def topic(self): """ generate tokens, one with lifetime, one with expires """ lt = timedelta(seconds=exp) now = datetime.utcnow() not_before = (now + timedelta(minutes=nbf)) if nbf else None if callable(privk): token = privk(payload, alg, lt, not_before=not_before) else: token = jwt.generate_jwt(payload, privk, alg, lt, not_before=not_before) yield clock_tick(timedelta(milliseconds=1500)), token now = datetime.utcnow() not_before = (now + timedelta(minutes=nbf)) if nbf else None if callable(privk): token = privk(payload, alg, expires=(now + lt), not_before=not_before) else: token = jwt.generate_jwt(payload, privk, alg, expires=(now + lt), not_before=not_before) yield clock_tick(timedelta(milliseconds=1500)), token
def topic(self): """ Generate 10 tokens """ #pylint: disable=W0201 self.tokens = {} for _ in xrange(10): #pylint: disable=W0631 yield jwt.generate_jwt(payload, privk, alg, timedelta(seconds=5))
def token(username): global database_user key = RSA.generate(2048) priv_pem = key.exportKey() payload = {'url': 'neo0.xyz', 'name': username, 'level': 'low'} priv_key = RSA.importKey(priv_pem) access_token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5)) return access_token
def make_bench_verify_token(alg): """ Return function which will generate token for particular algorithm """ privk = priv_keys[alg].get('default', priv_key) token = jwt.generate_jwt(payload, privk, alg, timedelta(days=1)) def f(_): """ Verify token """ pubk = pub_keys[alg].get('default', pub_key) jwt.verify_jwt(token, pubk, [alg]) return f
def make_bench_verify_token(alg): """ Return function which will generate token for particular algorith """ privk = priv_keys[alg].get('default', priv_key) token = jwt.generate_jwt(payload, privk, alg, timedelta(days=1)) def f(_): """ Verify token """ pubk = pub_keys[alg].get('default', pub_key) jwt.verify_jwt(token, pubk) return f
def create_custom_token(self, uid, additional_claims=None): service_account_email = self.credentials.service_account_email private_key = RSA.importKey(self.credentials._private_key_pkcs8_pem) payload = { "iss": service_account_email, "sub": service_account_email, "aud": "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit", "uid": uid } if additional_claims: payload["claims"] = additional_claims exp = datetime.timedelta(minutes=60) return jwt.generate_jwt(payload, private_key, "RS256", exp)
def get_token(**kwargs): service_private_pem = kwargs.get("service_private_pem") if not service_private_pem: raise ValueError("service_private_pem is not defined") aud = kwargs.get("aud", None) exp = kwargs.get("exp", None) family_name = kwargs.get("family_name", None) given_name = kwargs.get("given_name", None) token_payload = { "aud": aud, "exp": exp, "family_name": family_name, "given_name": given_name, "ver": "1.0" } iss = kwargs.get("iss", None) if iss: token_payload["iss"] = iss nbf = kwargs.get("nbf", None) if nbf: token_payload["nbf"] = nbf oid = kwargs.get("oid", None) if oid: token_payload["oid"] = oid sub = kwargs.get("sub", None) if sub: token_payload["sub"] = sub tid = kwargs.get("tid", None) if tid: token_payload["tid"] = tid unique_name = kwargs.get("unique_name", None) if unique_name: token_payload["unique_name"] = unique_name upn = kwargs.get("upn", None) if upn: token_payload["upn"] = upn priv_key = RSA.importKey(service_private_pem) token = jwt.generate_jwt(token_payload, priv_key, 'RS256', exp) return token
def dashboard_get_logic(self, request, validated_GET_rqst_params, response_raw_data, rqst_errors): payload = { 'dashboard': 199534, 'organization': 32342, 'env': { "MYVAR": 42 } } token = jwt.generate_jwt(payload, settings.CHARTIO_ORG_SECRET, 'HS256', datetime.timedelta(days=1)) iframe_src_url = '%s/%s' % (settings.CHARTIO_BASE_URL, token) response_raw_data['iframe_url'] = iframe_src_url
def token(request): data = JSONParser().parse(request) token_serializer = TokenRequestSerializer(data=data) if not token_serializer.is_valid(): return Response(status=status.HTTP_400_BAD_REQUEST) email = token_serializer.validated_data['email'] password = token_serializer.validated_data['password'] if User.objects.filter(username=email).exists(): user = authenticate(username=email, password=password) if user is None: return Response(status=status.HTTP_401_UNAUTHORIZED) else: if user.is_active: # assign claims claims = {} claim_set = UserClaim.objects.filter(email=email) for claim in claim_set: claims[claim.claim_name] = claim.claim_value claims['email'] = email # Generate the JWT jwt = generate_jwt(claims, settings.HMAC_SECRET, 'HS512', datetime.timedelta(days=365)) response_data = {'token':jwt} return JsonResponse(response_data, status=status.HTTP_201_CREATED) else: return Response(status=status.HTTP_202_ACCEPTED) else: user = User.objects.create_user(username=email, email=email, password=password) user.is_active = False user.save() # Generate the verification key and email rng = random.SystemRandom() key = rng.randint(1000000, 2000000000) user_verification = UserVerification(email=email, validation_key=key) user_verification.save() VerificationEmail.send(email, key) # Store any registration claims if 'claims' in token_serializer.validated_data.keys(): claims = token_serializer.validated_data['claims'] for claim_name in claims: user_claim = UserClaim(email=email, claim_name=claim_name, claim_value=claims[claim_name]) user_claim.save() return Response(status=status.HTTP_202_ACCEPTED)
def generateToken(userid, userPassword): priv_pem=getUserPrivatekey(userid) if priv_pem is None: print "Error in get user private pem." return None payload = { 'userid': userid, 'password': userPassword } priv_key = RSA.importKey(priv_pem) if priv_key is None: print "Error in generate user private key." return None token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5)) if updateUserToken(userid,token): return token else: print "Error in store user token." return None
def get_token(user, code, **kwargs): aud = None exp = None family_name = None given_name = None token_payload = { "aud": aud, "exp": exp, "family_name": family_name, "given_name": given_name, "ver": "1.0" } service_private_pem = kwargs.get("service_private_pem") if not service_private_pem: raise SystemError("service_private_pem is not defined") priv_key = RSA.importKey(service_private_pem) token = jwt.generate_jwt(token_payload, priv_key, 'RS256', datetime.timedelta(minutes=5)) return token
def retrieve_token(request): """Retrieve a token with the one time code @method: GET @params: - GET: code: the one time code - GET: r: the calling app @returns - JSON Web Token """ # Is the caller allowed to use us? referer = request.referer verify_caller(request, referer) # is there a JWT in the headers? if so - we need to unpack it # and augment ito # is the code valid? try: claims = verify_token(request) except: # no existing token... claims = None code = request.matchdict.get('code') if code == None: log.error("%s: No code supplied. Raising HTTPUnauthorized" % request.client_addr) raise HTTPUnauthorized log.info("%s: Retrieve token for '%s'" % (request.client_addr, code)) # grab a handle to the database db = mdb(request) # use the code to lookup the token doc = db.code.find_one({ 'code': code }) if doc is None: # no document found for code log.info("%s: Code: %s not found. Raising Unauthorized" % (request.client_addr, code)) raise HTTPUnauthorized # delete the code log.info("%s: Found token. Removing OTC" % request.client_addr) db.code.remove({ 'code': code }) # use the token to get the user data token = doc['token'] doc = db.session.find_one({ 'token': token }) if doc is None: # no document found for token log.info("%s: Couldn't find session for token. Raising Unauthorized." % request.client_addr) raise HTTPUnauthorised # load the pub and private keys path = os.path.dirname(request.registry.settings.get('app.config')) config = request.registry.app_config['general'] f = open(os.path.join(path, config['jwt.priv']), 'r') private_key = f.read() f.close() private_key = RSA.importKey(private_key) #print dir(private_key) admins = get_app_admins(request, referer) is_admin = False if doc['groups'] is not None: for g in doc['groups']: if g in admins: is_admin = True apps = {} if claims is not None: apps = claims['apps'] apps[referer] = { 'admin': is_admin } user = { 'name': doc['fullname'], 'email': doc['email'], 'token': doc['token'], 'groups': doc['groups'] } user_data = { 'user': user, 'apps': apps } # generate the jwt session_lifetime = int(request.registry.app_config['general']['session.lifetime']) log.info("%s: Creating JWT for '%s'." % (request.client_addr, user_data['user']['name'])) token = jwt.generate_jwt(user_data, private_key, 'PS256', timedelta(seconds=session_lifetime)) log.info("%s: Returning JWT." % request.client_addr) return token
def get(self, id): # This grabs the Chart ID from URL try: dashboardID = id.split("/")[0] except: dashboardID = id # This grabs the iFrame height from URL try: height = str(id.split("/")[1]) + "px" if height == "px": height = "100%" except: height = "100%" # This grabs the iFrame width from URL try: width = str(id.split("/")[2]) + "px" if width == "px": width = "100%" except: width = "100%" # Here is the important info for the Chart.io payload ORGANIZATION_SECRET = Info.query().fetch()[0].secret BASE_URL = 'https://embed.chartio.com/d/' BASE_URL = BASE_URL + str(dashboardID) payload = { 'dashboard': int(dashboardID), 'organization': 14483, 'env': { "MYVAR": 42 } } token = jwt.generate_jwt(payload, ORGANIZATION_SECRET, 'HS256', datetime.timedelta(days=1)) iFrameURL = '<iframe id="dashboard" src="%s/%s"></iframe>' % (BASE_URL, token) # This handles user authentication by checking for @optimizely.com user = users.get_current_user() if user: url = users.create_login_url(self.request.uri) email = user.nickname() else: url = users.create_login_url(self.request.uri) email = "none" template_values = { 'iFrameURL': iFrameURL, 'dashboardID': dashboardID, 'url': url, 'email': email, 'height': height, 'width': width, } # This will handle the redirect to the login if a user isn't logged in with an @optimizely.com email try: user.nickname().index('@optimizely.com') except: template = JINJA_ENVIRONMENT.get_template('login.html') self.response.write(template.render(template_values)) else: template = JINJA_ENVIRONMENT.get_template('dashboard.html') self.response.write(template.render(template_values))
def topic(self): """ Generate token """ return jwt.generate_jwt(payload, pub_pem, 'HS256', timedelta(seconds=60))
def f(_): """ Generate token """ privk = priv_keys[alg].get("default", priv_key) jwt.generate_jwt(payload, privk, alg, timedelta(seconds=5))
def topic(self): """ Generate token """ return jwt.generate_jwt(payload, key, alg, timedelta(seconds=60))
def topic(self): """ Generate the token """ return jwt.generate_jwt(payload, generated_key, 'RS256', timedelta(seconds=10))
def f(_): """ Generate token """ privk = priv_keys[alg].get('default', priv_key) jwt.generate_jwt(payload, privk, alg, timedelta(seconds=5))