Fakultas Ilmu Komputer UI

Commit edbf0ce1 authored by Arief Pratama's avatar Arief Pratama
Browse files

Merge branch '2006560831-hotfix-v2' into 'master'

[HOTFIX] Fix security hotspot sonarqube

See merge request !100
parents 3e316981 b51fb387
Pipeline #60125 passed with stages
in 21 minutes
...@@ -348,7 +348,7 @@ class UploadMateriService: ...@@ -348,7 +348,7 @@ class UploadMateriService:
@staticmethod @staticmethod
def validate_yt_video_url(value): def validate_yt_video_url(value):
r = requests.get('http://www.youtube.com/watch?v='+value) r = requests.get('https://www.youtube.com/watch?v='+value)
if "\"playabilityStatus\":{\"status\":\"ERROR\"" in r.text: if "\"playabilityStatus\":{\"status\":\"ERROR\"" in r.text:
raise ValidationError("Invalid Youtube video ID") raise ValidationError("Invalid Youtube video ID")
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
{% load static %} {% load static %}
{% block title %} {% block title %}
<title>Unggah Materi dari Excel | Digipus</title> <title>Statistik | Digipus</title>
{% endblock %} {% endblock %}
{% block stylesheets %} {% block stylesheets %}
......
...@@ -4,7 +4,7 @@ import PIL.Image as Image ...@@ -4,7 +4,7 @@ import PIL.Image as Image
def get_random_filename(f_name): def get_random_filename(f_name):
ext = f_name.split(".")[-1] ext = f_name.split(".")[-1]
name = ''.join(random.choices(string.ascii_lowercase , k=4)) name = ''.join(random.choices(string.ascii_lowercase , k=4))
name += hashlib.md5((datetime.datetime.now().isoformat() + f_name).encode()).hexdigest() name += hashlib.md5((datetime.datetime.now().isoformat() + f_name).encode()).hexdigest() # Sensitive
name = name + "." + ext name = name + "." + ext
return name return name
......
import mimetypes import mimetypes
import os import os
from io import BytesIO from io import BytesIO
from register.services import MailService
import django import django
from decouple import config from decouple import config
...@@ -213,12 +214,12 @@ class DetailMateri(TemplateView): ...@@ -213,12 +214,12 @@ class DetailMateri(TemplateView):
f'menambahkan komentar pada materi Anda dengan judul "{materi.title}".' + \ f'menambahkan komentar pada materi Anda dengan judul "{materi.title}".' + \
f'\nKomentar: "{comment.comment}".\n' + \ f'\nKomentar: "{comment.comment}".\n' + \
f'Silahkan akses halaman detail materi untuk berinteraksi lebih lanjut.' f'Silahkan akses halaman detail materi untuk berinteraksi lebih lanjut.'
send_mail(
MailService.send(
subject = 'DIGIPUS: Komentar Baru pada Materi Anda', subject = 'DIGIPUS: Komentar Baru pada Materi Anda',
message = email_content, message = email_content,
from_email = getattr(settings, 'EMAIL_HOST_USER'), from_email = getattr(settings, 'EMAIL_HOST_USER'),
recipient_list = [materi_uploader.email,], recipient_list = [materi_uploader.email,],
fail_silently = False,
) )
elif (review_text != None): elif (review_text != None):
review = Review.objects.create( review = Review.objects.create(
...@@ -387,11 +388,6 @@ class UploadMateriHTML(TemplateView): ...@@ -387,11 +388,6 @@ class UploadMateriHTML(TemplateView):
template_name = UNGGAH_HTML template_name = UNGGAH_HTML
context = {} context = {}
def get_template_names(self):
if self.request.path == UNGGAH_URL:
template_name = UNGGAH_HTML
return template_name
class UploadMateriExcelView(TemplateView): class UploadMateriExcelView(TemplateView):
template_name = "unggah_excel.html" template_name = "unggah_excel.html"
......
...@@ -93,9 +93,20 @@ class RegistrationService: ...@@ -93,9 +93,20 @@ class RegistrationService:
Mohon verifikasi email Anda dengan klik pada link berikut: {url} Mohon verifikasi email Anda dengan klik pada link berikut: {url}
""" """
send_mail( MailService.send(
subject = 'DIGIPUS: Verifikasi Alamat Email', subject = 'DIGIPUS: Verifikasi Alamat Email',
message = email_content, message = email_content,
from_email = getattr(settings, 'EMAIL_HOST_USER'), from_email = getattr(settings, 'EMAIL_HOST_USER'),
recipient_list = [user.email], recipient_list = [user.email])
fail_silently = False)
class MailService:
@staticmethod
def send(subject, message, from_email, recipient_list):
send_mail(
subject,
message,
from_email,
recipient_list,
fail_silently = False) # Sensitive
{% load static %} {% extends 'register_base.html' %}
<!DOCTYPE html> {% block title %} Registrasi Kontributor {% endblock %}
<html lang="en"> {% block form_title %} Registrasi Kontributor {% endblock %}
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Registrasi Kontributor</title>
<link rel="icon" type="image/png" href="{% static 'images/icons/logo.ico' %}" />
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/bootstrap/css/bootstrap.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'fonts/font-awesome-4.7.0/css/font-awesome.min.css' %}">
<!--===============================================================================================-->
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/animate/animate.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/css-hamburgers/hamburgers.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/animsition/css/animsition.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/select2/select2.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/daterangepicker/daterangepicker.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'css/styles.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'css/util.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'css/main.css' %}">
<!--===============================================================================================-->
<link href="https://fonts.googleapis.com/css2?family=Montserrat:ital@1&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Poppins&display=swap" rel="stylesheet">
</head>
<body style="background-color: #666666;">
<main>
<div class="limiter">
<div class="container-login100">
<div class="wrap-login100">
<form class="login100-form validate-form" method="POST" action="">
{% csrf_token %}
<div class="login100-form-title p-b-43">
Registrasi Kontributor
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.name }}
<span class="focus-input100"></span>
<span class="label-input100">Nama</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Password is required">
{{ form.instansi }}
<span class="focus-input100"></span>
<span class="label-input100">Instansi/Pekerjaan</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.nik.errors }}
{{ form.nik }}
<span class="focus-input100"></span>
<span class="label-input100">NIK</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.alamat }}
<span class="focus-input100"></span>
<span class="label-input100">Alamat</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.email.errors }}
{{ form.email }}
<span class="focus-input100"></span>
<span class="label-input100">Email</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.nomor_telpon.errors}}
{{ form.nomor_telpon }}
<span class="focus-input100"></span>
<span class="label-input100">Nomor Telepon</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.password.errors }}
{{ form.password }}
<span class="focus-input100"></span>
<span class="label-input100">Kata Sandi</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.password2 }}
<span class="focus-input100"></span>
<span class="label-input100">Ketik Ulang Kata Sandi</span>
</div>
{% block footer %}
<div class="container-login100-form-btn"> {% if message %}
<button class="login100-form-btn"> <div class="text-success txt1" id="registrasi">{{ message }}</div>
Daftar <div class="txt1">Kembali ke <a href="/" class="txt1">halaman utama</a></div>
</button> {% endif %}
</div> {% endblock %}
<div class="flex-sb-m w-full p-t-3 p-b-32">
<div>
<a href="/login/" class="txt1">
Kembali ke halaman login
</a>
</div>
</div>
{% if message %}
<div class="text-success txt1" id="registrasi">{{ message }}</div>
<div class="txt1">Kembali ke <a href="/" class="txt1">halaman utama</a></div>
{% endif %}
</form>
<div class="login100-more" style="background-image: url('../static/images/bg-03.jpg'); z-index: 0;">
</div>
</div>
</div>
</div>
</main>
<!--===============================================================================================-->
<script src="../static/vendor/jquery/jquery-3.2.1.min.js"></script>
<!--===============================================================================================-->
<script src="../static/vendor/animsition/js/animsition.min.js"></script>
<!--===============================================================================================-->
<script src="../static/vendor/bootstrap/js/popper.js"></script>
<script
src="../static/../static/../static/../static/../static/../static/vendor/bootstrap/js/bootstrap.min.js"></script>
<!--===============================================================================================-->
<script src="../static/../static/../static/../static/../static/vendor/select2/select2.min.js"></script>
<!--===============================================================================================-->
<script src="../static/../static/../static/../static/vendor/daterangepicker/moment.min.js"></script>
<script src="../static/../static/../static/vendor/daterangepicker/daterangepicker.js"></script>
<!--===============================================================================================-->
<script src="../static/../static/vendor/countdowntime/countdowntime.js"></script>
<!--===============================================================================================-->
<script src="../static/js/login.js"></script>
<script src="../static/js/navbar.js"></script>
</body>
</html>
\ No newline at end of file
{% load static %} {% extends 'register_base.html' %}
<!DOCTYPE html> {% block title %} Registrasi Admin {% endblock %}
<html lang="en"> {% block form_title %} Registrasi Admin {% endblock %}
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Registrasi Admin</title>
<link rel="icon" type="image/png" href="{% static 'images/icons/logo.ico' %}" />
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/bootstrap/css/bootstrap.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'fonts/font-awesome-4.7.0/css/font-awesome.min.css' %}">
<!--===============================================================================================-->
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/animate/animate.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/css-hamburgers/hamburgers.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/animsition/css/animsition.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/select2/select2.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/daterangepicker/daterangepicker.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'css/styles.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'css/util.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'css/main.css' %}">
<!--===============================================================================================-->
<link href="https://fonts.googleapis.com/css2?family=Montserrat:ital@1&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Poppins&display=swap" rel="stylesheet">
</head>
<body style="background-color: #666666;">
<main>
<div class="limiter">
{% if message %}
<h1>{{ message }}</h1>
{% endif %}
<div class="container-login100">
<div class="wrap-login100">
<form class="login100-form validate-form" method="POST" action="">
{% csrf_token %}
<div class="login100-form-title p-b-43">
Registrasi Admin
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.name }}
<span class="focus-input100"></span>
<span class="label-input100">Nama</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Password is required">
{{ form.instansi }}
<span class="focus-input100"></span>
<span class="label-input100">Instansi/Pekerjaan</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.nik.errors }}
{{ form.nik }}
<span class="focus-input100"></span>
<span class="label-input100">NIK</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.alamat }}
<span class="focus-input100"></span>
<span class="label-input100">Alamat</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.email.errors }}
{{ form.email }}
<span class="focus-input100"></span>
<span class="label-input100">Email</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.nomor_telpon.errors }}
{{ form.nomor_telpon }}
<span class="focus-input100"></span>
<span class="label-input100">Nomor Telepon</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.password.errors }}
{{ form.password }}
<span class="focus-input100"></span>
<span class="label-input100">Kata Sandi</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.password2 }}
<span class="focus-input100"></span>
<span class="label-input100">Ketik Ulang Kata Sandi</span>
</div>
{% block header %}
<div class="container-login100-form-btn"> {% if message %}
<button class="login100-form-btn"> <h1>{{ message }}</h1>
Daftar {% endif %}
</button> {% endblock %}
</div>
<div class="flex-sb-m w-full p-t-3 p-b-32">
<div>
<a href="/login/" class="txt1">
Kembali ke halaman login
</a>
</div>
</div>
</form>
<div class="login100-more" style="background-image: url('../static/images/bg-03.jpg'); z-index: 0;">
</div>
</div>
</div>
</div>
</main>
</body>
</html>
\ No newline at end of file
{% load static %} {% extends 'register_base.html' %}
<!DOCTYPE html> {% block title %} Registrasi Umum {% endblock %}
<html lang="en"> {% block form_title %} Registrasi Umum {% endblock %}
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Registrasi Umum</title>
<link rel="icon" type="image/png" href="{% static 'images/icons/logo.ico' %}" />
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/bootstrap/css/bootstrap.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'fonts/font-awesome-4.7.0/css/font-awesome.min.css' %}">
<!--===============================================================================================-->
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/animate/animate.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/css-hamburgers/hamburgers.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/animsition/css/animsition.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/select2/select2.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/daterangepicker/daterangepicker.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'css/styles.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'css/util.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'css/main.css' %}">
<!--===============================================================================================-->
<link href="https://fonts.googleapis.com/css2?family=Montserrat:ital@1&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Poppins&display=swap" rel="stylesheet">
</head>
<body style="background-color: #666666;">
<main>
<div class="limiter">
<div class="container-login100">
<div class="wrap-login100">
<form class="login100-form validate-form" method="POST" action="">
{% csrf_token %}
<div class="login100-form-title p-b-43">
Registrasi Umum
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.name }}
<span class="focus-input100"></span>
<span class="label-input100">Nama</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Password is required">
{{ form.instansi }}
<span class="focus-input100"></span>
<span class="label-input100">Instansi/Pekerjaan</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.nik.errors }}
{{ form.nik }}
<span class="focus-input100"></span>
<span class="label-input100">NIK</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.alamat }}
<span class="focus-input100"></span>
<span class="label-input100">Alamat</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.email.errors }}
{{ form.email }}
<span class="focus-input100"></span>
<span class="label-input100">Email</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.nomor_telpon.errors}}
{{ form.nomor_telpon }}
<span class="focus-input100"></span>
<span class="label-input100">Nomor Telepon</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.password.errors }}
{{ form.password }}
<span class="focus-input100"></span>
<span class="label-input100">Kata Sandi</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.password2 }}
<span class="focus-input100"></span>
<span class="label-input100">Ketik Ulang Kata Sandi</span>
</div>
<div class="container-login100-form-btn">
<button class="login100-form-btn">
Daftar
</button>
</div>
<div class="flex-sb-m w-full p-t-3 p-b-32">
<div>
<a href="/login/" class="txt1">
Kembali ke halaman login
</a>
</div>
</div>
</form>
<div class="login100-more" style="background-image: url('{% static 'images/bg-03.jpg' %}'); z-index: 0;">
</div>
</div>
</div>
</div>
</main>
<!--===============================================================================================-->
<script src="{% static 'vendor/jquery/jquery-3.2.1.min.js' %}"></script>
<!--===============================================================================================-->
<script src="{% static 'vendor/animsition/js/animsition.min.js' %}"></script>
<!--===============================================================================================-->
<script src="{% static 'vendor/bootstrap/js/popper.js' %}"></script>
<script
src="{% static 'vendor/bootstrap/js/bootstrap.min.js' %}"></script>
<!--===============================================================================================-->
<script src="{% static 'vendor/select2/select2.min.js' %}"></script>
<!--===============================================================================================-->
<script src="{% static 'vendor/daterangepicker/moment.min.js' %}"></script>
<script src="{% static 'vendor/daterangepicker/daterangepicker.js' %}"></script>
<!--===============================================================================================-->
<script src="{% static 'vendor/countdowntime/countdowntime.js' %}"></script>
</body>
</html>
\ No newline at end of file
{% load static %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
{% block title %}{% endblock %}
</title>
<link rel="icon" type="image/png" href="{% static 'images/icons/logo.ico' %}" />
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/bootstrap/css/bootstrap.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'fonts/font-awesome-4.7.0/css/font-awesome.min.css' %}">
<!--===============================================================================================-->
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/animate/animate.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/css-hamburgers/hamburgers.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/animsition/css/animsition.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/select2/select2.min.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'vendor/daterangepicker/daterangepicker.css' %}">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="{% static 'css/styles.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'css/util.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'css/main.css' %}">
<!--===============================================================================================-->
<link href="https://fonts.googleapis.com/css2?family=Montserrat:ital@1&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Poppins&display=swap" rel="stylesheet">
</head>
<body style="background-color: #666666;">
<main>
<div class="limiter">
{% block header %}{% endblock %}
<div class="container-login100">
<div class="wrap-login100">
<form class="login100-form validate-form" method="POST" action="">
{% csrf_token %}
<div class="login100-form-title p-b-43">
{% block form_title %}{% endblock %}
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.name }}
<span class="focus-input100"></span>
<span class="label-input100">Nama</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Password is required">
{{ form.instansi }}
<span class="focus-input100"></span>
<span class="label-input100">Instansi/Pekerjaan</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.nik.errors }}
{{ form.nik }}
<span class="focus-input100"></span>
<span class="label-input100">NIK</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.alamat }}
<span class="focus-input100"></span>
<span class="label-input100">Alamat</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">
{{ form.email.errors }}
{{ form.email }}
<span class="focus-input100"></span>
<span class="label-input100">Email</span>
</div>
<div class="wrap-input100 validate-input" data-validate="Valid email is required: ex@abc.xyz">