Esempio n. 1
0
    def decrypt(self, request, sessionid):
        """ Avoid showing plain sessionids 
            Optionally require that a referer exists and matches the 
            whitelist, or reset the session
        """
        if not sessionid:
            return ''

        (nonce, sessionid) = sessionid.split(':', 1)
        sessionid = self.xor(nonce, sessionid.decode('base64'))

        secret = self._secret(request)
        if self.settings.get('HOSTS', []):
            referer = request.META.get('HTTP_REFERER', 'None')
            if referer == 'None':
                # End session unless a referer is passed
                return ''
            url = urlparse(referer)
            if url.hostname not in self.settings['HOSTS']:
                err = '%s is unauthorised' % url.hostname
                raise Exception(err)

        session_key = crypt(secret, sessionid.decode('base64'))
        try:
            return unicode(session_key)
        except:
            return ''
Esempio n. 2
0
    def decrypt(self, request, sessionid):
        """ Avoid showing plain sessionids 
            Optionally require that a referer exists and matches the 
            whitelist, or reset the session
        """
        if not sessionid:
            return ''

        (nonce,sessionid) = sessionid.split(':', 1)
        sessionid = self.xor(nonce, sessionid.decode('base64'))

        secret = self._secret(request)
        if self.settings.get('HOSTS', []):
            referer = request.META.get('HTTP_REFERER', 'None')
            if referer == 'None':
                # End session unless a referer is passed
                return ''
            url = urlparse(referer)
            if url.hostname not in self.settings['HOSTS']:
                err = '%s is unauthorised' % url.hostname
                raise Exception(err)
        
        session_key = crypt(secret, sessionid.decode('base64'))
        try:
            return unicode(session_key)
        except:
            return ''
Esempio n. 3
0
    def encrypt(self, request, sessionid):
        """ Avoid showing plain sessionids 
            Use base64 - but strip the line return it adds
        """
        if not sessionid:
            return ''

        secret = self._secret(request)
        session_key = crypt(secret, sessionid).encode('base64')
        nonce = self._random_string_generator(20)
        session_key = self.xor(nonce, session_key).encode('base64')

        if session_key.endswith("\n"):
            session_key = session_key[:-1]

        return "%s:%s" % (nonce, session_key)
Esempio n. 4
0
    def encrypt(self, request, sessionid):
        """ Avoid showing plain sessionids 
            Use base64 - but strip the line return it adds
        """  
        if not sessionid:
            return ''
        
        secret = self._secret(request)
        session_key = crypt(secret, sessionid).encode('base64')
        nonce = self._random_string_generator(20)
        session_key = self.xor(nonce, session_key).encode('base64')

        if session_key.endswith("\n"):
            session_key = session_key[:-1]

        return "%s:%s" % (nonce, session_key)
Esempio n. 5
0
 def _secret(self, request):
     """ optionally make secret client or url dependent
         NB: Needs to be at least 16 characters so add secret to META data
     """
     secret = self.secret
     specific = ''
     if self.settings.get('URL_SPECIFIC', False):
         specific += request.META.get('SERVER_NAME', '')
         specific += request.META.get('PATH_INFO', '')
     if self.settings.get('CLIENT_ID', False):
         specific += request.META.get('REMOTE_ADDR', '127.0.0.1')
         specific += request.META.get('HTTP_USER_AGENT', 'unknown browser')
     if specific:
         secret = crypt(secret, specific + self.secret)
         new_secret = ''
         # Grab ascii from the whole specific string
         for i in range(0, len(secret), int(len(secret) / 16)):
             try:
                 new_secret += secret[i].encode('ascii')
             except:
                 new_secret += secret[i].encode('base64')[0]
         secret = new_secret[:16]
     return secret
Esempio n. 6
0
 def _secret(self, request):
     """ optionally make secret client or url dependent
         NB: Needs to be at least 16 characters so add secret to META data
     """
     secret = self.secret
     specific = ''
     if self.settings.get('URL_SPECIFIC', False):
         specific += request.META.get('SERVER_NAME', '')
         specific += request.META.get('PATH_INFO', '')
     if self.settings.get('CLIENT_ID', False):
         specific += request.META.get('REMOTE_ADDR', '127.0.0.1') 
         specific += request.META.get('HTTP_USER_AGENT', 'unknown browser')
     if specific:
         secret = crypt(secret, specific + self.secret) 
         new_secret = ''
         # Grab ascii from the whole specific string 
         for i in range(0, len(secret), int(len(secret)/16)):
             try:
                 new_secret += secret[i].encode('ascii') 
             except:
                 new_secret += secret[i].encode('base64')[0] 
         secret = new_secret[:16]
     return secret