Mercurial > p > roundup > code

view website/issues/extensions/timestamp.py @ 6420:5d6b6e948e17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Upgrade SSL params for roundup-server Params were still using md5, a key size of 768 and allowed SSL 2 and 3. Now using sha512, key size of 2048 and TLS 1.1 or newer. This still doesn't fix the use of SSL in roundup-server. It has problems under both 2.7 and 3.x. Tickets in tracker opened for both,
author John Rouillard <rouilj@ieee.org>
date Sun, 23 May 2021 17:41:23 -0400
parents 35ea9b1efc14
children
line wrap: on
line source

import time, struct, base64
from roundup.cgi.actions import RegisterAction
from roundup.cgi.exceptions import *

def timestamp():
    return base64.encodestring(struct.pack("i", time.time())).strip()

def unpack_timestamp(s):
    return struct.unpack("i",base64.decodestring(s))[0]

class Timestamped:
    def check(self):
        try:
            created = unpack_timestamp(self.form['opaque'].value)
        except KeyError:
            raise FormError("somebody tampered with the form")
        if time.time() - created < 4:
            raise FormError("responding to the form too quickly")
        return True

class TimestampedRegister(Timestamped, RegisterAction):
    def permission(self):
        self.check()
        RegisterAction.permission(self)

def init(instance):
    instance.registerUtil('timestamp', timestamp)
    instance.registerAction('register', TimestampedRegister)
Roundup Issue Tracker: http://roundup-tracker.org/