def test_cant_decode_token_with_wrong_key(): token = generate_token({ "key1": "value1", "key2": "value2"}, secret_key=TEST_SECRET_KEY, salt="1234567890") with pytest.raises(InvalidToken): decode_token(token, 'WrongKeyWrongKeyWrongKeyWrongKeyWrongKeyXXX=', '1234567890')
def decode_reset_password_token(token): data = decode_token(token, current_app.config['SECRET_KEY'], current_app.config['RESET_PASSWORD_SALT'], 1 * ONE_DAY_IN_SECONDS) timestamp = parse_fernet_timestamp(token) email_address = data.get('email_address', None) if email_address is None: raise ValueError( "Required argument email address was not returned from token decoding" ) user = User.query.filter(User.email_address == email_address).first() user_last_changed_password_at = user.password_changed_at """ timestamp of token returned from parse_fernet_timestamp does not use ms, User model does so if you compare these two immediately - like you will in a test, this will return a false positive """ if timestamp < user_last_changed_password_at.replace(microsecond=0): current_app.logger.info( "Token generated earlier than password was last changed") raise InvalidToken( "Token generated earlier than password was last changed") return data
def decode_user_token(token): data = decode_token( token, current_app.config['SECRET_KEY'], current_app.config['SUPPLIER_INVITE_TOKEN_SALT'], 14 * ONE_DAY_IN_SECONDS ) return data
def test_can_generate_token(): token = generate_token({ "key1": "value1", "key2": "value2" }, secret_key=TEST_SECRET_KEY, salt="1234567890") token = decode_token(token, TEST_SECRET_KEY, '1234567890') assert {"key1": "value1", "key2": "value2"} == token
def decode_creation_token(token): try: data = decode_token(token, current_app.config['SECRET_KEY'], current_app.config['SIGNUP_INVITATION_TOKEN_SALT'], 14 * ONE_DAY_IN_SECONDS) except InvalidToken: raise InvalidToken if not set(('name', 'email_address')).issubset(set(data.keys())): raise InvalidToken return data
def decode_user_creation_token(token): data = decode_token(token, current_app.config['SECRET_KEY'], current_app.config['SIGNUP_INVITATION_TOKEN_SALT'], 14 * ONE_DAY_IN_SECONDS) # snake case is required for tokens created with future api if not set(('name', 'email_address')).issubset(set(data.keys())): # TODO: remove legacy camel case check when old invites are no longer active - 1W if not set(('name', 'emailAddress')).issubset(set(data.keys())): raise InvalidToken raise InvalidToken return data