Esempio n. 1
0
    def create_signature(cls, method, base, params, consumer_secret, token_secret=''):
        """
        Returns HMAC-SHA1 signature
        as specified at: http://oauth.net/core/1.0a/#rfc.section.9.2
        
        :param str method:
            HTTP method of the request to be signed.
            
        :param str base:
            Base URL of the request without query string an fragment.
            
        :param dict params:
            Dictionary or list of tuples of the request parameters.
            
        :param str consumer_secret:
            :attr:`.core.Consumer.secret`
            
        :param str token_secret:
            Access token secret as specified in http://oauth.net/core/1.0a/#anchor3.
        
        :returns:
            The signature string.
        """
        
        base_string = _create_base_string(method, base, params)
        key = cls._create_key(consumer_secret, token_secret)

        hashed = hmac.new(six.b(key), base_string.encode('utf-8'), hashlib.sha1)


        base64_encoded = binascii.b2a_base64(hashed.digest())[:-1]
        
        return base64_encoded
Esempio n. 2
0
    def create_signature(cls, method, base, params, consumer_secret, token_secret=''):
        """
        Returns HMAC-SHA1 signature
        as specified at: http://oauth.net/core/1.0a/#rfc.section.9.2
        
        :param str method:
            HTTP method of the request to be signed.
            
        :param str base:
            Base URL of the request without query string an fragment.
            
        :param dict params:
            Dictionary or list of tuples of the request parameters.
            
        :param str consumer_secret:
            :attr:`.core.Consumer.secret`
            
        :param str token_secret:
            Access token secret as specified in http://oauth.net/core/1.0a/#anchor3.
        
        :returns:
            The signature string.
        """
        
        base_string = _create_base_string(method, base, params)
        key = cls._create_key(consumer_secret, token_secret)

        hashed = hmac.new(six.b(key), base_string.encode('utf-8'), hashlib.sha1)


        base64_encoded = binascii.b2a_base64(hashed.digest())[:-1]
        
        return base64_encoded
Esempio n. 3
0
 def csrf_generator(secret):
     """
     Generates CSRF token.
     
     Inspired by this article: http://blog.ptsecurity.com/2012/10/random-number-security-in-python.html
             
     :returns:
         :class:`str` Random unguessable string.
     """
     
     # Create hash from random string plus salt.
     hashed = hashlib.md5(uuid.uuid4().bytes + six.b(secret)).hexdigest()
     
     # Each time return random portion of the hash.
     span = 5
     shift = random.randint(0, span)     
     return hashed[shift:shift - span - 1]
Esempio n. 4
0
    def csrf_generator(secret):
        """
        Generates CSRF token.
        
        Inspired by this article: http://blog.ptsecurity.com/2012/10/random-number-security-in-python.html
                
        :returns:
            :class:`str` Random unguessable string.
        """

        # Create hash from random string plus salt.
        hashed = hashlib.md5(uuid.uuid4().bytes + six.b(secret)).hexdigest()

        # Each time return random portion of the hash.
        span = 5
        shift = random.randint(0, span)
        return hashed[shift:shift - span - 1]
Esempio n. 5
0
 def _authorization_header(cls, credentials):
     """
     Creates authorization headers if the provider supports it.
     See: http://en.wikipedia.org/wiki/Basic_access_authentication.
     
     :param credentials:
         :class:`.Credentials`
     
     :returns:
         Headers as :class:`dict`.
     """
     
     if cls._x_use_authorization_header:
         res = ':'.join((credentials.consumer_key, credentials.consumer_secret))
         res = base64.b64encode(six.b(res)).decode()
         return {'Authorization': 'Basic {0}'.format(res)}
     else:
         return {}
Esempio n. 6
0
 def _authorization_header(cls, credentials):
     """
     Creates authorization headers if the provider supports it.
     See: http://en.wikipedia.org/wiki/Basic_access_authentication.
     
     :param credentials:
         :class:`.Credentials`
     
     :returns:
         Headers as :class:`dict`.
     """
     
     if cls._x_use_authorization_header:
         res = ':'.join((credentials.consumer_key, credentials.consumer_secret))
         res = base64.b64encode(six.b(res)).decode()
         return {'Authorization': 'Basic {0}'.format(res)}
     else:
         return {}