def generate_user_auth_token(nick, password, timeout=(14 * 24 * 60 * 60)): """ Generates a user authentication token and stores it in the database for later retrieval. Why store tokens in the database? Because GAE flushes memcache quite aggressively and this was causing users to be logged out much more frequently than was acceptable. """ # Clear cache of expired tokens purge_expired_user_auth_token_keys() token = util.hash_generic(util.generate_uuid()) key = generate_user_auth_token_key(nick, token) # Set an expiration date to enable us to purge old, inactive # sessions from the database. Cookie expiration dates are what # actually govern how long sessions last. expire_date = (api.utcnow() + datetime.timedelta(seconds=timeout)) session = Session(key_name=key, session_data=db.Blob(password.encode("utf-8")), expire_date=expire_date) session.put() return token
def test_login_reset(self): r = self.client.post( "/login/forgot", {"_nonce": util.create_nonce(None, "login_forgot"), "login_forgot": "", "nick_or_email": "popular"}, ) email = api.email_get_actor(api.ROOT, "popular") activation_ref = api.activation_get(api.ROOT, email, "password_lost", email) self.assert_(activation_ref) hash = util.hash_generic(activation_ref.code) r = self.client.get("/login/reset", {"email": email, "hash": hash}) self.assertContains(r, "Your password has been reset") # once it's used, the activation link cannot be used again r = self.client.get("/login/reset", {"email": email, "hash": hash}) self.assertRedirectsPrefix(r, "/error", target_status_code=200)
def test_login_reset(self): r = self.client.post( '/login/forgot', { '_nonce': util.create_nonce(None, 'login_forgot'), 'login_forgot': '', 'nick_or_email': 'popular', }) email = api.email_get_actor(api.ROOT, 'popular') activation_ref = api.activation_get(api.ROOT, email, 'password_lost', email) self.assert_(activation_ref) hash = util.hash_generic(activation_ref.code) r = self.client.get('/login/reset', {'email': email, 'hash': hash}) self.assertContains(r, 'Your password has been reset') # once it's used, the activation link cannot be used again r = self.client.get('/login/reset', {'email': email, 'hash': hash}) self.assertRedirectsPrefix(r, '/error', target_status_code=200)
def test_login_reset(self): r = self.client.post('/login/forgot', { '_nonce': util.create_nonce(None, 'login_forgot'), 'login_forgot' : '', 'nick_or_email' : 'popular', }) email = api.email_get_actor(api.ROOT, 'popular') activation_ref = api.activation_get(api.ROOT, email, 'password_lost', email) self.assert_(activation_ref) hash = util.hash_generic(activation_ref.code) r = self.client.get('/login/reset', {'email' : email, 'hash' : hash}) self.assertContains(r, 'Your password has been reset') # once it's used, the activation link cannot be used again r = self.client.get('/login/reset', {'email' : email, 'hash' : hash}) self.assertRedirectsPrefix(r, '/error', target_status_code=200)
def generate_user_auth_token(nick, password, timeout=(14 * 24 * 60 * 60)): token = util.hash_generic(util.generate_uuid()) cache.set("user_auth_token/%s/%s" % (nick, token), password, timeout) return token