NDOJ/judge/views/mailgun.py

import hashlib
import hmac
import logging
from email.utils import parseaddr

from django.conf import settings
from django.contrib.auth.models import User
from django.contrib.sites.shortcuts import get_current_site
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt
from django.views.generic import View
from registration.models import RegistrationProfile

from judge.utils.unicode import utf8bytes

logger = logging.getLogger('judge.mail.activate')


class MailgunActivationView(View):
    if hasattr(settings, 'MAILGUN_ACCESS_KEY'):
        def post(self, request, *args, **kwargs):
            params = request.POST
            timestamp = params.get('timestamp', '')
            token = params.get('token', '')
            signature = params.get('signature', '')

            logger.debug('Received request: %s', params)

            if signature != hmac.new(key=utf8bytes(settings.MAILGUN_ACCESS_KEY),
                                     msg=utf8bytes('%s%s' % (timestamp, token)), digestmod=hashlib.sha256).hexdigest():
                logger.info('Rejected request: signature: %s, timestamp: %s, token: %s', signature, timestamp, token)
                raise PermissionDenied()
            _, sender = parseaddr(params.get('from'))
            if not sender:
                logger.info('Rejected invalid sender: %s', params.get('from'))
                return HttpResponse(status=406)
            try:
                user = User.objects.get(email__iexact=sender)
            except (User.DoesNotExist, User.MultipleObjectsReturned):
                logger.info('Rejected unknown sender: %s: %s', sender, params.get('from'))
                return HttpResponse(status=406)
            try:
                registration = RegistrationProfile.objects.get(user=user)
            except RegistrationProfile.DoesNotExist:
                logger.info('Rejected sender without RegistrationProfile: %s: %s', sender, params.get('from'))
                return HttpResponse(status=406)
            if registration.activated:
                logger.info('Rejected activated sender: %s: %s', sender, params.get('from'))
                return HttpResponse(status=406)

            key = registration.activation_key
            if key in params.get('body-plain', '') or key in params.get('body-html', ''):
                if RegistrationProfile.objects.activate_user(key, get_current_site(request)):
                    logger.info('Activated sender: %s: %s', sender, params.get('from'))
                    return HttpResponse('Activated', status=200)
                logger.info('Failed to activate sender: %s: %s', sender, params.get('from'))
            else:
                logger.info('Activation key not found: %s: %s', sender, params.get('from'))
            return HttpResponse(status=406)

    @method_decorator(csrf_exempt)
    def dispatch(self, request, *args, **kwargs):
        return super(MailgunActivationView, self).dispatch(request, *args, **kwargs)