move check_request_signature from lingo to utils (#13912)

combo/apps/lingo/views.py

@@ -38,7 +38,7 @@ from django.utils.encoding import smart_text
 
 import eopayment
 
-from combo.utils import check_query, aes_hex_decrypt, DecryptionError
+from combo.utils import check_request_signature, aes_hex_decrypt, DecryptionError
 
 try:
     from mellon.models import UserSAMLIdentifier
@@ -63,21 +63,8 @@ def get_basket_url():
     return LingoBasketCell.objects.all()[0].page.get_online_url()
 
 
-def check_request_signature(request):
-    keys = [getattr(settings, 'LINGO_API_SIGN_KEY', '12345')]
-    orig = request.GET.get('orig', '')
-    known_services = getattr(settings, 'KNOWN_SERVICES', [])
-    if known_services and orig:
-        key = None
-        for l in known_services.itervalues():
-            for service in l.itervalues():
-                if 'verif_orig' in service and service['verif_orig'] == orig:
-                    key = service['secret']
-                    break
-            if key:
-                keys.append(key)
-                break
-    return check_query(request.META['QUERY_STRING'], keys)
+def lingo_check_request_signature(request):
+    return check_request_signature(request, keys=[getattr(settings, 'LINGO_API_SIGN_KEY', '12345')])
 
 
 class RegiesApiView(ListView):
@@ -108,7 +95,7 @@ class AddBasketItemApiView(View):
         return d.quantize(Decimal('0.01'), ROUND_HALF_UP)
 
     def post(self, request, *args, **kwargs):
-        if not check_request_signature(request):
+        if not lingo_check_request_signature(request):
             return HttpResponseForbidden()
 
         request_body = json.loads(self.request.body)
@@ -174,7 +161,7 @@ class RemoveBasketItemApiView(View):
         return super(RemoveBasketItemApiView, self).dispatch(*args, **kwargs)
 
     def post(self, request, *args, **kwargs):
-        if not check_request_signature(request):
+        if not lingo_check_request_signature(request):
             return HttpResponseForbidden()
 
         request_body = json.loads(self.request.body)
@@ -214,7 +201,7 @@ class ValidateTransactionApiView(View):
         return super(ValidateTransactionApiView, self).dispatch(*args, **kwargs)
 
     def post(self, request, *args, **kwargs):
-        if not check_request_signature(request):
+        if not lingo_check_request_signature(request):
             return HttpResponseForbidden()
 
         logger = logging.getLogger(__name__)
@@ -255,7 +242,7 @@ class CancelTransactionApiView(View):
         return super(CancelTransactionApiView, self).dispatch(*args, **kwargs)
 
     def post(self, request, *args, **kwargs):
-        if not check_request_signature(request):
+        if not lingo_check_request_signature(request):
             return HttpResponseForbidden()
 
         logger = logging.getLogger(__name__)

combo/utils.py

@@ -205,6 +205,21 @@ def ellipsize(text, length=50):
     return text[:(length-10)] + '...'
 
 
+def check_request_signature(django_request, keys=[]):
+    query_string = django_request.META['QUERY_STRING']
+    if not query_string:
+        return False
+    orig = django_request.GET.get('orig', '')
+    known_services = getattr(settings, 'KNOWN_SERVICES', None)
+    if known_services and orig:
+        for services in known_services.itervalues():
+            for service in services.itervalues():
+                if 'verif_orig' in service and service['verif_orig'] == orig:
+                    keys.append(service['secret'])
+                    break
+    return check_query(query_string, keys)
+
+
 def check_query(query, keys, known_nonce=None, timedelta=30):
     parsed = urlparse.parse_qs(query)
     if not 'signature' in parsed: