From fc9558fac717e9cc59094919f7e2e10c6186fbf8 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 31 Mar 2016 12:00:35 +0200
Subject: [PATCH 4/4] implement URL signatures in the file validation
 web-service calls (#10444)

---
 wcs/file_validation.py | 39 ++++++++++++++++++++++++++-------------
 1 file changed, 26 insertions(+), 13 deletions(-)

diff --git a/wcs/file_validation.py b/wcs/file_validation.py
index 7190574..905f03d 100644
--- a/wcs/file_validation.py
+++ b/wcs/file_validation.py
@@ -22,20 +22,40 @@ import urllib
 from qommon.misc import http_get_page, json_loads, http_post_request
 from quixote import get_publisher, get_request
 
+from wcs.api_utils import get_secret_and_orig, sign_url
+
 
 def has_file_validation():
     return get_publisher().get_site_option('fargo_url') is not None
 
 
-def fargo_get(path):
+def fargo_url(url):
     fargo_url = get_publisher().get_site_option('fargo_url')
-    url = urlparse.urljoin(fargo_url, path)
+    url = urlparse.urljoin(fargo_url, url)
+    secret, orig = get_secret_and_orig(url)
+    if '?' in url:
+        url += '&orig=%s' % orig
+    else:
+        url += '?orig=%s' % orig
+    return sign_url(url, secret)
+
+
+def fargo_get(url):
+    url = fargo_url(url)
     response, status, data, auth_header = http_get_page(url)
     if status == 200:
         return json_loads(data)
     return None
 
 
+def fargo_post_json(url, payload):
+    url = fargo_url(url)
+    headers = {'Content-Type': 'application/json'}
+    response, status, response_payload, auth_header = http_post_request(
+        url, json.dumps(payload), headers=headers)
+    return status, json_loads(response_payload)
+
+
 def sha256_of_upload(upload):
     return hashlib.sha256(upload.get_content()).hexdigest()
 
@@ -61,10 +81,7 @@ def get_document_types():
 
 
 def get_validation(url):
-    response, status, data, auth_header = http_get_page(url)
-    if status == 200:
-        return json_loads(data)['data']
-    return None
+    return fargo_get(url)
 
 
 def get_validations(document_type):
@@ -94,9 +111,7 @@ def is_valid(filled, field, upload):
 def validate(filled, field, upload):
     '''Compute link to Fargo to validate the given document'''
     document_type_id = field.document_type['id']
-    path = 'api/validation/%s/' % urllib.quote(document_type_id)
-    fargo_url = get_publisher().get_site_option('fargo_url')
-    url = urlparse.urljoin(fargo_url, path)
+    url = '/api/validation/%s/' % urllib.quote(document_type_id)
     payload = {}
     if filled.user:
         if filled.user.name_identifiers:
@@ -108,10 +123,8 @@ def validate(filled, field, upload):
     payload['content_hash'] = sha256_of_upload(upload)
     for meta_field in field.metadata:
         payload[meta_field['name']] = upload.metadata.get(meta_field['name'], '')
-    headers = {'Content-Type': 'application/json'}
-    response, status, response_payload, auth_header = http_post_request(url, json.dumps(payload),
-                                                                        headers=headers)
+    status, response = fargo_post_json(url, payload)
     if status == 201:
-        upload.metadata = json_loads(response_payload)['data']
+        upload.metadata = response['data']
         filled.data['%s_structured' % field.id] = upload.metadata
         filled.store()
-- 
2.1.4