def login_for_apps(): """Login for API access only""" if request.method == "GET": session['unsigned_access_token'] = random_token() session['logged_in'] = False return jsonify({ "token": session['unsigned_access_token'], "signature": server_key.sign_message(session['unsigned_access_token']) }) elif request.method == "POST": # Client posts it's login name and a signed token. data = request.get_json() # Verify signed token against stored public key for that name. pubkey = APIKey(db.get_pub_key(data['login'])['pubkey']) try: pubkey.verify_message(session['unsigned_access_token'], data['signature']) except Exception, e: session['logged_in'] = False del session['unsigned_access_token'] return make_response(jsonify({'error': 'Bad token signature.'}), 401) # Token has valid signature, grant login: session['user_id'] = data['login'] session['logged_in'] = True # Mark this session as safe to bypass csrf protection, due to the ECDSA authentication: session['bypass_csrf'] = True return jsonify({'success': 'Logged in'})
def authenticate(): token_to_sign = random_token() cmd = Command.new(ws, action='authenticate', token=token_to_sign) response = cmd.send() context['cluster'] = cluster = response['cluster'] client_pubkey = db.get_pub_key(cluster) client_apikey = APIKey(client_pubkey['pubkey']) # Verify the client correctly signed the token: try: client_apikey.verify_message(token_to_sign, response.get('signature')) except: response.respond(message='Bad Signature of token for authentication', done=True) log.error('client provided bad signature for auth token') raise response.respond(authenticated=True, done=True) # Client will ask us to authenticate too: command = receive_data(ws) assert command.get('action') == 'authenticate' data = {'signature' :context['apikey'].sign_message(command['token'])} response = command.respond(**data) if response.get('authenticated') != True: raise UnauthenticatedError("Our peer could not validate our signed auth token")
def login_for_apps(): """Login for API access only""" if request.method == "GET": session["unsigned_access_token"] = random_token() session["logged_in"] = False return jsonify( { "token": session["unsigned_access_token"], "signature": server_key.sign_message(session["unsigned_access_token"]), } ) elif request.method == "POST": # Client posts it's login name and a signed token. data = request.get_json() # Verify signed token against stored public key for that name. pubkey = APIKey(db.get_pub_key(data["login"])["pubkey"]) try: pubkey.verify_message(session["unsigned_access_token"], data["signature"]) except Exception, e: session["logged_in"] = False del session["unsigned_access_token"] return make_response(jsonify({"error": "Bad token signature."}), 401) # Token has valid signature, grant login: session["user_id"] = data["login"] session["logged_in"] = True # Mark this session as safe to bypass csrf protection, due to the ECDSA authentication: session["bypass_csrf"] = True return jsonify({"success": "Logged in"})
def authenticate(): token_to_sign = random_token() cmd = Command.new(ws, action='authenticate', token=token_to_sign) response = cmd.send() context['cluster'] = cluster = response['cluster'] client_pubkey = db.get_pub_key(cluster) client_apikey = APIKey(client_pubkey['pubkey']) # Verify the client correctly signed the token: try: client_apikey.verify_message(token_to_sign, response.get('signature')) except: response.respond( message='Bad Signature of token for authentication', done=True) log.error('client provided bad signature for auth token') raise response.respond(authenticated=True, done=True) # Client will ask us to authenticate too: command = receive_data(ws) assert command.get('action') == 'authenticate' data = {'signature': context['apikey'].sign_message(command['token'])} response = command.respond(**data) if response.get('authenticated') != True: raise UnauthenticatedError( "Our peer could not validate our signed auth token")