added secret password to /rowers/record-progress

2017-11-02 09:25:19 +01:00
parent 7347c8548f
commit b94ef5e5ac
3 changed files with 24 additions and 9 deletions
--- a/rowers/longtask.py
+++ b/rowers/longtask.py
@@ -61,7 +61,7 @@ def longtask(aantal,jobid=None,debug=False,

    return 1

-def longtask2(aantal,jobid=None,debug=False):
+def longtask2(aantal,jobid=None,debug=False,secret=''):
    counter = 0

    channel = 'tasks'
@@ -80,7 +80,8 @@ def longtask2(aantal,jobid=None,debug=False):
                    url = SITE_URL
                url += "/rowers/record-progress/"
                url += str(progress)+"/"+jobid
-                s = requests.get(url)
+                post_data = {"secret":secret}
+                s = requests.post(url, data=post_data)
                if debug:
                    print url
                    print s
--- a/rowers/views.py
+++ b/rowers/views.py
@@ -14,6 +14,7 @@ from django.views.generic.base import TemplateView
 from django.db.models import Q
 from django import template
 from django.db import IntegrityError, transaction
+from django.views.decorators.csrf import csrf_exempt

 from django.shortcuts import render
 from django.http import (
@@ -349,7 +350,8 @@ def test_job_view(request,aantal=100):
 def test_job_view2(request,aantal=100):


-    job = myqueue(queuehigh,long_test_task2,int(aantal))
+    job = myqueue(queuehigh,long_test_task2,int(aantal),
+                  secret=settings.PROGRESS_CACHE_SECRET)


    try:
@@ -361,14 +363,22 @@ def test_job_view2(request,aantal=100):

    return HttpResponseRedirect(url)

+@csrf_exempt
 def post_progress(request,id=None,value=0):
-    if id:
-        cache.set(id,value,3600)
+    if request.method == 'POST':
+        secret = request.POST['secret']
+        if secret == settings.PROGRESS_CACHE_SECRET:
+            if id:
+                cache.set(id,value,3600)
+                # test
+                result = cache.get(id)

-    # test
-    result = cache.get(id)
+                return HttpResponse('progress cached '+str(result),status=200)
+        else:
+            return HttpResponse('access denied',status=400)

-    return HttpResponse('progress cached '+str(result),status=200)
+    else:
+        return HttpResponse('hi',status=200)
    
 def get_all_queued_jobs(userid=0):
    r = StrictRedis()
@@ -9508,7 +9518,7 @@ def strokedataform(request,id=0):
 # Process the POSTed stroke data according to the API definition
 # Return the GET stroke data according to the API definition
 from rest_framework_swagger.renderers import OpenAPIRenderer, SwaggerUIRenderer
-from django.views.decorators.csrf import csrf_exempt
+
@csrf_exempt
@login_required()
@api_view(['GET','POST'])