def reset_password(token):
if g.user is not None and g.user.is_authenticated:
return redirect(url_for('admin.home'))
s = JSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
data = None
try:
data = s.loads(token)
except:
abort(404)
if data.get('id'):
id = data.get('id')
else:
id = 0
user = User.query.get_or_404(id)
form = ResetForm()
if form.validate_on_submit():
user.password = form.password.data.strip()
db.session.add(user)
db.session.commit()
flash('Your password has now been reset.')
return redirect(url_for('main.login'))
return render_template('reset.html',
title='Reset Password',
form=form,
user=user,
token=token)
def post(self):
args = self.prase.parse_args()
username = args['username']
error = ApiError.check_param(username, str)
if error is not None:
return error
password = args['password']
error = ApiError.check_param(password, str)
if error is not None:
return error
user_collection = self.db['user']
result = user_collection.find(
{
'username': username
}
)
if result is not None:
return ApiError.user_exist_error
token = JSONWebSignatureSerializer('secret-key')
token = token.dumps({'username': username, 'time':time.time()})
user_collection.insert({
{
'username': username,
'password': password,
'token': token
}
})
data = {'token':token}
return ApiSuccess.success(data)
def get_by_authorization(self_class, token, svc_account):
if token:
token = token.replace('Basic ', '', 1)
s = JSONWebSignatureSerializer(flask.current_app.config['SECRET_KEY'])
data = s.loads(token)
return User.get(data['id'], svc_account)
return None
def parse_token(token: str) -> str:
s = JSONWebSignatureSerializer(current_app.secret_key, salt="auth")
try:
return s.loads(token)
except BadSignature:
return None
def check_authorization(*args, **kwargs):
instance = args[0] # self argument
request_args = instance.auth_parser.parse_args()
token = request_args.get('api_token')
# parse token
JWT = JWS(os.environ.get('SECRET_KEY'))
try:
token_data = JWT.loads(token)
except BadSignature:
return jsonify({
'status': 'auth error',
'message': 'invalid token'
})
# check validation
if datetime.datetime.now().timestamp() < token_data.get('expires'):
# token valid and not expired
# add current user id to instance as an attribute
# this allows linking items to users with re-parsing the tokens
instance.user_id = token_data.get('id')
return f(*args, **kwargs)
else:
# token expired
return jsonify({
'status': 'auth error',
'message': 'token expired',
'help': 'get a new token generated from login endpoint'
})
def post(self):
args = self.parser.parse_args()
code = args['code']
#参数校验
error = ApiError.check_param(code, str)
if error is not None:
return error
encryptedData = args['encryptedData']
error = ApiError.check_param(encryptedData, str)
if error is not None:
return error
iv = args['iv']
error = ApiError.check_param(iv, str)
if error is not None:
return error
#解码wx openid
appid = 'wxc4e842b5c56f443c'
secret = '77b0864fffbd6b395fdaa4e28fb27c72'
wx = Wx()
data = wx.jscode2ses(code, appid, secret, encryptedData, iv)
openId = data['openId']
if openId is None:
return ApiError.wx_jscode2ses_error
#生成用户token
token = JSONWebSignatureSerializer('secret-key')
token = token.dumps({'openId': openId, 'time': time.time()})
user_collection = self.db['user']
user_collection.update({'openId': openId}, {'$set': {
'token': token
}}, True)
data = {'token': token}
return ApiSuccess.success(data)
def VerifyToken(token, secret):
s = Serializer(secret)
try:
data = s.loads(token)
except BadSignature as e:
raise InvalidAuth('bad_token', e.message)
return data
def decode_auth_token(token):
try:
s = JSONWebSignatureSerializer(app.secret_key)
print token
return s.loads(token)
except:
return None
def accept_link(token):
s = JSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
data = None
try:
data = s.loads(token)
except:
abort(404)
if data.get('id'):
id = data.get('id')
else:
id = 0
if data.get('friend_id'):
friend_id = data.get('friend_id')
else:
friend_id = 0
user = User.query.get_or_404(friend_id)
friend = User.query.get_or_404(id)
if user.id == g.user.id:
g.user.link(friend)
db.session.add(user)
db.session.commit()
flash('You are now friends with ' + friend.first_name)
else:
flash('Invalid token')
return redirect(url_for('admin.friends'))
def generate_token():
new_user = User.create_user() # 创建新用户
s = Serializer(new_user.key) # 建立序列
data = {'create_at': str(new_user.create_at)} # 加密数据集
token = str(new_user.id) + '.' + s.dumps(data).decode(
'ascii') # 生成令牌,在真正的token前加了一个用户id
return token
def VerifyToken(token, secret):
s = Serializer(secret)
try:
data = s.loads(token)
except BadSignature as e:
raise InvalidAuth('bad_token', e.message)
return data
def genernate(mail):
#生成token应该保存到数据库内部以做比较
#根据时间生成token
time_now = str(time.time())
s = JSONWebSignatureSerializer('Please-input-your-secret-key')
return s.dumps({"id": mail+time_now}).decode('utf-8')
def reset_password(token):
if g.user is not None and g.user.is_authenticated:
return redirect(url_for('admin.home'))
s = JSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
data = None
try:
data = s.loads(token)
except:
abort(404)
if data.get('id'):
id = data.get('id')
else:
id = 0
user = User.query.get_or_404(id)
form = ResetForm()
if form.validate_on_submit():
user.password = form.password.data.strip()
db.session.add(user)
db.session.commit()
flash('Your password has now been reset.')
return redirect(url_for('main.login'))
return render_template('reset.html', title='Reset Password', form=form, user=user, token=token)
def decode_jwt_token(
request: typing.Any,
secret_key: str = jwt_settings.JWT_AUTH_SECRET_KEY,
cache_name: str = 'default',
token_key: str = '',
) -> typing.Any:
"""
解密token中的用户数据
:param request: Request实例
:param secret_key:
:param cache_name: cache名称
:param token_key: jwt token
:return:
"""
token_key = token_key or get_header_token(request)
serializer = JSONWebSignatureSerializer(secret_key)
try:
user_data = serializer.loads(token_key)
except (BadSignature, Exception) as e:
raise JwtNotRightError
else:
user_pk = getattr(jwt_settings, 'JWT_USER_PK',
jwt_settings.JWT_USER_PK)
user_id = user_data.get(user_pk, '')
check_jwt_token(jwt_settings.JWT_REDIS_KEY.format(user_id=user_id),
token_key, cache_name)
request.user = user_data
return user_data, None
def confirm(token):
if g.user.is_confirmed():
return redirect(url_for('admin.home'))
s = JSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
data = None
try:
data = s.loads(token)
except:
abort(404)
if data.get('id'):
id = data.get('id')
else:
id = 0
user = User.query.get_or_404(id)
if user.id == g.user.id:
user.confirmed = True
db.session.add(user)
db.session.commit()
flash('You have successfully confirmed your account!')
else:
flash('Invalid token')
return render_template("admin/confirm.html", title='Confirm Account')
def confirm(token):
if g.user.is_confirmed():
return redirect(url_for('admin.home'))
s = JSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
data = None
try:
data = s.loads(token)
except:
abort(404)
if data.get('id'):
id = data.get('id')
else:
id = 0
user = User.query.get_or_404(id)
if user.id == g.user.id:
user.confirmed = True
db.session.add(user)
db.session.commit()
flash('You have successfully confirmed your account!')
else:
flash('Invalid token')
return render_template("admin/confirm.html", title='Confirm Account')
def test_token_generation(self):
"""
Verify token generation using known hashes and signature
"""
test_user = self.TEST_USER
not_user = self.NOT_USER
known_hashhash = ('5106273f7789f1e26b4a212789992f75c15433f402f3e94a'
'd18e7c80aee80faf')
with self.app.app_context():
token = generate_token(test_user)
# Verify hashhash against known value
hashhash = get_hashhash(test_user)
self.assertEqual(hashhash, known_hashhash)
# Now that we verified our hashhash, independently verify
# the data with a serializer from config (not trusting
# get_signature here).
serializer = Serializer(self.app.config['FLASK_SECRET'])
self.assertEqual(serializer.loads(token)['hashhash'], hashhash)
# Now go ahead and verify the reverse
serializer = get_signature()
data = serializer.loads(token)
self.assertEqual(data['username'], test_user)
self.assertEqual(data['hashhash'], hashhash)
# Verify no user handling (don't really care what
# exception gets raised).
with self.assertRaises(Exception):
token = generate_token(not_user)
def validate_token(user, token, operation, new_password=None):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (SignatureExpired, BadSignature):
return False
if operation != data.get('operation') or user.id != data.get('id'):
return False
if operation == Operation.CONFIRM:
user.confirmed = True
elif operation == Operation.CHANGE_EMAIL:
new_email = data.get('new_email')
if User.query.filter_by(email=new_email).first():
return False
if new_email is None:
return False
user.email = new_email
elif operation == Operation.RESET_PASSWORD:
user.password_hash = user.set_password(new_password)
else:
return False
db.session.commit()
return True
def test_token_generation(self):
"""
Verify token generation using known hashes and signature
"""
test_user = self.TEST_USER
not_user = self.NOT_USER
known_hashhash = ('5106273f7789f1e26b4a212789992f75c15433f402f3e94a'
'd18e7c80aee80faf')
self._setup_normal_extension()
with self.app.app_context():
token = self.htpasswd.generate_token(test_user)
# Verify hashhash against known value
hashhash = self.htpasswd.get_hashhash(test_user)
self.assertEqual(hashhash, known_hashhash)
# Now that we verified our hashhash, independently verify
# the data with a serializer from config (not trusting
# get_signature here).
serializer = Serializer(self.app.config['FLASK_SECRET'])
self.assertEqual(serializer.loads(token)['hashhash'], hashhash)
# Now go ahead and verify the reverse, trusting, and
# verifying get_signature.
serializer = self.htpasswd.get_signature()
data = serializer.loads(token)
self.assertTrue(data['username'], test_user)
self.assertTrue(data['hashhash'], hashhash)
# Verify no user handling (don't really care what
# exception gets raised).
with self.assertRaises(Exception):
token = self.htpasswd.generate_token(not_user)
def confirm_login():
# Check for state and for 0 errors
state = session.get('oauth2_state')
if not state or request.values.get('error'):
return redirect(url_for('index'))
# Fetch token
discord = make_session(state=state)
discord_token = discord.fetch_token(TOKEN_URL,
client_secret=OAUTH2_CLIENT_SECRET,
authorization_response=request.url)
if not discord_token:
return redirect(url_for('index'))
# Fetch the user
user = get_user(discord_token)
# Generate api_key from user_id
serializer = JSONWebSignatureSerializer(app.config['SECRET_KEY'])
api_key = str(serializer.dumps({'user_id': user['id']}))
# Store api_key
db.set('user:{}:api_key'.format(user['id']), api_key)
# Store token
db.set('user:{}:discord_token'.format(user['id']),
json.dumps(discord_token))
# Store api_token in client session
api_token = {'api_key': api_key, 'user_id': user['id']}
session.permanent = True
session['api_token'] = api_token
return redirect(url_for('select_server'))
def generate_token(user):
secret_key = get_secret_key()
s = JSONWebSignatureSerializer(secret_key)
expired_at = utcnow().replace(hours=+2).timestamp
d = {'user': user, 'expired_at': expired_at}
token = s.dumps(d).decode('utf-8')
return token, d
def confirm_login():
# Check for state and for 0 errors
state = session.get('oauth2_state')
if not state or request.values.get('error'):
return redirect(url_for('index'))
# Fetch token
discord = make_session(state=state)
discord_token = discord.fetch_token(
TOKEN_URL,
client_secret=OAUTH2_CLIENT_SECRET,
authorization_response=request.url)
if not discord_token:
return redirect(url_for('index'))
# Fetch the user
user = get_user(discord_token)
# Generate api_key from user_id
serializer = JSONWebSignatureSerializer(app.config['SECRET_KEY'])
api_key = str(serializer.dumps({'user_id': user['id']}))
# Store api_key
db.set('user:{}:api_key'.format(user['id']), api_key)
# Store token
db.set('user:{}:discord_token'.format(user['id']), json.dumps(discord_token))
# Store api_token in client session
api_token = {
'api_key': api_key,
'user_id': user['id']
}
session.permanent = True
session['api_token'] = api_token
return redirect(url_for('select_server'))
def hmac(payload, private_key):
'''Generate a decryptable signature on the server side that the client
can analzye. Server generated HMAC signatures aren't timed.
'''
payload = organize_payload(payload)
t = Token(secret_key=private_key)
return t.dumps(payload)
def get_user(cls, token):
"""Use this function to validate tokens sent by users."""
# Decode token, try to fetch and verify key, and if so return user
# DEVELOPMENT ACCESS
if current_app.config.get("DEBUG") == True:
if token == current_app.config.get("DEV_CRON_API_KEY"):
return user_model.User.query.filter_by(
email=current_app.config.get("DEV_CRON_EMAIL")).first()
s = Signer(current_app.config["SECRET_KEY"])
try:
data = s.loads(token.strip()) # Remove whitespace
except:
return None
if not data.get("id"):
return None
if not data.get("key"):
return None
apikey = ApiKey.query.get(data.get("id"))
if apikey is not None:
if apikey.verify_key(data.get("key")):
return user_model.User.query.get(apikey.user_id)
return None
def get_from_timeout_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return {}
return data
def verify_token(token):
s = SigSerializer(SECRET_KEY)
try:
data = s.loads(token)
except (BadSignature):
return None
return data
def validate():
"""
Endpoint used by nginx auth_request.
Uses Flask session or token in "Authorization" header.
Gets a GET request without body for every request to the resource.
Returns 2xx for access granted and 4xx for access denied.
"""
app.logger.debug('validate headers: %s' % request.headers)
uri = request.headers.get('Original-Uri')
if current_user.is_authenticated:
app.logger.debug("query_auth OK for %s" % uri)
return 'OK'
auth_header = request.headers.get('Authorization')
if auth_header:
signer = JSONWebSignatureSerializer(os.environ['SECRET_KEY'])
try:
jwt_token = auth_header.replace('Bearer ', '', 1)
token = signer.loads(jwt_token)
app.logger.debug("validate token: %s" % repr(token))
audience = token['aud']
exp_time = token['exp']
curr_time = int(time.time())
if curr_time <= exp_time and audience == TOKEN_AUDIENCE:
app.logger.debug("query_auth OK for %s" % uri)
return 'OK'
except:
app.logger.debug("Unable to validate auth token: %s" % auth_header)
app.logger.debug("query_auth FAIL for %s" % uri)
abort(401)
def generate_key(user_id, name):
"""Generate a new key and return the plaintext token"""
apikey = ApiKey()
apikey.user_id = user_id
apikey.name = name
# Generate key
# Want 40 char string which is urandom 20.
# urandom is cryptographically secure.
key = binascii.hexlify(os.urandom(20))
apikey.key = key
db.session.add(apikey)
db.session.commit()
# Send an email about this action
u = user_model.User.query.get(user_id)
u.send_email(
"[Alert] New API Key Issued",
render_template(
"email/new-api-key.html",
name=name, ),
force_send=True)
# Generate token, which include the indexed id and key
s = Signer(current_app.config["SECRET_KEY"])
return s.dumps({"id": apikey.id, "key": key})
def generate_api_key(self):
s = JSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
byte_str = s.dumps({
'user': str(self.id),
'time': time(),
})
self.apikey = byte_str.decode()
def register():
form = Register()
if form.validate_on_submit():
# form.validate_email(form.email.data)
# form.validate_username(form.username.data)
# 根据表单数据 创建用户对象
u = User(username=form.username.data,
password=form.password.data,
emil=form.email.data)
# 把用户信息保存到数据库
db.session.add(u)
# 发送账户激活邮件
# 标识身份数据
s = Serializer(current_app.config['SECRET_KEY'])
# 当前用户id为空,要手动提交
db.session.commit()
token = s.dumps({'id': u.id})
send_mail('账户激活',
u.emil,
'email/ectivate.html',
username=u.username,
token=token)
flash('您已经注册成功,请点击邮件中链接进行激活!')
return redirect(url_for('main.index'))
return render_template('user/register.html', form=form)
def get_credential(a_token):
s = JSONWebSignatureSerializer(server_secret_key)
try:
credential = s.loads(a_token)
return credential
except:
return None
def generate_token(a_username,a_password):
if valid_lpirc_session(a_username) is None:
create_lpirc_session(a_username)
else:
# Session already created, nothing to do send previously generated token
if recycle_db != 1:
sess = Session.query.filter_by(username=a_username).first()
token = sess.token
return token
else: # Recycle
# Should be a penalty for multiple login attempts
delete_lpirc_session(a_username)
create_lpirc_session(a_username)
sess = Session.query.filter_by(username=a_username).first()
s = JSONWebSignatureSerializer(server_secret_key)
dt = sess.timestamp
dt_str = dt.strftime(datetime_format)
print dt_str
# Adding session created time for timeout validation
token = s.dumps({ff_username: a_username, ff_password: a_password, ff_timestamp: dt_str})
# Update session database
sess.token = token
if (enable_powermeter == 1) and (a_username != powermeter_user):
sess.powermeter_status = powermeter_status_stop # So that, it can be restarted later
if a_username == powermeter_user:
sess.mytimeout = sys.maxint
db.session.commit()
return token
def jwt_decode(self, string):
"""
JSON Web Token解码
Description
通过itsdangerous模块内部的JSONWebSignatureSerializer对数据进行序列化,通过序列化对象loads方法提取反序列化结果
注意 默认算法为HS512,目前仅支持HS512、HS384、HS256算法
Example:
>>>Codec(key="hello").jwt_decode('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiREVBREYxU0hfQ0FUIiwibW9kdWxlIjoiY29kZWMifQ.2GYkiUswkUdNFuA74lW9NKWVwX8KDhLEWf_0L-rSmH0')
{"alg": "HS256", "typ": "JWT"}
{"name": "DEADF1SH_CAT", "module": "codec"}
"""
try:
jwt = string
if(self.secret_key == None):
self.secret_key = ""
if(self.alg == None):
sign = JSONWebSignatureSerializer(self.secret_key)
else:
#自动识别加密算法
header = json.loads(base64.b64decode(jwt.split('.')[0]))
self.alg = header['alg']
sign = JSONWebSignatureSerializer(self.secret_key, algorithm_name=self.alg)
#将数据分块输出,顺序为header、payload
result = json.dumps(sign.loads(jwt,return_header=True)[1]) + "\n" + json.dumps(sign.loads(jwt,return_header=True)[0])
return result
except TypeError:
raise TypeError("Secret_key can't be None!")
def verify_device_id(device_id):
s = Serializer(SECRET_KEY)
try:
data = s.loads(device_id)
except:
return None
return Device.objects.get(id=data['id'])
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return None return User.query.get(data['id'])
def jwt_encode(self, string):
"""
JSON Web Token编码
Description:
通过itsdangerous模块内部的JSONWebSignatureSerializer对数据进行序列化,通过序列化对象dumps方法输出编码后结果
注意 默认算法为HS512,目前仅支持HS512、HS384、HS256算法
Example:
>>>Codec(key="hello").jwt_encode('{"name":"DEADF1SH_CAT","module":"codec"}')
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiREVBREYxU0hfQ0FUIiwibW9kdWxlIjoiY29kZWMifQ.2GYkiUswkUdNFuA74lW9NKWVwX8KDhLEWf_0L-rSmH0
"""
try:
jwt = dict(ast.literal_eval(string))
if(self.secret_key == None):
self.secret_key = ""
if(self.alg == None):
sign = JSONWebSignatureSerializer(self.secret_key)
else:
sign = JSONWebSignatureSerializer(self.secret_key, algorithm_name=self.alg)
result = sign.dumps(jwt, header_fields={"typ":"JWT"})
return result
except TypeError:
raise TypeError("Secret_key can't be None!")
class AuthTokenFactory:
@staticmethod
def withPrivateKeyFile(path_to_private_key):
key = open(path_to_private_key, encoding="utf8").read()
auth_factory = AuthTokenFactory(private_key=key)
return auth_factory
def __init__(self, private_key):
self.private_key = private_key
self.serializer = JSONWebSignatureSerializer(private_key)
def generate(self, lifetime_in_seconds=DEFAULT_TOKEN_LIFETIME, **kwargs):
# exp: Expiration time
info = {'exp': time() + lifetime_in_seconds}
if 'exp' in kwargs:
raise Exception("'exp' is a reserved key value.")
info.update(**kwargs)
token = self.serializer.dumps(info)
return token.decode()
def validate(self, token):
info = self.serializer.loads(token.encode())
if time() > info['exp']:
raise SignatureExpired("Token has expired, get a new token.")
return info
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
return User.query.get(data['id'])
def verify_auth_token(token):
s = Serializer(app.config['SECRET_KEY'])
try:
return s.loads(token)
except BadSignature:
return None
def verify_reset_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
user_id = s.loads(token)['user_id']
except:
return None
return User.query.get(user_id)
def post(self):
username = request.form.get('username')
password = request.form.get('pwd')
email = request.form.get('email')
if not all([username, password, email]):
return render_template('register.html', errmsg='数据不完整!')
allow = request.form.get('allow')
if allow != 'on':
return render_template('register.html', **{'errmsg': '请同意协议!'})
reg = "[\w!#$%&'*+/=?^_`{|}~-]+(?:\.[\w!#$%&'*+/=?^_`{|}~-]+)*@(?:[\w](?:[\w-]*[\w])?\.)+[\w](?:[\w-]*[\w])?"
if not re.match(reg, email):
return render_template('register.html', **{'errmsg': '邮箱不合法!'})
if db.session.query(User).filter(User.username == username).first():
return render_template('register.html', **{'errmsg': '用户名已被注册!'})
if db.session.query(User).filter(User.email == email).first():
return render_template('register.html', **{'errmsg': '邮箱已被注册!'})
user = User(username=username, password=password, email=email)
db.session.add(user)
db.session.commit()
serializer = Serializer(SECRET_KEY)
data = {'id': user.id, 'time': time.time()}
token = serializer.dumps(data).decode()
send_register_mail(email, username, token)
return redirect(url_for('user.login'))
def verify_shared_token(token):
s = InfinitSerializer(current_app.config['SECRET_KEY'])#Cargamos el objeto Serializer
try:
post_id = s.loads(token)['post_id']#Comprobamos que el token es correcto y no ha expirado
except:
return None
return Post.query.get(post_id)
def verify_auth_token(token):
s = JSONWebSignatureSerializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
return None
user = User.query.get(data['id'])
return user
def unsign(self, value):
if value is None:
return value
s = JSONWebSignatureSerializer(self.secret_key, algorithm_name='HS256')
try:
return s.loads(value)
except BadSignature:
return {}
def verify_group_token(token):
s = JSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
group = Group.query.get(data['id'])
return group
def unsign(self, value):
if value is None:
return value
s = JSONWebSignatureSerializer(self.secret_key)
try:
return s.loads(value)
except BadSignature:
return {}
def unsign(self, value):
if value is None:
return value
s = JSONWebSignatureSerializer(self.secret_key)
try:
return s.loads(value)
except BadSignature:
return {}
def verify_tn_proxy_token(token):
s = JSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
return None
client_id = data['client_id']
return client_id
def verify_auth_token(token):
s = JSONWebSignatureSerializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
return None
user = User.query.get(data['id'])
return user
def verify_auth_token(token):
s = Serializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
except SignatureExpired:
return None # valid token, but expired
except BadSignature:
return None # invalid token
return User.query.get(data['id'])
def confirm_reset_token(self, token):
s = JSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return False
if data.get('reset') != self.id:
return False
return True
def get_event_page_no(token):
"""convert token into the pagenumber
arg:
token: token
return:
return the page number to convert it.
"""
page_no = PageSerializer(config.SECRET_KEY)
return page_no.loads(token)
def verify_auth_token(self, token): s = Serializer(SECRET_KEY) try: data = s.loads(token) except SignatureExpired: return None # valid token, but expired except BadSignature: return None # invalid token return [data['username'], data['password']]
def generate_token(self):
JWT = JWS(os.environ.get('SECRET_KEY'))
return JWT.dumps({
"id": self.id,
"username": self.username,
# 2 hrs expiration
"expires": (datetime.datetime.now() +
datetime.timedelta(seconds=2*60*60)).timestamp()
}).decode('utf-8')
def verify_auth_token(token):
"""verify the user with token"""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
# get id
return User.query.get_or_404(data['id'])
def verify_auth_token(token):
s = Serializer(app.config['SECRET_KEY'])
print 'token:' + token
try:
data = s.loads(token)
except:
return None
print 'data:{}'.format(data)
user = User.get_one(email=data)
return user
def af_reset_send(cls_, email, returnurl):
user = cls_.find_first({'email': email})
if not user:
raise ApiValidationError(ValidationError('Unknown email'))
serializer = JSONWebSignatureSerializer(current_app.config['API_KEY'])
resettoken = serializer.dumps({"id": user.id, "signature": user.signature}).decode('utf-8')
content = 'Click here to reset your password: %s' % (returnurl + resettoken)
mailer.send(user.email, user.name, 'Password reset link', content)
return {'success': True}
def af_reset_recieve(cls_, token, password):
serializer = JSONWebSignatureSerializer(current_app.config['API_KEY'])
try:
payload = serializer.loads(token)
user = cls_.get(payload['id'])
if user is None or payload['signature'] != user.signature or user.status != const.STATUS_ACTIVE:
raise ApiValidationError(ValidationError('User reset not allowed'))
user.update(password=password, signature=random_string())
return user.jsonify(acl=const.ACL_OWNER)
except (itsdangerous.SignatureExpired, itsdangerous.BadSignature):
raise ApiValidationError(ValidationError('Token is broken'))
def confirm(self,token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return false
if data.get('confirm') != self.id:
return false
self.confirmed = True
db.session.add(self)
return True
def test_invalid_token(f_session, f_user):
secret_key = get_secret_key()
s = JSONWebSignatureSerializer(secret_key)
expired_at = arrow.utcnow().replace(hours=-2).timestamp
d = {
'user': {'id': f_user.id, 'email': f_user.email, 'name': f_user.name},
'expired_at': expired_at
}
token = s.dumps(d).decode('utf-8')
with raises(InvalidTokenError):
t = validate_token('dadfa.asdf')
with raises(ExpiredTokenError):
t = validate_token(token)
