def decode_signed_request(app_secret, signed_request): """ Decode and verify an OAuth 2.0 `signed_request` parameter. >>> print decode_signed_request('secret', ... 'vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso.' ... 'eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0') {'0': 'payload', 'algorithm': 'HMAC-SHA256'} >>> print decode_signed_request('wrong-secret', ... 'vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso.' ... 'eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0') Traceback (most recent call last): ... InvalidSignature """ sig, payload = signed_request.split('.', 1) sig = b64url_decode(sig) value = json.loads(b64url_decode(payload)) if not signature.verify_signature(app_secret, sig, payload, algorithm=value.get("algorithm", "HMAC-SHA256")): raise signature.InvalidSignature return value
def serve(resource): logging.debug('Connection from: %s' % request.remote_addr) logging.debug('Resource: %s' % resource) logging.debug('Query string %s' % request.query_string) found = filter(lambda x: x['name'] == resource, resources) if not found: abort(404) resource = found[0] if not request.args or not verify_signature(request.args.copy(), resource['secret']): abort(401) try: for k in request.form.iterkeys(): logging.debug('Request data: %s' % k) persist(k, resource) except Exception as e: logging.error('Error persisting data: %s' % str(e)) return "Error saving data", 500 return "OK"
def _validate_signature(self): if not self.get_argument("sig", None): return False parsed = urlparse.urlparse(self.request.uri) return verify_signature(self.settings.get("client_key"), parsed.query)
def require_valid_token(): if not request.headers.get( 'X-HUB-SIGNATURE') or not signature.verify_signature(request): return make_response("", 403)