Home Explore Help
Sign In
SMusatov
/
GlitchTip
mirror of https://gitlab.com/glitchtip/glitchtip-backend.git
1
0
Fork 0
Files
Branch: 186-event-ingest-speed
Branches Tags
GlitchTip
/
organizations_ext
/
invitation_backend.py

invitation_backend.py 2.3 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. from django.conf import settings
    2. 

  2. from django.contrib.auth.tokens import PasswordResetTokenGenerator
    3. 

  3. from django.urls import re_path
    4. 

  4. from django.utils.crypto import constant_time_compare
    5. 

  5. from django.utils.http import base36_to_int
    6. 

  6. from organizations.backends.defaults import InvitationBackend as BaseInvitationBackend
    7. 

  7. 

  8. from .models import Organization
    9. 

  9. from .tasks import send_email_invite
    10. 

  10. 

  11. REGISTRATION_TIMEOUT_DAYS = getattr(settings, "REGISTRATION_TIMEOUT_DAYS", 15)
    12. 

  12. 

  13. 

  14. class InvitationTokenGenerator(PasswordResetTokenGenerator):
    15. 

  15.     def _make_hash_value(self, user, timestamp):
    16. 

  16.         return str(user.pk) + str(timestamp)
    17. 

  17. 

  18.     def check_token(self, user, token):
    19. 

  19.         """
    20. 

  20.         Check that a password reset token is correct for a given user.
    21. 

  21.         """
    22. 

  22.         # Parse the token
    23. 

  23.         try:
    24. 

  24.             ts_b36, _hash = token.split("-")
    25. 

  25.         except ValueError:
    26. 

  26.             return False
    27. 

  27. 

  28.         try:
    29. 

  29.             ts = base36_to_int(ts_b36)
    30. 

  30.         except ValueError:
    31. 

  31.             return False
    32. 

  32. 

  33.         # Check that the timestamp/uid has not been tampered with
    34. 

  34.         if not constant_time_compare(
    35. 

  35.             self._make_token_with_timestamp(user, ts, self.secret), token
    36. 

  36.         ):
    37. 

  37.             return False
    38. 

  38. 

  39.         # Check the timestamp is within limit
    40. 

  40.         if (self._num_seconds(self._now()) - ts) > REGISTRATION_TIMEOUT_DAYS * 86400:
    41. 

  41.             return False
    42. 

  42. 

  43.         return True
    44. 

  44. 

  45. 

  46. class InvitationBackend(BaseInvitationBackend):
    47. 

  47.     """
    48. 

  48.     Based on django-organizations InvitationBackend but for org user instead of user
    49. 

  49.     """
    50. 

  50. 

  51.     def __init__(self, org_model=None, namespace=None):
    52. 

  52.         self.user_model = None
    53. 

  53.         self.org_model = Organization
    54. 

  54.         self.namespace = namespace
    55. 

  55. 

  56.     def get_urls(self):
    57. 

  57.         return [
    58. 

  58.             re_path(
    59. 

  59.                 r"^(?P<user_id>[\d]+)/(?P<token>[0-9A-Za-z]{1,90}-[0-9A-Za-z]{1,90})/$",
    60. 

  60.                 view=self.activate_view,
    61. 

  61.                 name="invitations_register",
    62. 

  62.             ),
    63. 

  63.         ]
    64. 

  64. 

  65.     def get_token(self, org_user, **kwargs):
    66. 

  66.         return InvitationTokenGenerator().make_token(org_user)
    67. 

  67. 

  68.     def send_invitation(self, user, sender=None, **kwargs):
    69. 

  69.         kwargs.update(
    70. 

  70.             {
    71. 

  71.                 "token": self.get_token(user),
    72. 

  72.                 "organization": user.organization,
    73. 

  73.             }
    74. 

  74.         )
    75. 

  75.         send_email_invite.delay(user.pk, kwargs["token"])
    76. 

  76.         return True
    77.