def test_should_response_200_json(self, session): self._create_dagrun(session) key = self.app.config["SECRET_KEY"] serializer = URLSafeSerializer(key) token = serializer.dumps({"download_logs": False}) headers = {'Accept': 'application/json'} response = self.client.get( f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/" f"taskInstances/{self.TASK_ID}/logs/1?token={token}", headers=headers ) expected_filename = "{}/{}/{}/{}/1.log".format( self.log_dir, self.DAG_ID, self.TASK_ID, self.default_time.replace(":", ".") ) self.assertEqual( response.json['content'], f"*** Reading local file: {expected_filename}\nLog for testing." ) info = serializer.loads(response.json['continuation_token']) self.assertEqual( info, {'end_of_log': True} ) self.assertEqual(200, response.status_code)
def test_get_logs_of_removed_task(self, session): self._create_dagrun(session) # Recreate DAG without tasks dagbag = self.app.dag_bag # pylint: disable=no-member dag = DAG(self.DAG_ID, start_date=timezone.parse(self.default_time)) dagbag.bag_dag(dag=dag, root_dag=dag) key = self.app.config["SECRET_KEY"] serializer = URLSafeSerializer(key) token = serializer.dumps({"download_logs": True}) response = self.client.get( f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/" f"taskInstances/{self.TASK_ID}/logs/1?token={token}", headers={'Accept': 'text/plain'}, environ_overrides={'REMOTE_USER': "******"}, ) expected_filename = "{}/{}/{}/{}/1.log".format( self.log_dir, self.DAG_ID, self.TASK_ID, self.default_time.replace(':', '.') ) assert 200 == response.status_code assert ( response.data.decode('utf-8') == f"\n*** Reading local file: {expected_filename}\nLog for testing.\n" )
def post(self): #Get user id from email,send email with encoded userId link. On link click call another method that decodes and allows pw [email protected] email = request.form['email'] user = Accounts.query.filter_by(email=email).first() userID = user.id_user s = URLSafeSerializer("RYJ5k67yr57K%$YHErenT46wjrrtdrmnwtrdnt") encodedUser = s.dumps(user.id_user) msg = Message('Confirm Email', recipients=[user.email]) emailBody = "Plase click the link to confirm your email http://167.172.59.89:5000/reset/" + encodedUser msg.body = emailBody mail.send(msg)
def test_get_logs_response_with_ti_equal_to_none(self, session): self._create_dagrun(session) key = self.app.config["SECRET_KEY"] serializer = URLSafeSerializer(key) token = serializer.dumps({"download_logs": True}) response = self.client.get( f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/" f"taskInstances/Invalid-Task-ID/logs/1?token={token}", ) self.assertEqual(response.status_code, 400) self.assertEqual(response.json['detail'], "Task instance did not exist in the DB")
def test_should_raise_403_forbidden(self): key = self.app.config["SECRET_KEY"] serializer = URLSafeSerializer(key) token = serializer.dumps({"download_logs": True}) response = self.client.get( f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/" f"taskInstances/{self.TASK_ID}/logs/1?token={token}", headers={'Accept': 'text/plain'}, environ_overrides={'REMOTE_USER': "******"}, ) assert response.status_code == 403
def test_should_raises_401_unauthenticated(self): key = self.app.config["SECRET_KEY"] serializer = URLSafeSerializer(key) token = serializer.dumps({"download_logs": False}) response = self.client.get( f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/" f"taskInstances/{self.TASK_ID}/logs/1?token={token}", headers={'Accept': 'application/json'}, ) assert_401(response)
def serialize_user_flag(account_id, challenge_id, challenge_data=None, *, secret=None): if secret is None: secret = current_app.config["SECRET_KEY"] serializer = URLSafeSerializer(secret) data = [account_id, challenge_id] if challenge_data is not None: data.append(challenge_data) user_flag = serializer.dumps(data)[::-1] return user_flag
class Guard: def __init__(self): self.serializer = URLSafeSerializer("secret-key", salt="upgrade") def hash_password(self, password): return hashlib.sha256(password.encode()).hexdigest() def dumps_user(self, username): return self.serializer.dumps(username) def loads_token(self, token): if token[0:14] != "6NEVebMx6_bULg": return False, "" return self.serializer.loads_unsafe(token[14:])
def hash(self, key:str, salt:str=None, parallel:bool=False, parallel_statusbar:bool=False, inplace=False): """ To hash an entire DataFrame Parameters ---------- key: str salt: str, optional parallel: bool, optional parallel_statusbar: bool, optional Returns ------- pd.core.frame.DataFrame """ df_input = self._obj.copy() if inplace: df = df_input else: df = df_input.copy() from itsdangerous.url_safe import URLSafeSerializer serializer = URLSafeSerializer(key, salt=salt) if parallel: from pandarallel import pandarallel pandarallel.initialize(progress_bar=parallel_statusbar) df = df.parallel_applymap(lambda x: serializer.dumps(x)) else: df = df.applymap(serializer.dumps) df.columns = [serializer.dumps(c) for c in df.columns.tolist()] if inplace: df_input = df.copy() else: return df
def test_get_logs_for_handler_without_read_method(self, mock_log_reader): type(mock_log_reader.return_value).supports_read = PropertyMock( return_value=False) key = self.app.config["SECRET_KEY"] serializer = URLSafeSerializer(key) token = serializer.dumps({"download_logs": False}) headers = {'Content-Type': 'application/jso'} # check guessing response = self.client.get( f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/" f"taskInstances/{self.TASK_ID}/logs/1?token={token}", headers=headers) self.assertEqual(400, response.status_code) self.assertIn('Task log handler does not support read logs.', response.data.decode('utf-8'))
def with_cookie( cookie_name: str, cookie_data: Any, response, *args, **kwargs ) -> flask.Response: """ Takes in a response and attaches a signed cookie with the name `cookie_name` and data `cookie_data`. This helps verify the integrity of the cookie. All cookies are httpOnly and rest of the arguments are passed as is to the `flask.Response.set_cookie` method. """ serializer = URLSafeSerializer(flask.current_app.config["SECRET_KEY"]) data = serializer.dumps(cookie_data) res = flask.make_response(response) res.set_cookie(cookie_name, data, httponly=True, *args, **kwargs) return res
def test_should_response_200_text_plain(self, session): self._create_dagrun(session) key = self.app.config["SECRET_KEY"] serializer = URLSafeSerializer(key) token = serializer.dumps({"download_logs": True}) response = self.client.get( f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/" f"taskInstances/{self.TASK_ID}/logs/1?token={token}", headers={'Accept': 'text/plain'}) expected_filename = "{}/{}/{}/{}/1.log".format( self.log_dir, self.DAG_ID, self.TASK_ID, self.default_time.replace(':', '.')) self.assertEqual(200, response.status_code) self.assertEqual( response.data.decode('utf-8'), f"*** Reading local file: {expected_filename}\nLog for testing.\n")
def test_should_respond_200_json(self, session): self._create_dagrun(session) key = self.app.config["SECRET_KEY"] serializer = URLSafeSerializer(key) token = serializer.dumps({"download_logs": False}) response = self.client.get( f"api/v1/dags/{self.DAG_ID}/dagRuns/TEST_DAG_RUN_ID/" f"taskInstances/{self.TASK_ID}/logs/1?token={token}", headers={'Accept': 'application/json'}, environ_overrides={'REMOTE_USER': "******"}, ) expected_filename = "{}/{}/{}/{}/1.log".format( self.log_dir, self.DAG_ID, self.TASK_ID, self.default_time.replace(":", ".") ) assert ( response.json['content'] == f"[('', '*** Reading local file: {expected_filename}\\nLog for testing.')]" ) info = serializer.loads(response.json['continuation_token']) assert info == {'end_of_log': True} assert 200 == response.status_code
class CSRFMiddleware(BaseHTTPMiddleware): def __init__( self, app: ASGIApp, secret: str, sensitive_cookies: Optional[Set[str]] = None, cookie_name: str = "csrftoken", cookie_path: str = "/", cookie_domain: Optional[str] = None, cookie_secure: bool = False, cookie_httponly: bool = False, cookie_samesite: str = "lax", header_name: str = "x-csrftoken", safe_methods: Set[str] = {"GET", "HEAD", "OPTIONS", "TRACE"}, exempt_urls: Optional[List[Pattern]] = None, ) -> None: super().__init__(app) self.serializer = URLSafeSerializer(secret, "csrftoken") self.secret = secret self.sensitive_cookies = sensitive_cookies self.cookie_name = cookie_name self.cookie_path = cookie_path self.cookie_domain = cookie_domain self.cookie_secure = cookie_secure self.cookie_httponly = cookie_httponly self.cookie_samesite = cookie_samesite self.header_name = header_name self.safe_methods = safe_methods self.exempt_urls = exempt_urls async def dispatch(self, request: Request, call_next: RequestResponseEndpoint): csrf_cookie = request.cookies.get(self.cookie_name) if ( request.method not in self.safe_methods and self._has_sensitive_cookies(request.cookies) and not self._url_is_exempt(request.url) ): submitted_csrf_token = await self._get_submitted_csrf_token(request) if ( not csrf_cookie or not submitted_csrf_token or not self._csrf_tokens_match(csrf_cookie, submitted_csrf_token) ): return self._get_error_response(request) response = await call_next(request) if not csrf_cookie: response.set_cookie( self.cookie_name, self._generate_csrf_token(), path=self.cookie_path, domain=self.cookie_domain, secure=self.cookie_secure, httponly=self.cookie_httponly, samesite=self.cookie_samesite, ) return response def _has_sensitive_cookies(self, cookies: Dict[str, str]) -> bool: if not self.sensitive_cookies: return True for sensitive_cookie in self.sensitive_cookies: if sensitive_cookie in cookies: return True return False def _url_is_exempt(self, url: URL) -> bool: if not self.exempt_urls: return False for exempt_url in self.exempt_urls: if exempt_url.match(url.path): return True return False async def _get_submitted_csrf_token(self, request: Request) -> Optional[str]: return request.headers.get(self.header_name) def _generate_csrf_token(self) -> str: return cast(str, self.serializer.dumps(secrets.token_urlsafe(128))) def _csrf_tokens_match(self, token1: str, token2: str) -> bool: try: decoded1: str = self.serializer.loads(token1) decoded2: str = self.serializer.loads(token2) return secrets.compare_digest(decoded1, decoded2) except BadSignature: return False def _get_error_response(self, request: Request) -> Response: return PlainTextResponse( content="CSRF token verification failed", status_code=403 )
from itsdangerous.serializer import Serializer s = Serializer("secret-key") serializer_value = s.dumps([1, 2, 3, 4]) print(serializer_value) print(s.loads(serializer_value)) from itsdangerous.url_safe import URLSafeSerializer s1 = URLSafeSerializer("secret-key", salt="activate") s1.dumps(1) s2 = URLSafeSerializer("secret-key", salt="upgrade") s2.dumps(1) print(s1.dumps(1)) print(s2.dumps(1)) print(s1.loads(s1.dumps(1))) print(s2.loads(s2.dumps(1))) s = URLSafeSerializer("secret-key") s.dumps([1, 2, 3, 4]) print(s.dumps([1, 2, 3, 4])) print(s.loads(s.dumps([1, 2, 3, 4])))
def encrypt_cookie(content): s = URLSafeSerializer(current_app.config["SECRET_KEY"], salt="cookie") encrypted_content = s.dumps(content) return encrypted_content
def generate_token_from_data(data: dict, salt: str = "user_activation") -> str: secret_key = os.environ.get('SECRET_KEY') serializer = URLSafeSerializer(secret_key) token = serializer.dumps(data, salt=salt) return token