move check_request_signature from lingo to utils (#13912)
This commit is contained in:
parent
99f958adb4
commit
2205f08716
|
@ -38,7 +38,7 @@ from django.utils.encoding import smart_text
|
|||
|
||||
import eopayment
|
||||
|
||||
from combo.utils import check_query, aes_hex_decrypt, DecryptionError
|
||||
from combo.utils import check_request_signature, aes_hex_decrypt, DecryptionError
|
||||
|
||||
try:
|
||||
from mellon.models import UserSAMLIdentifier
|
||||
|
@ -63,21 +63,8 @@ def get_basket_url():
|
|||
return LingoBasketCell.objects.all()[0].page.get_online_url()
|
||||
|
||||
|
||||
def check_request_signature(request):
|
||||
keys = [getattr(settings, 'LINGO_API_SIGN_KEY', '12345')]
|
||||
orig = request.GET.get('orig', '')
|
||||
known_services = getattr(settings, 'KNOWN_SERVICES', [])
|
||||
if known_services and orig:
|
||||
key = None
|
||||
for l in known_services.itervalues():
|
||||
for service in l.itervalues():
|
||||
if 'verif_orig' in service and service['verif_orig'] == orig:
|
||||
key = service['secret']
|
||||
break
|
||||
if key:
|
||||
keys.append(key)
|
||||
break
|
||||
return check_query(request.META['QUERY_STRING'], keys)
|
||||
def lingo_check_request_signature(request):
|
||||
return check_request_signature(request, keys=[getattr(settings, 'LINGO_API_SIGN_KEY', '12345')])
|
||||
|
||||
|
||||
class RegiesApiView(ListView):
|
||||
|
@ -108,7 +95,7 @@ class AddBasketItemApiView(View):
|
|||
return d.quantize(Decimal('0.01'), ROUND_HALF_UP)
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
if not check_request_signature(request):
|
||||
if not lingo_check_request_signature(request):
|
||||
return HttpResponseForbidden()
|
||||
|
||||
request_body = json.loads(self.request.body)
|
||||
|
@ -174,7 +161,7 @@ class RemoveBasketItemApiView(View):
|
|||
return super(RemoveBasketItemApiView, self).dispatch(*args, **kwargs)
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
if not check_request_signature(request):
|
||||
if not lingo_check_request_signature(request):
|
||||
return HttpResponseForbidden()
|
||||
|
||||
request_body = json.loads(self.request.body)
|
||||
|
@ -214,7 +201,7 @@ class ValidateTransactionApiView(View):
|
|||
return super(ValidateTransactionApiView, self).dispatch(*args, **kwargs)
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
if not check_request_signature(request):
|
||||
if not lingo_check_request_signature(request):
|
||||
return HttpResponseForbidden()
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
@ -255,7 +242,7 @@ class CancelTransactionApiView(View):
|
|||
return super(CancelTransactionApiView, self).dispatch(*args, **kwargs)
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
if not check_request_signature(request):
|
||||
if not lingo_check_request_signature(request):
|
||||
return HttpResponseForbidden()
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
|
@ -205,6 +205,21 @@ def ellipsize(text, length=50):
|
|||
return text[:(length-10)] + '...'
|
||||
|
||||
|
||||
def check_request_signature(django_request, keys=[]):
|
||||
query_string = django_request.META['QUERY_STRING']
|
||||
if not query_string:
|
||||
return False
|
||||
orig = django_request.GET.get('orig', '')
|
||||
known_services = getattr(settings, 'KNOWN_SERVICES', None)
|
||||
if known_services and orig:
|
||||
for services in known_services.itervalues():
|
||||
for service in services.itervalues():
|
||||
if 'verif_orig' in service and service['verif_orig'] == orig:
|
||||
keys.append(service['secret'])
|
||||
break
|
||||
return check_query(query_string, keys)
|
||||
|
||||
|
||||
def check_query(query, keys, known_nonce=None, timedelta=30):
|
||||
parsed = urlparse.parse_qs(query)
|
||||
if not 'signature' in parsed:
|
||||
|
|
Loading…
Reference in New Issue