From e49c6550e4decf5b5d914b0ce24ac998d525ef9c Mon Sep 17 00:00:00 2001 From: singlasahil221 Date: Mon, 2 Jul 2018 15:21:00 +0530 Subject: [PATCH 1/2] discourse sso --- db.sqlite3 | Bin 282624 -> 282624 bytes discourse/__init__.py | 0 discourse/admin.py | 3 +++ discourse/apps.py | 5 +++++ discourse/models.py | 3 +++ discourse/tests.py | 3 +++ discourse/views.py | 51 ++++++++++++++++++++++++++++++++++++++++++ mainapp/views.py | 11 ++------- templates/base.html | 2 +- tool/settings.py | 10 ++++++--- tool/urls.py | 5 +++-- 11 files changed, 78 insertions(+), 15 deletions(-) create mode 100644 discourse/__init__.py create mode 100644 discourse/admin.py create mode 100644 discourse/apps.py create mode 100644 discourse/models.py create mode 100644 discourse/tests.py create mode 100644 discourse/views.py diff --git a/db.sqlite3 b/db.sqlite3 index 935fc10619d6642087c280facfce9dec5faf967b..94babe39f5727d4379aa1d60e6c344ca39655835 100644 GIT binary patch delta 428 zcmZozAlR@#aDp`B!HF`?tOptNBu+G@w5Bj_O<}5xQ%KCJFilCyD$6R*EzdP8%_u2M z%*x3sGBGGgH#IfR&Dj1oj!9ZPjF2+FtWd*9qp)m$mz2!N5T^`3qo7>hD!(kh@K9qv zqeuhakWiz@D#wb*D%UDsmq3%qkenRfs_6>#Op?>v%b1EoyfXb<98G;g{Br!N(hZ_= zJ*)h3L#up4T+98kT#bFRd@KB2BCDc8LQNyXf!2hFn)-$VRplAj8W|W`=o*;o8k#5= z8d@0|Ss9w>8Cx2g7@BVPD`z^ME`&uw{XWyJ3;cX$3@kh^8TixrUhur+owHpqf%zs6 zd!qp}FGHi|blZK*;!%bMAfV!0;OJsp;hIsBo0+SUpIUC{TTvP0Sx_3NZQv1Bl&l|C z>Qz!rqkE%W44|?XD{-v9sr delta 201 zcmZozAlR@#aDp`BmWeXXtXmj#KkjHuX-#3=n!;2Wr;wCpVqsctW|~-NnQvZ@Ri0Z^ zWRaa&QI%I%XqID|oVNXM9Fw#-VP$3IOdO1S=2pgLRz^m8Cg$d*W=7ln%9)O*3mF(I z7@|q2-)FjYfuDhafrWPt1AjW-3qCX6Iokyjn7ery8K%$K%RGy{QJV L+e7v-ubBt{#LGcG diff --git a/discourse/__init__.py b/discourse/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/discourse/admin.py b/discourse/admin.py new file mode 100644 index 0000000..8c38f3f --- /dev/null +++ b/discourse/admin.py @@ -0,0 +1,3 @@ +from django.contrib import admin + +# Register your models here. diff --git a/discourse/apps.py b/discourse/apps.py new file mode 100644 index 0000000..895d543 --- /dev/null +++ b/discourse/apps.py @@ -0,0 +1,5 @@ +from django.apps import AppConfig + + +class DiscourseConfig(AppConfig): + name = 'discourse' diff --git a/discourse/models.py b/discourse/models.py new file mode 100644 index 0000000..71a8362 --- /dev/null +++ b/discourse/models.py @@ -0,0 +1,3 @@ +from django.db import models + +# Create your models here. diff --git a/discourse/tests.py b/discourse/tests.py new file mode 100644 index 0000000..7ce503c --- /dev/null +++ b/discourse/tests.py @@ -0,0 +1,3 @@ +from django.test import TestCase + +# Create your tests here. diff --git a/discourse/views.py b/discourse/views.py new file mode 100644 index 0000000..1cc69c4 --- /dev/null +++ b/discourse/views.py @@ -0,0 +1,51 @@ +import base64 +import hmac +import hashlib +from urllib import parse + +from django.contrib.auth.decorators import login_required +from django.http import HttpResponseBadRequest, HttpResponseRedirect +from django.conf import settings + +@login_required +def sso(request): + payload = request.GET.get('sso') + signature = request.GET.get('sig') + + if payload is None or signature is None: + return HttpResponseBadRequest('No SSO payload or signature. Please contact support if this problem persists.') + + ## Validate the payload + + try: + payload = bytes(parse.unquote(payload), encoding='utf-8') + decoded = base64.decodestring(payload).decode('utf-8') + assert 'nonce' in decoded + assert len(payload) > 0 + except AssertionError: + return HttpResponseBadRequest('Invalid payload. Please contact support if this problem persists.') + + key = bytes(settings.DISCOURSE_SSO_SECRET, encoding='utf-8') # must not be unicode + h = hmac.new(key, payload, digestmod=hashlib.sha256) + this_signature = h.hexdigest() + + if not hmac.compare_digest(this_signature, signature): + return HttpResponseBadRequest('Invalid payload. Please contact support if this problem persists.') + + ## Build the return payload + + qs = parse.parse_qs(decoded) + params = { + 'nonce': qs['nonce'][0], + 'email': request.user.email, + 'external_id': request.user.id, + 'username': request.user.username, + 'require_activation': 'true' + } + + return_payload = base64.encodestring(bytes(parse.urlencode(params), 'utf-8')) + h = hmac.new(key, return_payload, digestmod=hashlib.sha256) + query_string = parse.urlencode({'sso': return_payload, 'sig': h.hexdigest()}) + + ## Redirect back to Discourse + return HttpResponseRedirect('%s?%s' % (settings.DISCOURSE_BASE_URL, query_string)) \ No newline at end of file diff --git a/mainapp/views.py b/mainapp/views.py index cf1fbf9..b7ff19f 100644 --- a/mainapp/views.py +++ b/mainapp/views.py @@ -5,12 +5,11 @@ from PIL import Image import base64 from css_html_js_minify import js_minify,process_single_js_file -# Create your views here. +# Create your views here.'' def home(request): tools = models.Tool.objects.all() categories = models.Tool.objects.order_by().values_list('category',flat=True).distinct() context={'tools':tools,'categories':categories} - print(settings.MEDIA_URL) return render(request,'general/home.html',context) def tool(request,tool_name): @@ -29,7 +28,6 @@ def user_profile(request,user_name): def tags(request,tag_name): tag = get_object_or_404(models.Tag,tag=tag_name) tools = tag.tool_set.all() - print(tools) return render(request,'general/tags.html',{'tools':tools}) @@ -59,7 +57,6 @@ def convert_file(request): output = pypandoc.convert_file(input_file_path,convert_to,outputfile=output_file_path) if os.path.exists(output_file_path): - print('exists') with open(output_file_path, 'rb+') as fh: response = HttpResponse(fh.read(), content_type="application/force-download") response['Content-Disposition'] = 'inline; filename=' + os.path.basename(output_file_path) @@ -80,11 +77,9 @@ def JpgToPng(request): path = default_storage.save(input_file_path,ContentFile(file_to_convert.read())) im = Image.open(input_file_path) im.save(output_file_path) - png_img = Image.open(output_file_path) - print("saved file: ", png_img) + png_img = Image.open(output_file_path) if os.path.exists(output_file_path): - print('exists') with open(output_file_path, 'rb+') as fh: response = HttpResponse(fh.read(), content_type="application/force-download") response['Content-Disposition'] = 'inline; filename=' + os.path.basename(output_file_path) @@ -114,7 +109,6 @@ def download_minified_file(request): input_file_path = os.path.join(settings.MEDIA_ROOT,'files',request.FILES.get("file").name) path = default_storage.save(input_file_path,ContentFile(request.FILES.get("file").read())) z = process_single_js_file(input_file_path,overwrite=False) - print(z); with open(z, 'rb+') as fh: res = HttpResponse(fh.read(),content_type="application/js") res['Content-Disposition'] = 'attachment; filename='+ os.path.basename(z) @@ -126,7 +120,6 @@ def download_minified_file(request): #sample download tool starts def about_sample_file(request,format): name = "sample."+format - print("i am working for ",name) input_file_path = os.path.join(settings.MEDIA_ROOT,'sample',name) with open(input_file_path, 'rb+') as fh: size = os.path.getsize(input_file_path)/1024 diff --git a/templates/base.html b/templates/base.html index 556ef9e..4eb521f 100644 --- a/templates/base.html +++ b/templates/base.html @@ -26,7 +26,7 @@