def generate_token(user, operation, expire_in=None, **kwargs):
s = Serializer(current_app.config['SECRET_KEY'])
data = {'id': user.id, 'operation': operation}
data.update(**kwargs)
token = s.dumps(data)
print('generate', token)
return token
def get_authorization(user):
serializer = Serializer(secret_key=app.config['SECRET_KEY'],salt=config.SECURITY_PASSWORD_SALT)
authorization_code = "%s-%s" % (user.username,user.email)
authorization_code = serializer.dumps(authorization_code)
digester = hashlib.md5()
digester.update(authorization_code)
return digester.hexdigest()
def generate_auth_token(usuario,idCliente,key, expiration=600000000):
s = Serializer(key,expires_in=expiration)
usr =modelo.findUsuariobyNombreNcliente(idCliente,usuario)
if usr is None:
return
token=s.dumps({'idUsuario': usr.Usuarios.id_usuario, 'idCliente': usr.Clientes.id_cliente})
jsonLog = {"token": token}
return jsonLog
def generate_auth_token(self, expiration=604800):
"""
生成token,7天有效期
:param expiration:
:return:
"""
s = Serializer(config.SECRET_KEY, expiration)
return s.dumps({'id': self.id}).decode('utf-8')
def generate_token(self, expiration=600):
"""
生成token
:param expiration: 默认过期时间为600秒
:return:
"""
# 序列化器
s = Serializer(current_app.config['SECRET_KEY'], expiration)
return s.dumps({'id': self.id}).decode('utf-8')
def build_local_part(name, uid):
"""Build local part as 'name-uid-digest', ensuring length < 64."""
key = current_app.config["SECRET_KEY"]
serializer = Serializer(key)
signature = serializer.dumps(uid)
digest = md5(signature)
local_part = name + "+" + uid + "-" + digest
if len(local_part) > 64:
if (len(local_part) - len(digest) - 1) > 64:
# even without digest, it's too long
raise ValueError(
"Cannot build reply address: local part exceeds 64 characters"
)
local_part = local_part[:64]
return local_part
def build_local_part(name, uid):
"""Build local part as 'name-uid-digest', ensuring length < 64."""
tag = current_app.config["MAIL_ADDRESS_TAG_CHAR"]
key = current_app.config["SECRET_KEY"]
serializer = Serializer(key)
signature = serializer.dumps(uid)
digest = md5(signature)
local_part = name + tag + uid + "-" + digest
if len(local_part) > 64:
if (len(local_part) - len(digest) - 1) > 64:
# even without digest, it's too long
raise ValueError(
"Cannot build reply address: local part exceeds 64 "
"characters")
local_part = local_part[:64]
return local_part
def rest_login():
username = request.form['username']
password = request.form['password']
user = user_datastore.find_user(username=username)
if user is not None and utils.verify_password(password,user.password):
session['current_active_user'] = user
session['rest_user'] = {'user':user,'authorization':None}
serializer = Serializer(secret_key=app.config['SECRET_KEY'],salt=config.SECURITY_PASSWORD_SALT)
authorization_code = "%s-%s" % (user.username,user.email)
authorization_code = serializer.dumps(authorization_code)
found_sites = UserSite.objects(user=user)
sites = []
for found in found_sites:
site = {'name':found.name,'url':found.url,'username':found.username,'password':found.password,'folder':found.folder
,'settings':{'favourite':found.settings['favourite'],'autologin':found.settings['autologin'],'autofill':found.settings['autofill']},
'id':str(found.id)}
if found.fields is not None and len(found.fields) > 0:
site['fields'] = []
for field in found.fields:
site['fields'].append({
'name':field['name'],
'value':field['value'],
'type':str(field['type']).lower()
})
else:
site['fields'] = []
site['fields'].append({'name':'username','type':'text','value':site['username']})
site['fields'].append({'name':'password','type':'text','value':site['password']})
sites.append(site)
digester = hashlib.md5()
digester.update(authorization_code)
authorization = digester.hexdigest()
account = {'name':user.name,'email':user.email,'username':user.username,'authorization':authorization}
response = Response(dumps({'success':True,'sites':sites,'account':account,'authorization':authorization}),status=200,mimetype='application/json')
response.headers['Authorization'] = digester.hexdigest()
session['rest_user']['authorization'] = digester.hexdigest()
response.set_cookie('authorization',value=digester.hexdigest(),expires=False)
return response
else:
return flask.jsonify({'success':False})
def A():
a = Serializer('mima')
token_a = a.dumps('test')
print(token_a)
b = Serializer('mima')
c = b.loads(token_a)
print(c)
roles_permissions_map = {
'Locked': ['FOLLOW', 'COLLECT'],
'User': ['FOLLOW', 'COLLECT','COMMENT','UPLOAD'],
'Moderator':['FOLLOW','COLLECT','COMMENT','UPLOAD','MODERATE'],
'Administrator':['FOLLOW','COLLECT','COMMENT','UPLOAD','MODERATE','ADMINISTER']
}
for key, value in roles_permissions_map.items():
print(key,value)
def build_local_part(name, uid):
"""
Build local part as 'name-uid-digest', ensuring length < 64.
"""
tag = current_app.config['MAIL_ADDRESS_TAG_CHAR']
key = current_app.config['SECRET_KEY']
serializer = Serializer(key)
signature = serializer.dumps(uid)
digest = hashlib.md5(signature).digest()
digest = base64.b32encode(digest).split('=', 1)[0] # remove base32 padding
# digest = unicode(digest)
local_part = name + tag + uid + u'-' + digest
if len(local_part) > 64:
if (len(local_part) - len(digest) - 1) > 64:
# even without digest, it's too long
raise ValueError(
'Cannot build reply address: local part exceeds 64 '
'characters')
local_part = local_part[:64]
return local_part
def post(self, request):
"""
solve the request data
:param request:
:return:
"""
username = request.POST.get('user_name')
password = request.POST.get('pwd')
email = request.POST.get('email')
allow = request.POST.get('allow')
if not all([username, password, email]):
return render(request, 'register.html', {'errmsg': '数据不完整'})
# 校验邮箱
if not re.match(r'^[a-z0-9][\w.\-]*@[a-z0-9\-]+(\.[a-z]{2,5}){1,2}$', email):
return render(request, 'register.html', {'errmsg': '邮箱格式不正确'})
if allow != 'on':
return render(request, 'register.html', {'errmsg': '请同意协议'})
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = None
if user:
return render(request, 'register.html', {'errmsg': 'the user has be registered'})
# really register
user = User.objects.create_user(username, email, password)
user.is_active = 0
user.save()
serializer = Serializer(settings.SECRET_KEY, 3600)
info = {'confirm': user.id}
token = serializer.dumps(info)
token = token.decode()
send_register_active_email.delay(email, username, token)
# todo redirect index
return HttpResponse(b'ok', content_type='text/html')
def post(self, request):
# 接收数据
username = request.POST.get('user_name')
password = request.POST.get('pwd')
email = request.POST.get('email')
# 进行数据校验
if not all([username, password, email]):
return render(request, 'user/register.html', {'errmsg': '数据不完整更'})
# 校验邮箱
if not re.match(r'^[a-z0-9][\w.\-]*@[a-z0-9\-]+(\.[a-z]{2,5}){1,2}$',
email):
return render(request, 'user/register.html', {'errmsg': '邮箱格式不正确'})
# 校验是否存在用户
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = None
if user:
return render(request, 'user/register.html', {'errmsg': '用户已存在'})
# 业务处理
user = User.objects.create_user(username, email, password)
user.is_active = 1
user.save()
# 注册成功需要通过邮箱返回激活链接
# 使用itsdangerous生成激活的token信息
seeializer = Serializer(settings.SECRET_KEY, 3600)
info = {'confirm': user.id}
# 进行加密
token = seeializer.dumps(info)
# 转换类型
token = token.decode()
# 组织邮件内容
send_mail_register(email, username, token)
# 返回应答
return redirect(reverse('goods:index'))
def generate_email_change_token(self, new_email):
s = Serializer(current_app.config['SECRET_KEY'])
return s.dumps({
'change_email': self.id,
'new_email': new_email
}).decode('utf-8')
def generate_auth_token(self):
s = Serializer(app.config['SECRET_KEY'])
return s.dumps({'id': self.id})
def generate_auth_token(self, expiration):
"""使用编码后的用户id
字段值生成一个签名令牌,还指定了以秒
为单位的过期时间"""
s = Serializer(current_app.config['SECRET_KEY'], expires_in=expiration)
return s.dumps('id', 'self.id')
def generate_auth_token(self, expiration):
s = Serializer(current_app.config['SECRET_KEY'], expires_in=expiration)
return s.dumps({'id': self.id}).decode('utf-8')
def generate_token(self, expire=600):
secret_key = current_app.config.get('SECRET_KEY')
s = Serializer(secret_key, str(expire))
temp = s.dumps({'id': self.id})
return temp
def gen_token(uid, expiration=30 * 24 * 60 * 60):
s = Serializer(SERECT_KEY, expires_in=expiration)
return s.dumps({'id': uid})
def generate_email_change_token(self, new_email, expiration=3600):
"""Generate an email change token to email an existing user."""
s = Serializer(current_app.config['SECRET_KEY'], expiration)
return s.dumps({'change_email': self.id, 'new_email': new_email})
def main():
"""Primary CLI application logic."""
try:
opts, args = getopt.getopt(sys.argv[1:], "h:v", ["help",
"dservers=",
"dqueue=",
"secret=",
"bserver=",
"hserver=",
"rserver=",
"rchannel=",
"bfiltername=",
"hllname=",
"mode=",
"sleep="])
except getopt.GetoptError as err:
print(str(err))
usage()
sys.exit()
modes = ("generate", "listen", "check", "adaptive", "initialize", "subscriber")
# set defaults
mode = None
dservers = "localhost:7712,localhost:7711"
dqueue = "objbomber"
secret = "coolsecretbro"
bserver = "localhost:8673"
hserver = "localhost:4553"
rserver = "localhost:6379"
rchannel = "objbomber"
bfiltername = "objbomber"
hllname = "objbomber"
sleep = None
userhomedir = os.path.expanduser("~")
# flippin' switches...
for o, a in opts:
if o in ("-h", "--help"):
usage()
sys.exit()
elif o in ("--dservers"):
dservers = a
elif o in ("--queue"):
dqueue = [a]
elif o in ("--secret"):
secret = a
elif o in ("--bserver"):
bserver = a
elif o in ("--hserver"):
hserver = a
elif o in ("--rserver"):
rserver = a
elif o in ("--rchannel"):
rchannel = a
elif o in ("--bfiltername"):
bfiltername = a
elif o in ("--hllname"):
hllname = a
elif o in ("--mode"):
if a in modes:
mode = a
else:
usage()
sys.exit()
elif o in ("--listen"):
mode_listen = True
elif o in ("--check"):
mode_check = True
elif o in ("--sleep"):
sleep = int(a)
else:
assert False, "unhandled option"
checkdqueue = dqueue + ".check"
if sleep in (None, 0):
sleep = 0.0001
# mode must be set
if not mode:
usage()
sys.exit()
# Handler for the cryptographic signatures
# TODO: secret should be "secret" + a version number
s = Serializer(secret)
# config basics
datadir = userhomedir + "/.objbomber"
# prepare servers and queue lists
dservers = dservers.split(",")
bserver = [bserver]
hserver = hserver
# all modes use Disque
logging.info("Connecting to Disque...")
disque_client = Client(dservers)
disque_client.connect()
if mode in ("check", "listen"):
logging.info("Creating Bloomd Client...")
bloomd_client = BloomdClient(bserver)
bfilter = bloomd_client.create_filter(bfiltername)
# add pyhlld
logging.info("Creating HLLD Client... - not yet used")
hlld_client = HlldClient(hserver)
hll = hlld_client.create_set(hllname)
if mode in ("check", "listen", "generate", "subscriber"):
# add redis hll & pubsub
logging.info("Creating Redis Client...")
rhost, rport = rserver.split(":")
redd = redis.StrictRedis(host=rhost, port=rport, db=0)
redpubsub = redd.pubsub()
if mode in ("subscriber"):
redpubsub.subscribe(rchannel)
if mode in ("generate"):
# TODO: check on how well LevelDB handles
# multiple clients
db = leveldb.LevelDB(datadir + '/notary')
# special mode to handle our first run
# TODO: push into a function
# TODO: handle filesystem errors
# TODO: reconsider using Cement for all of this
# TODO: generate an instance GUID
if mode == "initialize":
UUID = uuid.uuid4()
logging.info("Our system UUID is now: %s" % UUID)
# TODO: save and load this uuid
# check to see if there is a ~/.objbomber directory, quit if there is
# TODO: this does not handle errors in initalization
logging.info("Checking for .objbomber in %s..." % userhomedir)
if os.path.exists(datadir):
logging.info("Already been initialized!")
# TODO: print some information about how to handle this
sys.exit()
# TODO: make one
os.mkdir(datadir, 0700)
# generate our RSA signing key
# TODO: make # of bits in key a flag
logging.info("Begining to create our notary key.")
logging.info("Reading from RNG.")
rng = Random.new().read
logging.info("Generating RSA key...")
privRSAkey = RSA.generate(4096, rng)
privPEM = privRSAkey.exportKey()
pubRSAkey = privRSAkey.publickey()
pubPEM = pubRSAkey.exportKey()
logging.info("Key generated.")
# save privkey to disk
with open(datadir + "/privkey.pem", "w") as keyfile:
keyfile.write(privPEM)
keyfile.close()
os.chmod(datadir + "/privkey.pem", 0700)
logging.info("Unencrypted RSA key written to disk.")
# save the pubkey
with open(datadir + "/pubkey.pem", "w") as keyfile:
keyfile.write(pubPEM)
keyfile.close()
logging.info("Public RSA key written to disk.")
logging.info("Creating crypto notary storage.")
leveldb.LevelDB(datadir + '/notary')
# we absolutely must quit here, or we will get stuck in
# an infinate loop
sys.exit()
# load our secret key (TODO: this is probably better as try/exc)
# and build our contexts
with open(datadir + "/privkey.pem", "r") as keyfile:
privRSAkey = RSA.importKey(keyfile.read())
while True:
# TODO: Adaptive Mode - this mode should peek the queues, and
# make a decision about where this thread can make the most
# impact on its own.
if mode == "adaptive":
# TODO: Do some queue peeking.
# TODO: Make some decisions about which mode to adapt to.
pass
# TODO: All modes should be placed into functions.
# Listen Mode - Listens to the queue, pulls out jobs,
# validates the signature, puts them in bloomd
if mode == "listen":
logging.info("Getting Jobs from Disque.")
jobs = disque_client.get_job([dqueue])
print("Got %d jobs." % len(jobs))
for queue_name, job_id, job in jobs:
logging.debug("Handling a job: %s" % job)
try:
job = s.loads(job)
logging.debug("Job Authenticated: %s" % job)
except:
logging.warning("Job did not pass authentication.")
disque_client.nack_job(job_id)
# add to bloom filter
try:
bfilter.add(job)
except:
logging.warning("Job was not added to bloomd.")
disque_client.nack_job(job_id)
try:
hllResponse = hll.add(job)
except:
logging.warning("Job was not added to hlld.")
disque_client.nack_job(job_id)
# TODO: add redis HLL support
# tell disque that this job has been processed
disque_client.ack_job(job_id)
# sign the check job
job = s.dumps(job)
# throw this message on the check queue
disque_client.add_job(checkdqueue, job)
elif mode == "check":
# TODO
# Check the secondary disque queue for checks
# Ask the bloom filter if they have seen this
logging.info("Getting Jobs from Disque.")
jobs = disque_client.get_job([checkdqueue])
for queue_name, job_id, job in jobs:
logging.debug("Checking: %s" % job)
try:
job = s.loads(job)
except:
disque_client.nack_job(job_id)
# we don't NACK on failed cache hits
if job in bfilter:
logging.info("Confirming: %s" % job)
else:
logging.info("Not found in bloom filter: %s" % job)
disque_client.ack_job(job_id)
elif mode == "generate":
# TODO - where will these messages come from?
# for now they will just be random numbers, but
# really we should make them objects to really be
# testing serialization
msg = [random.randint(1000, 1000000),
random.randint(1000, 1000000)]
# itsdangerous serialization & signing
msg = s.dumps(msg)
# Now that this message is serialized, we can sign it again with a
# public key.
# TODO: incorporate saving the signature into the notary records
msghash = SHA.new(msg)
signer = PKCS1_v1_5.new(privRSAkey)
signature = signer.sign(msghash)
assert signer.verify(msghash, signature)
record = {'message': msg, 'signature': signature}
record = pickle.dumps(record)
# send the job over to Disque
# TODO: add more command line flags for queuing
job_id = disque_client.add_job(dqueue, msg)
logging.debug("Added a job to Disque: %s" % msg)
# publish just the signature on redis pubsub
redd.publish(rchannel, signature)
# TODO: save the publication in the notary
# TODO: do more then just save the signatures
# TODO: add a GUID to the key
key = datetime.datetime.now().strftime("%Y-%m-%d-%H-%M-%S-%f")
db.Put(key, record)
# testing the results of leveldb's store, this is a test, and
# an expensive test
sig2 = db.Get(key)
sig2 = pickle.loads(sig2)['signature']
assert signer.verify(msghash, sig2)
elif mode == "subscriber":
msg = redpubsub.get_message()
# TODO: do something useful, like log
if msg:
print("got a message")
time.sleep(sleep)
def generate_auth_token(self) -> str:
serializer = Serializer(SECRET_KEY)
return serializer.dumps({'id': self.id}).decode("utf-8")
def get_reset_token(self, expires_sec=3600):
s = Serializer(current_app.config['SECRET_KEY'], expires_sec)
return s.dumps({'user_id': self.id}).decode('utf-8')
def generate_token_for(user,expiration=100):
if user == None: return None
serializer = Serializer(SECURITY_PASSWORD_SALT)
token = serializer.dumps({"username":str(user.username),'id':str(user.id)}).decode('utf-8')
return token
def generate_auth_token(self, expiration=600):
s = Serializer(secret_key, expires_in=expiration)
return s.dumps({'id': self.id})
def generate_confirmation_token(self, expiration=3600):
s = Serializer((current_app.config["SECRET_KEY"], expiration))
return s.dumps({"confirm": self.id})
def generate_password_reset_token(self, expiration=3600):
"""
Generate a password reset change token to email to an existing user.
"""
s = Serializer(current_app.config['SECRET_KEY'], expiration)
return s.dumps({'reset': self.id})
def generate_reset_token(self):
s = Serializer(current_app.config['SECRET_KEY'])
return s.dumps({'reset': self.id})
def generate_confirmation_token(self, expiration=3600):
s = Serializer(current_app.config['SECRET_KEY'], expiration)
return s.dumps({'confirm': self.id})
def generate_reset_token(self, expiration=600):
s = Serializer(current_app.config['SECRET_KEY'], expiration)
return s.dumps({'id': self.id})
def get_reset_token(self, expires_sec=1800):
s = Serializer(current_app.secret_key, expires_sec)
return s.dumps({'user_id': self.id}).decode("utf-8")
def generate_confirmation_token(self):
s = Serializer(secret_key=current_app.config['SECRET_KEY'])
return s.dumps({'confirm': self.id})
def generate_confirmation_token(self, expiration=604800):
"""Generate a confirmation token to email a new user."""
s = Serializer(current_app.config['SECRET_KEY'], expiration)
return s.dumps({'confirm': self.id})
class User(Base):
__tablename__ = 'users'
id = Column(Integer, primary_key=True)
name = Column(String(100))
password = Column(String(500))
salt = Column(String(100))
user = session.query(User).filter_by(name="Josh").first()
salt = user.salt
signer = Serializer(secretKey, salt=salt)
passwordOld = "super new car"
password = "******"
passwd = signer.dumps(password).split(".")[1]
oldPass = user.password
if signer.loads("\"" + passwordOld + "\"." + oldPass):
print True
user.password = passwd
session.commit()
def generate_auth_token(self, expiration):
s = Serializer(current_app.config['SECRET_KEY'])
return s.dumps({'id': self.id})
def generate_auth_token(self, expiration=600):
s = Serializer(app.config['SECRET_KEY'], expires_in=expiration)
return s.dumps({'id': self.id})
from itsdangerous import Serializer
if __name__ == '__main__':
from itsdangerous import Serializer
s = Serializer('secret-key', '36000')
a = s.dumps({'rrr': 1})
b = Serializer('secret-key')
data = s.loads(a)
print(data['rrr'])
print(data)
