Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Side by Side Diff: sitescripts/submitEmail/web/submitEmail.py

Issue 5177883412660224: Issue 2234 - Add a WSGI controller to collect email addresses for the Adblock Browser iOS launch (Closed)
Patch Set: Simplified verification code validation Created April 22, 2015, 12:17 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 # coding: utf-8
2
3 # This file is part of the Adblock Plus web scripts,
4 # Copyright (C) 2006-2015 Eyeo GmbH
5 #
6 # Adblock Plus is free software: you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License version 3 as
8 # published by the Free Software Foundation.
9 #
10 # Adblock Plus is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.
17
18 import os
19 import re
20 import errno
21 import fcntl
22 import random
23 import string
24 import wsgiref.util
25 from urlparse import parse_qs, urljoin
26 from urllib import urlencode
27
28 from sitescripts.utils import get_config, sendMail
29 from sitescripts.web import url_handler, form_handler
30
31 VERIFICATION_PATH = '/verifyEmail'
32 VERIFICATION_CODE_PARAM = 'code'
33 VERIFICATION_CODE_CHARS = string.letters + string.digits
34
35 verification_code_regexp = re.compile(r'^[%s]+$' % re.escape(VERIFICATION_CODE_C HARS))
kzar 2015/04/22 12:48:13 Shouldn't this be called VERIFICATION_CODE_REGEXP?
Sebastian Noack 2015/04/22 13:09:49 I usually only use constants for simple values. Ha
36
37 def generate_verification_code():
38 return ''.join(random.sample(VERIFICATION_CODE_CHARS, 32))
kzar 2015/04/22 12:21:54 If we're going to use a constant for the chars sho
Sebastian Noack 2015/04/22 12:28:45 We don't need to check for the exact length when v
kzar 2015/04/22 12:48:13 Well using a constant for the length would mean th
Sebastian Noack 2015/04/22 13:09:49 I won't mind adding a constant, but I'm opposed to
kzar 2015/04/22 13:31:34 Sure and if we change the character set constant a
Sebastian Noack 2015/04/22 13:42:28 Yes (if some of the previous characters aren't inc
39
40 def get_filename_for_verification_code(config, verification_code):
41 directory = config.get('submitEmail', 'pendingVerficationsDirectory')
42 return os.path.join(directory, verification_code)
43
44 def create_file_for_verification_code(config):
45 flags = os.O_CREAT | os.O_EXCL | os.O_WRONLY | getattr(os, 'O_BINARY', 0)
46
47 while True:
48 verification_code = generate_verification_code()
49 filename = get_filename_for_verification_code(config, verification_code)
50
51 try:
52 return (os.open(filename, flags), verification_code)
53 except OSError as e:
54 if e.errno != errno.EEXIST:
55 raise
56
57 def verify_email_address(config, verification_code):
58 if not verification_code_regexp.search(verification_code):
59 return False
60
61 verification_filename = get_filename_for_verification_code(config, verificatio n_code)
62 try:
63 file = open(verification_filename, 'rb')
64 except IOError as e:
65 if e.errno == errno.ENOENT:
66 return False
67 raise
68
69 with file:
70 email = file.read()
71
72 verified_filename = config.get('submitEmail', 'verifiedEmailAddressesFile')
73 with open(verified_filename, 'ab', 0) as file:
74 fcntl.lockf(file, fcntl.LOCK_EX)
75 try:
76 print >>file, email
77 finally:
78 fcntl.lockf(file, fcntl.LOCK_UN)
79
80 try:
81 os.unlink(verification_filename)
82 except OSError as e:
83 if e.errno != errno.ENOENT:
84 raise
85
86 return True
87
88 @url_handler('/submitEmail')
89 @form_handler
90 def submitEmail(environ, start_response, data):
91 email = data.get('email', '').strip()
92 if not email or '\r' in email or '\n' in email:
Wladimir Palant 2015/04/22 14:46:58 If you don't want to verify email addresses, why a
Sebastian Noack 2015/04/23 14:29:34 I forbid newlines to .. 1. Prevent header injecti
93 start_response('400 Bad Request', [('Content-Type', 'text/plain')])
94 if email:
95 return ['No newlines allowed in email address.']
96 return ['No email address given.']
97
98 config = get_config()
99 fd, verification_code = create_file_for_verification_code(config)
Wladimir Palant 2015/04/22 14:46:58 Storing pending email addresses is pointless: 1.
Sebastian Noack 2015/04/23 14:29:34 I initially considered a similar approach, but fou
100 try:
101 os.write(fd, email.encode('utf-8'))
102 finally:
103 os.close(fd)
104
105 sendMail(
106 config.get('submitEmail', 'verificationEmailTemplate'),
107 {
108 'recipient': email,
109 'verification_url': '%s?%s' % (
110 urljoin(wsgiref.util.application_uri(environ), VERIFICATION_PATH),
111 urlencode([(VERIFICATION_CODE_PARAM, verification_code)])
112 )
113 }
114 )
115
116 start_response('200 OK', [('Content-Type', 'text/plain')])
117 return ["Thanks for your submission! You'll receive a verification email short ly."]
118
119 @url_handler(VERIFICATION_PATH)
120 def verifyEmail(environ, start_response):
121 config = get_config()
122
123 params = parse_qs(environ.get('QUERY_STRING', ''))
124 verification_code = params.get(VERIFICATION_CODE_PARAM, [''])[0]
125
126 if verify_email_address(config, verification_code):
127 option = 'successfulVerificationRedirectLocation'
128 else:
129 option = 'unknownVerificationCodeRedirectLocation'
130
131 start_response('303 See other', [('Location', config.get('submitEmail', option ))])
Wladimir Palant 2015/04/22 14:46:58 I see that you studied HTTP response codes in much
Sebastian Noack 2015/04/23 14:29:34 Well, 302 is implemented inconsistently across bro
132 return []
OLDNEW

Powered by Google App Engine
This is Rietveld