Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Generate verification hash before letting people pose as arbitrary Dojo ... #9

Open
wants to merge 2 commits into from

2 participants

@Yuffster

...members to complain about the place.

@Yuffster

Not tested at all; can't run this one locally yet.

@novas0x2a
Owner

!== probably wasn't what you meant

Good catch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 29, 2013
  1. @Yuffster

    Generate verification hash before letting people pose as arbitrary Do…

    Yuffster authored
    …jo members to complain about the place.
  2. @Yuffster

    Update main.py

    Yuffster authored
This page is out of date. Refresh to see the latest.
Showing with 10 additions and 1 deletion.
  1. +10 −1 main.py
View
11 main.py
@@ -14,6 +14,7 @@
import keymaster
import base64
import sys
+import hashlib
ORG_NAME = 'Hacker Dojo'
APP_NAME = 'hd-signup'
@@ -176,7 +177,13 @@ def force_full_subscribe_url(self):
return str(url)
def unsubscribe_url(self):
- return "http://signup.hackerdojo.com/unsubscribe/%i" % (self.key().id())
+ url = "http://signup.hackerdojo.com/unsubscribe/%i" % (self.key().id())
+ url += "?verify=%s" % get_action_hash('unsubscribe')
+ return url
+
+ def get_action_hash(self, action):
+ hash_stuff = self.created().strftime("%A%d%B%Y%I%M%p") + self.username() + action
+ return hashlib.sha224(hash_stuff).hexdigest()
@classmethod
def get_by_email(cls, email):
@@ -445,6 +452,8 @@ def get(self, id):
def post(self,id):
member = Membership.get_by_id(int(id))
+ if (member.get_action_hash('unsubscribe')!=self.request.get('verify'))
+ self.response.out.write("error: verification code doesn't match.")
if member:
unsubscribe_reason = self.request.get('unsubscribe_reason')
if unsubscribe_reason:
Something went wrong with that request. Please try again.