From bdf318894df2671543aafab02d84fab763b13fbd Mon Sep 17 00:00:00 2001 From: Daniel Daphron Kaczmarek Date: Thu, 20 Aug 2015 14:53:39 -0500 Subject: [PATCH] Modified the captcha to read secret key from file. Also changed the keys for the recaptcha due to their accidental committal earlier. --- rsstory/archive_fails.pt | 2 +- rsstory/index.pt | 2 +- rsstory/rss.py | 24 +++++++++++++++++++----- rsstory/views.py | 2 ++ 4 files changed, 23 insertions(+), 7 deletions(-) diff --git a/rsstory/archive_fails.pt b/rsstory/archive_fails.pt index bc6f9bf..4b24f1a 100644 --- a/rsstory/archive_fails.pt +++ b/rsstory/archive_fails.pt @@ -38,7 +38,7 @@ -
+
diff --git a/rsstory/index.pt b/rsstory/index.pt index ca004dc..147fdd1 100644 --- a/rsstory/index.pt +++ b/rsstory/index.pt @@ -55,7 +55,7 @@ -
+
diff --git a/rsstory/rss.py b/rsstory/rss.py index b215e92..3466f15 100644 --- a/rsstory/rss.py +++ b/rsstory/rss.py @@ -63,9 +63,16 @@ def write_preview_feed(rss_items, url, title, feed_id): return fname def archive_to_rss(url, time_between_posts, title, recaptcha_answer, ip): - #TODO: do NOT push until the secret key is hidden in a config file! log.info("Beginning archive_to_rss()") - captcha_response = submit(remote_ip=ip, secret_key="6LcHZQsTAAAAALNHKDDOht1UXok-vnY4KJE13RGJ", response=recaptcha_answer) + key = "" + try: + with open(os.path.join(os.path.abspath(os.path.dirname(__file__)), 'secret', 'recaptcha_key_secret.key'), 'r') as f: + key = f.readline() + except: + log.error("The file containing the secret key was not located") + return (False, False) + + captcha_response = submit(remote_ip=ip, secret_key=key, response=recaptcha_answer) log.debug("recaptcha_answer is: {}".format(recaptcha_answer)) if captcha_response.is_valid: log.info("Captcha response verified as valid") @@ -95,12 +102,19 @@ def archive_to_rss(url, time_between_posts, title, recaptcha_answer, ip): return (rss_feed_filename, preview_feed_filename) else: log.error("Invalid captcha entered") - raise Exception('Invalid captcha') - return + return (False, False) def report_archive_fail(url, comments, ip, recaptcha_answer): log.info("Beginning report_archive_fail") - captcha_response = submit(remote_ip=ip, secret_key="6LcHZQsTAAAAALNHKDDOht1UXok-vnY4KJE13RGJ", response=recaptcha_answer) + key = "" + try: + with open(os.path.join(os.path.abspath(os.path.dirname(__file__)), 'secret', 'recaptcha_key_secret.key'), 'r') as f: + key = f.readline() + except: + log.error("The file containing the secret key was not located") + return False + + captcha_response = submit(remote_ip=ip, secret_key=key, response=recaptcha_answer) log.debug("recaptcha_answer is: {}".format(recaptcha_answer)) if captcha_response.is_valid: log.info("Captcha response verified as valid") diff --git a/rsstory/views.py b/rsstory/views.py index 2d107fa..c981082 100644 --- a/rsstory/views.py +++ b/rsstory/views.py @@ -14,6 +14,8 @@ def feed(request): if request.json_body['url'] == '': return {"rss": "Error"} xml_feed, preview_page = rss.archive_to_rss(request.json_body['url'], request.json_body['time'], request.json_body['title'], request.json_body['captcha'], request.remote_addr) + if xml_feed == False and preview_page == False: + return {"rss": "Error"} return {"rss": "/static/feeds/" + xml_feed + ".xml", "preview": "/static/previews/" + preview_page} @view_config(route_name='archive_fails', renderer='archive_fails.pt')