def test_secure_cookie_serializer(self):
serializer = securecookie.SecureCookieSerializer(b"secret-key")
serializer._get_timestamp = lambda: 1
value = ["a", "b", "c"]
result = b"WyJhIiwiYiIsImMiXQ==|1|38" b"837d6af8ac1ded9292b83924fc8521ce76f47e"
rv = serializer.serialize(b"foo", value)
self.assertEqual(rv, result)
rv = serializer.deserialize(b"foo", result)
self.assertEqual(rv, value)
# no value
rv = serializer.deserialize(b"foo", None)
self.assertEqual(rv, None)
# not 3 parts
rv = serializer.deserialize(b"foo", b"a|b")
self.assertEqual(rv, None)
# bad signature
rv = serializer.deserialize(b"foo", result + b"foo")
self.assertEqual(rv, None)
# too old
rv = serializer.deserialize(b"foo", result, max_age=-86400)
self.assertEqual(rv, None)
# not correctly encoded
serializer2 = securecookie.SecureCookieSerializer(b"foo")
serializer2._encode = lambda x: b"foo"
result2 = serializer2.serialize(b"foo", value)
rv2 = serializer2.deserialize(b"foo", result2)
self.assertEqual(rv2, None)
def test_secure_cookie_serializer(self):
serializer = securecookie.SecureCookieSerializer('secret-key')
serializer._get_timestamp = lambda: 1
value = ['a', 'b', 'c']
result = 'WyJhIiwiYiIsImMiXQ==|1|38837d6af8ac1ded9292b83924fc8521ce76f47e'
rv = serializer.serialize('foo', value)
self.assertEqual(rv, result)
rv = serializer.deserialize('foo', result)
self.assertEqual(rv, value)
# no value
rv = serializer.deserialize('foo', None)
self.assertEqual(rv, None)
# not 3 parts
rv = serializer.deserialize('foo', 'a|b')
self.assertEqual(rv, None)
# bad signature
rv = serializer.deserialize('foo', result + 'foo')
self.assertEqual(rv, None)
# too old
rv = serializer.deserialize('foo', result, max_age=-86400)
self.assertEqual(rv, None)
# not correctly encoded
serializer2 = securecookie.SecureCookieSerializer('foo')
serializer2._encode = lambda x: 'foo'
result2 = serializer2.serialize('foo', value)
rv2 = serializer2.deserialize('foo', result2)
self.assertEqual(rv2, None)
def do_business(self, stop_on_error=False):
super(RetrieveDct, self).do_business(stop_on_error)
secret = self._find_secret.result
serializer = securecookie.SecureCookieSerializer(str(secret))
data = serializer.deserialize(self.name, self.signed, self.max_age)
if data:
self.result = json.loads(data)
def do_business(self, stop_on_error=False):
super(SignCmd, self).do_business(stop_on_error)
secret = self.result
if secret:
value = json.dumps(self.dct)
serializer = securecookie.SecureCookieSerializer(str(secret[0]))
self.result = serializer.serialize(self.name, value)
else:
self.result = None
def do_business(self, stop_on_error=False):
super(RetrieveCmd, self).do_business(stop_on_error)
secrets = self.result
if secrets:
for s in secrets:
serializer = securecookie.SecureCookieSerializer(str(s))
data = serializer.deserialize(self.name, self.signed,
self.max_age)
if data:
self.result = json.loads(data)
return
self.result = None
def test_me(self):
make_pr(124, ['human'], {'title': 'huge pr!'})
# no cookie: we get redirected
resp = app.get('/pr')
self.assertEqual(resp.status_code, 302)
self.assertEqual(resp.location, 'http://localhost/github_auth/pr')
# set the session cookie directly (easier than the full login flow)
serializer = securecookie.SecureCookieSerializer(
app.app.config['webapp2_extras.sessions']['secret_key'])
cookie = serializer.serialize('session', {'user': '******'})
# we have a cookie now: we should get results for 'human'
app.cookies['session'] = cookie
resp = app.get('/pr', headers={'Cookie': 'session=%s' % cookie})
self.assertEqual(resp.status_code, 200)
self.assertIn('huge pr!', resp)
def setUp(self):
super(_TestBase, self).setUp()
self.browser_api_key = 'browser_api_key_value'
self.client_id = 'client_id_value'
self.email = '*****@*****.**'
self.host = 'localhost:80'
self.photo_url = 'http://photo'
self.provider_id = 'provider_id_value'
self.old_users_service = users.UsersServiceManager.get()
self.scheme = 'http'
self.serializer = securecookie.SecureCookieSerializer('notasecret')
self.server_api_key = 'server_api_key_value'
self.service_account_email = '*****@*****.**'
self.service_account_key = 'service_account_key_value'
self.title = 'title_value'
self.user_id = '1234'
self.gitkit_user = gitkitclient.GitkitUser(
email=self.email,
photo_url=self.photo_url,
provider_id=self.provider_id,
user_id=self.user_id)
self.admins = ['*****@*****.**', '*****@*****.**']
self.enabled = False
self.config_yaml = {
gitkit._CONFIG_YAML_ADMINS_NAME: self.admins,
gitkit._CONFIG_YAML_ENABLED_NAME: self.enabled,
}
self.properties = self._get_properties(
self.browser_api_key,
self.client_id,
self.server_api_key,
self.service_account_email,
self.service_account_key,
self.title,
)
users.UsersServiceManager.set(gitkit.UsersService)
def serializer(self):
# Serializer and deserializer for signed cookies.
return securecookie.SecureCookieSerializer(self.config['secret_key'])
def channel_send(data):
body = ''
if 'body' in data:
body = data['body']
extra = {
'action_id': data['action'].key_id_str,
'body': render_template(body, data).strip()
}
output = data.copy()
for k in ('account', 'action', 'input', 'entity'):
del output[k]
output.update(extra)
return channel.send_message(data['recipient'], json.dumps(output))
secure_cookie = securecookie.SecureCookieSerializer(settings.COOKIE_SECRET)
def pad(s):
return s + b"\0" * (AES.block_size - len(s) % AES.block_size)
def encrypt(message, key=None, key_size=256):
if key is None:
key = settings.AES_KEY
message = pad(message)
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)
return iv + cipher.encrypt(message)
def _serializer():
engineauth_config = config.load_config()
return securecookie.SecureCookieSerializer(
engineauth_config['secret_key'])
def make_session(**kwargs):
# set the session cookie directly (easier than the full login flow)
serializer = securecookie.SecureCookieSerializer(
app.app.config['webapp2_extras.sessions']['secret_key'])
return serializer.serialize('session', kwargs)
def __init__(self, app, config):
self.app = app
self.app.config = webapp2.Config(config)
secret_key = config['webapp2_extras.sessions']['secret_key']
self.serializer = securecookie.SecureCookieSerializer(secret_key)
def do_business(self, stop_on_error=False):
super(SignDct, self).do_business(stop_on_error)
secret = self._find_secret.result
value = json.dumps(self.dct)
serializer = securecookie.SecureCookieSerializer(str(secret))
self.result = serializer.serialize(self.name, value)
def get_cookie_for_session(self, session_object):
sessions_secret = get_secrets().get('sessions_secret')
serializer = securecookie.SecureCookieSerializer(sessions_secret)
return serializer.serialize('session',
{'_sid': session_object.key.id()})
# limitations under the License.
import logging
import urllib
import uuid
from google.cloud import datastore
import httplib2
from oauth2client import client
from webapp2_extras import securecookie
import webapp2
from dns_sync import api
from dns_sync import config
COOKIE_SIGNER = securecookie.SecureCookieSerializer(config.get_project_id())
COOKIE_MAX_AGE_SECS = 60 * 60
class UserOauth2Token(datastore.Entity):
"""Stores user access tokens in the datastore.
These tokens are deleted when users signs out or a 401 (invalid auth) is
returned from the API. The Key is a random string which is also the cookie
value.
"""
KIND = 'UserOauth2Token'
def __init__(self, entity_id, credentials, is_admin=False):
super(UserOauth2Token,
self).__init__(key=api.CLIENTS.datastore.key(
