def _new_sid(req):
"""
Make a number based on current time, pid, remote ip
and two random ints, then hash with md5. This should
be fairly unique and very difficult to guess.
@param req: the mod_python request object.
@type req: mod_python request object.
@return: the session identifier.
@rtype: 32 hexadecimal string
@warning: The current implementation of _new_sid returns an
md5 hexdigest string. To avoid a possible directory traversal
attack in FileSession the sid is validated using
the _check_sid() method and the compiled regex
validate_sid_re. The sid will be accepted only if len(sid) == 32
and it only contains the characters 0-9 and a-f.
If you change this implementation of _new_sid, make sure to also
change the validation scheme, as well as the test_Session_illegal_sid()
unit test in test/test.py.
"""
return uuid4().hex
the_time = long(time.time() * 10000)
pid = os.getpid()
random_generator = _get_generator()
rnd1 = random_generator.randint(0, 999999999)
rnd2 = random_generator.randint(0, 999999999)
remote_ip = req.remote_ip
return md5("%d%d%d%d%s" %
(the_time, pid, rnd1, rnd2, remote_ip)).hexdigest()
def get_search_query_id(**kwargs):
"""
Returns unique query indentifier.
"""
p = kwargs.get('p', '').strip()
f = kwargs.get('f', '')
cc = kwargs.get('cc', '')
wl = kwargs.get('wl', '')
return md5(repr((p, f, cc, wl))).hexdigest()
def auto_version_url(file_path):
""" Appends modification time of the file to the request URL in order for the
browser to refresh the cache when file changes
@param file_path: path to the file, e.g js/foo.js
@return: file_path with modification time appended to URL
"""
file_md5 = ""
try:
file_md5 = md5(open(CFG_WEBDIR + os.sep +
file_path).read()).hexdigest()
except IOError:
pass
return file_path + "?%s" % file_md5
def make_cache_key(custom_kbs_files=None):
"""Create cache key for kbs caches instances
This function generates a unique key for a given set of arguments.
The files dictionary is transformed like this:
{'journal': '/var/journal.kb', 'books': '/var/books.kb'}
to
"journal=/var/journal.kb;books=/var/books.kb"
Then _inspire is appended if we are an INSPIRE site.
"""
if custom_kbs_files:
serialized_args = ('%s=%s' % v for v in custom_kbs_files.iteritems())
serialized_args = ';'.join(serialized_args)
else:
serialized_args = "default"
cache_key = md5(serialized_args).digest()
return cache_key
def mail_cookie_create_common(kind,
params,
cookie_timeout=timedelta(days=1),
onetime=False):
"""Create a unique url to be sent via email to access this authorization
@param kind: kind of authorization (e.g. 'pw_reset', 'mail_activation', 'role')
@param params: whatever parameters are needed
@param cookie_timeout: for how long the url will be valid
@param onetime: whetever to remove the cookie after it has used.
"""
assert (kind in _authorizations_kind)
expiration = datetime.today() + cookie_timeout
data = (kind, params, expiration, onetime)
password = md5(str(random())).hexdigest()
cookie_id = run_sql(
'INSERT INTO accMAILCOOKIE (data,expiration,kind,onetime) VALUES '
'(AES_ENCRYPT(%s, %s),%s,%s,%s)',
(dumps(data), password, expiration.strftime(_datetime_format), kind,
onetime))
cookie = password[:16] + hex(cookie_id)[2:-1] + password[-16:]
return cookie
def hash(self, password):
if db.engine.name != 'mysql':
return md5(password).digest()
email = self.__clause_element__().table.columns.email
return db.func.aes_encrypt(email, password)
def test_md5(self):
self.assertEqual(
md5('').hexdigest(), 'd41d8cd98f00b204e9800998ecf8427e')
self.assertEqual(
md5('test').hexdigest(), '098f6bcd4621d373cade4e832627b4f6')
if identifier:
rec_id = search_pattern(p=identifier, f=matching, m='e')
if not rec_id:
errors.append((docfile, err_desc[2]))
continue
elif len(rec_id) > 1:
errors.append((docfile, err_desc[1]))
continue
else:
rec_id = str(list(rec_id)[0])
rec_info = BibRecDocs(rec_id)
if rec_info.bibdocs:
for bibdoc in rec_info.bibdocs:
attached_files = bibdoc.list_all_files()
file_md5 = md5(
open(os.path.join(folder, docfile),
"rb").read()).hexdigest()
num_errors = len(errors)
for attached_file in attached_files:
if attached_file.checksum == file_md5:
errors.append((docfile, err_desc[3]))
break
elif attached_file.get_full_name() == docfile:
errors.append((docfile, err_desc[4]))
break
if len(errors) > num_errors:
continue
# Check if user has rights to upload file
if req is not None:
file_collection = guess_collection_of_a_record(int(rec_id))
auth_code, auth_message = acc_authorize_action(
def _get_record_hash(link):
"""
Generate a record hash including CFG_SITE_URL so that
if CFG_SITE_URL is updated, the QR-code image is invalidated.
"""
return md5(link).hexdigest()[:8].lower()
