def generate_recovery_token(self):
key = random_string(64, "abcdefghijklmnopqrstuvwxyz0123456789")
msg = str(int(time.time()))
h = hmac_new(key, msg).hexdigest()
self.recoverpass_key = key
self.save()
return msg + '-' + h
def generate_recovery_token(self):
key = random_string(64, "abcdefghijklmnopqrstuvwxyz0123456789")
msg = str(int(time.time()))
h = hmac_new(key, msg).hexdigest()
self.recoverpass_key = key
self.save()
return msg + '-' + h
def key(request,
wikiname=None,
itemname=None,
attachname=None,
content=None,
secret=None):
"""
Calculate a (hard-to-guess) cache key.
Important key properties:
* The key must be hard to guess (this is because do=get does no ACL checks,
so whoever got the key [e.g. from html rendering of an ACL protected wiki
page], will be able to see the cached content.
* The key must change if the (original) content changes. This is because
ACLs on some item may change and even if somebody was allowed to see some
revision of some item, it does not implicate that he is allowed to see
any other revision also. There will be no harm if he can see exactly the
same content again, but there could be harm if he could access a revision
with different content.
If content is supplied, we will calculate and return a hMAC of the content.
If wikiname, itemname, attachname is given, we don't touch the content (nor do
we read it ourselves from the attachment file), but we just calculate a key
from the given metadata values and some metadata we get from the filesystem.
Hint: if you need multiple cache objects for the same source content (e.g.
thumbnails of different sizes for the same image), calculate the key
only once and then add some different prefixes to it to get the final
cache keys.
@param request: the request object
@param wikiname: the name of the wiki (if not given, will be read from cfg)
@param itemname: the name of the page
@param attachname: the filename of the attachment
@param content: content data as unicode object (e.g. for page content or
parser section content)
@param secret: secret for hMAC calculation (default: use secret from cfg)
"""
if secret is None:
secret = request.cfg.secrets['action/cache']
if content:
hmac_data = content
elif itemname is not None and attachname is not None:
wikiname = wikiname or request.cfg.interwikiname or request.cfg.siteid
fuid = filesys.fuid(
AttachFile.getFilename(request, itemname, attachname))
hmac_data = u''.join([wikiname, itemname, attachname, repr(fuid)])
else:
raise AssertionError('cache_key called with unsupported parameters')
hmac_data = hmac_data.encode('utf-8')
key = hmac_new(secret, hmac_data).hexdigest()
return key
def key(request, wikiname=None, itemname=None, attachname=None, content=None, secret=None):
"""
Calculate a (hard-to-guess) cache key.
Important key properties:
* The key must be hard to guess (this is because do=get does no ACL checks,
so whoever got the key [e.g. from html rendering of an ACL protected wiki
page], will be able to see the cached content.
* The key must change if the (original) content changes. This is because
ACLs on some item may change and even if somebody was allowed to see some
revision of some item, it does not implicate that he is allowed to see
any other revision also. There will be no harm if he can see exactly the
same content again, but there could be harm if he could access a revision
with different content.
If content is supplied, we will calculate and return a hMAC of the content.
If wikiname, itemname, attachname is given, we don't touch the content (nor do
we read it ourselves from the attachment file), but we just calculate a key
from the given metadata values and some metadata we get from the filesystem.
Hint: if you need multiple cache objects for the same source content (e.g.
thumbnails of different sizes for the same image), calculate the key
only once and then add some different prefixes to it to get the final
cache keys.
@param request: the request object
@param wikiname: the name of the wiki (if not given, will be read from cfg)
@param itemname: the name of the page
@param attachname: the filename of the attachment
@param content: content data as unicode object (e.g. for page content or
parser section content)
@param secret: secret for hMAC calculation (default: use secret from cfg)
"""
if secret is None:
secret = request.cfg.secrets["action/cache"]
if content:
hmac_data = content
elif itemname is not None and attachname is not None:
wikiname = wikiname or request.cfg.interwikiname or request.cfg.siteid
fuid = filesys.fuid(AttachFile.getFilename(request, itemname, attachname))
hmac_data = u"".join([wikiname, itemname, attachname, repr(fuid)])
else:
raise AssertionError("cache_key called with unsupported parameters")
hmac_data = hmac_data.encode("utf-8")
key = hmac_new(secret, hmac_data).hexdigest()
return key
def apply_recovery_token(self, tok, newpass):
parts = tok.split('-')
if len(parts) != 2:
return False
try:
stamp = int(parts[0])
except ValueError:
return False
# only allow it to be valid for twelve hours
if stamp + 12*60*60 < time.time():
return False
# check hmac
# key must be of type string
h = hmac_new(str(self.recoverpass_key), str(stamp)).hexdigest()
if not safe_str_equal(h, parts[1]):
return False
self.recoverpass_key = ""
self.enc_password = encodePassword(self._cfg, newpass)
self.save()
return True
def apply_recovery_token(self, tok, newpass):
parts = tok.split('-')
if len(parts) != 2:
return False
try:
stamp = int(parts[0])
except ValueError:
return False
# only allow it to be valid for twelve hours
if stamp + 12 * 60 * 60 < time.time():
return False
# check hmac
# key must be of type string
h = hmac_new(str(self.recoverpass_key), str(stamp)).hexdigest()
if h != parts[1]:
return False
self.recoverpass_key = ""
self.enc_password = encodePassword(newpass)
self.save()
return True
def apply_recovery_token(self, tok, newpass):
parts = tok.split('-')
if len(parts) != 2:
return False
try:
stamp = int(parts[0])
except ValueError:
return False
lifetime = self._request.cfg.recovery_token_lifetime * 3600
if time.time() > stamp + lifetime:
return False
# check hmac
# key must be of type string
h = hmac_new(str(self.recoverpass_key), str(stamp)).hexdigest()
if not safe_str_equal(h, parts[1]):
return False
self.recoverpass_key = ""
self.enc_password = encodePassword(self._cfg, newpass)
self.save()
return True
def apply_recovery_token(self, tok, newpass):
parts = tok.split('-')
if len(parts) != 2:
return False
try:
stamp = int(parts[0])
except ValueError:
return False
lifetime = self._request.cfg.recovery_token_lifetime * 3600
if time.time() > stamp + lifetime:
return False
# check hmac
# key must be of type string
h = hmac_new(str(self.recoverpass_key), str(stamp)).hexdigest()
if not safe_str_equal(h, parts[1]):
return False
self.recoverpass_key = ""
self.enc_password = encodePassword(self._cfg, newpass)
self.save()
return True
def apply_recovery_token(self, tok, newpass):
key = self.recoverpass_key
parts = tok.split('-')
if len(parts) != 2:
return False
try:
stamp = int(parts[0])
except ValueError:
return False
# only allow it to be valid for twelve hours
if stamp + 12*60*60 < time.time():
return False
# check hmac
h = hmac_new(self.recoverpass_key, str(stamp)).hexdigest()
if h != parts[1]:
return False
self.recoverpass_key = ""
self.enc_password = encodePassword(newpass)
self.save()
return True
def _compute_signature(self, question, timestamp):
signature = u"%s%d" % (question, timestamp)
return hmac_new(self.secret, signature.encode('utf-8')).hexdigest()
def _compute_signature(self, question, timestamp):
return hmac_new(self.secret, "%s%d" % (question, timestamp)).hexdigest()
