NDOJ/judge/views/mailgun.py

import hashlib
import hmac
import logging
from email.utils import parseaddr

from django.conf import settings
from django.contrib.auth.models import User
from django.contrib.sites.shortcuts import get_current_site
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt
from django.views.generic import View
from registration.models import RegistrationProfile

from judge.utils.unicode import utf8bytes

logger = logging.getLogger("judge.mail.activate")


class MailgunActivationView(View):
    if hasattr(settings, "MAILGUN_ACCESS_KEY"):

        def post(self, request, *args, **kwargs):
            params = request.POST
            timestamp = params.get("timestamp", "")
            token = params.get("token", "")
            signature = params.get("signature", "")

            logger.debug("Received request: %s", params)

            if (
                signature
                != hmac.new(
                    key=utf8bytes(settings.MAILGUN_ACCESS_KEY),
                    msg=utf8bytes("%s%s" % (timestamp, token)),
                    digestmod=hashlib.sha256,
                ).hexdigest()
            ):
                logger.info(
                    "Rejected request: signature: %s, timestamp: %s, token: %s",
                    signature,
                    timestamp,
                    token,
                )
                raise PermissionDenied()
            _, sender = parseaddr(params.get("from"))
            if not sender:
                logger.info("Rejected invalid sender: %s", params.get("from"))
                return HttpResponse(status=406)
            try:
                user = User.objects.get(email__iexact=sender)
            except (User.DoesNotExist, User.MultipleObjectsReturned):
                logger.info(
                    "Rejected unknown sender: %s: %s", sender, params.get("from")
                )
                return HttpResponse(status=406)
            try:
                registration = RegistrationProfile.objects.get(user=user)
            except RegistrationProfile.DoesNotExist:
                logger.info(
                    "Rejected sender without RegistrationProfile: %s: %s",
                    sender,
                    params.get("from"),
                )
                return HttpResponse(status=406)
            if registration.activated:
                logger.info(
                    "Rejected activated sender: %s: %s", sender, params.get("from")
                )
                return HttpResponse(status=406)

            key = registration.activation_key
            if key in params.get("body-plain", "") or key in params.get(
                "body-html", ""
            ):
                if RegistrationProfile.objects.activate_user(
                    key, get_current_site(request)
                ):
                    logger.info("Activated sender: %s: %s", sender, params.get("from"))
                    return HttpResponse("Activated", status=200)
                logger.info(
                    "Failed to activate sender: %s: %s", sender, params.get("from")
                )
            else:
                logger.info(
                    "Activation key not found: %s: %s", sender, params.get("from")
                )
            return HttpResponse(status=406)

    @method_decorator(csrf_exempt)
    def dispatch(self, request, *args, **kwargs):
        return super(MailgunActivationView, self).dispatch(request, *args, **kwargs)
Cloned DMOJ 2020-01-21 06:35:58 +00:00			`import hashlib`
			`import hmac`
			`import logging`
			`from email.utils import parseaddr`

			`from django.conf import settings`
			`from django.contrib.auth.models import User`
			`from django.contrib.sites.shortcuts import get_current_site`
			`from django.core.exceptions import PermissionDenied`
			`from django.http import HttpResponse`
			`from django.utils.decorators import method_decorator`
			`from django.views.decorators.csrf import csrf_exempt`
			`from django.views.generic import View`
			`from registration.models import RegistrationProfile`

			`from judge.utils.unicode import utf8bytes`

Reformat using black 2022-05-14 17:57:27 +00:00			`logger = logging.getLogger("judge.mail.activate")`
Cloned DMOJ 2020-01-21 06:35:58 +00:00

			`class MailgunActivationView(View):`
Reformat using black 2022-05-14 17:57:27 +00:00			`if hasattr(settings, "MAILGUN_ACCESS_KEY"):`

Cloned DMOJ 2020-01-21 06:35:58 +00:00			`def post(self, request, args, *kwargs):`
			`params = request.POST`
Reformat using black 2022-05-14 17:57:27 +00:00			`timestamp = params.get("timestamp", "")`
			`token = params.get("token", "")`
			`signature = params.get("signature", "")`
Cloned DMOJ 2020-01-21 06:35:58 +00:00
Reformat using black 2022-05-14 17:57:27 +00:00			`logger.debug("Received request: %s", params)`
Cloned DMOJ 2020-01-21 06:35:58 +00:00
Reformat using black 2022-05-14 17:57:27 +00:00			`if (`
			`signature`
			`!= hmac.new(`
			`key=utf8bytes(settings.MAILGUN_ACCESS_KEY),`
			`msg=utf8bytes("%s%s" % (timestamp, token)),`
			`digestmod=hashlib.sha256,`
			`).hexdigest()`
			`):`
			`logger.info(`
			`"Rejected request: signature: %s, timestamp: %s, token: %s",`
			`signature,`
			`timestamp,`
			`token,`
			`)`
Cloned DMOJ 2020-01-21 06:35:58 +00:00			`raise PermissionDenied()`
Reformat using black 2022-05-14 17:57:27 +00:00			`_, sender = parseaddr(params.get("from"))`
Cloned DMOJ 2020-01-21 06:35:58 +00:00			`if not sender:`
Reformat using black 2022-05-14 17:57:27 +00:00			`logger.info("Rejected invalid sender: %s", params.get("from"))`
Cloned DMOJ 2020-01-21 06:35:58 +00:00			`return HttpResponse(status=406)`
			`try:`
			`user = User.objects.get(email__iexact=sender)`
			`except (User.DoesNotExist, User.MultipleObjectsReturned):`
Reformat using black 2022-05-14 17:57:27 +00:00			`logger.info(`
			`"Rejected unknown sender: %s: %s", sender, params.get("from")`
			`)`
Cloned DMOJ 2020-01-21 06:35:58 +00:00			`return HttpResponse(status=406)`
			`try:`
			`registration = RegistrationProfile.objects.get(user=user)`
			`except RegistrationProfile.DoesNotExist:`
Reformat using black 2022-05-14 17:57:27 +00:00			`logger.info(`
			`"Rejected sender without RegistrationProfile: %s: %s",`
			`sender,`
			`params.get("from"),`
			`)`
Cloned DMOJ 2020-01-21 06:35:58 +00:00			`return HttpResponse(status=406)`
			`if registration.activated:`
Reformat using black 2022-05-14 17:57:27 +00:00			`logger.info(`
			`"Rejected activated sender: %s: %s", sender, params.get("from")`
			`)`
Cloned DMOJ 2020-01-21 06:35:58 +00:00			`return HttpResponse(status=406)`

			`key = registration.activation_key`
Reformat using black 2022-05-14 17:57:27 +00:00			`if key in params.get("body-plain", "") or key in params.get(`
			`"body-html", ""`
			`):`
			`if RegistrationProfile.objects.activate_user(`
			`key, get_current_site(request)`
			`):`
			`logger.info("Activated sender: %s: %s", sender, params.get("from"))`
			`return HttpResponse("Activated", status=200)`
			`logger.info(`
			`"Failed to activate sender: %s: %s", sender, params.get("from")`
			`)`
Cloned DMOJ 2020-01-21 06:35:58 +00:00			`else:`
Reformat using black 2022-05-14 17:57:27 +00:00			`logger.info(`
			`"Activation key not found: %s: %s", sender, params.get("from")`
			`)`
Cloned DMOJ 2020-01-21 06:35:58 +00:00			`return HttpResponse(status=406)`

			`@method_decorator(csrf_exempt)`
			`def dispatch(self, request, args, *kwargs):`
			`return super(MailgunActivationView, self).dispatch(request, args, *kwargs)`