def _process(self):
if self.verification_email_sent and 'token' in request.args:
email = secure_serializer.loads(request.args['token'], max_age=3600, salt='link-identity-email')
if email not in self.emails:
raise BadData('Emails do not match')
session['login_identity_info']['email_verified'] = True
session.modified = True
flash(_('You have successfully validated your email address and can now proceed with the login.'),
'success')
return redirect(url_for('.link_account', provider=self.identity_info['provider']))
if self.must_choose_email:
form = SelectEmailForm()
form.email.choices = list(zip(self.emails, self.emails))
else:
form = IndicoForm()
if form.validate_on_submit():
if self.email_verified:
return self._create_identity()
elif not self.verification_email_sent:
return self._send_confirmation(form.email.data if self.must_choose_email else self.emails[0])
else:
flash(_('The validation email has already been sent.'), 'warning')
return WPAuth.render_template('link_identity.html', identity_info=self.identity_info, user=self.user,
email_sent=self.verification_email_sent, emails=' / '.join(self.emails),
form=form, must_choose_email=self.must_choose_email)
def test_it_is_invalid_with_invalid_user_token(self, schema, serializer):
serializer.loads.side_effect = BadData("Invalid token")
with pytest.raises(colander.Invalid) as exc:
schema.deserialize({"user": "******", "password": "******"})
assert "user" in exc.value.asdict()
assert "Wrong reset code." in exc.value.asdict()["user"]
def _process(self):
if 'token' in request.args:
identity_id = secure_serializer.loads(request.args['token'], max_age=3600, salt='reset-password')
identity = Identity.get(identity_id)
if not identity:
raise BadData('Identity does not exist')
return self._reset_password(identity)
else:
return self._request_token()
def verify_public_key(token):
'''Attempt to validate a public key.'''
t = TimedToken(
secret_key=current_app.config['SECRET_KEY'],
expires_in=current_app.config.get('TOKEN_DURATION', 3600)
)
try:
data = t.loads(token)
except (BadSignature, SignatureExpired):
# Don't give away more information than needed
# Just say, "You gave me a bad public key."
raise BadData("Invalid public key.")
else:
return Member.query.get(data['id'])
def verify_hmac(hmac, public_key, payload):
'''Attempt to verify a payload sent by a client. Client payloads are
encrypted with their private key and timed to prevent replay.
'''
member = verify_public_key(public_key)
if not member:
# Don't give away more information than needed
# Just say, "You didn't give us a valid public key."
raise BadData("Invalid public key.")
private_key = PrivateKey(member.id)
payload = organize_payload(payload)
t = TimedToken(
secret_key=private_key,
expires_in=current_app.config.get('HMAC_DURATION', 5)
)
return t.loads(hmac) == payload
def loads(self, token, max_age=0, return_timestamp=False):
raise BadData("Invalid token")
def loads(data):
if data[:3] != 'FK:':
raise BadData('Not a fake token')
else:
return json.loads(data[3:])
