def __call__(self): self.request.response.setHeader('Content-Type', 'application/json') token = self.request.get('token') user = self.request.get('user') if token: salt = api.portal.get_registry_record('castle.rocket_chat_secret') manager = getUtility(IKeyManager) keyring = _getKeyring(user, manager=manager) for key in keyring: if key is None: continue value = hmac.new(key, user + salt, sha).hexdigest() if _is_equal(value, token): return json.dumps({'status': 'success', 'user': user}) return json.dumps({'status': 'failure'})
def test_new_user_as_site_administrator(self): self.portal.acl_users._doAddUser( 'siteadmin', 'secret', ['Site Administrator'], [] ) self.browser.addHeader('Authorization', 'Basic siteadmin:secret') # XXX need to use auth token here because there is one case of write # on read for portlets that isn't hit here... ring = auth._getKeyring('siteadmin') secret = ring.random() token = hmac.new(secret, 'siteadmin', sha).hexdigest() self.browser.open('http://nohost/plone/new-user?_authenticator=%s' % ( token)) self.browser.getControl('User Name').value = 'newuser' self.browser.getControl('E-mail').value = '*****@*****.**' self.browser.getControl('Password').value = 'foobar' self.browser.getControl('Confirm password').value = 'foobar' self.browser.getControl('Site Administrators').selected = True self.browser.getControl('Register').click() # make sure the new user is in the Site Administrators group self.assertTrue( 'Site Administrator' in self.portal.acl_users.getUserById('newuser').getRoles() )
def getToken(username): ring = _getKeyring(username) secret = ring.random() return hmac.new(secret, username, sha).hexdigest()
def getToken(username): ring = _getKeyring(username) secret = ring.random().encode('utf8') return hmac.new(secret, username.encode('utf8'), sha).hexdigest()