From c26a69fe9d7857cf4d212475403d099893fbf84f Mon Sep 17 00:00:00 2001 From: Adarnof Date: Sun, 7 Feb 2016 17:52:48 +0000 Subject: [PATCH 1/7] Automated update script --- update.sh | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 update.sh diff --git a/update.sh b/update.sh new file mode 100644 index 00000000..20b03ba3 --- /dev/null +++ b/update.sh @@ -0,0 +1,4 @@ +pip install -r requirements.txt +yes yes | python manage.py syncdb +yes yes | python manage.py evolve --hint --execute +yes yes | python manage.py collectstatic From d36d991d274ce4d17297d61ce6f4f9ab326a6320 Mon Sep 17 00:00:00 2001 From: Adarnof Date: Sun, 7 Feb 2016 18:04:01 +0000 Subject: [PATCH 2/7] Use in-game logos on index by default --- stock/templates/public/index.html | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/stock/templates/public/index.html b/stock/templates/public/index.html index f0e8d755..f3cf69bc 100644 --- a/stock/templates/public/index.html +++ b/stock/templates/public/index.html @@ -43,8 +43,16 @@

From e5d8c626747006eaea3fa8b4118b82fb6a1dc3d7 Mon Sep 17 00:00:00 2001 From: Adarnof Date: Tue, 9 Feb 2016 12:32:08 +0000 Subject: [PATCH 3/7] Rolled back Discord managers to fix #235 Commit chosen: 08cd2c1f1ade6845f5710329b0beab47ab7df6aa Additional security implemented: tokens deleted for users after succesful addition to discord server. - prevents another user from authenticating with their email and wrong password --- services/managers/discord_manager.py | 51 ++++++++++++---------------- 1 file changed, 21 insertions(+), 30 deletions(-) diff --git a/services/managers/discord_manager.py b/services/managers/discord_manager.py index ef33dc99..64ceab86 100644 --- a/services/managers/discord_manager.py +++ b/services/managers/discord_manager.py @@ -13,8 +13,8 @@ DISCORD_URL = "https://discordapp.com/api" class DiscordAPIManager: - def __init__(self, server_id, email, password, user=None): - self.token = DiscordAPIManager.get_token_by_user(email, password, user) + def __init__(self, server_id, email, password): + self.token = DiscordAPIManager.get_token_by_user(email, password) self.email = email self.password = password self.server_id = server_id @@ -131,8 +131,9 @@ class DiscordAPIManager: r.raise_for_status() return r.json() - def accept_invite(self, invite_id): - custom_headers = {'accept': 'application/json', 'authorization': self.token} + @staticmethod + def accept_invite(invite_id, token): + custom_headers = {'accept': 'application/json', 'authorization': token} path = DISCORD_URL + "/invite/" + str(invite_id) r = requests.post(path, headers=custom_headers) logger.debug("Received status code %s after accepting invite." % r.status_code) @@ -222,20 +223,17 @@ class DiscordAPIManager: raise KeyError('Group not found on server: ' + group_name) @staticmethod - def get_token_by_user(email, password, user): + def get_token_by_user(email, password): if DiscordAuthToken.objects.filter(email=email).exists(): - auth = DiscordAuthToken.objects.get(email=email) - if not auth.user == user: - raise ValueError("User mismatch while validating DiscordAuthToken for email %s - user %s, requesting user %s" % (email, auth.user, user)) logger.debug("Discord auth token cached for supplied email starting with %s" % email[0:3]) - auth = DiscordAuthToken.objects.get(email=email, user=user) + auth = DiscordAuthToken.objects.get(email=email) if DiscordAPIManager.validate_token(auth.token): logger.debug("Token still valid. Returning token starting with %s" % auth.token[0:5]) return auth.token else: logger.debug("Token has expired. Deleting.") auth.delete() - logger.debug("Generating auth token for email starting with %s user %s and password of length %s" % (email[0:3], user, len(password))) + logger.debug("Generating auth token for email starting with %s and password of length %s" % (email[0:3], len(password))) data = { "email" : email, "password": password, @@ -246,19 +244,11 @@ class DiscordAPIManager: logger.debug("Received status code %s after generating auth token for custom user." % r.status_code) r.raise_for_status() token = r.json()['token'] - auth = DiscordAuthToken(email=email, token=token, user=user) + auth = DiscordAuthToken(email=email, token=token) auth.save() logger.debug("Created cached token for email starting with %s" % email[0:3]) return token - def get_profile(self): - custom_headers = {'accept': 'application/json', 'authorization': self.token} - path = DISCORD_URL + "/users/@me" - r = requests.get(path, headers=custom_headers) - logger.debug("Received status code %s after retrieving user profile with email %s" % (r.status_code, self.email[0:3])) - r.raise_for_status() - return r.json() - @staticmethod def get_user_profile(email, password): token = DiscordAPIManager.get_token_by_user(email, password) @@ -381,25 +371,26 @@ class DiscordManager: return current_password @staticmethod - def add_user(email, password, user): + def add_user(email, password): try: - logger.debug("Adding new user %s to discord with email %s and password of length %s" % (user, email[0:3], len(password))) - server_api = DiscordAPIManager(settings.DISCORD_SERVER_ID, settings.DISCORD_USER_EMAIL, settings.DISCORD_USER_PASSWORD) - user_api = DiscordAPIManager(settings.DISCORD_SERVER_ID, email, password, user=user) - profile = user_api.get_profile() + logger.debug("Adding new user to discord with email %s and password of length %s" % (email[0:3], len(password))) + api = DiscordAPIManager(settings.DISCORD_SERVER_ID, settings.DISCORD_USER_EMAIL, settings.DISCORD_USER_PASSWORD) + profile = DiscordAPIManager.get_user_profile(email, password) logger.debug("Got profile for user: %s" % profile) user_id = profile['id'] logger.debug("Determined user id: %s" % user_id) - if server_api.check_if_user_banned(user_id): + if api.check_if_user_banned(user_id): logger.debug("User is currently banned. Unbanning %s" % user_id) - server_api.unban_user(user_id) - invite_code = server_api.create_invite()['code'] + api.unban_user(user_id) + invite_code = api.create_invite()['code'] logger.debug("Generated invite code beginning with %s" % invite_code[0:5]) - user_api.accept_invite(invite_code) + token = DiscordAPIManager.get_token_by_user(email, password) + logger.debug("Got auth token for supplied credentials beginning with %s" % token[0:5]) + DiscordAPIManager.accept_invite(invite_code, token) logger.info("Added user to discord server %s with id %s" % (settings.DISCORD_SERVER_ID, user_id)) return user_id except: - logger.exception("An unhandled exception has occured.") + logger.exception("An unhandled exception has occured.", exc_info=True) return "" @staticmethod @@ -412,5 +403,5 @@ class DiscordManager: logger.info("Deleted user with id %s from discord server id %s" % (user_id, settings.DISCORD_SERVER_ID)) return True except: - logger.exception("An unhandled exception has occured.") + logger.exception("An unhandled exception has occured.", exc_info=True) return False From b9f322e136a908a75ed524b9dc055bec0f7882b9 Mon Sep 17 00:00:00 2001 From: Adarnof Date: Tue, 9 Feb 2016 12:37:11 +0000 Subject: [PATCH 4/7] Re-removed exc_info flags from logging messages --- services/managers/discord_manager.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/services/managers/discord_manager.py b/services/managers/discord_manager.py index 64ceab86..517d3994 100644 --- a/services/managers/discord_manager.py +++ b/services/managers/discord_manager.py @@ -327,7 +327,7 @@ class DiscordManager: group_ids.append(group_id) logger.debug("Got id %s" % group_id) except: - logger.debug("Group id retrieval generated exception - generating new group on discord server.", exc_info=True) + logger.debug("Group id retrieval generated exception - generating new group on discord server.") group_ids.append(DiscordManager.create_group(g)) logger.info("Setting discord groups for user %s to %s" % (user_id, group_ids)) api.set_roles(user_id, group_ids) @@ -371,7 +371,7 @@ class DiscordManager: return current_password @staticmethod - def add_user(email, password): + def add_user(email, password, user): try: logger.debug("Adding new user to discord with email %s and password of length %s" % (email[0:3], len(password))) api = DiscordAPIManager(settings.DISCORD_SERVER_ID, settings.DISCORD_USER_EMAIL, settings.DISCORD_USER_PASSWORD) @@ -388,9 +388,10 @@ class DiscordManager: logger.debug("Got auth token for supplied credentials beginning with %s" % token[0:5]) DiscordAPIManager.accept_invite(invite_code, token) logger.info("Added user to discord server %s with id %s" % (settings.DISCORD_SERVER_ID, user_id)) + token.delete() return user_id except: - logger.exception("An unhandled exception has occured.", exc_info=True) + logger.exception("An unhandled exception has occured.") return "" @staticmethod @@ -403,5 +404,5 @@ class DiscordManager: logger.info("Deleted user with id %s from discord server id %s" % (user_id, settings.DISCORD_SERVER_ID)) return True except: - logger.exception("An unhandled exception has occured.", exc_info=True) + logger.exception("An unhandled exception has occured.") return False From 54331d9075c8d807673ff825931135ae5a192d0a Mon Sep 17 00:00:00 2001 From: Adarnof Date: Tue, 9 Feb 2016 12:50:25 +0000 Subject: [PATCH 5/7] Corrected token deletion --- services/managers/discord_manager.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/managers/discord_manager.py b/services/managers/discord_manager.py index 517d3994..00d55388 100644 --- a/services/managers/discord_manager.py +++ b/services/managers/discord_manager.py @@ -388,7 +388,7 @@ class DiscordManager: logger.debug("Got auth token for supplied credentials beginning with %s" % token[0:5]) DiscordAPIManager.accept_invite(invite_code, token) logger.info("Added user to discord server %s with id %s" % (settings.DISCORD_SERVER_ID, user_id)) - token.delete() + DiscordAuthToken.objects.filter(token=token).delete() return user_id except: logger.exception("An unhandled exception has occured.") From 1164b8d984670a728bbfd7a0569e0e9254b85e40 Mon Sep 17 00:00:00 2001 From: Adarnof Date: Thu, 11 Feb 2016 12:44:54 -0500 Subject: [PATCH 6/7] Revert "Revert discord manager to restore functionality" --- services/managers/discord_manager.py | 48 ++++++++++++++++------------ 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/services/managers/discord_manager.py b/services/managers/discord_manager.py index 00d55388..ef33dc99 100644 --- a/services/managers/discord_manager.py +++ b/services/managers/discord_manager.py @@ -13,8 +13,8 @@ DISCORD_URL = "https://discordapp.com/api" class DiscordAPIManager: - def __init__(self, server_id, email, password): - self.token = DiscordAPIManager.get_token_by_user(email, password) + def __init__(self, server_id, email, password, user=None): + self.token = DiscordAPIManager.get_token_by_user(email, password, user) self.email = email self.password = password self.server_id = server_id @@ -131,9 +131,8 @@ class DiscordAPIManager: r.raise_for_status() return r.json() - @staticmethod - def accept_invite(invite_id, token): - custom_headers = {'accept': 'application/json', 'authorization': token} + def accept_invite(self, invite_id): + custom_headers = {'accept': 'application/json', 'authorization': self.token} path = DISCORD_URL + "/invite/" + str(invite_id) r = requests.post(path, headers=custom_headers) logger.debug("Received status code %s after accepting invite." % r.status_code) @@ -223,17 +222,20 @@ class DiscordAPIManager: raise KeyError('Group not found on server: ' + group_name) @staticmethod - def get_token_by_user(email, password): + def get_token_by_user(email, password, user): if DiscordAuthToken.objects.filter(email=email).exists(): - logger.debug("Discord auth token cached for supplied email starting with %s" % email[0:3]) auth = DiscordAuthToken.objects.get(email=email) + if not auth.user == user: + raise ValueError("User mismatch while validating DiscordAuthToken for email %s - user %s, requesting user %s" % (email, auth.user, user)) + logger.debug("Discord auth token cached for supplied email starting with %s" % email[0:3]) + auth = DiscordAuthToken.objects.get(email=email, user=user) if DiscordAPIManager.validate_token(auth.token): logger.debug("Token still valid. Returning token starting with %s" % auth.token[0:5]) return auth.token else: logger.debug("Token has expired. Deleting.") auth.delete() - logger.debug("Generating auth token for email starting with %s and password of length %s" % (email[0:3], len(password))) + logger.debug("Generating auth token for email starting with %s user %s and password of length %s" % (email[0:3], user, len(password))) data = { "email" : email, "password": password, @@ -244,11 +246,19 @@ class DiscordAPIManager: logger.debug("Received status code %s after generating auth token for custom user." % r.status_code) r.raise_for_status() token = r.json()['token'] - auth = DiscordAuthToken(email=email, token=token) + auth = DiscordAuthToken(email=email, token=token, user=user) auth.save() logger.debug("Created cached token for email starting with %s" % email[0:3]) return token + def get_profile(self): + custom_headers = {'accept': 'application/json', 'authorization': self.token} + path = DISCORD_URL + "/users/@me" + r = requests.get(path, headers=custom_headers) + logger.debug("Received status code %s after retrieving user profile with email %s" % (r.status_code, self.email[0:3])) + r.raise_for_status() + return r.json() + @staticmethod def get_user_profile(email, password): token = DiscordAPIManager.get_token_by_user(email, password) @@ -327,7 +337,7 @@ class DiscordManager: group_ids.append(group_id) logger.debug("Got id %s" % group_id) except: - logger.debug("Group id retrieval generated exception - generating new group on discord server.") + logger.debug("Group id retrieval generated exception - generating new group on discord server.", exc_info=True) group_ids.append(DiscordManager.create_group(g)) logger.info("Setting discord groups for user %s to %s" % (user_id, group_ids)) api.set_roles(user_id, group_ids) @@ -373,22 +383,20 @@ class DiscordManager: @staticmethod def add_user(email, password, user): try: - logger.debug("Adding new user to discord with email %s and password of length %s" % (email[0:3], len(password))) - api = DiscordAPIManager(settings.DISCORD_SERVER_ID, settings.DISCORD_USER_EMAIL, settings.DISCORD_USER_PASSWORD) - profile = DiscordAPIManager.get_user_profile(email, password) + logger.debug("Adding new user %s to discord with email %s and password of length %s" % (user, email[0:3], len(password))) + server_api = DiscordAPIManager(settings.DISCORD_SERVER_ID, settings.DISCORD_USER_EMAIL, settings.DISCORD_USER_PASSWORD) + user_api = DiscordAPIManager(settings.DISCORD_SERVER_ID, email, password, user=user) + profile = user_api.get_profile() logger.debug("Got profile for user: %s" % profile) user_id = profile['id'] logger.debug("Determined user id: %s" % user_id) - if api.check_if_user_banned(user_id): + if server_api.check_if_user_banned(user_id): logger.debug("User is currently banned. Unbanning %s" % user_id) - api.unban_user(user_id) - invite_code = api.create_invite()['code'] + server_api.unban_user(user_id) + invite_code = server_api.create_invite()['code'] logger.debug("Generated invite code beginning with %s" % invite_code[0:5]) - token = DiscordAPIManager.get_token_by_user(email, password) - logger.debug("Got auth token for supplied credentials beginning with %s" % token[0:5]) - DiscordAPIManager.accept_invite(invite_code, token) + user_api.accept_invite(invite_code) logger.info("Added user to discord server %s with id %s" % (settings.DISCORD_SERVER_ID, user_id)) - DiscordAuthToken.objects.filter(token=token).delete() return user_id except: logger.exception("An unhandled exception has occured.") From fd2988dc46d7169adf9ae021e181a8b851ee91bf Mon Sep 17 00:00:00 2001 From: Adarnof Date: Thu, 11 Feb 2016 17:46:41 +0000 Subject: [PATCH 7/7] Removed requests caching in preparation of custom evewho caching manager. Addresses #235 --- requirements.txt | 2 +- services/managers/evewho_manager.py | 4 ++-- update.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements.txt b/requirements.txt index c09b53ed..b6bf0a46 100755 --- a/requirements.txt +++ b/requirements.txt @@ -5,7 +5,7 @@ evelink dnspython passlib requests>=2.9.1 -requests_cache +#requests_cache # Django Stuff # django==1.6.5 diff --git a/services/managers/evewho_manager.py b/services/managers/evewho_manager.py index 32769dbc..05bba41d 100644 --- a/services/managers/evewho_manager.py +++ b/services/managers/evewho_manager.py @@ -2,10 +2,10 @@ from django.conf import settings import logging import requests -import requests_cache +#import requests_cache import json -requests_cache.install_cache("{}/evewho".format(settings.EVEWHO_CACHE_DIR), backend="sqlite", expire_after=3600) +#requests_cache.install_cache("{}/evewho".format(settings.EVEWHO_CACHE_DIR), backend="sqlite", expire_after=3600) class EveWhoManager(): def __init__(self): diff --git a/update.sh b/update.sh index 20b03ba3..443b4231 100644 --- a/update.sh +++ b/update.sh @@ -1,4 +1,4 @@ -pip install -r requirements.txt +pip install --upgrade -r requirements.txt yes yes | python manage.py syncdb yes yes | python manage.py evolve --hint --execute yes yes | python manage.py collectstatic