Home Explore Help
Sign In
Nim
/
wifi-with-me
forked from FFDN/wifi-with-me
1
0
Fork 0
Files
Tree: c323d00996
Branches Tags
wifi-with-me
/
wifiwithme
/
apps
/
contribmap
/
tokens.py

tokens.py 2.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. import json
    2. 

  2. 

  3. from django.core.signing import TimestampSigner, BadSignature
    4. 

  4. from django.utils.http import urlsafe_base64_decode, urlsafe_base64_encode
    5. 

  5. from django.utils.encoding import DjangoUnicodeDecodeError
    6. 

  6. 

  7. from .models import Contrib
    8. 

  8. 

  9. 

  10. class URLTokenManager(TimestampSigner):
    11. 

  11.     """ Handle signed json data as URL-safe strings
    12. 

  12. 

  13.     This class has two responsibilities:
    14. 

  14.     - sign/unsign
    15. 

  15.     - pack/unpack JSON to base64
    16. 

  16.     """
    17. 

  17. 

  18.     def sign(self, payload, *args, **kwargs):
    19. 

  19.         """
    20. 

  20.         :param payload: the data to be embeded into the token
    21. 

  21.         :type data: dict
    22. 

  22.         """
    23. 

  23.         return urlsafe_base64_encode(
    24. 

  24.             super().sign(
    25. 

  25.                 json.dumps(payload), *args, **kwargs
    26. 

  26.             ).encode('utf-8')).decode('ascii')
    27. 

  27. 

  28.     def unsign(self, encoded_payload, *args, **kwargs):
    29. 

  29.         decoded_payload = urlsafe_base64_decode(encoded_payload)
    30. 

  30.         unsigned = super().unsign(decoded_payload)
    31. 

  31.         return json.loads(unsigned)
    32. 

  32. 

  33. 

  34. class TokenError(Exception):
    35. 

  35.     pass
    36. 

  36. 

  37. 

  38. class ContribTokenManager:
    39. 

  39.     """Produce and use signed URL tokens for account-less contrib management
    40. 

  40.     """
    41. 

  41.     SCOPE = 'contrib/manage'
    42. 

  42. 

  43.     def __init__(self):
    44. 

  44.         self.manager = URLTokenManager()
    45. 

  45. 

  46.     def mk_token(self, contrib):
    47. 

  47.         """ Generate a signed contrib management token
    48. 

  48. 

  49.         Valid for a given contrib, and for a limited time.
    50. 

  50. 

  51.         :type contrib: Contrib
    52. 

  52.         :rtype str:
    53. 

  53.         """
    54. 

  54.         return self.manager.sign({'scope': self.SCOPE, 'pk': contrib.pk})
    55. 

  55. 

  56.     def get_instance_if_allowed(self, encoded_token, pk=None):
    57. 

  57.         """Return a contrib if the token grants authz for that Contrib pk
    58. 

  58. 

  59.         Raise a TokenError if not authorized.
    60. 

  60. 

  61.         :param pk: the contrib pk (optional, if you want to check that the
    62. 

  62.           instance is the right one)
    63. 

  63.         :param encoded_token: the encoded token, from ``mk_token()``:
    64. 

  64.         :return: a Contrib instance or None, if the object does not exist
    65. 

  65.         :rtype Contrib:
    66. 

  66.         """
    67. 

  67.         try:
    68. 

  68.             data = self.manager.unsign(encoded_token)
    69. 

  69.         except BadSignature:
    70. 

  70.             raise TokenError('Invalid token signature')
    71. 

  71. 

  72.         except (DjangoUnicodeDecodeError, UnicodeDecodeError):
    73. 

  73.             raise TokenError('This is not a well-formed token')
    74. 

  74. 

  75.         if (pk is not None) and (data['pk'] != pk):
    76. 

  76.             raise TokenError('Token is not valid for id {}'.format(pk))
    77. 

  77.         else:
    78. 

  78.             try:
    79. 

  79.                 return Contrib.objects.get(pk=data['pk'])
    80. 

  80.             except Contrib.DoesNotExist:
    81. 

  81.                 return None
    82.