From 03849d8b8cca60217220a9787f0db50cb4f4da93 Mon Sep 17 00:00:00 2001 From: gcmalloc Date: Wed, 15 Jan 2014 14:20:14 +0100 Subject: [PATCH 1/8] moving variable on top of the view --- server/api/views.py | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/server/api/views.py b/server/api/views.py index a5a6fff..b90eaab 100644 --- a/server/api/views.py +++ b/server/api/views.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - from django.shortcuts import get_object_or_404, render_to_response, redirect from django.template import RequestContext from django.core.context_processors import csrf @@ -10,6 +9,7 @@ from django.contrib.admin.views.decorators import staff_member_required from django.contrib.auth.decorators import login_required, user_passes_test from django.http import HttpResponseRedirect +from django.views.decorators import require_GET from django.db import connections from django.core.paginator import InvalidPage, EmptyPage, Paginator from django.core.cache import cache @@ -22,14 +22,17 @@ from configs.models import Config -from paiements.models import Transaction, TransactionLog +from paiements.models import Transaction @csrf_exempt +@require_GET def transactions_list(request): """Return the list of transaction""" + config_pk = request.GET.get('config_id', -1) + secret = request.GET.get('secret', '#') - config = get_object_or_404(Config, pk=request.POST.get('config_id', -1), key_api=request.POST.get('secret', '#')) + config = get_object_or_404(Config, pk=config_pk, key_api=secret) max_transaction = int(request.POST.get('max_transaction', '100')) @@ -42,10 +45,13 @@ def transactions_list(request): @csrf_exempt +@require_GET def transactions_show(request, reference): """Return details of a transaction""" + config_pk = request.GET.get('config_id', -1) + secret = request.GET.get('secret', '#') - config = get_object_or_404(Config, pk=request.POST.get('config_id', -1), key_api=request.POST.get('secret', '#')) + config = get_object_or_404(Config, pk=config_pk, key_api=secret) transaction = get_object_or_404(Transaction, config=config, reference=reference) @@ -53,16 +59,19 @@ def transactions_show(request, reference): @csrf_exempt +@require_GET def transactions_show_logs(request, reference): """Return logs of a transaction""" + config_pk = request.GET.get('config_id', -1) + secret = request.GET.get('secret', '#') - config = get_object_or_404(Config, pk=request.POST.get('config_id', -1), key_api=request.POST.get('secret', '#')) + config = get_object_or_404(Config, pk=config_pk, key_api=secret) transaction = get_object_or_404(Transaction, config=config, reference=reference) retour = [] - for log in transaction.transactionlog_set.order_by('-when').all(): + for log in transaction.transactionlog_set.order_by('-when'): retour.append(log.dump_api()) return HttpResponse(json.dumps({'result': 'ok', 'data': retour})) From edea9d9a371cab96489a641d8599bf0f571bdb6c Mon Sep 17 00:00:00 2001 From: gcmalloc Date: Wed, 15 Jan 2014 14:23:57 +0100 Subject: [PATCH 2/8] typo --- client/httpd.py | 4 +++- client/libs/polybanking.py | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/client/httpd.py b/client/httpd.py index 7e29b7e..cf0254b 100644 --- a/client/httpd.py +++ b/client/httpd.py @@ -1,3 +1,5 @@ +"""This example show a full http server. +""" from flask import Flask from flask import render_template from flask import request @@ -22,7 +24,7 @@ def home(): def start(): """Start a new paiement""" - (result, url) = api.new_transation(request.args.get('amount', ''), str(uuid.uuid4())) + (result, url) = api.new_transaction(request.args.get('amount', ''), str(uuid.uuid4())) return render_template('start.html', result=result, url=url) diff --git a/client/libs/polybanking.py b/client/libs/polybanking.py index 2c433ab..ed788ce 100644 --- a/client/libs/polybanking.py +++ b/client/libs/polybanking.py @@ -32,7 +32,7 @@ def escape_chars(s): return h.hexdigest() - def new_transation(self, amount, reference, extra_data=''): + def new_transaction(self, amount, reference, extra_data=''): """Start a new transation, with the specified amount and reference. The reference must be unique. Return (Status, the URL where the user should be redirected or None) Status can be 'OK', 'KEY_ERROR', 'CONFIG_ERROR', 'AMOUNT_ERROR', 'REFERENCE_ERROR', 'ERROR'""" @@ -113,7 +113,7 @@ def get_transaction_logs(self, reference): data['reference'] = reference try: - result = requests.post(self.server + '/api/transactions/' + reference + '/logs/', data=data).json() + result = requests.get(self.server + '/api/transactions/' + reference + '/logs/', data=data).json() if result['result'] != 'ok': return None From b4731b38a80029942eda7a2e3dafc84d76d368d3 Mon Sep 17 00:00:00 2001 From: gcmalloc Date: Wed, 15 Jan 2014 14:24:52 +0100 Subject: [PATCH 3/8] starting to fix the method usage --- client/libs/polybanking.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/libs/polybanking.py b/client/libs/polybanking.py index ed788ce..2095bfd 100644 --- a/client/libs/polybanking.py +++ b/client/libs/polybanking.py @@ -75,7 +75,7 @@ def get_transactions(self, max_transaction=100): data['max_transaction'] = max_transaction try: - result = requests.post(self.server + '/api/transactions/', data=data).json() + result = requests.get(self.server + '/api/transactions/', data=data).json() if result['result'] != 'ok': return None @@ -94,7 +94,7 @@ def get_transaction(self, reference): data['reference'] = reference try: - result = requests.post(self.server + '/api/transactions/' + reference + '/', data=data).json() + result = requests.get(self.server + '/api/transactions/' + reference + '/', data=data).json() if result['result'] != 'ok': return None From d137329dcb61bdea265577c2e0657fd4d0ec9b56 Mon Sep 17 00:00:00 2001 From: gcmalloc Date: Thu, 16 Jan 2014 08:32:35 +0100 Subject: [PATCH 4/8] cleaning the key generation --- server/configs/views.py | 94 ++++++++++++----------------------------- 1 file changed, 27 insertions(+), 67 deletions(-) diff --git a/server/configs/views.py b/server/configs/views.py index 7cb1627..5a3332e 100644 --- a/server/configs/views.py +++ b/server/configs/views.py @@ -2,18 +2,9 @@ from django.shortcuts import get_object_or_404, render_to_response, redirect from django.template import RequestContext -from django.core.context_processors import csrf -from django.views.decorators.csrf import csrf_exempt -from django.http import Http404, HttpResponse, HttpResponseForbidden, HttpResponseNotFound -from django.utils.encoding import smart_str -from django.conf import settings -from django.contrib.admin.views.decorators import staff_member_required -from django.contrib.auth.decorators import login_required, user_passes_test -from django.http import HttpResponseRedirect -from django.db import connections -from django.core.paginator import InvalidPage, EmptyPage, Paginator -from django.core.cache import cache -from django.core.urlresolvers import reverse +from django.http import Http404 +from django.views.decorators import require_POST, require_GET +from django.contrib.auth.decorators import login_required from django.contrib import messages from django.utils.translation import ugettext_lazy as _ @@ -23,15 +14,16 @@ @login_required +@require_GET def list(request): """Show the list of configs""" if request.user.is_superuser: - list = Config.objects.order_by('name').all() + configs = Config.objects.order_by('name') else: - list = Config.objects.filter(allowed_users=request.user).order_by('name').all() + configs = Config.objects.filter(allowed_users=request.user).order_by('name') - return render_to_response('configs/configs/list.html', {'list': list}, context_instance=RequestContext(request)) + return render_to_response('configs/configs/list.html', {'list': configs}, context_instance=RequestContext(request)) @login_required @@ -96,6 +88,7 @@ def edit(request, pk): @login_required +@require_GET def show(request, pk): """Show a config""" @@ -108,58 +101,25 @@ def show(request, pk): @login_required -def new_ipn_key(request, pk): - """Generate a new ipn key""" +@require_GET +def new_key(request, pk, key_type): + config = get_object_or_404(Config, pk=pk) - object = get_object_or_404(Config, pk=pk) - - if not object.is_user_allowed(request.user): - raise Http404 - - object.gen_key_ipn() - object.save() - - ConfigLogs(config=object, user=request.user, text=_('A new IPN key has been generated.')).save() - - messages.success(request, _('A new IPN key has been generated !')) - - return redirect('configs.views.show', pk=pk) - - -@login_required -def new_requests_key(request, pk): - """Generate a new request key""" - - object = get_object_or_404(Config, pk=pk) - - if not object.is_user_allowed(request.user): - raise Http404 - - object.gen_key_request() - object.save() - - ConfigLogs(config=object, user=request.user, text=_('A new requests key has been generated.')).save() - - messages.success(request, _('A new requests key has been generated !')) - - return redirect('configs.views.show', pk=pk) - - -@login_required -def new_api_key(request, pk): - """Generate a new api key""" - - object = get_object_or_404(Config, pk=pk) - - if not object.is_user_allowed(request.user): + if not config.is_user_allowed(request.user): raise Http404 - object.gen_key_api() - object.save() + if key_type == "request": + config.gen_key_request() + elif key_type == "ipn": + config.gen_key_ipn() + elif key_type == "api": + config.gen_key_api() + config.save() + + log_message = _(u"A new {} key has been generated".format(key_type)) + ConfigLogs(config=config, user=request.user, text=log_message).save() - ConfigLogs(config=object, user=request.user, text=_('A new api key has been generated.')).save() - - messages.success(request, _('A new api key has been generated !')) + messages.success(request, log_message) return redirect('configs.views.show', pk=pk) @@ -168,11 +128,11 @@ def new_api_key(request, pk): def show_logs(request, pk): """Display config's logs""" - object = get_object_or_404(Config, pk=pk) + config = get_object_or_404(Config, pk=pk) - if not object.is_user_allowed(request.user): + if not config.is_user_allowed(request.user): raise Http404 - list = object.configlogs_set.order_by('-when').all() + list = config.configlogs_set.order_by('-when') - return render_to_response('configs/configs/logs.html', {'object': object, 'list': list}, context_instance=RequestContext(request)) + return render_to_response('configs/configs/logs.html', {'object': config, 'list': list}, context_instance=RequestContext(request)) From 91b81fc0e7534a6cb24a2313c92abad2715523ef Mon Sep 17 00:00:00 2001 From: gcmalloc Date: Thu, 16 Jan 2014 08:36:48 +0100 Subject: [PATCH 5/8] check if max_transaction is a number --- server/api/views.py | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/server/api/views.py b/server/api/views.py index b90eaab..38abac5 100644 --- a/server/api/views.py +++ b/server/api/views.py @@ -1,20 +1,8 @@ # -*- coding: utf-8 -*- -from django.shortcuts import get_object_or_404, render_to_response, redirect -from django.template import RequestContext -from django.core.context_processors import csrf +from django.shortcuts import get_object_or_404 from django.views.decorators.csrf import csrf_exempt -from django.http import Http404, HttpResponse, HttpResponseForbidden, HttpResponseNotFound -from django.utils.encoding import smart_str -from django.conf import settings -from django.contrib.admin.views.decorators import staff_member_required -from django.contrib.auth.decorators import login_required, user_passes_test -from django.http import HttpResponseRedirect +from django.http import HttpResponse from django.views.decorators import require_GET -from django.db import connections -from django.core.paginator import InvalidPage, EmptyPage, Paginator -from django.core.cache import cache -from django.core.urlresolvers import reverse -from django.contrib import messages from django.utils.translation import ugettext_lazy as _ @@ -33,12 +21,14 @@ def transactions_list(request): secret = request.GET.get('secret', '#') config = get_object_or_404(Config, pk=config_pk, key_api=secret) - - max_transaction = int(request.POST.get('max_transaction', '100')) + try: + max_transaction = int(request.GET['max_transaction']) + except (ValueError, KeyError): + max_transaction = 100 retour = [] - for transaction in config.transaction_set.order_by('-creation_date').all()[:max_transaction]: + for transaction in config.transaction_set.order_by('-creation_date')[:max_transaction]: retour.append({'reference': transaction.reference}) return HttpResponse(json.dumps({'result': 'ok', 'data': retour})) From b9443416e9e52ceffcd28da003f212d19ead9492 Mon Sep 17 00:00:00 2001 From: gcmalloc Date: Thu, 16 Jan 2014 08:38:05 +0100 Subject: [PATCH 6/8] updating url to the generic key method --- server/configs/urls.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/server/configs/urls.py b/server/configs/urls.py index c827e54..c7f4cbf 100644 --- a/server/configs/urls.py +++ b/server/configs/urls.py @@ -9,11 +9,9 @@ url(r'^(?P[0-9]+)/show/$', 'show'), url(r'^(?P[0-9]+)/edit/$', 'edit'), url(r'^(?P[0-9]+)/logs/$', 'show_logs'), - + #url(r'^(?P[0-9]+)/delete/$', 'delete'), - url(r'^(?P[0-9]+)/keys/ipn/new/$', 'new_ipn_key'), - url(r'^(?P[0-9]+)/keys/requests/new/$', 'new_requests_key'), - url(r'^(?P[0-9]+)/keys/api/new/$', 'new_api_key'), + url(r'^(?P[0-9]+)/keys/(?P(ipn|requests|api))/new/$', 'new_ipn_key'), ) From 806cf6191c15b3d3cad2167cf0445ceda94ae118 Mon Sep 17 00:00:00 2001 From: gcmalloc Date: Thu, 16 Jan 2014 14:26:50 +0100 Subject: [PATCH 7/8] system random --- server/configs/models.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/server/configs/models.py b/server/configs/models.py index e31959c..99fde4a 100644 --- a/server/configs/models.py +++ b/server/configs/models.py @@ -6,7 +6,7 @@ import uuid import datetime import hashlib -import os +import random class Config(models.Model): @@ -78,9 +78,8 @@ def gen_key(self): h = hashlib.sha512() - for i in range(2): - h.update(str(os.random())) + h.update(str(random.SystemRandom().random())) h.update(str(uuid.uuid4())) h.update(str(datetime.datetime.now())) h.update(str(self.pk)) From 97c1960966a4c7671b9cb7678bdfcd220775699d Mon Sep 17 00:00:00 2001 From: gcmalloc Date: Thu, 16 Jan 2014 15:26:09 +0100 Subject: [PATCH 8/8] updating the library accordingly --- client/libs/polybanking.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/libs/polybanking.py b/client/libs/polybanking.py index 2095bfd..10f363c 100644 --- a/client/libs/polybanking.py +++ b/client/libs/polybanking.py @@ -75,7 +75,7 @@ def get_transactions(self, max_transaction=100): data['max_transaction'] = max_transaction try: - result = requests.get(self.server + '/api/transactions/', data=data).json() + result = requests.get(self.server + '/api/transactions/', params=data).json() if result['result'] != 'ok': return None @@ -94,7 +94,7 @@ def get_transaction(self, reference): data['reference'] = reference try: - result = requests.get(self.server + '/api/transactions/' + reference + '/', data=data).json() + result = requests.get(self.server + '/api/transactions/' + reference + '/', params=data).json() if result['result'] != 'ok': return None @@ -113,7 +113,7 @@ def get_transaction_logs(self, reference): data['reference'] = reference try: - result = requests.get(self.server + '/api/transactions/' + reference + '/logs/', data=data).json() + result = requests.get(self.server + '/api/transactions/' + reference + '/logs/', params=data).json() if result['result'] != 'ok': return None