Skip to content

Disable SMS and dep maintenance #206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
taoky merged 5 commits into from
May 11, 2025
Merged

Disable SMS and dep maintenance #206

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2a2ca5d
Remove aliyunsdkcore
taoky Apr 29, 2025
35e1847
Upgrade pyOpenSSL and cryptography
taoky Apr 29, 2025
015b22b
try fix sign
taoky Apr 29, 2025
555206e
fix testcase for newer Python
taoky Apr 29, 2025
c25ffcf
Merge branch 'master' into remove-sms-and-maintenance
taoky May 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 1 addition & 28 deletions frontend/auth_providers/sms.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,9 @@
import json

from django.conf import settings
from django.core.validators import RegexValidator
from django.shortcuts import redirect
from django.urls import path

import aliyunsdkcore.acs_exception.exceptions
import aliyunsdkcore.client
import aliyunsdkcore.request

from .base import BaseLoginView, BaseGetCodeView

client = aliyunsdkcore.client.AcsClient(
settings.SMS_ACCESS_KEY_ID,
settings.SMS_ACCESS_KEY_SECRET,
'default',
)


class LoginView(BaseLoginView):
template_name = 'login_sms.html'
Expand All @@ -34,21 +21,7 @@ class GetCodeView(BaseGetCodeView):
validate_identity = RegexValidator(r'^1[0-9]{10}$', '手机号码格式错误')

def send(self, identity, code):
request = aliyunsdkcore.request.CommonRequest()
request.set_accept_format('json')
request.set_domain('dysmsapi.aliyuncs.com')
request.set_method('POST')
request.set_protocol_type('https')
request.set_version('2017-05-25')
request.set_action_name('SendSms')
request.add_query_param('RegionId', 'default')
request.add_query_param('PhoneNumbers', identity)
request.add_query_param('SignName', 'Hackergame')
request.add_query_param('TemplateCode', 'SMS_168560438')
request.add_query_param('TemplateParam', json.dumps({'code': code}))
response = json.loads(client.do_action_with_exception(request))
if response['Code'] != 'OK':
raise ValueError(response['Code'])
raise ValueError("短信登录暂不可用,请使用其他方式注册。")


urlpatterns = [
Expand Down
6 changes: 3 additions & 3 deletions frontend/tests/auth_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,14 +110,14 @@ def test_ustc(self):
self.c.logout()
resp = self.c.get("/accounts/ustc/login/", {"ticket": "ST-1234567890"})
self.assertRedirects(resp, reverse("hub"), target_status_code=302)
self.assert_(auth.get_user(self.c).is_authenticated)
self.assertTrue(auth.get_user(self.c).is_authenticated)

@mock.patch("frontend.auth_providers.cas.urlopen", new=mock_urlopen)
def test_sustech(self):
self.c.logout()
resp = self.c.get("/accounts/sustech/login/", {"ticket": "ST-1234567890"})
self.assertRedirects(resp, reverse("hub"), target_status_code=302)
self.assert_(auth.get_user(self.c).is_authenticated)
self.assertTrue(auth.get_user(self.c).is_authenticated)


class AccountLogViewPermission(TestCase):
Expand All @@ -141,7 +141,7 @@ def test_low_privilege(self):
# get a ustc account
self.c.logout()
resp = self.c.get("/accounts/sustech/login/", {"ticket": "ST-1234567890"})
self.assert_(auth.get_user(self.c).is_authenticated)
self.assertTrue(auth.get_user(self.c).is_authenticated)
resp = self.c.post(
reverse("account"),
data=json.dumps({"method": "accountlog", "user": self.u.pk}),
Expand Down
10 changes: 5 additions & 5 deletions frontend/tests/command_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,16 +96,16 @@ def test_import(self):
context = Context(elevated=True)
challenges = {i.name: i for i in Challenge.get_all(context)}
keys = challenges.keys()
self.assert_("示例题目 1" not in keys)
self.assert_("示例题目 2" in keys)
self.assert_("示例题目 3" in keys)
self.assertTrue("示例题目 1" not in keys)
self.assertTrue("示例题目 2" in keys)
self.assertTrue("示例题目 3" in keys)
c2 = challenges["示例题目 2"]
c3 = challenges["示例题目 3"]
self.assert_(c2.url_orig.endswith("/example.txt"))
self.assertTrue(c2.url_orig.endswith("/example.txt"))
self.assertEqual(c3.url_orig, "http://example.com/?token={token}")
self.assertEqual(c2.check_url_clicked, False)
self.assertEqual(c3.check_url_clicked, True)
self.assert_("codehilite" in c3.detail)
self.assertTrue("codehilite" in c3.detail)
flag1 = c2.flags[0]
self.assertEqual(flag1["type"], "expr")
self.assertEqual("flag{2=2, 1:14}", expr_flag(flag1["flag"], "1:14"))
Expand Down
4 changes: 2 additions & 2 deletions requirements-manual.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# Packages used directly
# requirements.txt should be generated by `pip freeze > requirements.txt`.
aliyun-python-sdk-core==2.15.2
Django==4.2.20
asgiref==3.7.2
django-allauth==65.0.2
cryptography==44.0.1
gevent==24.11.1
Markdown==3.7
psycopg==3.2.3
Expand All @@ -12,7 +12,7 @@ psycopg-pool==3.2.3
pycryptodome==3.21.0
pygments==2.18.0
pymemcache==4.0.0
pyOpenSSL==24.2.1
pyOpenSSL==24.3.0
PyYAML==6.0.2
requests==2.32.3
uWSGI==2.0.28
Expand Down
21 changes: 10 additions & 11 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,13 @@
aliyun-python-sdk-core==2.15.2
asgiref==3.7.2
certifi==2024.8.30
certifi==2025.4.26
cffi==1.17.1
charset-normalizer==3.3.2
cryptography==43.0.1
charset-normalizer==3.4.1
cryptography==44.0.1
Django==4.2.20
django-allauth==65.0.2
gevent==24.11.1
greenlet==3.1.1
greenlet==3.2.1
idna==3.10
jmespath==0.10.0
Markdown==3.7
psycopg==3.2.3
psycopg-binary==3.2.3
Expand All @@ -19,12 +17,13 @@ pycryptodome==3.21.0
Pygments==2.18.0
PyJWT==2.9.0
pymemcache==4.0.0
pyOpenSSL==24.2.1
pyOpenSSL==24.3.0
PyYAML==6.0.2
requests==2.32.3
sqlparse==0.5.1
typing_extensions==4.12.2
urllib3==2.2.3
setuptools==80.0.0
sqlparse==0.5.3
typing_extensions==4.13.2
urllib3==2.4.0
uWSGI==2.0.28
zope.event==5.0
zope.interface==7.0.3
zope.interface==7.2
15 changes: 10 additions & 5 deletions server/user/interface.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import base64
import OpenSSL
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import ec
from hashlib import sha256
from uuid import uuid4

Expand Down Expand Up @@ -116,8 +117,10 @@ class User:
'aff': RegexValidator(r'^.{1,100}$', '了解比赛的渠道格式错误'),
'suspicious_reason': None,
}
_private_key = OpenSSL.crypto.load_privatekey(
OpenSSL.crypto.FILETYPE_PEM, settings.PRIVATE_KEY)
_private_key = serialization.load_pem_private_key(
settings.PRIVATE_KEY.encode(),
password=None,
)

def __init__(self, context, obj: models.User):
self._context = context
Expand Down Expand Up @@ -154,8 +157,10 @@ def create(cls, context, group, user=None, **kwargs):
user = get_user_model().objects.create_user(str(uuid4()))
self = cls(context, models.User(user=user.pk))
pk = str(user.pk)
sig = base64.b64encode(OpenSSL.crypto.sign(
self._private_key, pk.encode(), 'sha256')).decode()
sig = base64.b64encode(self._private_key.sign(
pk.encode(),
ec.ECDSA(hashes.SHA256())
)).decode()
self._obj.token = pk + ':' + sig
try:
server.trigger.interface.Trigger.test_can_update_profile(context)
Expand Down