def validate_answer(self, answer, team):
"""Validate the nonce-based flag."""
try:
decoded_answer = self._decode(answer)
except TypeError:
app.logger.error('Invalid padding for answer.')
return False
if len(decoded_answer) != (
self.NONCE_BITS + self.AUTHENTICATOR_BITS) // 8:
app.logger.error('Invalid length of decoded answer in %s',
type(self).__name__)
return False
nonce = decoded_answer[:self.NONCE_BITS//8]
authenticator = decoded_answer[self.NONCE_BITS//8:]
if not utils.compare_digest(authenticator,
self.compute_authenticator(nonce)):
app.logger.error('Invalid nonce flag: %s', answer)
return False
# At this point, it's a valid flag, but need to check for reuse.
# We do this by inserting and primary key checks will fail in the
# commit phase.
if team:
models.NonceFlagUsed.create(
self.challenge, self.unpack_nonce(nonce),
team)
return True
def validate_answer(self, answer, team):
"""Validate the nonce-based flag."""
try:
decoded_answer = self._decode(answer)
except TypeError:
app.logger.error('Invalid padding for answer.')
return False
if len(decoded_answer) != (self.NONCE_BITS +
self.AUTHENTICATOR_BITS) // 8:
app.logger.error('Invalid length of decoded answer in %s',
type(self).__name__)
return False
nonce = decoded_answer[:self.NONCE_BITS // 8]
authenticator = decoded_answer[self.NONCE_BITS // 8:]
if not utils.compare_digest(authenticator,
self.compute_authenticator(nonce)):
app.logger.error('Invalid nonce flag: %s', answer)
return False
# At this point, it's a valid flag, but need to check for reuse.
# We do this by inserting and primary key checks will fail in the
# commit phase.
if team:
models.NonceFlagUsed.create(self.challenge,
self.unpack_nonce(nonce), team)
return True
def verify_token(self, token, token_type='pwreset'):
"""Verify a user-specific token."""
token = utils.to_bytes(token)
try:
decoded = base64.urlsafe_b64decode(token)
expires, mac = decoded.split(b':', 1)
except ValueError:
raise errors.ValidationError('Invalid token.')
if float(expires) < time.time():
raise errors.ValidationError('Expired token.')
expected = self.get_token(token_type=token_type, expires=int(expires))
if not utils.compare_digest(expected, token):
raise errors.ValidationError('Invalid token.')
return True
def verify_token(self, token, token_type='pwreset'):
"""Verify a user-specific token."""
token = utils.to_bytes(token)
try:
decoded = base64.urlsafe_b64decode(token)
expires, mac = decoded.split(b':', 1)
except ValueError:
raise errors.ValidationError('Invalid token.')
if float(expires) < time.time():
raise errors.ValidationError('Expired token.')
expected = self.get_token(token_type=token_type, expires=int(expires))
if not utils.compare_digest(expected, token):
raise errors.ValidationError('Invalid token.')
return True
def validate_answer(self, answer, unused_team):
if not self.challenge.answer_hash:
return False
return utils.compare_digest(
pbkdf2.crypt(answer, self.challenge.answer_hash),
self.challenge.answer_hash)
def validate_answer(self, answer, team):
if not team:
return False
return utils.compare_digest(self.construct_mac(team), answer)
def validate_answer(self, answer, unused_team):
if not self.challenge.answer_hash:
return False
return utils.compare_digest(
pbkdf2.crypt(answer, self.challenge.answer_hash),
self.challenge.answer_hash)
def validate_answer(self, answer, team):
if not team:
return False
return utils.compare_digest(
self.construct_mac(team),
answer)
