def reset_token(self):
'''Clear all existing authentication tokens for this :class:`User`.'''
self.token = b_encode(blake2b(b(dt.now()),
digest_size=48).digest()).decode()
return self.token
def _gen_password(self, password, salt_info=None):
if salt_info is None:
salt_info = self._get_salt()
iterations = SALT_VERSIONS[salt_info['version']]
key = pbkdf2_bin(password, salt_info['salt'],
iterations=iterations, keylen=32)
return b_encode(key)
def urlsafe_hmac_digest(key, msg, dt=None):
if not dt:
dt = datetime.now()
now = encode_id(int(mktime(dt.timetuple())))
r = hmac.new(key=key, msg=now + msg, digestmod=sha256)
result = b_encode(r.digest())[:-1]
assert len(result) == 43
return now + result
def _gen_password(self, password, salt_info=None):
if salt_info is None:
salt_info = self._get_salt()
iterations = SALT_VERSIONS[salt_info['version']]
key = pbkdf2_bin(password,
salt_info['salt'],
iterations=iterations,
keylen=32)
return b_encode(key)
def get_token(self):
'''Generate a new authentication token for this :class:`User`.'''
id = b(0)
if self.id is not None:
id = b(self.id)
token = make_hash(b(self.token), make_salt(env.auth_factor))
return b_encode(id + token).decode()
def encode_key(key):
# see github.com/pyca/bcrypt#maximum-password-length
return b_encode(blake2b(b(key), digest_size=48).digest())