Ejemplos de validate_signature en Python

Ejemplo n.º 1

    def test_versioned(self, time):
        time.return_value = 1000

        message = "hello!"
        max_age = datetime.timedelta(seconds=30)

        versioned = VersionedSecret(previous=b"one", current=b"two", next=b"three")

        previous = VersionedSecret.from_simple_secret(versioned.previous)
        current = VersionedSecret.from_simple_secret(versioned.current)
        next = VersionedSecret.from_simple_secret(versioned.next)

        self.assertEqual(crypto.make_signature(versioned, message, max_age),
                         crypto.make_signature(current, message, max_age))

        signature = crypto.make_signature(previous, message, max_age)
        info = crypto.validate_signature(versioned, message, signature)
        self.assertEqual(info.expiration, 1030)

        signature = crypto.make_signature(current, message, max_age)
        info = crypto.validate_signature(versioned, message, signature)
        self.assertEqual(info.expiration, 1030)

        signature = crypto.make_signature(next, message, max_age)
        info = crypto.validate_signature(versioned, message, signature)
        self.assertEqual(info.expiration, 1030)

Ejemplo n.º 2

 def test_new_csrf_token(self, time_mock):
     time_mock.time.return_value = 1000.0
     request = mock.Mock()
     request.authenticated_userid = "t2_1"
     token = self.policy.new_csrf_token(request)
     self.assertTrue(token.startswith("1."))
     self.assertEqual(token, "1.AQAA-BEAAF-br-ovnk0q8Wd0kA98-jsak9elbMqo0WbjT0GuyRTD")
     signature = token.split('.')[-1]
     validate_signature(self.policy._get_secret(), "1.t2_1", signature)

Ejemplo n.º 3

Archivo: socketserver.py Proyecto: ChatterlyOSE/chatterly-service-websockets

    def upgrade_connection(self):
        """Validate authorization to attach to a namespace before connecting.

        We hook into the geventwebsocket stuff here to ensure that the
        authorization is valid before we return a `101 Switching Protocols`
        rather than connecting then disconnecting the user.

        """
        if not self.client_address:
            # we can't do websockets if we don't have a valid client_address
            # because geventwebsocket uses that to keep connection objects.
            # if this error is happening, you probably need to update your proxy
            raise Exception("no client address. check x-forwarded-{for,port}")

        app = self.application

        # Check if compression is supported.  The RFC explanation for the
        # variations on what is accepted here is convoluted, so we'll just
        # stick with the happy case:
        #
        #    https://tools.ietf.org/html/rfc6455#page-48
        #
        # Worst case scenario, we fall back to not compressing.
        extensions = self.environ.get('HTTP_SEC_WEBSOCKET_EXTENSIONS', '')
        extensions = {
            extension.split(";")[0].strip()
            for extension in extensions.split(",")
        }
        self.environ["supports_compression"] = \
            "permessage-deflate" in extensions

        try:
            namespace = self.environ["PATH_INFO"]
            query_string = self.environ["QUERY_STRING"]
            params = urlparse.parse_qs(query_string, strict_parsing=True)
            signature = params["m"][0]

            secret = app.secrets.get_versioned(
                "secret/websockets/authorization_key")
            validate_signature(secret, namespace, signature)
        except (KeyError, IndexError, ValueError, SignatureError):
            app.metrics.counter("conn.rejected.bad_namespace").increment()
            self.start_response("403 Forbidden", [])
            return ["Forbidden"]

        self.environ["signature_validated"] = True

        return super(WebSocketHandler, self).upgrade_connection()

Ejemplo n.º 4

Archivo: csrf.py Proyecto: ckwang8128/baseplate

    def check_csrf_token(self, request, supplied_token):
        """Return True if the supplied_token is valid.

        This is called automatically by Pyramid if you have configured it
        to require CSRF.
        """
        try:
            token_version, sep, signature = supplied_token.partition(".")
        except Exception:
            return False

        if sep != ".":
            return False

        _, payload = _make_csrf_token_payload(
            version=token_version, account_id=request.authenticated_userid)

        try:
            validate_signature(self._get_secret(), payload, signature)
        except SignatureError:
            return False

        return True