misc: use new signing.dumps/loads implementation (#61130)
This commit is contained in:
parent
0795cbeb89
commit
f72d1d3b2a
|
@ -42,7 +42,7 @@ from ldap.dn import escape_dn_chars
|
|||
from ldap.filter import filter_format
|
||||
from ldap.ldapobject import ReconnectLDAPObject as NativeLDAPObject
|
||||
|
||||
from authentic2 import app_settings, crypto
|
||||
from authentic2 import app_settings
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.backends import is_user_authenticable
|
||||
|
@ -51,6 +51,7 @@ from authentic2.ldap_utils import FilterFormatter
|
|||
from authentic2.middleware import StoreRequestMiddleware
|
||||
from authentic2.models import UserExternalId
|
||||
from authentic2.user_login_failure import user_login_failure, user_login_success
|
||||
from authentic2.utils import crypto
|
||||
from authentic2.utils.misc import PasswordChangeError, to_list
|
||||
|
||||
# code originaly copied from by now merely inspired by
|
||||
|
|
|
@ -20,7 +20,6 @@ from functools import reduce
|
|||
from django.contrib import messages
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.core import signing
|
||||
from django.core.exceptions import PermissionDenied, ValidationError
|
||||
from django.core.paginator import EmptyPage, Paginator
|
||||
from django.db import transaction
|
||||
|
@ -39,6 +38,7 @@ from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role, Role
|
|||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.apps.journal.views import JournalViewWithContext
|
||||
from authentic2.forms.profile import modelform_factory
|
||||
from authentic2.utils import crypto
|
||||
from authentic2.utils.misc import redirect
|
||||
|
||||
from . import forms, resources, tables, views
|
||||
|
@ -820,8 +820,8 @@ class UserOrRoleSelect2View(DetailView):
|
|||
|
||||
field_id = self.kwargs.get('field_id', self.request.GET.get('field_id', None))
|
||||
try:
|
||||
signing.loads(field_id)
|
||||
except (signing.SignatureExpired, signing.BadSignature):
|
||||
crypto.loads(field_id)
|
||||
except (crypto.SignatureExpired, crypto.BadSignature):
|
||||
raise Http404('Invalid or expired signature.')
|
||||
|
||||
search_term = request.GET.get('term', '')
|
||||
|
|
|
@ -21,7 +21,6 @@ import json
|
|||
import pickle
|
||||
|
||||
from django.contrib.messages.views import SuccessMessageMixin
|
||||
from django.core import signing
|
||||
from django.core.exceptions import PermissionDenied, ValidationError
|
||||
from django.db import transaction
|
||||
from django.forms import MediaDefiningClass
|
||||
|
@ -44,6 +43,7 @@ from authentic2.a2_rbac.models import OrganizationalUnit
|
|||
from authentic2.data_transfer import ImportContext, export_site, import_site
|
||||
from authentic2.decorators import json as json_view
|
||||
from authentic2.forms.profile import modelform_factory
|
||||
from authentic2.utils import crypto
|
||||
from authentic2.utils.misc import batch_queryset, redirect
|
||||
|
||||
from . import app_settings, forms, utils, widgets
|
||||
|
@ -745,8 +745,8 @@ class Select2View(AutoResponseView):
|
|||
raise Http404('Invalid user')
|
||||
field_data = self.kwargs.get('field_id', self.request.GET.get('field_id', None))
|
||||
try:
|
||||
field_data = signing.loads(field_data)
|
||||
except (signing.SignatureExpired, signing.BadSignature):
|
||||
field_data = crypto.loads(field_data)
|
||||
except (crypto.SignatureExpired, crypto.BadSignature):
|
||||
raise Http404('Invalid or expired signature.')
|
||||
widget_class = field_data.get('class')
|
||||
if not widget_class or not hasattr(widgets, widget_class):
|
||||
|
|
|
@ -20,11 +20,11 @@ import operator
|
|||
import pickle
|
||||
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.core import signing
|
||||
from django.utils.encoding import force_text
|
||||
from django_select2.forms import ModelSelect2MultipleWidget, ModelSelect2Widget
|
||||
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.utils import crypto
|
||||
from authentic2_idp_oidc.models import OIDCAuthorization
|
||||
|
||||
from . import utils
|
||||
|
@ -57,7 +57,7 @@ class Select2Mixin:
|
|||
'class': self.__class__.__name__,
|
||||
'where_clause': force_text(base64.b64encode(pickle.dumps(self.queryset.query.where))),
|
||||
}
|
||||
attrs['data-field_id'] = signing.dumps(field_data)
|
||||
attrs['data-field_id'] = crypto.dumps(field_data)
|
||||
return attrs
|
||||
|
||||
@classmethod
|
||||
|
|
|
@ -36,7 +36,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||
from model_utils.managers import QueryManager
|
||||
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.crypto import base64url_decode, base64url_encode
|
||||
from authentic2.utils.crypto import base64url_decode, base64url_encode
|
||||
|
||||
# install our natural_key implementation
|
||||
from . import managers
|
||||
|
|
|
@ -32,7 +32,6 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
|
|||
from django.contrib.auth import authenticate as dj_authenticate
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.contrib.auth import login as auth_login
|
||||
from django.core import signing
|
||||
from django.core.exceptions import FieldDoesNotExist, ImproperlyConfigured
|
||||
from django.core.mail import EmailMessage, send_mail
|
||||
from django.forms.utils import ErrorList, to_current_timezone
|
||||
|
@ -48,8 +47,9 @@ from django.utils.formats import localize
|
|||
from django.utils.translation import ungettext
|
||||
|
||||
from authentic2.saml.saml2utils import filter_attribute_private_key, filter_element_private_key
|
||||
from authentic2.utils import crypto
|
||||
|
||||
from .. import app_settings, constants, crypto, plugins
|
||||
from .. import app_settings, constants, plugins
|
||||
from .service import set_service_ref
|
||||
|
||||
|
||||
|
@ -774,7 +774,7 @@ def build_activation_url(request, email, next_url=None, ou=None, **kwargs):
|
|||
def build_deletion_url(request, **kwargs):
|
||||
data = kwargs.copy()
|
||||
data['user_pk'] = request.user.pk
|
||||
deletion_token = signing.dumps(data)
|
||||
deletion_token = crypto.dumps(data)
|
||||
delete_url = request.build_absolute_uri(
|
||||
reverse('validate_deletion', kwargs={'deletion_token': deletion_token})
|
||||
)
|
||||
|
@ -1177,7 +1177,7 @@ def send_email_change_email(user, email, request=None, context=None, template_na
|
|||
legacy_body_templates = None
|
||||
|
||||
# build verify email URL containing a signed token
|
||||
token = signing.dumps(
|
||||
token = crypto.dumps(
|
||||
{
|
||||
'email': email,
|
||||
'user_pk': user.pk,
|
||||
|
|
|
@ -26,7 +26,6 @@ from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model
|
|||
from django.contrib.auth import logout as auth_logout
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.views import PasswordChangeView as DjPasswordChangeView
|
||||
from django.core import signing
|
||||
from django.core.exceptions import ValidationError
|
||||
from django.db.models.fields import FieldDoesNotExist
|
||||
from django.db.models.query import Q
|
||||
|
@ -60,6 +59,7 @@ from .a2_rbac.utils import get_default_ou
|
|||
from .forms import passwords as passwords_forms
|
||||
from .forms import profile as profile_forms
|
||||
from .forms import registration as registration_forms
|
||||
from .utils import crypto
|
||||
from .utils import misc as utils_misc
|
||||
from .utils import switch_user as utils_switch_user
|
||||
from .utils.evaluate import make_condition_context
|
||||
|
@ -229,7 +229,7 @@ class EmailChangeVerifyView(TemplateView):
|
|||
def get(self, request, *args, **kwargs):
|
||||
if 'token' in request.GET:
|
||||
try:
|
||||
token = signing.loads(
|
||||
token = crypto.loads(
|
||||
request.GET['token'], max_age=app_settings.A2_EMAIL_CHANGE_TOKEN_LIFETIME
|
||||
)
|
||||
user_pk = token['user_pk']
|
||||
|
@ -260,9 +260,9 @@ class EmailChangeVerifyView(TemplateView):
|
|||
old_email=old_email,
|
||||
new_email=user.email,
|
||||
)
|
||||
except signing.SignatureExpired:
|
||||
except crypto.SignatureExpired:
|
||||
messages.error(request, _('your request for changing your email is too old, try again'))
|
||||
except signing.BadSignature:
|
||||
except crypto.BadSignature:
|
||||
messages.error(request, _('your request for changing your email is invalid, try again'))
|
||||
except ValueError:
|
||||
messages.error(
|
||||
|
@ -903,10 +903,10 @@ class BaseRegistrationView(FormView):
|
|||
# load pre-filled values
|
||||
if request.GET.get('token'):
|
||||
try:
|
||||
self.token = signing.loads(
|
||||
self.token = crypto.loads(
|
||||
request.GET.get('token'), max_age=settings.ACCOUNT_ACTIVATION_DAYS * 3600 * 24
|
||||
)
|
||||
except (TypeError, ValueError, signing.BadSignature) as e:
|
||||
except (TypeError, ValueError, crypto.BadSignature) as e:
|
||||
logger.warning('registration_view: invalid token: %s', e)
|
||||
return HttpResponseBadRequest('invalid token', content_type='text/plain')
|
||||
if 'ou' in self.token:
|
||||
|
@ -1348,7 +1348,7 @@ class ValidateDeletionView(TemplateView):
|
|||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
try:
|
||||
deletion_token = signing.loads(
|
||||
deletion_token = crypto.loads(
|
||||
kwargs['deletion_token'], max_age=app_settings.A2_DELETION_REQUEST_LIFETIME
|
||||
)
|
||||
user_pk = deletion_token['user_pk']
|
||||
|
@ -1357,9 +1357,9 @@ class ValidateDeletionView(TemplateView):
|
|||
if not self.user.is_active:
|
||||
raise ValidationError(_('This account is inactive, it cannot be deleted.'))
|
||||
logger.info('user %s confirmed the deletion of their own account', self.user)
|
||||
except signing.SignatureExpired:
|
||||
except crypto.SignatureExpired:
|
||||
error = _('The account deletion request is too old, try again')
|
||||
except signing.BadSignature:
|
||||
except crypto.BadSignature:
|
||||
error = _('The account deletion request is invalid, try again')
|
||||
except ValueError:
|
||||
error = _('The account deletion request was not on this site, try again')
|
||||
|
|
|
@ -37,10 +37,10 @@ from authentic2 import app_settings as a2_app_settings
|
|||
from authentic2 import constants, hooks
|
||||
from authentic2 import models as a2_models
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.crypto import check_hmac_url, hash_chain, hmac_url
|
||||
from authentic2.forms.passwords import SetPasswordForm
|
||||
from authentic2.utils import misc as utils_misc
|
||||
from authentic2.utils import views as utils_views
|
||||
from authentic2.utils.crypto import check_hmac_url, hash_chain, hmac_url
|
||||
from authentic2.utils.models import safe_get_or_create
|
||||
from authentic2.utils.service import get_service_from_ref, get_service_from_request, service_ref
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ from jwcrypto.jwt import JWT
|
|||
|
||||
from authentic2 import app_settings, hooks
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit
|
||||
from authentic2.crypto import base64url_encode
|
||||
from authentic2.utils.crypto import base64url_encode
|
||||
from authentic2.utils.template import Template
|
||||
|
||||
from . import models, utils
|
||||
|
|
|
@ -23,7 +23,6 @@ import requests
|
|||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||
from django.core import signing
|
||||
from django.http import HttpResponseBadRequest
|
||||
from django.urls import reverse
|
||||
from django.utils.translation import get_language
|
||||
|
@ -31,6 +30,7 @@ from django.utils.translation import ugettext as _
|
|||
from django.views.generic.base import View
|
||||
|
||||
from authentic2.decorators import setting_enabled
|
||||
from authentic2.utils import crypto
|
||||
from authentic2.utils.misc import authenticate, good_next_url, login, redirect
|
||||
|
||||
from . import app_settings, models
|
||||
|
@ -65,7 +65,7 @@ def oidc_login(request, pk, next_url=None, *args, **kwargs):
|
|||
'scope': ' '.join(scopes),
|
||||
'response_type': 'code',
|
||||
'redirect_uri': request.build_absolute_uri(reverse('oidc-login-callback')),
|
||||
'state': signing.dumps(state_content),
|
||||
'state': crypto.dumps(state_content),
|
||||
'nonce': nonce,
|
||||
}
|
||||
if provider.claims_parameter_supported:
|
||||
|
@ -140,8 +140,8 @@ class LoginCallback(View):
|
|||
if not raw_state:
|
||||
return redirect(request, settings.LOGIN_REDIRECT_URL)
|
||||
try:
|
||||
state_content = signing.loads(raw_state)
|
||||
except signing.BadSignature:
|
||||
state_content = crypto.loads(raw_state)
|
||||
except crypto.BadSignature:
|
||||
return redirect(request, settings.LOGIN_REDIRECT_URL)
|
||||
|
||||
state = state_content['state_id']
|
||||
|
|
|
@ -27,9 +27,10 @@ from django.utils.encoding import force_bytes, force_text
|
|||
from jwcrypto.jwk import JWK, InvalidJWKValue, JWKSet
|
||||
from jwcrypto.jwt import JWT
|
||||
|
||||
from authentic2 import crypto, hooks
|
||||
from authentic2 import hooks
|
||||
from authentic2.attributes_ng.engine import get_attributes
|
||||
from authentic2.decorators import GlobalCache
|
||||
from authentic2.utils import crypto
|
||||
from authentic2.utils.template import Template
|
||||
|
||||
from . import app_settings
|
||||
|
|
|
@ -32,12 +32,12 @@ from django.utils.encoding import force_bytes, force_text
|
|||
from ldap.dn import escape_dn_chars
|
||||
from ldaptools.slapd import Slapd, has_slapd
|
||||
|
||||
from authentic2 import crypto, models
|
||||
from authentic2 import models
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.backends import ldap_backend
|
||||
from authentic2.models import Service
|
||||
from authentic2.utils import switch_user
|
||||
from authentic2.utils import crypto, switch_user
|
||||
from authentic2.utils.misc import PasswordChangeError, authenticate
|
||||
|
||||
from . import utils
|
||||
|
|
Loading…
Reference in New Issue