def verify(self): payload = self._build_payload({"msg": "Testing message"}) assert auth.verify(payload['signature'], payload['message'], self.cfg['keys']['public']) is True r = self._post("verify", payload) return self._result(r)
def post(self): """ Hanlder git command """ if verify(self): command = self.get_argument("command", "") if command == "newEmptyBranch": self.write("success") self.newEmptyBranch()
def post(self): # verify access token link = self.get_argument("link") suffix = self.get_argument("suffix","") filename=self.get_argument("filename","") if verify(self): # download self.write("success") self.flush() thread.start_new_thread(downloadAndPush,(link,filename,suffix))
def auth_public_keys(mongo, msgobj): user = mongo.users.find_one({'username': msgobj['username']}) keys = mongo.public_keys.find({'user': user['_id']}) verified = False for k in keys: verified = auth.verify(msgobj['signature'], msgobj['message'].encode('utf-8'), str(k['key'])) if verified: break return verified, user
def get(self): # verify access token if verify(self): command = self.get_argument("command", "") if command == "status": self.write(self.git.status()) elif command == "branch": self.write(self.git.branch()) # not a valid request else: self.write_error(400)
def login2(): name = request.form['username'] p2 = request.form['server_secret'] sig = request.form['signature'] server_secret = auth.decrypt(b64d(p2)) genuine = auth.verify(key_for(name), server_secret, b64d(sig)) if genuine: session['username'] = name app.logger.info("%s successfully logged in" % (name,)) return "Success" else: abort(401)
def verify_registration(num): user = request.args.get('user').lower() info = auth.verify(num, user) if(info[0] != "I"): interest_string = "" for subject in loads(info)["interests"]: interest_string += subject + "," res = make_response(redirect('http://localhost:3000/dashboard')) res.set_cookie("username", value=str(loads(info)["user"]), max_age=None, samesite='Lax') res.set_cookie("interests", value=str(interest_string), max_age=None, samesite='Lax') return res return info
def post(self): # Get login form data username = self.get_body_argument('username') password = self.get_body_argument('password') # Verify if login info is correct if auth.verify(username, password) == True: self.set_secure_cookie('user', username) # Set login cookie self.redirect('/admin') else: # Upon error, redirect to login with error message self.redirect( "/admin/login?msg=Invalid%20username%20or%20password")
def authenticate_message(form): keyB = auth.decrypt(b64d(form['key'])) payload = b64d(form['payload']) payload = auth.aes_decrypt(payload, keyB) payload = json.loads(payload) sender, recipient, body, keyA, sig, keyA2 = payload['sender'], payload['recipient'], payload['body'], payload['key'], payload['signature'], payload['sender_key'] sender_user = db.get_user(sender) recipient_user = db.get_user(recipient) if not (sender_user and recipient_user): return (False,) sig = b64d(sig) if auth.verify(key_for(sender), sender+recipient+body, sig): return (True, (sender, recipient, body, keyA, keyA2)) else: return (False,())
def authFunction(): #檢查傳遞資料是否正確 if (not ("token" in request.json)): return jsonify({"msg": "argument error"}), 400 #驗證 token = request.json["token"] verifyRes = verify(token) #如果通過reCaptcha,才發給jwt token if (not verifyRes["success"]): return jsonify(verifyRes), 401 #產生 JWT token verifyRes.update({"access_token": generateJWTtoken(time.time())}) print(verifyRes) return jsonify(verifyRes), 200
def receive(token, queue, retry, debug=False): ''' Get the message from the queue, display the decrypted text. ''' if status(debug): LOGGER.info('[keybase-status] client-up; signed-in') else: LOGGER.error('[keybase-status] client-down/sigend-out') return try: while True: job = queue.get_job(['in'], count=1, nohang=False) # Wait for a valid job. if len(job) > 0: queue.ack_job(job[0][1]) LOGGER.info('[received-job]: %s', repr(job[0])) signed = get(job[0][2].strip(), token, debug) # Check for a valid signature. if signed is None: LOGGER.error('[gist-fetch] %s not found!', job[0][2]) continue # If the message is verified, decrypt it. flag, who, encrypted = verify(signed, debug) if flag: LOGGER.info('[keybase-verify] message signed by %s', who) who, text = decrypt(encrypted, debug) if who is not None: LOGGER.info(('[keybase-decrypt] message encrypted' ' by %s'), who) LOGGER.info(('[keybase-decrypt] plain-text content: ' '\n%s'), text) else: LOGGER.error('[keybase-decrypt] un-trusted encryption') continue else: LOGGER.error('[keybase-verify] unable to verify') continue time.sleep(retry) except Exception: LOGGER.error('[queue] unable to fetch jobs from \'in\'')
def test_will_not_verify_malformed_token(self): tokenwithnologin = '******' self.assertEqual(False,auth.verify(tokenwithnologin,'secret')) tokenwithnosignature = '{"login": "******"}' self.assertEqual(False,auth.verify(tokenwithnosignature,'secret'))
def test_will_not_authenticate_token_with_fake_signature(self): secret = 'secret'; faketoken = '{"login": "******", "signature": "portnawak"}' self.assertEqual(False,auth.verify(faketoken,'secret'))
def test_can_verify_authentic_token(self): token = '{"login": "******", "signature": "334653c938d6ec85903dff5ed6b11170bcd008b6"}' self.assertEqual(True,auth.verify(token,'secret'))
s.Popen(["/usr/local/bin/gpio", "-g", "write", "3", "1"], stdout = s.PIPE) return True def changeLight(action): if action == 'on': result = on() elif action == 'off': result = off() else: result = False return result def getAction(): form = cgi.FieldStorage() try: action = form['action'].value except KeyError, e: action = 'unknown' return action action = getAction() if auth.verify(): result = changeLight(action) else: result = False jsonData = {'result': result, 'action': action} print 'Content-Type: application/json\n\n' print json.dumps(jsonData)
code = None try: while True: # 3ms delay affects everything following response = wiegand.read() if isinstance(response, int): code = numpad.press(response) # button else: code = response # card (or None) # check the code if code != None: if auth.verify(code): # unlock entry.allow() event.log('Access granted', code) else: entry.deny() event.log('Access denied', code) code = None # check sensors sensors.check() # cleanup entry.secure()