get("subject")
        body = kwargs.get("body").format(reset_url)
        from_email = kwargs.get("from")
        to = [self.email]
        send_mail(subject, body, from_email, to, fail_silently=False)
示例#48
0
文件: keys.py 项目: wolcomm/djangolg
class AuthKey(object):
    """Command authorisation key class."""

    def __init__(self, value=None):
        """Initialise new AuthKey instance."""
        self.signer = TimestampSigner(salt="auth")
        self._data = {
            'clear': value,
            'signed': self.signer.sign(value)
        }

    @property
    def clear(self):
        """Get cleartext key value."""
        return self._data['clear']

    @property
    def signed(self):
        """Get cyphertext key value."""
        return self._data['signed']

    def validate(self, key, life=None):
        """Validate key value."""
        if not life and settings.LIFETIME:
            life = settings.LIFETIME
        try:
            clear = self.signer.unsign(key, max_age=life)
        except SignatureExpired as e:
            raise KeyValidityExpired("{}".format(e))
        if self.clear == clear:
            return True
        else:
            raise KeyValueMismatchError(keyval=clear, refval=self.clear)

    def __str__(self):
        """Return string representation."""
        return self.signed

    def __unicode__(self):
        """Return string representation."""
        return self.__str__()  # pragma: no cover
示例#49
0
def send_activation_email(new_user, request):
    current_site = get_current_site(request)
    site_name = current_site.name
    domain = current_site.domain

    signer = TimestampSigner(salt='account activation', sep='.')
    token = signer.sign(str(new_user.pk))

    c = {
        'user': new_user,
        'email': new_user.email,
        'token': token,
        'domain': domain,
        'site_name': site_name,
        'protocol': 'https' if request.is_secure() else 'http'
    }

    subject = render_to_string("osnap/accounts/registration/email-subject.txt", c)
    # Email subject *must not* contain newlines
    subject = ''.join(subject.splitlines())
    email = render_to_string("osnap/accounts/registration/email.txt", c)

    send_mail(subject, email, None, [new_user.email])
示例#50
0
def linked_form_field_model(model_form, field):
    model_class = model_form._meta.model
    model_field = model_class._meta.fields_by_name[field.name]
    related_model = model_field.related_model

    # 'related_app'          : related_model._meta.app_label,
    # 'related_class'        : related_model._meta.object_name,

    data_url = [{
        'referencing_app'      : model_class._meta.app_label,
        'referencing_class'    : model_class._meta.object_name,
        'referencing_field'    : field.name,
        'referencing_instance' : model_form.instance.pk,
        'current_value'        : field.value()
    }]

    from fedoralink.views import ModelViewRegistry
    link_view = ModelViewRegistry.get_view(related_model, 'link')

    data_url = base64.b64encode(zlib.compress(json.dumps(data_url).encode('utf-8')))
    signer = TimestampSigner(salt='linked_form_field_model')
    data_url = signer.sign(data_url)

    return reverse(link_view, kwargs={'parametry': ''}) + '?linking=' + data_url
示例#51
0
文件: models.py 项目: OpenAds/OpenAds
    def get_signed_link(self):
        signer = TimestampSigner()
        advert_signed = signer.sign(self.pk)

        return reverse('advert:go', args=[advert_signed])
def enqueue(request, task, *args, **kwargs):
    result = task.delay(language=get_language(), *args, **kwargs)
    signer = TimestampSigner(key=request.session.session_key, sep=':')
    return signer.sign(b64_encode(result.id))
示例#53
0
def generate_key(user, for_subscription=True):
    salt = 'subscription' if for_subscription else 'unsubscription'
    signer = TimestampSigner(settings.SECRET_KEY, salt=salt)
    return signer.sign(str(user.id))
示例#54
0
def sign_user_id(user_id):
    id_signer = TimestampSigner()
    signed = id_signer.sign(user_id)

    b64encoded = base64.urlsafe_b64encode(signed.encode('utf-8'))
    return b64encoded.decode('utf-8')
示例#55
0
文件: forms.py 项目: zielmicha/satori
 def render(self, name, value, attrs=None):
     signer = TimestampSigner()
     value = signer.sign(value)
     return super(SatoriSignedWidget,self).render(name, value, attrs)
示例#56
0
文件: models.py 项目: wdq/OpenAds
    def get_signed_link(self):
        signer = TimestampSigner()
        advert_signed = signer.sign(self.pk)

        return reverse('advertisements.views.advanced_click_register', args=[advert_signed])
示例#57
0
def enqueue(request, task, *args, **kwargs):
    status = task.delay(*args, **kwargs)
    signer = TimestampSigner(key=request.session.session_key, sep=':')
    return signer.sign(b64_encode(status.id))
示例#58
0
 def reports_unsub_url(self):
     signer = TimestampSigner(salt="reports")
     signed_username = signer.sign(self.user.username)
     path = reverse("hc-unsubscribe-reports", args=[signed_username])
     return settings.SITE_ROOT + path
示例#59
0
 def timestamped_id(self):
     """
     Returns self.id signed using TimestampSigner.
     """
     signer = TimestampSigner()
     return signer.sign(str(self.id))