def parse_signed_request(self, signed_request): """ 用于站内应用 signed_request: 应用框架在加载时会通过向Canvas URL post的参数signed_request Returns: Token, is_valid (令牌, 是否有效) """ def base64decode(s): appendix = '=' * (4 - len(s) % 4) return base64.b64decode(s.replace('-', '+').replace('_', '/') + appendix) encoded_sign, encoded_data = signed_request.split('.', 1) sign = base64decode(encoded_sign) data = loads(base64decode(encoded_data)) token = Token(data.oauth_token, data.expires, uid=data.user_id, created_at=data.issued_at) is_valid = data.algorithm == u'HMAC-SHA256' and hmac.new(self.app.key, encoded_data, hashlib.sha256).digest() == sign return token, is_valid
def parse_signed_request(self, signed_request): """ 用于站内应用 signed_request: 应用框架在加载时会通过向Canvas URL post的参数signed_request Returns: Token, is_valid (令牌, 是否有效) """ def base64decode(s): appendix = '=' * (4 - len(s) % 4) return base64.b64decode(s.replace('-', '+').replace('_', '/') + appendix) encoded_sign, encoded_data = signed_request.split('.', 1) sign = base64decode(encoded_sign) data = loads(base64decode(encoded_data)) token = Token(data.oauth_token, data.expires, uid=data.user_id, created_at=data.issued_at, **data) is_valid = data.algorithm == u'HMAC-SHA256' and hmac.new(self.app.key, encoded_data, hashlib.sha256).digest() == sign return token, is_valid
def test_loads(self): json = loads(r'{"name":"foo","age":100}') self.assertEqual('foo', json.name) self.assertEqual(100, json.age)