Mercurial > p > roundup > code

view website/issues/extensions/timestamp.py @ 4902:a403c29ffaf9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Security fix default user permissions Default user permissions should not include all user attributes. We now limit this to the username, realname and some further attributes depending on the schema. Note that we no longer include the email addresses, depending on your installation you may want to further restrict this or add some attributes like ``address`` and ``alternate_addresses``.
author Ralf Schlatterbeck <rsc@runtux.com>
date Fri, 04 Jul 2014 15:32:28 +0200
parents c2d0d3e9099d
children 35ea9b1efc14
line wrap: on
line source

import time, struct, base64
from roundup.cgi.actions import RegisterAction
from roundup.cgi.exceptions import *

def timestamp():
    return base64.encodestring(struct.pack("i", time.time())).strip()

def unpack_timestamp(s):
    return struct.unpack("i",base64.decodestring(s))[0]

class Timestamped:
    def check(self):
        try:
            created = unpack_timestamp(self.form['opaque'].value)
        except KeyError:
            raise FormError, "somebody tampered with the form"
        if time.time() - created < 4:
            raise FormError, "responding to the form too quickly"
        return True

class TimestampedRegister(Timestamped, RegisterAction):
    def permission(self):
        self.check()
        RegisterAction.permission(self)

def init(instance):
    instance.registerUtil('timestamp', timestamp)
    instance.registerAction('register', TimestampedRegister)
Roundup Issue Tracker: http://roundup-tracker.org/