Paul
/
Security-Quiz
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16 Commits
1 Branch
0 Tags
5.3 MiB
 
 
 
 
Tag: Branch: Tree: 17d0757d73
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '17d0757d73'
${ noResults }
Security-Quiz/views.py

108 lines
3.7 KiB
Raw Blame History

from django.shortcuts import render
from django.http import HttpResponse
from django.http import HttpResponseRedirect
from django.http import HttpResponseNotFound
from django.views.decorators.csrf import csrf_exempt
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.models import User
from django.contrib import messages
from quiz.models import Answer
import oauth2 as oauth, cgi, json, base64, urlparse
import securityquiz.secrets as secrets
import securityquiz.settings as settings
AVANS_KEY = secrets.AVANS_KEY
AVANS_SECRET = secrets.AVANS_SECRET
REQUEST_TOKEN_URL = 'https://publicapi.avans.nl/oauth/request_token?oauth_callback=http://%s/callback'
ACCESS_TOKEN_URL = 'https://publicapi.avans.nl/oauth/access_token'
AUTHORIZE_URL = 'https://publicapi.avans.nl/oauth/saml.php?oauth_token=%s'
consumer = oauth.Consumer(AVANS_KEY, AVANS_SECRET)
client = oauth.Client(consumer)
def avans_login(request):
resp, content = client.request(REQUEST_TOKEN_URL % request.get_host(), "GET")
if resp['status'] != '200':
raise Exception("Invalid response from oauth")
request.session['request_token'] = dict(cgi.parse_qsl(content))
url = AUTHORIZE_URL % (request.session['request_token']['oauth_token'])
return HttpResponseRedirect(url)
def avans_callback(request):
token = oauth.Token(request.session['request_token']['oauth_token'], request.session['request_token']['oauth_token_secret'])
token.set_verifier(request.GET['oauth_verifier'])
client = oauth.Client(consumer, token)
resp, content = client.request(ACCESS_TOKEN_URL, "GET")
if resp['status'] != '200':
raise Exception("Invalid response from Avans.")
access_token = dict(cgi.parse_qsl(content))
token = oauth.Token(access_token['oauth_token'], access_token['oauth_token_secret'])
client = oauth.Client(consumer, token)
resp, content = client.request('https://publicapi.avans.nl/oauth/studentnummer/', 'GET')
data = json.loads(content)[0]
studentnummer = data['studentnummer']
inlognaam = data['inlognaam']
try:
user = User.objects.get(username=inlognaam)
except User.DoesNotExist:
user = User.objects.create_user(inlognaam, studentnummer, 'secret')
user = authenticate(username=inlognaam, password='secret')
login(request, user)
return HttpResponseRedirect('/')
def avans_logout(request):
logout(request)
return HttpResponse('Je bent nu uitgelogd... <a href="/">Opnieuw inloggen</a>')
@csrf_exempt
def save(request):
data = dict(urlparse.parse_qsl(base64.b64decode(request.body), True))
print data
save_data(data, request.user)
return HttpResponse('ok')
def save_data(data, user):
for key in data:
if key.startswith('answer'):
answer, created = Answer.objects.get_or_create(user=user, question=key)
answer.string = data[key]
answer.save()
def home(request, url):
if not request.user.is_authenticated():
return avans_login(request)
if request.method == 'POST':
save_data(request.POST, request.user)
messages.add_message(request, messages.INFO, 'Je antwoorden zijn opgeslagen')
return HttpResponseRedirect('/' + url)
answers = Answer.objects.filter(user=request.user)
answers_dict = {}
for answer in answers:
answers_dict[answer.question] = answer.string
if url == 'sql' or url == '':
template = 'sql.html'
elif url == 'xss':
template = 'xss.html'
elif url == 'path':
template = 'path.html'
elif url == 'wachtwoorden':
template = 'wachtwoorden.html'
else:
return HttpResponseNotFound('404')
return render(request, template, {'answers': answers_dict})