def is_authenticated(self):
#Checks for a token, which is required for authentication.
token = session.get('tumblr_token')
if token:
#Checks that the token is valid.
if self.token_hash == make_secure_token(*token):
return True
'''Otherwise, check that the token gets info for a blog,
and is therefore a valid auth for our uname'''
if get_handle() == self.userid:
update_user_tokenhash(self.userid,
make_secure_token(*token))
return True
return False
def test_make_secure_token_default_key(self):
# Old test: 0f05743a2b617b2625362ab667c0dbdf4c9ec13a
# New test with sha512:
h1 = "47bec94a46a5d3939ca0671b01bafd5d7d5353941791734ec1e4734de40e5ce0"
h2 = "a45c05c17cd33b8a18840991bb1cc154fa4ee8ef2f80a572b5a6a24b3a3afc20"
with self.app.test_request_context():
self.assertEqual(make_secure_token('foo'), h1 + h2)
def generate_key(self):
"""Using make_secure_token
https://flask-login.readthedocs.org/en/latest/_modules/flask_login.html#make_secure_token
"""
key = make_secure_token(str(self.user_id), key=str(random.random()))
self.key = key
def get_auth_token(self):
secure_token = make_secure_token(
str(self.id),
self.username,
self.password,
str(self.role))
return secure_token
def login():
response = {'code': 0,
'message': 'Missing parameters (email or password)'}
email = request.form.get('email')
password = request.form.get('password')
if not email or not password:
return make_response(jsonify(response), 400)
user = User.query.filter_by(email=email, password=password).first()
if user is not None:
timestamp = (datetime.datetime.utcnow() +
datetime.timedelta(days=1)).timestamp()
token = make_secure_token(email, password, str(timestamp))
timestamp = int(timestamp)
db.session.add(Session(id=user.id, timestamp=timestamp, token=token))
db.session.commit()
response = {'code': 1,
'message': 'OK',
'data': {'token': token,
'expirationTimestamp': timestamp}}
else:
user = User.query.filter_by(email=email).first()
if user:
response = {'code': 0,
'message': 'Invalid password'}
else:
response = {'code': 0,
'message': 'User does not exist'}
if response['code'] is 1:
return make_response(jsonify(response), 200)
return make_response(jsonify(response), 401)
def verify_and_authenticate(self):
now = datetime.utcnow()
self.verified = True
self.verified_at = now
self.signin_token = make_secure_token(uuid.uuid4().hex)
self.authenticated = True
self.lastsignin_at = now
self.updated_at = now
def get_secure_token(self):
"""
Returns a secure token for each user generated from its user name.
In order to get HMAC compliance this can be modified to be generatd from:
username + email + SECRET_KEY
make_secure_token(self.username + self.email + SECRET_KEY, key='deterministic')
"""
return make_secure_token(self.username, key='deterministic')
def set_remember_token(user):
"""Create and save a new remember token for an authentiated user.
Session tokens are created using the username encrypted with the
app's secret key via HMAC.
"""
token = make_secure_token(user.id)
user.remember_token = token
database.set('remember_token', token, user.id)
def get_auth_token(self):
"""
See https://flask-login.readthedocs.org/en/latest/#alternative-tokens
:return: A secure token unique to this ``User`` with the current
``password_hash``.
:rtype: string
"""
return make_secure_token(self.email, self.password_hash)
def get_auth_token(self):
"""
See https://flask-login.readthedocs.org/en/latest/#alternative-tokens
:return: A secure token unique to this ``User`` with the current
``password_hash``.
:rtype: string
"""
return make_secure_token(self.email, self.password_hash)
def get_secure_token(self):
"""
Returns a secure token for each user generated from its user name.
In order to get HMAC compliance this can be modified to be generatd from:
username + email + SECRET_KEY
make_secure_token(self.username + self.email + SECRET_KEY, key='deterministic')
"""
return make_secure_token(self.username, key='deterministic')
def set_remember_token(user):
"""Create and save a new remember token for an authentiated user.
Session tokens are created using the username encrypted with the
app's secret key via HMAC.
"""
token = make_secure_token(user.id)
user.remember_token = token
database.set('remember_token', token, user.id)
def validate(email):
email = email.strip()
user = User.query.filter_by(email=email).first()
if user and not user.verified:
token = make_secure_token(uuid.uuid4().hex)
user.verification_token = token,
user.verification_token_expires_at = datetime.utcnow() + timedelta(
days=1)
db.session.commit()
return user
def refresh_password_reset_token(email):
email = email.strip()
user = User.query.filter_by(email=email).first()
if user and not user.banned:
token = make_secure_token(uuid.uuid4().hex)
user.password_reset_token = token,
user.password_reset_token_expires_at = datetime.utcnow(
) + timedelta(minutes=15)
db.session.commit()
return user
def test_get_auth_token(self):
"""
Authentication tokens are created using Flask-Login's
``make_secure_token`` function and the email address and password of
the user.
"""
user = User(email='email', password_hash='password_hash')
with app.app_context():
self.assertEqual(user.get_auth_token(),
make_secure_token('email', 'password_hash'))
def test_get_auth_token(self):
"""
Authentication tokens are created using Flask-Login's
``make_secure_token`` function and the email address and password of
the user.
"""
user = User(email='email', password_hash='password_hash')
with app.app_context():
self.assertEqual(user.get_auth_token(),
make_secure_token('email', 'password_hash'))
def add_oauth_identity(self, service_name, service_id):
try:
oauth_id, created = OAuthIdentity.get_or_create(
name=service_name, service_id=service_id, user_id=self.id)
self.auth_token = make_secure_token(service_name, service_id)
save()
return created
except Exception:
rollback()
return False
def after_login(resp):
user = User.from_openid(resp.identity_url)
if user is None:
# Create a new user account.
user = User.new(**{"email": resp.email,
"fullname": resp.fullname,
"token": login_ext.make_secure_token(os.urandom(4),
resp.email,
os.urandom(4)),
"openid": resp.identity_url})
login_ext.login_user(user)
return flask.redirect(oid.get_next_url())
def signup(form):
email = form.email.data.strip()
username = form.username.data.strip()
token = make_secure_token(uuid.uuid4().hex)
user = User(username=username,
email=email,
password=bcrypt.generate_password_hash(
form.password.data.strip()),
verification_token=token,
verification_token_expires_at=datetime.utcnow() +
timedelta(days=1))
db.session.add(user)
db.session.commit()
return username, email, token
def check_link(email, timestamp, token):
try:
timestamp = int(timestamp)
except:
timestamp = 0
diff = time.time() - timestamp
if diff > 60:
UserBiz.delete_unactivated_user(email)
raise DaixieError(LINK_OVERDUE)
if token != make_secure_token(email, str(timestamp)):
raise DaixieError(LINK_INVALID)
return True
def test_custom_token_loader(self):
@self.login_manager.token_loader
def load_token(token):
return USER_TOKENS.get(token)
with self.app.test_client() as c:
c.get('/login-notch-remember')
self._delete_session(c)
# Test that remember me functionality still works
self.assertEqual(u'Notch', c.get('/username').data.decode('utf-8'))
# Test that we used the custom authentication token
remember_cookie = self._get_remember_cookie(c)
expected_value = make_secure_token(u'Notch', key='deterministic')
self.assertEqual(expected_value, remember_cookie.value)
def add_user(cls, name, email, oauth_service_name, oauth_service_id):
try:
user, created = User.get_or_create(name=name, email=email)
if created:
user.user_level = default_user_level()
user.auth_token = make_secure_token(
args=[oauth_service_name, oauth_service_id],
key="deterministic")
save()
oauth_id, created = OAuthIdentity.get_or_create(
name=oauth_service_name,
service_id=oauth_service_id,
user_id=user.id)
if created:
save()
return user, created
except Exception as e:
print e.message
rollback()
def create_user(session, username, password, email):
user = session.query(User).filter(User.name == username).first()
if user is not None:
return None
else:
user = {
'name': username,
'display_name': username,
'email': email,
'avatar': 'new_user.png',
'approved': False,
'timezone': 'UTC',
'password': bcrypt.hashpw(password, bcrypt.gensalt(12))
}
user['token'] = make_secure_token(user['name'], user['password'])
user = User(**user)
session.add(user)
session.flush()
return user
def create_user(session, username, password, email):
user = session.query(User).filter(User.name==username).first()
if user is not None:
return None
else:
user = {
'name': username,
'display_name': username,
'email': email,
'avatar': 'new_user.png',
'approved': False,
'timezone': 'UTC',
'password': bcrypt.hashpw(password, bcrypt.gensalt(12))
}
user['token'] = make_secure_token(user['name'], user['password'])
user = User(**user)
session.add(user)
session.flush()
return user
def get_auth_token(self):
return make_secure_token(self.name, self.password)
def set_secure_token(self):
secure_token = make_secure_token(self.email)
def get_tokenhash():
token = session.get('tumblr_token')
if token:
return make_secure_token(*token)
else:
return ''
def get_auth_token(self):
"""Generate an authentication token."""
return make_secure_token(self.uid, self.username, self.password)
@auth_routes.route('/authorize_ios', methods=['POST'])
def authorize_iOS():
""" User login/auth/session management """
username = request.form.get('username', '')
password = request.form.get('password', '')
user = None
try:
user = User.from_login(username, password)
except StormpathError, err:
pass
if user:
app_user = AppUser.query.get(stormpathUserHash(user.get_id()))
t = make_secure_token(username + password)
if app_user.ios_token != t:
app_user.set_ios_token(t)
return jsonify({ 'username': user.username,
'user_id': app_user.user_id,
'authenticated': True,
'ios_token': t
})
else:
return jsonify({ 'username': username,
'authenticated': False,
'ios_token': None
})
@auth_routes.route('/logout')
@login_required
def get_auth_token(self):
a = make_secure_token(str(self.id), self.password)
print a
return a
__author__ = 'izavaleta'
from flask.ext.login import make_secure_token
import requests
import json
# newuser = {'username': '******', 'password': '******', 'email': '*****@*****.**'}
# r = requests.post('http://127.0.0.1:5000/add/user', data=json.dumps(newuser),
# headers={'content-type': 'application/json'})
for i in range(1, 11):
print "User: user%i token: %s " % (
i, make_secure_token("user%i" % i, key="deterministic"))
def get_auth_token(self):
return make_secure_token("123456")
def test_make_secure_token_default_key(self):
with self.app.test_request_context():
self.assertEqual(make_secure_token('foo'),
'0f05743a2b617b2625362ab667c0dbdf4c9ec13a')
def get_auth_token(self): if not self.token: self.token = make_secure_token(self.username, self.pwhash, os.urandom(1024)) return self.token
def token_password(self, key, value):
return make_secure_token(value)
def get_secure_token(*args, **kwargs):
return make_secure_token(*args, **kwargs)
def get_auth_token(self):
return make_secure_token(self.userid, key=secret_key)
def get_auth_token(self):
"""Generate an authentication token."""
return make_secure_token(self.uid, self.username, self.password)
def get_auth_token(self):
return make_secure_token(self.username)
def test_make_secure_token_default_key(self):
with self.app.test_request_context():
self.assertEqual(make_secure_token("foo"), "0f05743a2b617b2625362ab667c0dbdf4c9ec13a")
def send_activate_email(id, email):
timestamp = '%d' % time.time()
token = make_secure_token(email, timestamp)
url = url_for('general.activate', id=id, email=email, timestamp=timestamp, token=token, _external=True)
return EmailBiz.send_activate_email(id, email, url, u'30分钟')
def check_auth(cls, username, password):
password = make_secure_token(password)
return cls.query.filter_by(username=username, password=password) \
.first()
def get_auth_token(self):
rv = lm.make_secure_token(self.username + self.password)
app.logger.debug(rv)
return rv
def get_auth_token(self):
if not self.token:
self.token = make_secure_token(self.username, self.pwhash,
os.urandom(1024))
return self.token
__author__ = 'izavaleta'
from flask.ext.login import make_secure_token
import requests
import json
# newuser = {'username': '******', 'password': '******', 'email': '*****@*****.**'}
# r = requests.post('http://127.0.0.1:5000/add/user', data=json.dumps(newuser),
# headers={'content-type': 'application/json'})
for i in range(1, 11):
print "User: user%i token: %s " % (i, make_secure_token("user%i" % i, key="deterministic"))
def get_auth_token(self):
return make_secure_token(self.email, str(self.id), self.password)
def update_auth_token(self):
self.auth_token = make_secure_token(self.email, self.name)
def get_auth_token(self):
return make_secure_token(self.username, self.password)
@auth_routes.route('/authorize_ios', methods=['POST'])
def authorize_iOS():
""" User login/auth/session management """
username = request.form.get('username', '')
password = request.form.get('password', '')
user = None
try:
user = User.from_login(username, password)
except StormpathError, err:
pass
if user:
app_user = AppUser.query.get(stormpathUserHash(user.get_id()))
t = make_secure_token(username + password)
if app_user.ios_token != t:
app_user.set_ios_token(t)
return jsonify({
'username': user.username,
'user_id': app_user.user_id,
'authenticated': True,
'ios_token': t
})
else:
return jsonify({
'username': username,
'authenticated': False,
'ios_token': None
})
def get_auth_token(self):
return make_secure_token(self.name, key='deterministic')
def generate_auth_token(self):
if (self.email is not None and self.username is not None and
self.password_hash is not None):
return make_secure_token(self.email, self.username,
self.password_hash)
return None
def randomize_auth_token(self):
self.auth_token = make_secure_token(
generate_password_hash(current_app.config['SECRET_KEY']))
def get_auth_token(self):
secure_token = make_secure_token(str(self.id), self.username,
self.password, str(self.role))
return secure_token
