Ignore:
Timestamp:
Dec 3, 2011, 12:17:28 PM (13 years ago)
Author:
rick
Message:

Some awefull quirks to avoid uploading files without authentication.

Location:
src/django_gheat/wlheatmap
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • src/django_gheat/wlheatmap/forms.py

    r9746 r9749  
    11from django import forms
     2from django.conf import settings
     3from django.contrib.auth import authenticate, login
     4from django.contrib.auth.decorators import login_required
    25from django.core.files.base import ContentFile
     6from django.db import IntegrityError
     7from django.http import HttpResponse,HttpResponseServerError
    38from django.shortcuts import render_to_response
    4 from django.http import HttpResponse,HttpResponseServerError
    5 from django.conf import settings
    69from gheat.models import *
    7 from django.db import IntegrityError
    810
    911def get_apperatuur_choices(item):
     
    1113
    1214class MeetBestandForm(forms.Form):
     15    username = forms.CharField()
     16    password = forms.CharField()
    1317    naam = forms.ChoiceField(choices=Gebruiker.objects.values_list('naam','naam'))
    1418    kaart = forms.ChoiceField(choices=get_apperatuur_choices('kaart'))
     
    1822
    1923#
    20 # curl  -F naam=huub -F kaart=onbekend -F antenne=onbekend -F bestand=@manage.py -F surveyid=kerk http://localhost:8000/wlheatp/add/meetbestand/
     24# curl -Fusername=huub -Fpassword=bert -F naam=huub -F kaart=onbekend -F antenne=onbekend -F bestand=@manage.py -F surveyid=kerk http://localhost:8000/wlheatmap/add/meetbestand/
    2125def add_meetbestand(request):
    2226  if request.method == 'POST':
    2327    form = MeetBestandForm(request.POST, request.FILES)
    2428    if form.is_valid():
     29      username = form.cleaned_data['username']
     30      password = form.cleaned_data['password']
     31      user = authenticate(username=username, password=password)
     32      if user == None or not user.is_active:
     33        return HttpResponseServerError('ERROR: Authentication Failed')
     34
     35      login(request, user)
     36
    2537      gebruiker = Gebruiker.objects.get(naam=form.cleaned_data['naam'])
    2638      apparatuur, created = Apparatuur.objects.get_or_create(kaart=form.cleaned_data['kaart'],
     
    3749        return HttpResponse('OK: Attached to meetrondje %s' % meetrondje)
    3850      else:
    39         return HttpResponseServerError('ERROR File does already exists')
     51        return HttpResponseServerError('ERROR: File does already exists')
    4052    else:
    41       return HttpResponseServerError('ERROR No valid input')
     53      return HttpResponseServerError('ERROR: No valid input')
    4254  else:
    4355    form = MeetBestandForm()

  • src/django_gheat/wlheatmap/templates/add_file.html

    r9660 r9749  
    1 <html>
    2 <head></head>
    3 <body>
     1{% extends "base.html" %}
     2{% block content %}
    43<form enctype="multipart/form-data" action="" method="post">
    54{{ form.as_p }}
    65<input type="submit" value="Submit" />
    76</form>
    8 </body>
    9 </html>
     7{% endblock content %}
Note: See TracChangeset for help on using the changeset viewer.