forked from CGM_Public/pretix_original
42 lines
1.8 KiB
Python
42 lines
1.8 KiB
Python
#
|
|
# This file is part of pretix (Community Edition).
|
|
#
|
|
# Copyright (C) 2014-2020 Raphael Michel and contributors
|
|
# Copyright (C) 2020-today pretix GmbH and contributors
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
|
|
# Public License as published by the Free Software Foundation in version 3 of the License.
|
|
#
|
|
# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
|
|
# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
|
|
# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
|
|
# this file, see <https://pretix.eu/about/en/license>.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
# details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License along with this program. If not, see
|
|
# <https://www.gnu.org/licenses/>.
|
|
#
|
|
import hashlib
|
|
|
|
from django.core.signing import BadSignature, TimestampSigner
|
|
|
|
|
|
def get_token(request, answer):
|
|
if not request.session.session_key:
|
|
request.session.create()
|
|
payload = '{}:{}'.format(request.session.session_key, answer.pk)
|
|
signer = TimestampSigner()
|
|
return signer.sign(hashlib.sha1(payload.encode()).hexdigest())
|
|
|
|
|
|
def check_token(request, answer, token):
|
|
payload = hashlib.sha1('{}:{}'.format(request.session.session_key, answer.pk).encode()).hexdigest()
|
|
signer = TimestampSigner()
|
|
try:
|
|
return payload == signer.unsign(token, max_age=3600 * 24)
|
|
except BadSignature:
|
|
return False
|