Saving data via Javascript, evading the Avans firewall (hopefully)

11 years ago · 347ead3536
parent db59273825
commit 347ead3536
6 changed files with 60 additions and 20 deletions
--- a/securityquiz/urls.py
+++ b/securityquiz/urls.py
@ -7,7 +7,7 @@ urlpatterns = patterns('',
    # Examples:
    url(r'^callback$', 'views.avans_callback'),
    url(r'^logout$', 'views.avans_logout'),
-    url(r'^pull$', 'views.pull'),
    url(r'^admin/', include(admin.site.urls)),
+    url(r'^save$', 'views.save'),
    url(r'^(.*)$', 'views.home', name='home'),
 )
--- a/static/js/jquery-2.1.0.min.js
+++ b/static/js/jquery-2.1.0.min.js
--- a/static/js/jquery.base64.min.js
+++ b/static/js/jquery.base64.min.js
@ -0,0 +1 @@
+"use strict";jQuery.base64=(function($){var _PADCHAR="=",_ALPHA="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",_VERSION="1.0";function _getbyte64(s,i){var idx=_ALPHA.indexOf(s.charAt(i));if(idx===-1){throw"Cannot decode base64"}return idx}function _decode(s){var pads=0,i,b10,imax=s.length,x=[];s=String(s);if(imax===0){return s}if(imax%4!==0){throw"Cannot decode base64"}if(s.charAt(imax-1)===_PADCHAR){pads=1;if(s.charAt(imax-2)===_PADCHAR){pads=2}imax-=4}for(i=0;i<imax;i+=4){b10=(_getbyte64(s,i)<<18)|(_getbyte64(s,i+1)<<12)|(_getbyte64(s,i+2)<<6)|_getbyte64(s,i+3);x.push(String.fromCharCode(b10>>16,(b10>>8)&255,b10&255))}switch(pads){case 1:b10=(_getbyte64(s,i)<<18)|(_getbyte64(s,i+1)<<12)|(_getbyte64(s,i+2)<<6);x.push(String.fromCharCode(b10>>16,(b10>>8)&255));break;case 2:b10=(_getbyte64(s,i)<<18)|(_getbyte64(s,i+1)<<12);x.push(String.fromCharCode(b10>>16));break}return x.join("")}function _getbyte(s,i){var x=s.charCodeAt(i);if(x>255){throw"INVALID_CHARACTER_ERR: DOM Exception 5"}return x}function _encode(s){if(arguments.length!==1){throw"SyntaxError: exactly one argument required"}s=String(s);var i,b10,x=[],imax=s.length-s.length%3;if(s.length===0){return s}for(i=0;i<imax;i+=3){b10=(_getbyte(s,i)<<16)|(_getbyte(s,i+1)<<8)|_getbyte(s,i+2);x.push(_ALPHA.charAt(b10>>18));x.push(_ALPHA.charAt((b10>>12)&63));x.push(_ALPHA.charAt((b10>>6)&63));x.push(_ALPHA.charAt(b10&63))}switch(s.length-imax){case 1:b10=_getbyte(s,i)<<16;x.push(_ALPHA.charAt(b10>>18)+_ALPHA.charAt((b10>>12)&63)+_PADCHAR+_PADCHAR);break;case 2:b10=(_getbyte(s,i)<<16)|(_getbyte(s,i+1)<<8);x.push(_ALPHA.charAt(b10>>18)+_ALPHA.charAt((b10>>12)&63)+_ALPHA.charAt((b10>>6)&63)+_PADCHAR);break}return x.join("")}return{decode:_decode,encode:_encode,VERSION:_VERSION}}(jQuery));
--- a/static/js/quiz.js
+++ b/static/js/quiz.js
@ -0,0 +1,33 @@
+$(function() {
+
+    var changed = false;
+
+    $('.question-input').change(function() {
+        changed = true;
+    });
+
+    $('#save-button').click(function() {
+        var data = $.base64.encode($('#form-quiz').serialize())
+        console.log(data);
+
+        $.post('save', data, function(data) {
+            if(data == 'ok') {
+                $('#js-message').text('Antwoorden zijn opgeslagen').slideDown().delay(1000).slideUp();
+                changed = false;
+            } else {
+                alert('Er is iets misgegaan bij het opslaan, bewaar je antwoorden lokaal voordat je deze tab afsluit');
+            }
+
+        });
+
+        return false;
+    });
+
+    window.onbeforeunload = function() {
+        if(changed) {
+            return 'Er zijn niet opgeslagen wijzigingen. Weet je zeker dat je de pagina wilt verlaten?';
+        }
+    }
+
+
+});
--- a/templates/base.html
+++ b/templates/base.html
@ -4,9 +4,12 @@
    <title>Security 1</title>
    <link href="/static/css/bootstrap.min.css" rel="stylesheet" type="text/css">
    <link href="/static/css/style.css" rel="stylesheet" type="text/css">
+    <script type="text/javascript" src="/static/js/jquery-2.1.0.min.js"></script>
+    <script type="text/javascript" src="/static/js/jquery.base64.min.js"></script>
+    <script type="text/javascript" src="/static/js/quiz.js"></script>
  </head>
  <body>
-    <form method="POST">
+    <form method="POST" id="form-quiz">
      {% csrf_token %}

      <div class="row-fluid">
@ -19,7 +22,8 @@
          </ul>

          <a href="/logout" class="btn">Uitloggen</a>
-          <button class="btn-primary" type="submit">Opslaan</button>
+          <button class="btn-primary" type="submit" id="save-button">Opslaan</button>
+          <div class="alert alert-info" id="js-message" style="display: none;"></div>
        </div>

        <div id="quiz" class="span8 offset2">
--- a/views.py
+++ b/views.py
@ -2,11 +2,12 @@ from django.shortcuts import render
 from django.http import HttpResponse
 from django.http import HttpResponseRedirect
 from django.http import HttpResponseNotFound
+from django.views.decorators.csrf import csrf_exempt
 from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth.models import User
 from django.contrib import messages
 from quiz.models import Answer
-import oauth2 as oauth, cgi, json, git, os, signal
+import oauth2 as oauth, cgi, json, base64, urlparse
 import securityquiz.secrets as secrets
 import securityquiz.settings as settings

@ -64,29 +65,26 @@ def avans_logout(request):
    logout(request)
    return HttpResponse('Je bent nu uitgelogd... <a href="/">Opnieuw inloggen</a>')

-def pull(request):
-    if request.method == 'POST':
-        g = git.cmd.Git(settings.PROJECT_PATH)
-        output = str(g.pull())
-
-        # Reload source code
-        os.kill(os.getpid(), signal.SIGINT)
-
-        return HttpResponse(output)
-    else:
-        return HttpResponseRedirect('/')
+@csrf_exempt
+def save(request):
+    data = dict(urlparse.parse_qsl(base64.b64decode(request.body), True))
+    print data
+    save_data(data, request.user)
+    return HttpResponse('ok')

+def save_data(data, user):
+    for key in data:
+        if key.startswith('answer'):
+            answer, created = Answer.objects.get_or_create(user=user, question=key)
+            answer.string = data[key]
+            answer.save()

 def home(request, url):
    if not request.user.is_authenticated():
        return avans_login(request)

    if request.method == 'POST':
-        for key in request.POST:
-            if key.startswith('answer'):
-                answer, created = Answer.objects.get_or_create(user=request.user, question=key)
-                answer.string = request.POST[key]
-                answer.save()
+        save_data(request.POST, request.user)

        messages.add_message(request, messages.INFO, 'Je antwoorden zijn opgeslagen')
        return HttpResponseRedirect('/' + url)
				`@ -0,0 +1 @@`
				"use strict";jQuery.base64=(function($){var _PADCHAR="=",_ALPHA="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",_VERSION="1.0";function _getbyte64(s,i){var idx=_ALPHA.indexOf(s.charAt(i));if(idx===-1){throw"Cannot decode base64"}return idx}function _decode(s){var pads=0,i,b10,imax=s.length,x=[];s=String(s);if(imax===0){return s}if(imax%4!==0){throw"Cannot decode base64"}if(s.charAt(imax-1)===_PADCHAR){pads=1;if(s.charAt(imax-2)===_PADCHAR){pads=2}imax-=4}for(i=0;i<imax;i+=4){b10=(_getbyte64(s,i)<<18)\|(_getbyte64(s,i+1)<<12)\|(_getbyte64(s,i+2)<<6)\|_getbyte64(s,i+3);x.push(String.fromCharCode(b10>>16,(b10>>8)&255,b10&255))}switch(pads){case 1:b10=(_getbyte64(s,i)<<18)\|(_getbyte64(s,i+1)<<12)\|(_getbyte64(s,i+2)<<6);x.push(String.fromCharCode(b10>>16,(b10>>8)&255));break;case 2:b10=(_getbyte64(s,i)<<18)\|(_getbyte64(s,i+1)<<12);x.push(String.fromCharCode(b10>>16));break}return x.join("")}function _getbyte(s,i){var x=s.charCodeAt(i);if(x>255){throw"INVALID_CHARACTER_ERR: DOM Exception 5"}return x}function _encode(s){if(arguments.length!==1){throw"SyntaxError: exactly one argument required"}s=String(s);var i,b10,x=[],imax=s.length-s.length%3;if(s.length===0){return s}for(i=0;i<imax;i+=3){b10=(_getbyte(s,i)<<16)\|(_getbyte(s,i+1)<<8)\|_getbyte(s,i+2);x.push(_ALPHA.charAt(b10>>18));x.push(_ALPHA.charAt((b10>>12)&63));x.push(_ALPHA.charAt((b10>>6)&63));x.push(_ALPHA.charAt(b10&63))}switch(s.length-imax){case 1:b10=_getbyte(s,i)<<16;x.push(_ALPHA.charAt(b10>>18)+_ALPHA.charAt((b10>>12)&63)+_PADCHAR+_PADCHAR);break;case 2:b10=(_getbyte(s,i)<<16)\|(_getbyte(s,i+1)<<8);x.push(_ALPHA.charAt(b10>>18)+_ALPHA.charAt((b10>>12)&63)+_ALPHA.charAt((b10>>6)&63)+_PADCHAR);break}return x.join("")}return{decode:_decode,encode:_encode,VERSION:_VERSION}}(jQuery));