diff --git a/client/httpd.py b/client/httpd.py index 7e29b7e..cf0254b 100644 --- a/client/httpd.py +++ b/client/httpd.py @@ -1,3 +1,5 @@ +"""This example show a full http server. +""" from flask import Flask from flask import render_template from flask import request @@ -22,7 +24,7 @@ def home(): def start(): """Start a new paiement""" - (result, url) = api.new_transation(request.args.get('amount', ''), str(uuid.uuid4())) + (result, url) = api.new_transaction(request.args.get('amount', ''), str(uuid.uuid4())) return render_template('start.html', result=result, url=url) diff --git a/client/libs/polybanking.py b/client/libs/polybanking.py index 2c433ab..10f363c 100644 --- a/client/libs/polybanking.py +++ b/client/libs/polybanking.py @@ -32,7 +32,7 @@ def escape_chars(s): return h.hexdigest() - def new_transation(self, amount, reference, extra_data=''): + def new_transaction(self, amount, reference, extra_data=''): """Start a new transation, with the specified amount and reference. The reference must be unique. Return (Status, the URL where the user should be redirected or None) Status can be 'OK', 'KEY_ERROR', 'CONFIG_ERROR', 'AMOUNT_ERROR', 'REFERENCE_ERROR', 'ERROR'""" @@ -75,7 +75,7 @@ def get_transactions(self, max_transaction=100): data['max_transaction'] = max_transaction try: - result = requests.post(self.server + '/api/transactions/', data=data).json() + result = requests.get(self.server + '/api/transactions/', params=data).json() if result['result'] != 'ok': return None @@ -94,7 +94,7 @@ def get_transaction(self, reference): data['reference'] = reference try: - result = requests.post(self.server + '/api/transactions/' + reference + '/', data=data).json() + result = requests.get(self.server + '/api/transactions/' + reference + '/', params=data).json() if result['result'] != 'ok': return None @@ -113,7 +113,7 @@ def get_transaction_logs(self, reference): data['reference'] = reference try: - result = requests.post(self.server + '/api/transactions/' + reference + '/logs/', data=data).json() + result = requests.get(self.server + '/api/transactions/' + reference + '/logs/', params=data).json() if result['result'] != 'ok': return None diff --git a/server/api/views.py b/server/api/views.py index a5a6fff..38abac5 100644 --- a/server/api/views.py +++ b/server/api/views.py @@ -1,20 +1,8 @@ # -*- coding: utf-8 -*- - -from django.shortcuts import get_object_or_404, render_to_response, redirect -from django.template import RequestContext -from django.core.context_processors import csrf +from django.shortcuts import get_object_or_404 from django.views.decorators.csrf import csrf_exempt -from django.http import Http404, HttpResponse, HttpResponseForbidden, HttpResponseNotFound -from django.utils.encoding import smart_str -from django.conf import settings -from django.contrib.admin.views.decorators import staff_member_required -from django.contrib.auth.decorators import login_required, user_passes_test -from django.http import HttpResponseRedirect -from django.db import connections -from django.core.paginator import InvalidPage, EmptyPage, Paginator -from django.core.cache import cache -from django.core.urlresolvers import reverse -from django.contrib import messages +from django.http import HttpResponse +from django.views.decorators import require_GET from django.utils.translation import ugettext_lazy as _ @@ -22,30 +10,38 @@ from configs.models import Config -from paiements.models import Transaction, TransactionLog +from paiements.models import Transaction @csrf_exempt +@require_GET def transactions_list(request): """Return the list of transaction""" + config_pk = request.GET.get('config_id', -1) + secret = request.GET.get('secret', '#') - config = get_object_or_404(Config, pk=request.POST.get('config_id', -1), key_api=request.POST.get('secret', '#')) - - max_transaction = int(request.POST.get('max_transaction', '100')) + config = get_object_or_404(Config, pk=config_pk, key_api=secret) + try: + max_transaction = int(request.GET['max_transaction']) + except (ValueError, KeyError): + max_transaction = 100 retour = [] - for transaction in config.transaction_set.order_by('-creation_date').all()[:max_transaction]: + for transaction in config.transaction_set.order_by('-creation_date')[:max_transaction]: retour.append({'reference': transaction.reference}) return HttpResponse(json.dumps({'result': 'ok', 'data': retour})) @csrf_exempt +@require_GET def transactions_show(request, reference): """Return details of a transaction""" + config_pk = request.GET.get('config_id', -1) + secret = request.GET.get('secret', '#') - config = get_object_or_404(Config, pk=request.POST.get('config_id', -1), key_api=request.POST.get('secret', '#')) + config = get_object_or_404(Config, pk=config_pk, key_api=secret) transaction = get_object_or_404(Transaction, config=config, reference=reference) @@ -53,16 +49,19 @@ def transactions_show(request, reference): @csrf_exempt +@require_GET def transactions_show_logs(request, reference): """Return logs of a transaction""" + config_pk = request.GET.get('config_id', -1) + secret = request.GET.get('secret', '#') - config = get_object_or_404(Config, pk=request.POST.get('config_id', -1), key_api=request.POST.get('secret', '#')) + config = get_object_or_404(Config, pk=config_pk, key_api=secret) transaction = get_object_or_404(Transaction, config=config, reference=reference) retour = [] - for log in transaction.transactionlog_set.order_by('-when').all(): + for log in transaction.transactionlog_set.order_by('-when'): retour.append(log.dump_api()) return HttpResponse(json.dumps({'result': 'ok', 'data': retour})) diff --git a/server/configs/models.py b/server/configs/models.py index 5443e77..dfb9e95 100644 --- a/server/configs/models.py +++ b/server/configs/models.py @@ -6,7 +6,7 @@ import uuid import datetime import hashlib -import os +import random class Config(models.Model): @@ -81,7 +81,7 @@ def gen_key(self): h = hashlib.sha512() for i in range(2): - h.update(str(os.random())) + h.update(str(random.SystemRandom().random())) h.update(str(uuid.uuid4())) h.update(str(datetime.datetime.now())) h.update(str(self.pk)) diff --git a/server/configs/urls.py b/server/configs/urls.py index c827e54..c7f4cbf 100644 --- a/server/configs/urls.py +++ b/server/configs/urls.py @@ -9,11 +9,9 @@ url(r'^(?P[0-9]+)/show/$', 'show'), url(r'^(?P[0-9]+)/edit/$', 'edit'), url(r'^(?P[0-9]+)/logs/$', 'show_logs'), - + #url(r'^(?P[0-9]+)/delete/$', 'delete'), - url(r'^(?P[0-9]+)/keys/ipn/new/$', 'new_ipn_key'), - url(r'^(?P[0-9]+)/keys/requests/new/$', 'new_requests_key'), - url(r'^(?P[0-9]+)/keys/api/new/$', 'new_api_key'), + url(r'^(?P[0-9]+)/keys/(?P(ipn|requests|api))/new/$', 'new_ipn_key'), ) diff --git a/server/configs/views.py b/server/configs/views.py index 3c82e2c..9d62c70 100644 --- a/server/configs/views.py +++ b/server/configs/views.py @@ -2,18 +2,9 @@ from django.shortcuts import get_object_or_404, render_to_response, redirect from django.template import RequestContext -from django.core.context_processors import csrf -from django.views.decorators.csrf import csrf_exempt -from django.http import Http404, HttpResponse, HttpResponseForbidden, HttpResponseNotFound -from django.utils.encoding import smart_str -from django.conf import settings -from django.contrib.admin.views.decorators import staff_member_required -from django.contrib.auth.decorators import login_required, user_passes_test -from django.http import HttpResponseRedirect -from django.db import connections -from django.core.paginator import InvalidPage, EmptyPage, Paginator -from django.core.cache import cache -from django.core.urlresolvers import reverse +from django.http import Http404 +from django.views.decorators import require_POST, require_GET +from django.contrib.auth.decorators import login_required from django.contrib import messages from django.utils.translation import ugettext_lazy as _ @@ -23,15 +14,16 @@ @login_required +@require_GET def list(request): """Show the list of configs""" if request.user.is_superuser: - list = Config.objects.order_by('name').all() + configs = Config.objects.order_by('name') else: - list = Config.objects.filter(allowed_users=request.user).order_by('name').all() + configs = Config.objects.filter(allowed_users=request.user).order_by('name') - return render_to_response('configs/configs/list.html', {'list': list}, context_instance=RequestContext(request)) + return render_to_response('configs/configs/list.html', {'list': configs}, context_instance=RequestContext(request)) @login_required @@ -96,6 +88,7 @@ def edit(request, pk): @login_required +@require_GET def show(request, pk): """Show a config""" @@ -108,58 +101,25 @@ def show(request, pk): @login_required -def new_ipn_key(request, pk): - """Generate a new ipn key""" +@require_GET +def new_key(request, pk, key_type): + config = get_object_or_404(Config, pk=pk) - object = get_object_or_404(Config, pk=pk) - - if not object.is_user_allowed(request.user): - raise Http404 - - object.gen_key_ipn() - object.save() - - ConfigLogs(config=object, user=request.user, text=_('A new IPN key has been generated.')).save() - - messages.success(request, _('A new IPN key has been generated !')) - - return redirect('configs.views.show', pk=pk) - - -@login_required -def new_requests_key(request, pk): - """Generate a new request key""" - - object = get_object_or_404(Config, pk=pk) - - if not object.is_user_allowed(request.user): - raise Http404 - - object.gen_key_request() - object.save() - - ConfigLogs(config=object, user=request.user, text=_('A new requests key has been generated.')).save() - - messages.success(request, _('A new requests key has been generated !')) - - return redirect('configs.views.show', pk=pk) - - -@login_required -def new_api_key(request, pk): - """Generate a new api key""" - - object = get_object_or_404(Config, pk=pk) - - if not object.is_user_allowed(request.user): + if not config.is_user_allowed(request.user): raise Http404 - object.gen_key_api() - object.save() + if key_type == "request": + config.gen_key_request() + elif key_type == "ipn": + config.gen_key_ipn() + elif key_type == "api": + config.gen_key_api() + config.save() + + log_message = _(u"A new {} key has been generated".format(key_type)) + ConfigLogs(config=config, user=request.user, text=log_message).save() - ConfigLogs(config=object, user=request.user, text=_('A new api key has been generated.')).save() - - messages.success(request, _('A new api key has been generated !')) + messages.success(request, log_message) return redirect('configs.views.show', pk=pk) @@ -168,11 +128,11 @@ def new_api_key(request, pk): def show_logs(request, pk): """Display config's logs""" - object = get_object_or_404(Config, pk=pk) + config = get_object_or_404(Config, pk=pk) - if not object.is_user_allowed(request.user): + if not config.is_user_allowed(request.user): raise Http404 - list = object.configlogs_set.order_by('-when').all() + list = config.configlogs_set.order_by('-when') - return render_to_response('configs/configs/logs.html', {'object': object, 'list': list}, context_instance=RequestContext(request)) + return render_to_response('configs/configs/logs.html', {'object': config, 'list': list}, context_instance=RequestContext(request))