def finish_password_change(self, token, stretchpwd, wrapkb):
body = {
"authPW": hexstr(derive_key(stretchpwd, "authPW")),
"wrapKb": hexstr(wrapkb),
}
auth = HawkTokenAuth(token, "passwordChangeToken", self.apiclient)
self.apiclient.post("/password/change/finish", body, auth=auth)
def finish_password_change(self, token, stretchpwd, wrapkb):
body = {
"authPW": hexstr(derive_key(stretchpwd, "authPW")),
"wrapKb": hexstr(wrapkb),
}
auth = HawkTokenAuth(token, "passwordChangeToken", self.apiclient)
self.apiclient.post("/password/change/finish", body, auth=auth)
def create_account(self, email, password=None, stretchpwd=None, **kwds):
keys = kwds.pop("keys", False)
stretchpwd = self._get_stretched_password(email, password, stretchpwd)
body = {
"email": email,
"authPW": hexstr(derive_key(stretchpwd, "authPW")),
}
EXTRA_KEYS = ("service", "redirectTo", "resume", "preVerifyToken",
"preVerified")
for extra in kwds:
if extra in EXTRA_KEYS:
body[extra] = kwds[extra]
else:
msg = "Unexpected keyword argument: {0}".format(extra)
raise TypeError(msg)
url = "/account/create"
if keys:
url += "?keys=true"
resp = self.apiclient.post(url, body)
# XXX TODO: somehow sanity-check the schema on this endpoint
return Session(
client=self,
email=email,
stretchpwd=stretchpwd,
uid=resp["uid"],
token=resp["sessionToken"],
key_fetch_token=resp.get("keyFetchToken"),
verified=False,
auth_timestamp=resp["authAt"],
)
def login(self,
email,
password=None,
stretchpwd=None,
keys=False,
unblock_code=None):
stretchpwd = self._get_stretched_password(email, password, stretchpwd)
body = {
"email": email,
"authPW": hexstr(derive_key(stretchpwd, "authPW")),
}
url = "/account/login"
if keys:
url += "?keys=true"
if unblock_code:
body["unblockCode"] = unblock_code
resp = self.apiclient.post(url, body)
# XXX TODO: somehow sanity-check the schema on this endpoint
return Session(
client=self,
email=email,
stretchpwd=stretchpwd,
uid=resp["uid"],
token=resp["sessionToken"],
key_fetch_token=resp.get("keyFetchToken"),
verified=resp["verified"],
verificationMethod=resp.get("verificationMethod"),
auth_timestamp=resp["authAt"],
)
def login(self, email, password=None, stretchpwd=None, keys=False, unblock_code=None):
stretchpwd = self._get_stretched_password(email, password, stretchpwd)
body = {
"email": email,
"authPW": hexstr(derive_key(stretchpwd, "authPW")),
}
url = "/account/login"
if keys:
url += "?keys=true"
if unblock_code:
body["unblockCode"] = unblock_code
resp = self.apiclient.post(url, body)
# XXX TODO: somehow sanity-check the schema on this endpoint
return Session(
client=self,
email=email,
stretchpwd=stretchpwd,
uid=resp["uid"],
token=resp["sessionToken"],
key_fetch_token=resp.get("keyFetchToken"),
verified=resp["verified"],
verificationMethod=resp.get("verificationMethod"),
auth_timestamp=resp["authAt"],
)
def create_account(self, email, password=None, stretchpwd=None, **kwds):
keys = kwds.pop("keys", False)
stretchpwd = self._get_stretched_password(email, password, stretchpwd)
body = {
"email": email,
"authPW": hexstr(derive_key(stretchpwd, "authPW")),
}
EXTRA_KEYS = ("service", "redirectTo", "resume", "preVerifyToken",
"preVerified")
for extra in kwds:
if extra in EXTRA_KEYS:
body[extra] = kwds[extra]
else:
msg = "Unexpected keyword argument: {0}".format(extra)
raise TypeError(msg)
url = "/account/create"
if keys:
url += "?keys=true"
resp = self.apiclient.post(url, body)
# XXX TODO: somehow sanity-check the schema on this endpoint
return Session(
client=self,
email=email,
stretchpwd=stretchpwd,
uid=resp["uid"],
token=resp["sessionToken"],
key_fetch_token=resp.get("keyFetchToken"),
verified=False,
auth_timestamp=resp["authAt"],
)
def reset_account(self, email, token, password=None, stretchpwd=None):
stretchpwd = self._get_stretched_password(email, password, stretchpwd)
body = {
"authPW": hexstr(derive_key(stretchpwd, "authPW")),
}
url = "/account/reset"
auth = HawkTokenAuth(token, "accountResetToken", self.apiclient)
self.apiclient.post(url, body, auth=auth)
def destroy_account(self, email, password=None, stretchpwd=None):
stretchpwd = self._get_stretched_password(email, password, stretchpwd)
body = {
"email": email,
"authPW": hexstr(derive_key(stretchpwd, "authPW")),
}
url = "/account/destroy"
self.apiclient.post(url, body)
def reset_account(self, email, token, password=None, stretchpwd=None):
stretchpwd = self._get_stretched_password(email, password, stretchpwd)
body = {
"authPW": hexstr(derive_key(stretchpwd, "authPW")),
}
url = "/account/reset"
auth = HawkTokenAuth(token, "accountResetToken", self.apiclient)
self.apiclient.post(url, body, auth=auth)
def destroy_account(self, email, password=None, stretchpwd=None):
stretchpwd = self._get_stretched_password(email, password, stretchpwd)
body = {
"email": email,
"authPW": hexstr(derive_key(stretchpwd, "authPW")),
}
url = "/account/destroy"
self.apiclient.post(url, body)
def start_password_change(self, email, stretchpwd):
body = {
"email": email,
"oldAuthPW": hexstr(derive_key(stretchpwd, "authPW")),
}
return self.apiclient.post("/password/change/start", body)
def start_password_change(self, email, stretchpwd):
body = {
"email": email,
"oldAuthPW": hexstr(derive_key(stretchpwd, "authPW")),
}
return self.apiclient.post("/password/change/start", body)
