Exemple #1
0
def login_for_apps():
    """Login for API access only"""
    if request.method == "GET":
        session['unsigned_access_token'] = random_token()
        session['logged_in'] = False
        return jsonify({
            "token":
            session['unsigned_access_token'],
            "signature":
            server_key.sign_message(session['unsigned_access_token'])
        })
    elif request.method == "POST":
        # Client posts it's login name and a signed token.
        data = request.get_json()
        # Verify signed token against stored public key for that name.
        pubkey = APIKey(db.get_pub_key(data['login'])['pubkey'])
        try:
            pubkey.verify_message(session['unsigned_access_token'],
                                  data['signature'])
        except Exception, e:
            session['logged_in'] = False
            del session['unsigned_access_token']
            return make_response(jsonify({'error': 'Bad token signature.'}),
                                 401)
        # Token has valid signature, grant login:
        session['user_id'] = data['login']
        session['logged_in'] = True
        # Mark this session as safe to bypass csrf protection, due to the ECDSA authentication:
        session['bypass_csrf'] = True
        return jsonify({'success': 'Logged in'})
    def authenticate():
        token_to_sign = random_token()
        cmd = Command.new(ws, action='authenticate', token=token_to_sign)
        response = cmd.send()
        context['cluster'] = cluster = response['cluster']
        client_pubkey = db.get_pub_key(cluster)
        client_apikey = APIKey(client_pubkey['pubkey'])
        
        # Verify the client correctly signed the token:
        try:
            client_apikey.verify_message(token_to_sign, response.get('signature'))
        except:
            response.respond(message='Bad Signature of token for authentication', done=True)
            log.error('client provided bad signature for auth token')
            raise

        response.respond(authenticated=True, done=True)

        # Client will ask us to authenticate too:
        command = receive_data(ws)
        assert command.get('action') == 'authenticate'
        data = {'signature' :context['apikey'].sign_message(command['token'])}
        response = command.respond(**data)
        if response.get('authenticated') != True:
            raise UnauthenticatedError("Our peer could not validate our signed auth token")
def login_for_apps():
    """Login for API access only"""
    if request.method == "GET":
        session["unsigned_access_token"] = random_token()
        session["logged_in"] = False
        return jsonify(
            {
                "token": session["unsigned_access_token"],
                "signature": server_key.sign_message(session["unsigned_access_token"]),
            }
        )
    elif request.method == "POST":
        # Client posts it's login name and a signed token.
        data = request.get_json()
        # Verify signed token against stored public key for that name.
        pubkey = APIKey(db.get_pub_key(data["login"])["pubkey"])
        try:
            pubkey.verify_message(session["unsigned_access_token"], data["signature"])
        except Exception, e:
            session["logged_in"] = False
            del session["unsigned_access_token"]
            return make_response(jsonify({"error": "Bad token signature."}), 401)
        # Token has valid signature, grant login:
        session["user_id"] = data["login"]
        session["logged_in"] = True
        # Mark this session as safe to bypass csrf protection, due to the ECDSA authentication:
        session["bypass_csrf"] = True
        return jsonify({"success": "Logged in"})
Exemple #4
0
    def authenticate():
        token_to_sign = random_token()
        cmd = Command.new(ws, action='authenticate', token=token_to_sign)
        response = cmd.send()
        context['cluster'] = cluster = response['cluster']
        client_pubkey = db.get_pub_key(cluster)
        client_apikey = APIKey(client_pubkey['pubkey'])

        # Verify the client correctly signed the token:
        try:
            client_apikey.verify_message(token_to_sign,
                                         response.get('signature'))
        except:
            response.respond(
                message='Bad Signature of token for authentication', done=True)
            log.error('client provided bad signature for auth token')
            raise

        response.respond(authenticated=True, done=True)

        # Client will ask us to authenticate too:
        command = receive_data(ws)
        assert command.get('action') == 'authenticate'
        data = {'signature': context['apikey'].sign_message(command['token'])}
        response = command.respond(**data)
        if response.get('authenticated') != True:
            raise UnauthenticatedError(
                "Our peer could not validate our signed auth token")