Python calc_hmac_b64 Examples

Programming Language: Python

Namespace/Package Name: user.login.sso

Method/Function: calc_hmac_b64

Examples at hotexamples.com: 2

Python calc_hmac_b64 - 2 examples found. These are the top rated real world Python examples of user.login.sso.calc_hmac_b64 extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: views.py Project: Turistforeningen/sherpa

def single_signon_login(request):
    """
    This view applies only on the central site.
    After successful login on a local site, the user should be sent here in
    order to create a session on the central site as well, which will be used
    for future logins on other local sites (and any logins on the central site).
    """
    if not request.site.is_central():
        raise PermissionDenied

    if any([key not in request.GET for key in ['next', 'user_id', 'hmac']]):
        raise PermissionDenied

    user_id = request.GET['user_id']
    user_id_bytes = user_id.encode('ascii')
    calculated_hmac_b64 = calc_hmac_b64(user_id_bytes)
    if calculated_hmac_b64 != request.GET['hmac']:
        logger.warning(
            "Single signon: Oppgitt hmac matcher ikke egenkalkulert hmac",
            extra={
                'provided_hmac': request.GET['hmac'],
                'calculated_hmac': calculated_hmac_b64,
                'user_id_bytes': user_id_bytes,
            }
        )
        raise PermissionDenied

    # HMAC was verified, now authenticate the user and send them back
    user = User.objects.get(id=user_id)
    user = authenticate(user=user)
    log_user_in(request, user)
    return redirect(request.GET['next'])

Example #2

Show file

File: views.py Project: Turistforeningen/sherpa

def single_signon_return(request):
    """
    This view applies only on local sites.
    This is where the user is returned after a `single_signon_check` on the
    central site. If the user returned with auth data, it is verified and the
    user is automatically signed on. If not, the user is sent back to the login
    view with 'sso_checked' set in session to avoid repeating the auth check.
    """
    if request.site.is_central():
        raise PermissionDenied

    if 'next' not in request.GET:
        raise PermissionDenied

    if not all([key in request.GET for key in ['user_id', 'hmac']]):
        # User was not authenticated, save the value and let them authenticate
        # locally
        request.session['sso_checked'] = True
        return redirect('%s?next=%s' % (
            reverse('user:login.login'),
            request.GET['next'],
        ))
    else:
        # User is authenticated - verify the message and authenticate them here
        user_id = request.GET['user_id']
        user_id_bytes = user_id.encode('ascii')
        calculated_hmac_b64 = calc_hmac_b64(user_id_bytes)
        if calculated_hmac_b64 != request.GET['hmac']:
            logger.warning(
                "Single signon: Oppgitt hmac matcher ikke egenkalkulert hmac",
                extra={
                    'provided_hmac': request.GET['hmac'],
                    'calculated_hmac': calculated_hmac_b64,
                    'user_id_bytes': user_id_bytes,
                }
            )
            raise PermissionDenied

        # HMAC was verified, now authenticate the user
        user = User.objects.get(id=user_id)
        user = authenticate(user=user)
        log_user_in(request, user)
        return redirect(request.GET['next'])