def _get_csrf_token(user=None, expires=None):
user = user or flask.session.get('user', flask.request.remote_addr)
expires = expires or int(time.time()) + 60 * 60 * 24
expires_bytes = struct.pack('<I', expires)
msg = utils.to_bytes('%s:' % user) + expires_bytes
key = utils.to_bytes(app.config.get('SECRET_KEY'))
sig = hmac.new(key, msg, hashlib.sha256).digest()
return expires_bytes + sig
def get_token(self, token_type='pwreset', expires=None):
"""Generate a user-specific token."""
expires = expires or int(time.time()) + 7200 # 2 hours
token_plain = '%d:%d:%s:%s' % (self.uid, expires, token_type,
self.pwhash)
mac = hmac.new(utils.to_bytes(app.config.get('SECRET_KEY')),
utils.to_bytes(token_plain), hashlib.sha1).digest()
token = utils.to_bytes('%d:' % expires) + mac
return base64.urlsafe_b64encode(token)
def get_token(self, token_type='pwreset', expires=None):
"""Generate a user-specific token."""
expires = expires or int(time.time()) + 7200 # 2 hours
token_plain = '%d:%d:%s:%s' % (
self.uid, expires, token_type, self.pwhash)
mac = hmac.new(
utils.to_bytes(app.config.get('SECRET_KEY')),
utils.to_bytes(token_plain),
hashlib.sha1).digest()
token = utils.to_bytes('%d:' % expires) + mac
return base64.urlsafe_b64encode(token)
def new_loads(data, *args, **kwargs):
try:
prefix = utils.to_bytes(")]}',\n")
if data.startswith(prefix):
data = data[len(prefix):]
return json.loads(data, *args, **kwargs)
except Exception as exc:
logging.exception('JSON monkeypatch failed: %s', exc)
def new_loads(data, *args, **kwargs):
try:
prefix = utils.to_bytes(")]}',\n")
if data.startswith(prefix):
data = data[len(prefix):]
return json.loads(data, *args, **kwargs)
except Exception as exc:
logging.exception('JSON monkeypatch failed: %s', exc)
def verify_token(self, token, token_type='pwreset'):
"""Verify a user-specific token."""
token = utils.to_bytes(token)
try:
decoded = base64.urlsafe_b64decode(token)
expires, mac = decoded.split(b':', 1)
except ValueError:
raise errors.ValidationError('Invalid token.')
if float(expires) < time.time():
raise errors.ValidationError('Expired token.')
expected = self.get_token(token_type=token_type, expires=int(expires))
if not utils.compare_digest(expected, token):
raise errors.ValidationError('Invalid token.')
return True
def verify_token(self, token, token_type='pwreset'):
"""Verify a user-specific token."""
token = utils.to_bytes(token)
try:
decoded = base64.urlsafe_b64decode(token)
expires, mac = decoded.split(b':', 1)
except ValueError:
raise errors.ValidationError('Invalid token.')
if float(expires) < time.time():
raise errors.ValidationError('Expired token.')
expected = self.get_token(token_type=token_type, expires=int(expires))
if not utils.compare_digest(expected, token):
raise errors.ValidationError('Invalid token.')
return True
def code(self):
secret_key = (app.config.get('TEAM_SECRET_KEY')
or app.config.get('SECRET_KEY'))
return hmac.new(utils.to_bytes(secret_key),
self.name.encode('utf-8')).hexdigest()[:12]
def _decode(buf):
buf = utils.to_bytes(buf)
return base64.b32decode(buf, casefold=True, map01='I')
def _decode(buf):
buf = utils.to_bytes(buf)
return base64.b32decode(buf, casefold=True, map01='I')
def code(self):
secret_key = (app.config.get('TEAM_SECRET_KEY') or
app.config.get('SECRET_KEY'))
return hmac.new(utils.to_bytes(secret_key),
self.name.encode('utf-8')).hexdigest()[:12]
def get_csrf_token(*args, **kwargs):
"""Returns a URL-safe base64 CSRF token."""
return base64.b64encode(utils.to_bytes(_get_csrf_token(*args, **kwargs)),
b64_vals).decode('utf-8')
import base64
import binascii
import flask
import functools
import hashlib
import hmac
import jinja2
import struct
import time
from scoreboard import main
from scoreboard import utils
app = main.get_app()
b64_vals = utils.to_bytes('_-')
def _get_csrf_token(user=None, expires=None):
user = user or flask.session.get('user', flask.request.remote_addr)
expires = expires or int(time.time()) + 60 * 60 * 24
expires_bytes = struct.pack('<I', expires)
msg = utils.to_bytes('%s:' % user) + expires_bytes
key = utils.to_bytes(app.config.get('SECRET_KEY'))
sig = hmac.new(key, msg, hashlib.sha256).digest()
return expires_bytes + sig
def get_csrf_token(*args, **kwargs):
"""Returns a URL-safe base64 CSRF token."""
return base64.b64encode(utils.to_bytes(_get_csrf_token(*args, **kwargs)),
