def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return None return User.query.get(data['id'])
def verify_reset_token(token): s = Serializer(app.config['SECRET_KEY']) try: agent_id = s.loads(token)['agent_id'] except ValueError: return None return Agent.query.get(agent_id)
def verify_reset_token(token): s = Serializer(current_app.config['CUSTOMER_SECRET_KEY']) try: ssn = s.loads(token)['ssn'] except: return None return db.session.query(Customer).get(ssn)
def verify_reset_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: user_id = s.loads(token)['user_id'] except: return None return Librarian.query.get(user_id)
def validate_token(user, token, operation, new_password=None): s = Serializer(current_app.config['SECRET_KEY']) # print(token) try: data = s.loads(token) except (SignatureExpired, BadSignature) as e: print('------------------------------', e) return False if operation != data.get('operation') or user.id != data.get('id'): return False if operation == Operations.CONFIRM: user.confirmed = True elif operation == Operations.RESET_PASSWORD: user.set_password(new_password) elif operation == Operations.CHANGE_EMAIL: new_email = data.get('new_email') if new_email is None: return False if User.query.filter_by(email=new_email).first() is not None: return False user.email = new_email else: return False db.session.commit() return True
def verify_reset_token(token): s = Serializer(current_app.secret_key) try: user_id = s.loads(token)['user_id'] except: return None return User.query.get(user_id)
def verify_auth_token(token): s = Serializer(FlaskApp().app.config['SECRET_KEY']) try: data = s.loads(token) except SignatureExpired: return None except BadSignature: return None return g.session.query(TUser).get(data['id'])
def verify_auth_token(token): """方法接受的参数是一个令牌, 如果令牌可用就返回对应的用户""" s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return None return User.query.get(data['id'])
def verify_auth_token(token,key): s = Serializer(key) try: data = s.loads(token) except SignatureExpired: return None # valid token, but expired except BadSignature: return None # invalid token user = modelo.findUsuariobyId(data['idUsuario']) return {"idUsuario": user.id_usuario,"idCliente":user.id_cliente}
def confirm(self, token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token.encode('utf-8')) except: return False if data.get('confirm') == self.id: self.confirmed = True db.session.add(self) return True
def verify_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return None uid = data.get('id') if uid: return User.query.get(uid) return None
def verify_auth_token(cls, token): s = Serializer(app.config['SECRET_KEY']) try: data = s.loads(token) except SignatureExpired: return None # valid token, but expired except BadSignature: return None # invalid token user = cls.get(data['id']) return user
def confirm(self, token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except Exception: return False if data.get('confirm') != self.id: return False self.confirmed = True db.session.add(self) return True
def confirm(self, token): s = Serializer(current_app.config["SECRET_KEY"]) try: data = s.loads(token) except: return False if data.get("confirm") != self.id: return False self.confirmed = True db.session.add(self) return True
def confirm(token): s = Serializer(current_app.config['SECRET_KEY']) try: s.loads(token) except BadSignature: return render_template('Link_expired.html') data = s.loads(token) id = data.get('confirm') user = MongoClient().blog.User.find_one({'_id': ObjectId(id)}) if user is None: flash('认证连接无效或已超时。') if user.get('activate'): flash('此账户已激活。') return redirect(url_for('main.index')) MongoClient().blog.User.update({'_id': ObjectId(id)}, {'$set': { 'activate': True }}) time.sleep(1) flash('您已激活您的账户,谢谢!') return redirect(url_for('main.index'))
def reset_password(token, new_password): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token.encode('utf-8')) except: return False user = User.query.filter_by(id=data.get('reset')) if not user: return False user.password = new_password db.session.add(user) return True
def get(self, request, token): serializer = Serializer(settings.SECRET_KEY, 3600) try: info = serializer.loads(token) user_id = info['comfirm'] user = User.objects.get(id=user_id) user.is_active = 1 user.save() return HttpResponse('active succec!', content_type='text/html') except SignatureExpired as e: return HttpResponse('the active url is expired', content_type='text/html')
def verify_auth_token(token): s = Serializer(secret_key) try: data = s.loads(token) except SignatureExpired: # Valid Token, but expired return None except BadSignature: # Invalid Token return None user_id = data['id'] return user_id
def reset_password(self, token, new_password): """Verify the new password for this user.""" s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except (BadSignature, SignatureExpired): return False if data.get('reset') != self.id: return False self.password = new_password db.session.add(self) db.session.commit() return True
def verify_token_for(token): if token == None or len(token) <= 0 : return False serializer = Serializer(SECURITY_PASSWORD_SALT) data = serializer.loads(token,SECURITY_PASSWORD_SALT) if data != None: id = data.id username = data.username email = data.email currentUser = system.user_datastore.find_user(id=id,username=username,email=email) if currentUser != None: return True else: return False return False
def confirm_account(self, token): """Verify that the provided token is for this user's id.""" s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except (BadSignature, SignatureExpired): return False if data.get('confirm') != self.id: return False self.confirmed = True db.session.add(self) db.session.commit() return True
def get(self, request, token): #进行解密 seeializer = Serializer(settings.SECRET_KEY, 3600) try: info = seeializer.loads(token) user_id = info['confirm'] user = User.objects.get(id=user_id) user.is_active = 1 user.save() return redirect(reverse('user:login')) except SignatureExpired as f: return HttpResponse('<h1>链接以失效')
def verify_auth_token(token): """Validate the token whether is night.""" serializer = Serializer(current_app.config['SECRET_KEY']) try: # serializer object already has tokens in itself and wait for # compare with token from HTTP Request /api/posts Method `POST`. data = serializer.loads(token) except SignatureExpired: return None except BadSignature: return None user = User.query.filter_by(id=data['id']).first() return user
def fun(*args, **kwargs): token = request.cookies.get("x-token") if not token: return jsonify({"status": "false", "message": "最好重新登录"}) try: s = Serializer(current_app.config["SECRET_KEY"], expires_in=3600) data = s.loads(token) except BadSignature: return jsonify({'status': "false", 'message': '登录无效'}) except SignatureExpired: return jsonify({'status': "false", 'message': '登录超时'}) # cookie携带的信息有效,根据值查询当前用户 current_user = BuyerUser.query.filter(BuyerUser.username == data["username"]).first() g.current_user = current_user return f(*args, **kwargs)
def wrapper(*args, **kwargs): parser = reqparse.RequestParser() parser.add_argument('token', type=str) args = parser.parse_args() token = args['token'] if token is None: return to_json('token required') s = Serializer(SERECT_KEY) try: data = s.loads(token) except SignatureExpired: return to_json('token expired') except BadSignature: return to_json('token useless') kwargs['id'] = data['id'] return func(*args, **kwargs)
def verify_auth_token(token): """Validate the token whether is night.""" serializer = Serializer( current_app.config['SECRET_KEY']) try: # serializer object already has tokens in itself and wait for # compare with token from HTTP Request /api/posts Method `POST`. data = serializer.loads(token) except SignatureExpired: return None except BadSignature: return None user = User.query.filter_by(id=data['id']).first() return user
def change_email(self, token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token.encode('utf-8')) except: return False if data.get('change_email') != self.id: return False new_email = data.get('new_email') if new_email is None: return False if self.query.filter_by(email=new_email).first(): return False self.email = new_email self.avatar_hash = self.gravatar_hash() db.session.add(self) return True
def verify_auth_token(token: str) -> Optional[object]: serializer = Serializer(SECRET_KEY) try: data = serializer.loads(token) except SignatureExpired: # Valid token, but expired. return None except BadSignature: # Invalid token. return None user = User.query.get(data['id']) return user
def reset_password(token, newpassword): s = Serializer(current_app.config["SECRET_KEY"], str(600)) try: data = s.loads(token) except: return False else: uid = data.get('id') user = User.query.get(uid) user.password = newpassword try: db.session.add(user) db.session.commit() except: db.rollback() return False return True
def change_email(self, token): """Verify the new email for this user.""" s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except (BadSignature, SignatureExpired): return False if data.get('change_email') != self.id: return False new_email = data.get('new_email') if new_email is None: return False if self.query.filter_by(email=new_email).first() is not None: return False self.email = new_email db.session.add(self) db.session.commit() return True
def change_email(self, token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return False if data.get('change_email') != self.id: return False new_email = data.get('new_email') if new_email is None: return False if self.query.filter_by(email=new_email).first() is not None: return False self.email = new_email self.avatar_hash = hashlib.md5( self.email.encode('utf-8')).hexdigest() db.session.add(self) return True
def A(): a = Serializer('mima') token_a = a.dumps('test') print(token_a) b = Serializer('mima') c = b.loads(token_a) print(c) roles_permissions_map = { 'Locked': ['FOLLOW', 'COLLECT'], 'User': ['FOLLOW', 'COLLECT','COMMENT','UPLOAD'], 'Moderator':['FOLLOW','COLLECT','COMMENT','UPLOAD','MODERATE'], 'Administrator':['FOLLOW','COLLECT','COMMENT','UPLOAD','MODERATE','ADMINISTER'] } for key, value in roles_permissions_map.items(): print(key,value)
def check_verify_email_token(token): """token解码及查询user""" # 1.创建加密序列化器对象,设置时长 serializer = Serializer(settings.SECRET_KEY, 24 * 60 * 60) # 2. 调用loads方法对token解密 try: data = serializer.loads(token) except BadData: return None else: # 3 .取出user_id 和email 然后用这两个字段查到唯一的那个用户 user_id = data.get('user_id') email = data.get('email') try: user = User.objects.get(id=user_id, email=email) except User.DoseNotExist: return None else: return user
def verify_auth_token(token): s = Serializer(app.config['SECRET_KEY']) try: data = s.loads(token) except SignatureExpired: return None # valid token, but expired except BadSignature: return None # invalid token user = User.query.get(data['id']) return user # class User(db.Model): # __tablename__ = 'users' # id = db.Column(db.Integer, primary_key = True) # username = db.Column(db.String(32), index = True) # password_hash = db.Column(db.String(128)) # # def hash_password(self, password): # self.password_hash = generate_password_hash(password=password) # # def verify_password(self, password): # return check_password_hash(self.password_hash, password)
from itsdangerous import Serializer if __name__ == '__main__': from itsdangerous import Serializer s = Serializer('secret-key', '36000') a = s.dumps({'rrr': 1}) b = Serializer('secret-key') data = s.loads(a) print(data['rrr']) print(data)
def main(): """Primary CLI application logic.""" try: opts, args = getopt.getopt(sys.argv[1:], "h:v", ["help", "dservers=", "dqueue=", "secret=", "bserver=", "hserver=", "rserver=", "rchannel=", "bfiltername=", "hllname=", "mode=", "sleep="]) except getopt.GetoptError as err: print(str(err)) usage() sys.exit() modes = ("generate", "listen", "check", "adaptive", "initialize", "subscriber") # set defaults mode = None dservers = "localhost:7712,localhost:7711" dqueue = "objbomber" secret = "coolsecretbro" bserver = "localhost:8673" hserver = "localhost:4553" rserver = "localhost:6379" rchannel = "objbomber" bfiltername = "objbomber" hllname = "objbomber" sleep = None userhomedir = os.path.expanduser("~") # flippin' switches... for o, a in opts: if o in ("-h", "--help"): usage() sys.exit() elif o in ("--dservers"): dservers = a elif o in ("--queue"): dqueue = [a] elif o in ("--secret"): secret = a elif o in ("--bserver"): bserver = a elif o in ("--hserver"): hserver = a elif o in ("--rserver"): rserver = a elif o in ("--rchannel"): rchannel = a elif o in ("--bfiltername"): bfiltername = a elif o in ("--hllname"): hllname = a elif o in ("--mode"): if a in modes: mode = a else: usage() sys.exit() elif o in ("--listen"): mode_listen = True elif o in ("--check"): mode_check = True elif o in ("--sleep"): sleep = int(a) else: assert False, "unhandled option" checkdqueue = dqueue + ".check" if sleep in (None, 0): sleep = 0.0001 # mode must be set if not mode: usage() sys.exit() # Handler for the cryptographic signatures # TODO: secret should be "secret" + a version number s = Serializer(secret) # config basics datadir = userhomedir + "/.objbomber" # prepare servers and queue lists dservers = dservers.split(",") bserver = [bserver] hserver = hserver # all modes use Disque logging.info("Connecting to Disque...") disque_client = Client(dservers) disque_client.connect() if mode in ("check", "listen"): logging.info("Creating Bloomd Client...") bloomd_client = BloomdClient(bserver) bfilter = bloomd_client.create_filter(bfiltername) # add pyhlld logging.info("Creating HLLD Client... - not yet used") hlld_client = HlldClient(hserver) hll = hlld_client.create_set(hllname) if mode in ("check", "listen", "generate", "subscriber"): # add redis hll & pubsub logging.info("Creating Redis Client...") rhost, rport = rserver.split(":") redd = redis.StrictRedis(host=rhost, port=rport, db=0) redpubsub = redd.pubsub() if mode in ("subscriber"): redpubsub.subscribe(rchannel) if mode in ("generate"): # TODO: check on how well LevelDB handles # multiple clients db = leveldb.LevelDB(datadir + '/notary') # special mode to handle our first run # TODO: push into a function # TODO: handle filesystem errors # TODO: reconsider using Cement for all of this # TODO: generate an instance GUID if mode == "initialize": UUID = uuid.uuid4() logging.info("Our system UUID is now: %s" % UUID) # TODO: save and load this uuid # check to see if there is a ~/.objbomber directory, quit if there is # TODO: this does not handle errors in initalization logging.info("Checking for .objbomber in %s..." % userhomedir) if os.path.exists(datadir): logging.info("Already been initialized!") # TODO: print some information about how to handle this sys.exit() # TODO: make one os.mkdir(datadir, 0700) # generate our RSA signing key # TODO: make # of bits in key a flag logging.info("Begining to create our notary key.") logging.info("Reading from RNG.") rng = Random.new().read logging.info("Generating RSA key...") privRSAkey = RSA.generate(4096, rng) privPEM = privRSAkey.exportKey() pubRSAkey = privRSAkey.publickey() pubPEM = pubRSAkey.exportKey() logging.info("Key generated.") # save privkey to disk with open(datadir + "/privkey.pem", "w") as keyfile: keyfile.write(privPEM) keyfile.close() os.chmod(datadir + "/privkey.pem", 0700) logging.info("Unencrypted RSA key written to disk.") # save the pubkey with open(datadir + "/pubkey.pem", "w") as keyfile: keyfile.write(pubPEM) keyfile.close() logging.info("Public RSA key written to disk.") logging.info("Creating crypto notary storage.") leveldb.LevelDB(datadir + '/notary') # we absolutely must quit here, or we will get stuck in # an infinate loop sys.exit() # load our secret key (TODO: this is probably better as try/exc) # and build our contexts with open(datadir + "/privkey.pem", "r") as keyfile: privRSAkey = RSA.importKey(keyfile.read()) while True: # TODO: Adaptive Mode - this mode should peek the queues, and # make a decision about where this thread can make the most # impact on its own. if mode == "adaptive": # TODO: Do some queue peeking. # TODO: Make some decisions about which mode to adapt to. pass # TODO: All modes should be placed into functions. # Listen Mode - Listens to the queue, pulls out jobs, # validates the signature, puts them in bloomd if mode == "listen": logging.info("Getting Jobs from Disque.") jobs = disque_client.get_job([dqueue]) print("Got %d jobs." % len(jobs)) for queue_name, job_id, job in jobs: logging.debug("Handling a job: %s" % job) try: job = s.loads(job) logging.debug("Job Authenticated: %s" % job) except: logging.warning("Job did not pass authentication.") disque_client.nack_job(job_id) # add to bloom filter try: bfilter.add(job) except: logging.warning("Job was not added to bloomd.") disque_client.nack_job(job_id) try: hllResponse = hll.add(job) except: logging.warning("Job was not added to hlld.") disque_client.nack_job(job_id) # TODO: add redis HLL support # tell disque that this job has been processed disque_client.ack_job(job_id) # sign the check job job = s.dumps(job) # throw this message on the check queue disque_client.add_job(checkdqueue, job) elif mode == "check": # TODO # Check the secondary disque queue for checks # Ask the bloom filter if they have seen this logging.info("Getting Jobs from Disque.") jobs = disque_client.get_job([checkdqueue]) for queue_name, job_id, job in jobs: logging.debug("Checking: %s" % job) try: job = s.loads(job) except: disque_client.nack_job(job_id) # we don't NACK on failed cache hits if job in bfilter: logging.info("Confirming: %s" % job) else: logging.info("Not found in bloom filter: %s" % job) disque_client.ack_job(job_id) elif mode == "generate": # TODO - where will these messages come from? # for now they will just be random numbers, but # really we should make them objects to really be # testing serialization msg = [random.randint(1000, 1000000), random.randint(1000, 1000000)] # itsdangerous serialization & signing msg = s.dumps(msg) # Now that this message is serialized, we can sign it again with a # public key. # TODO: incorporate saving the signature into the notary records msghash = SHA.new(msg) signer = PKCS1_v1_5.new(privRSAkey) signature = signer.sign(msghash) assert signer.verify(msghash, signature) record = {'message': msg, 'signature': signature} record = pickle.dumps(record) # send the job over to Disque # TODO: add more command line flags for queuing job_id = disque_client.add_job(dqueue, msg) logging.debug("Added a job to Disque: %s" % msg) # publish just the signature on redis pubsub redd.publish(rchannel, signature) # TODO: save the publication in the notary # TODO: do more then just save the signatures # TODO: add a GUID to the key key = datetime.datetime.now().strftime("%Y-%m-%d-%H-%M-%S-%f") db.Put(key, record) # testing the results of leveldb's store, this is a test, and # an expensive test sig2 = db.Get(key) sig2 = pickle.loads(sig2)['signature'] assert signer.verify(msghash, sig2) elif mode == "subscriber": msg = redpubsub.get_message() # TODO: do something useful, like log if msg: print("got a message") time.sleep(sleep)
def verify_auth_token(token): s = Serializer(config.SECRET_KEY) try: data = s.loads(token) except Exception, e: return None
class User(Base): __tablename__ = 'users' id = Column(Integer, primary_key=True) name = Column(String(100)) password = Column(String(500)) salt = Column(String(100)) user = session.query(User).filter_by(name="Josh").first() salt = user.salt signer = Serializer(secretKey, salt=salt) passwordOld = "super new car" password = "******" passwd = signer.dumps(password).split(".")[1] oldPass = user.password if signer.loads("\"" + passwordOld + "\"." + oldPass): print True user.password = passwd session.commit()