opensourceprojects.eu / osp-allura / Diff of /Allura/allura/lib/utils.py

Diff of /Allura/allura/lib/utils.py [53d9ee] .. [7f4020]

Switch to unified view


...
import mimetypes
from logging.handlers import WatchedFileHandler

import tg
import pylons
import webob.multidict
from formencode import Invalid
from tg.decorators import before_validate
from pylons import response, c
from paste.httpheaders import CACHE_CONTROL, EXPIRES
from webhelpers.html import literal
...
        plain = '%d:%s:%s' % (
            timestamp, client_ip, pylons.config.get('spinner_secret', 'abcdef'))
        return hashlib.sha1(plain).digest()

    @classmethod
    def validate_request(cls, request=None, now=None, params=None):
        if request is None: request = pylons.request
        if params is None: params = request.params
        new_params = dict(params)
        new_params.pop('timestamp', None)
        new_params.pop('spinner', None)
        obj = cls(request)
        if now is None: now = time.time()
        if obj.timestamp > now + 5:
            raise ValueError, 'Post from the future'
        if now - obj.timestamp > 60*60:
            raise ValueError, 'Post from the 1hr+ past'
        if obj.spinner != obj.make_spinner(obj.timestamp):
            raise ValueError, 'Bad spinner value'
        for k in new_params.keys():
            new_params[obj.dec(k)] = new_params.pop(k)
        for fldno in range(obj.num_honey):
            value = new_params.pop('honey%s' % fldno)
            if value:
                raise ValueError, 'Value in honeypot field: %s' % value
        return new_params

    @classmethod
    def validate(cls, error_msg):
        '''Controller decorator to raise Invalid errors if bot protection is engaged'''
        def antispam_hook(remainder, params):
            '''Converts various errors in validate_request to a single Invalid message'''
            try:
                new_params = cls.validate_request(params=params)
                params.update(new_params)
            except (ValueError, TypeError, binascii.Error):
                raise Invalid(error_msg, params, None)
        return before_validate(antispam_hook)

class TruthyCallable(object):

	a/Allura/allura/lib/utils.py		b/Allura/allura/lib/utils.py
	...		...
7	import mimetypes	7	import mimetypes
8	from logging.handlers import WatchedFileHandler	8	from logging.handlers import WatchedFileHandler
9		9
10	import tg	10	import tg
11	import pylons	11	import pylons
		12	import webob.multidict
12	from formencode import Invalid	13	from formencode import Invalid
13	from tg.decorators import before_validate	14	from tg.decorators import before_validate
14	from pylons import response, c	15	from pylons import response, c
15	from paste.httpheaders import CACHE_CONTROL, EXPIRES	16	from paste.httpheaders import CACHE_CONTROL, EXPIRES
16	from webhelpers.html import literal	17	from webhelpers.html import literal
	...		...
249	plain = '%d:%s:%s' % (	250	plain = '%d:%s:%s' % (
250	timestamp, client_ip, pylons.config.get('spinner_secret', 'abcdef'))	251	timestamp, client_ip, pylons.config.get('spinner_secret', 'abcdef'))
251	return hashlib.sha1(plain).digest()	252	return hashlib.sha1(plain).digest()
252		253
253	@classmethod	254	@classmethod
254	def validate_request(cls, request=None, now=None):	255	def validate_request(cls, request=None, now=None, params=None):
255	if request is None: request = pylons.request	256	if request is None: request = pylons.request
		257	if params is None: params = request.params
256	params = dict(request.params)	258	new_params = dict(params)
257	params.pop('timestamp', None)	259	new_params.pop('timestamp', None)
258	params.pop('spinner', None)	260	new_params.pop('spinner', None)
259	obj = cls(request)	261	obj = cls(request)
260	if now is None: now = time.time()	262	if now is None: now = time.time()
261	if obj.timestamp > now + 5:	263	if obj.timestamp > now + 5:
262	raise ValueError, 'Post from the future'	264	raise ValueError, 'Post from the future'
263	if now - obj.timestamp > 60*60:	265	if now - obj.timestamp > 60*60:
264	raise ValueError, 'Post from the 1hr+ past'	266	raise ValueError, 'Post from the 1hr+ past'
265	if obj.spinner != obj.make_spinner(obj.timestamp):	267	if obj.spinner != obj.make_spinner(obj.timestamp):
266	raise ValueError, 'Bad spinner value'	268	raise ValueError, 'Bad spinner value'
267	for k in params.keys():	269	for k in new_params.keys():
268	params[obj.dec(k)] = params.pop(k)	270	new_params[obj.dec(k)] = new_params.pop(k)
269	for fldno in range(obj.num_honey):	271	for fldno in range(obj.num_honey):
270	value = params.pop('honey%s' % fldno)	272	value = new_params.pop('honey%s' % fldno)
271	if value:	273	if value:
272	raise ValueError, 'Value in honeypot field: %s' % value	274	raise ValueError, 'Value in honeypot field: %s' % value
273	return params	275	return new_params
274		276
275	@classmethod	277	@classmethod
276	def validate(cls, error_msg):	278	def validate(cls, error_msg):
277	'''Controller decorator to raise Invalid errors if bot protection is engaged'''	279	'''Controller decorator to raise Invalid errors if bot protection is engaged'''
278	def antispam_hook(remainder, params):	280	def antispam_hook(remainder, params):
279	'''Converts various errors in validate_request to a single Invalid message'''	281	'''Converts various errors in validate_request to a single Invalid message'''
280	try:	282	try:
281	params.update(cls.validate_request())	283	new_params = cls.validate_request(params=params)
		284	params.update(new_params)
282	except (ValueError, TypeError, binascii.Error):	285	except (ValueError, TypeError, binascii.Error):
283	raise Invalid(error_msg, params, None)	286	raise Invalid(error_msg, params, None)
284	return before_validate(antispam_hook)	287	return before_validate(antispam_hook)
285		288
286	class TruthyCallable(object):	289	class TruthyCallable(object):