Update sha_constructor to hashlib.sha256

This commit is contained in:
Volodymyr Hotsyk 2014-07-05 16:21:49 +03:00
parent 7596729ec1
commit 3ad6d4cfef

View file

@ -6,7 +6,7 @@ from django.core.exceptions import ObjectDoesNotExist
from django.db.models import Q from django.db.models import Q
from django.http import Http404, HttpResponse, HttpResponseForbidden from django.http import Http404, HttpResponse, HttpResponseForbidden
from django.shortcuts import render, redirect, get_object_or_404 from django.shortcuts import render, redirect, get_object_or_404
from django.utils.hashcompat import sha_constructor from hashlib import sha256
from django.views import static from django.views import static
from django.contrib import messages from django.contrib import messages
@ -14,12 +14,16 @@ from django.contrib.auth.models import User
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from account.models import EmailAddress from account.models import EmailAddress
from symposion.proposals.models import ProposalBase, ProposalSection, ProposalKind from symposion.proposals.models import (
ProposalBase, ProposalSection, ProposalKind
)
from symposion.proposals.models import SupportingDocument, AdditionalSpeaker from symposion.proposals.models import SupportingDocument, AdditionalSpeaker
from symposion.speakers.models import Speaker from symposion.speakers.models import Speaker
from symposion.utils.mail import send_email from symposion.utils.mail import send_email
from symposion.proposals.forms import AddSpeakerForm, SupportingDocumentCreateForm from symposion.proposals.forms import (
AddSpeakerForm, SupportingDocumentCreateForm
)
def get_form(name): def get_form(name):
@ -37,21 +41,21 @@ def proposal_submit(request):
request.user.speaker_profile request.user.speaker_profile
except ObjectDoesNotExist: except ObjectDoesNotExist:
return redirect("dashboard") return redirect("dashboard")
kinds = [] kinds = []
for proposal_section in ProposalSection.available(): for proposal_section in ProposalSection.available():
for kind in proposal_section.section.proposal_kinds.all(): for kind in proposal_section.section.proposal_kinds.all():
kinds.append(kind) kinds.append(kind)
return render(request, "proposals/proposal_submit.html", { return render(request, "proposals/proposal_submit.html", {
"kinds": kinds, "kinds": kinds,
}) })
def proposal_submit_kind(request, kind_slug): def proposal_submit_kind(request, kind_slug):
kind = get_object_or_404(ProposalKind, slug=kind_slug) kind = get_object_or_404(ProposalKind, slug=kind_slug)
if not request.user.is_authenticated(): if not request.user.is_authenticated():
return redirect("home") # @@@ unauth'd speaker info page? return redirect("home") # @@@ unauth'd speaker info page?
else: else:
@ -59,12 +63,12 @@ def proposal_submit_kind(request, kind_slug):
speaker_profile = request.user.speaker_profile speaker_profile = request.user.speaker_profile
except ObjectDoesNotExist: except ObjectDoesNotExist:
return redirect("dashboard") return redirect("dashboard")
if not kind.section.proposalsection.is_available(): if not kind.section.proposalsection.is_available():
return redirect("proposal_submit") return redirect("proposal_submit")
form_class = get_form(settings.PROPOSAL_FORMS[kind_slug]) form_class = get_form(settings.PROPOSAL_FORMS[kind_slug])
if request.method == "POST": if request.method == "POST":
form = form_class(request.POST) form = form_class(request.POST)
if form.is_valid(): if form.is_valid():
@ -79,7 +83,7 @@ def proposal_submit_kind(request, kind_slug):
return redirect("dashboard") return redirect("dashboard")
else: else:
form = form_class() form = form_class()
return render(request, "proposals/proposal_submit_kind.html", { return render(request, "proposals/proposal_submit_kind.html", {
"kind": kind, "kind": kind,
"form": form, "form": form,
@ -91,17 +95,17 @@ def proposal_speaker_manage(request, pk):
queryset = ProposalBase.objects.select_related("speaker") queryset = ProposalBase.objects.select_related("speaker")
proposal = get_object_or_404(queryset, pk=pk) proposal = get_object_or_404(queryset, pk=pk)
proposal = ProposalBase.objects.get_subclass(pk=proposal.pk) proposal = ProposalBase.objects.get_subclass(pk=proposal.pk)
if proposal.speaker != request.user.speaker_profile: if proposal.speaker != request.user.speaker_profile:
raise Http404() raise Http404()
if request.method == "POST": if request.method == "POST":
add_speaker_form = AddSpeakerForm(request.POST, proposal=proposal) add_speaker_form = AddSpeakerForm(request.POST, proposal=proposal)
if add_speaker_form.is_valid(): if add_speaker_form.is_valid():
message_ctx = { message_ctx = {
"proposal": proposal, "proposal": proposal,
} }
def create_speaker_token(email_address): def create_speaker_token(email_address):
# create token and look for an existing speaker to prevent # create token and look for an existing speaker to prevent
# duplicate tokens and confusing the pending speaker # duplicate tokens and confusing the pending speaker
@ -110,8 +114,8 @@ def proposal_speaker_manage(request, pk):
Q(user=None, invite_email=email_address) Q(user=None, invite_email=email_address)
) )
except Speaker.DoesNotExist: except Speaker.DoesNotExist:
salt = sha_constructor(str(random.random())).hexdigest()[:5] salt = sha256(str(random.random())).hexdigest()[:5]
token = sha_constructor(salt + email_address).hexdigest() token = sha256(salt + email_address).hexdigest()
pending = Speaker.objects.create( pending = Speaker.objects.create(
invite_email=email_address, invite_email=email_address,
invite_token=token, invite_token=token,
@ -173,14 +177,14 @@ def proposal_edit(request, pk):
if request.user != proposal.speaker.user: if request.user != proposal.speaker.user:
raise Http404() raise Http404()
if not proposal.can_edit(): if not proposal.can_edit():
ctx = { ctx = {
"title": "Proposal editing closed", "title": "Proposal editing closed",
"body": "Proposal editing is closed for this session type." "body": "Proposal editing is closed for this session type."
} }
return render(request, "proposals/proposal_error.html", ctx) return render(request, "proposals/proposal_error.html", ctx)
form_class = get_form(settings.PROPOSAL_FORMS[proposal.kind.slug]) form_class = get_form(settings.PROPOSAL_FORMS[proposal.kind.slug])
if request.method == "POST": if request.method == "POST":
@ -206,7 +210,7 @@ def proposal_edit(request, pk):
return redirect("proposal_detail", proposal.pk) return redirect("proposal_detail", proposal.pk)
else: else:
form = form_class(instance=proposal) form = form_class(instance=proposal)
return render(request, "proposals/proposal_edit.html", { return render(request, "proposals/proposal_edit.html", {
"proposal": proposal, "proposal": proposal,
"form": form, "form": form,
@ -218,22 +222,22 @@ def proposal_detail(request, pk):
queryset = ProposalBase.objects.select_related("speaker", "speaker__user") queryset = ProposalBase.objects.select_related("speaker", "speaker__user")
proposal = get_object_or_404(queryset, pk=pk) proposal = get_object_or_404(queryset, pk=pk)
proposal = ProposalBase.objects.get_subclass(pk=proposal.pk) proposal = ProposalBase.objects.get_subclass(pk=proposal.pk)
if request.user not in [p.user for p in proposal.speakers()]: if request.user not in [p.user for p in proposal.speakers()]:
raise Http404() raise Http404()
if "symposion.reviews" in settings.INSTALLED_APPS: if "symposion.reviews" in settings.INSTALLED_APPS:
from symposion.reviews.forms import SpeakerCommentForm from symposion.reviews.forms import SpeakerCommentForm
message_form = SpeakerCommentForm() message_form = SpeakerCommentForm()
if request.method == "POST": if request.method == "POST":
message_form = SpeakerCommentForm(request.POST) message_form = SpeakerCommentForm(request.POST)
if message_form.is_valid(): if message_form.is_valid():
message = message_form.save(commit=False) message = message_form.save(commit=False)
message.user = request.user message.user = request.user
message.proposal = proposal message.proposal = proposal
message.save() message.save()
ProposalMessage = SpeakerCommentForm.Meta.model ProposalMessage = SpeakerCommentForm.Meta.model
reviewers = User.objects.filter( reviewers = User.objects.filter(
id__in=ProposalMessage.objects.filter( id__in=ProposalMessage.objects.filter(
@ -242,7 +246,7 @@ def proposal_detail(request, pk):
user=request.user user=request.user
).distinct().values_list("user", flat=True) ).distinct().values_list("user", flat=True)
) )
for reviewer in reviewers: for reviewer in reviewers:
ctx = { ctx = {
"proposal": proposal, "proposal": proposal,
@ -253,13 +257,13 @@ def proposal_detail(request, pk):
[reviewer.email], "proposal_new_message", [reviewer.email], "proposal_new_message",
context=ctx context=ctx
) )
return redirect(request.path) return redirect(request.path)
else: else:
message_form = SpeakerCommentForm() message_form = SpeakerCommentForm()
else: else:
message_form = None message_form = None
return render(request, "proposals/proposal_detail.html", { return render(request, "proposals/proposal_detail.html", {
"proposal": proposal, "proposal": proposal,
"message_form": message_form "message_form": message_form
@ -271,7 +275,7 @@ def proposal_cancel(request, pk):
queryset = ProposalBase.objects.select_related("speaker") queryset = ProposalBase.objects.select_related("speaker")
proposal = get_object_or_404(queryset, pk=pk) proposal = get_object_or_404(queryset, pk=pk)
proposal = ProposalBase.objects.get_subclass(pk=proposal.pk) proposal = ProposalBase.objects.get_subclass(pk=proposal.pk)
if proposal.speaker.user != request.user: if proposal.speaker.user != request.user:
return HttpResponseForbidden() return HttpResponseForbidden()
@ -281,7 +285,7 @@ def proposal_cancel(request, pk):
# @@@ fire off email to submitter and other speakers # @@@ fire off email to submitter and other speakers
messages.success(request, "%s has been cancelled" % proposal.title) messages.success(request, "%s has been cancelled" % proposal.title)
return redirect("dashboard") return redirect("dashboard")
return render(request, "proposals/proposal_cancel.html", { return render(request, "proposals/proposal_cancel.html", {
"proposal": proposal, "proposal": proposal,
}) })
@ -339,10 +343,10 @@ def document_create(request, proposal_pk):
queryset = ProposalBase.objects.select_related("speaker") queryset = ProposalBase.objects.select_related("speaker")
proposal = get_object_or_404(queryset, pk=proposal_pk) proposal = get_object_or_404(queryset, pk=proposal_pk)
proposal = ProposalBase.objects.get_subclass(pk=proposal.pk) proposal = ProposalBase.objects.get_subclass(pk=proposal.pk)
if proposal.cancelled: if proposal.cancelled:
return HttpResponseForbidden() return HttpResponseForbidden()
if request.method == "POST": if request.method == "POST":
form = SupportingDocumentCreateForm(request.POST, request.FILES) form = SupportingDocumentCreateForm(request.POST, request.FILES)
if form.is_valid(): if form.is_valid():
@ -353,7 +357,7 @@ def document_create(request, proposal_pk):
return redirect("proposal_detail", proposal.pk) return redirect("proposal_detail", proposal.pk)
else: else:
form = SupportingDocumentCreateForm() form = SupportingDocumentCreateForm()
return render(request, "proposals/document_create.html", { return render(request, "proposals/document_create.html", {
"proposal": proposal, "proposal": proposal,
"form": form, "form": form,
@ -378,8 +382,8 @@ def document_download(request, pk, *args):
def document_delete(request, pk): def document_delete(request, pk):
document = get_object_or_404(SupportingDocument, pk=pk, uploaded_by=request.user) document = get_object_or_404(SupportingDocument, pk=pk, uploaded_by=request.user)
proposal_pk = document.proposal.pk proposal_pk = document.proposal.pk
if request.method == "POST": if request.method == "POST":
document.delete() document.delete()
return redirect("proposal_detail", proposal_pk) return redirect("proposal_detail", proposal_pk)