def test_verify_hash(in_app_context): data = hash_data(u'hellö') assert verify_hash(data, u'hellö') is True assert verify_hash(data, u'hello') is False legacy_data = hashlib.md5(encode_string(u'hellö')).hexdigest() assert verify_hash(legacy_data, u'hellö') is True assert verify_hash(legacy_data, u'hello') is False
def test_verify_hash(in_app_context): data = hash_data("hellö") assert verify_hash(data, "hellö") is True assert verify_hash(data, "hello") is False legacy_data = hashlib.md5(encode_string("hellö")).hexdigest() assert verify_hash(legacy_data, "hellö") is True assert verify_hash(legacy_data, "hello") is False
def _verify_token(self, token, user): if not self.token_verified_cache.get_verify_hash_result( token, user.id): if not verify_hash(compare_data=user.password, hashed_data=token): raise UnauthorizedError( failed_auth_message.format(user.username)) else: self.token_verified_cache.cache_verify_hash_result( token, user.id)
def _verify_token(self, token, user): if not self.token_verified_cache.get_verify_hash_result( token, user.id): if not verify_hash(compare_data=user.password, hashed_data=token): raise_unauthorized_user_error( 'Authentication failed for {0}'.format(user)) else: self.token_verified_cache.cache_verify_hash_result( token, user.id)
def _verify_token(self, token, user): if not self.token_verified_cache.get_verify_hash_result(token, user.id): if not verify_hash(compare_data=user.password, hashed_data=token): raise_unauthorized_user_error( 'Authentication failed for {0}'.format(user) ) else: self.token_verified_cache.cache_verify_hash_result(token, user.id)
def verify_token(token): serialized = TimedJSONWebSignatureSerializer(app.config['SECRET_KEY'], salt="api_token") try: data = serialized.loads(token) user_id = data["user_id"] user = User.query.filter_by(id=user_id).first() if not user or not verify_hash(data['validation_check'], user.password): logger.warn('Invalid authentication token. token invalid after password change') return None return user except SignatureExpired: return None # valid token, but expired except BadSignature: return None # invalid token
def reset_password_token_status(token): """Returns the expired status, invalid status, and user of a password reset token. For example:: expired, invalid, user, data = reset_password_token_status('...') :param token: The password reset token """ expired, invalid, user, data = get_token_status( token, 'reset', 'RESET_PASSWORD', return_data=True ) if not invalid and user: if user.password: if not verify_hash(data[1], user.password): invalid = True return expired, invalid, user
def confirm_change_email_token_status(token): """Returns the expired status, invalid status, user, and new email of a confirmation token. For example:: expired, invalid, user, new_email = ( confirm_change_email_token_status('...')) Based on confirm_email_token_status in Flask-Security. :param token: The confirmation token """ expired, invalid, user, token_data = get_token_status(token, 'confirm', 'CONFIRM_EMAIL', return_data=True) new_email = None if not invalid and user: user_id, token_email_hash, new_email = token_data invalid = not verify_hash(token_email_hash, user.email) return expired, invalid, user, new_email
def _authenticate_token(self, token): """Make sure that the token passed exists, is valid, is not expired, and that the user contained within it exists in the DB :param token: An authentication token :return: A tuple: (A user object, its hashed password) """ self.logger.debug('Authenticating token') expired, invalid, user, data, error = \ user_handler.get_token_status(token) if expired: raise_unauthorized_user_error('Token is expired') elif invalid or (not isinstance(data, list) or len(data) != 2): raise_unauthorized_user_error( 'Authentication token is invalid:\n{0}'.format(error)) elif not user: raise_unauthorized_user_error('No authentication info provided') elif not verify_hash(compare_data=user.password, hashed_data=data[1]): raise_unauthorized_user_error( 'Authentication failed for {0}'.format(user)) return user