Mercurial > p > roundup > code

view website/issues/extensions/timestamp.py @ 5696:b67636bc87d0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add CSRF protection to rest code path. Follow same model as for xmlrpc. The original rest code was developed before the CSRF code was added to xmlrpc.
author John Rouillard <rouilj@ieee.org>
date Sun, 07 Apr 2019 20:27:25 -0400
parents 35ea9b1efc14
children
line wrap: on
line source

import time, struct, base64
from roundup.cgi.actions import RegisterAction
from roundup.cgi.exceptions import *

def timestamp():
    return base64.encodestring(struct.pack("i", time.time())).strip()

def unpack_timestamp(s):
    return struct.unpack("i",base64.decodestring(s))[0]

class Timestamped:
    def check(self):
        try:
            created = unpack_timestamp(self.form['opaque'].value)
        except KeyError:
            raise FormError("somebody tampered with the form")
        if time.time() - created < 4:
            raise FormError("responding to the form too quickly")
        return True

class TimestampedRegister(Timestamped, RegisterAction):
    def permission(self):
        self.check()
        RegisterAction.permission(self)

def init(instance):
    instance.registerUtil('timestamp', timestamp)
    instance.registerAction('register', TimestampedRegister)
Roundup Issue Tracker: http://roundup-tracker.org/