Esempio n. 1
0
def google_oauth2_csrf(request, value):
    # type: (HttpRequest, str) -> str
    # In Django 1.10, get_token returns a salted token which changes
    # everytime get_token is called.
    from django.middleware.csrf import _unsalt_cipher_token
    token = _unsalt_cipher_token(get_token(request))
    return hmac.new(token.encode('utf-8'), value.encode("utf-8"), hashlib.sha256).hexdigest()
Esempio n. 2
0
def renew_csrf(window_info):
    if not window_info.csrf_cookie:
        csrf_secret = _get_new_csrf_string()
        window_info.csrf_cookie = _salt_cipher_secret(csrf_secret)
    else:
        csrf_secret = _unsalt_cipher_token(window_info.csrf_cookie)
    value = _salt_cipher_secret(csrf_secret)
    scall(window_info, "df.validate.update_csrf", to=[WINDOW], value=value)
Esempio n. 3
0
def google_oauth2_csrf(request, value):
    # type: (HttpRequest, str) -> HttpResponse
    # In Django 1.10, get_token returns a salted token which changes
    # everytime get_token is called.
    try:
        from django.middleware.csrf import _unsalt_cipher_token
        token = _unsalt_cipher_token(get_token(request))
    except ImportError:
        token = get_token(request)

    return hmac.new(token.encode('utf-8'), value.encode("utf-8"),
                    hashlib.sha256).hexdigest()
Esempio n. 4
0
 def unsalt_token(token):
     return _unsalt_cipher_token(token)
Esempio n. 5
0
def google_oauth2_csrf(request: HttpRequest, value: str) -> str:
    # In Django 1.10, get_token returns a salted token which changes
    # every time get_token is called.
    from django.middleware.csrf import _unsalt_cipher_token
    token = _unsalt_cipher_token(get_token(request))
    return hmac.new(token.encode('utf-8'), value.encode("utf-8"), hashlib.sha256).hexdigest()
Esempio n. 6
0
 def unsalt_token(token):
     return _unsalt_cipher_token(token)
Esempio n. 7
0
 def compare_sanitized_tokens(request_csrf_token, csrf_token):
     return constant_time_compare(
         _unsalt_cipher_token(request_csrf_token),
         _unsalt_cipher_token(csrf_token))