2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

access permissions: generate signed form data

Browse source
This commit is contained in:
Laura Klünder 2017-12-19 13:51:39 +01:00
parent 3d3466ec31
commit a1c3caaad3
3 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/c3nav/control/admin.py
View file

@ -1,6 +1,7 @@
from django.contrib import admin from django.contrib import admin
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.urls import reverse
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from c3nav.control.models import UserPermissions from c3nav.control.models import UserPermissions

22
src/c3nav/control/forms.py
View file

@ -1,3 +1,8 @@
import binascii
import hashlib
import hmac
import json
import time
from datetime import timedelta from datetime import timedelta
from itertools import chain from itertools import chain
@ -118,6 +123,23 @@ class AccessPermissionForm(Form):
can_grant=self.cleaned_data.get('can_grant', '0') == '1', can_grant=self.cleaned_data.get('can_grant', '0') == '1',
restrictions=tuple(restrictions)) restrictions=tuple(restrictions))
def get_signed_data(self, key=None):
if not self.author.permissions.api_secret:
raise ValueError('Author has no api secret.')
data = {
'id': self.data['access_restrictions'],
'time': int(time.time()),
'valid_until': int(self.cleaned_data['expires'].strftime('%s')),
'author': self.author.pk,
}
if key is not None:
data['key'] = key
data = json.dumps(data, separators=(',', ':'))
signature = hmac.new(self.author.permissions.api_secret.encode(),
msg=data.encode(),
digestmod=hashlib.sha256).digest()
return '%s:%s' % (data, binascii.b2a_base64(signature).strip().decode())
class AnnouncementForm(I18nModelFormMixin, ModelForm): class AnnouncementForm(I18nModelFormMixin, ModelForm):
class Meta: class Meta:

3
src/c3nav/control/views.py
View file

@ -1,6 +1,7 @@
import string import string
from functools import wraps from functools import wraps
from django.conf import settings
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import User from django.contrib.auth.models import User
@ -162,6 +163,8 @@ def grant_access(request):
if form.is_valid(): if form.is_valid():
token = form.get_token() token = form.get_token()
token.save() token.save()
if settings.DEBUG and request.user_permissions.api_secret:
print(form.get_signed_data())
return redirect(reverse('control.access.qr', kwargs={'token': token.token})) return redirect(reverse('control.access.qr', kwargs={'token': token.token}))
else: else:
form = AccessPermissionForm(request=request) form = AccessPermissionForm(request=request)