def _process(self): if self.verification_email_sent and 'token' in request.args: email = secure_serializer.loads(request.args['token'], max_age=3600, salt='link-identity-email') if email not in self.emails: raise BadData('Emails do not match') session['login_identity_info']['email_verified'] = True session.modified = True flash(_('You have successfully validated your email address and can now proceed with the login.'), 'success') return redirect(url_for('.link_account', provider=self.identity_info['provider'])) if self.must_choose_email: form = SelectEmailForm() form.email.choices = list(zip(self.emails, self.emails)) else: form = IndicoForm() if form.validate_on_submit(): if self.email_verified: return self._create_identity() elif not self.verification_email_sent: return self._send_confirmation(form.email.data if self.must_choose_email else self.emails[0]) else: flash(_('The validation email has already been sent.'), 'warning') return WPAuth.render_template('link_identity.html', identity_info=self.identity_info, user=self.user, email_sent=self.verification_email_sent, emails=' / '.join(self.emails), form=form, must_choose_email=self.must_choose_email)
def test_it_is_invalid_with_invalid_user_token(self, schema, serializer): serializer.loads.side_effect = BadData("Invalid token") with pytest.raises(colander.Invalid) as exc: schema.deserialize({"user": "******", "password": "******"}) assert "user" in exc.value.asdict() assert "Wrong reset code." in exc.value.asdict()["user"]
def _process(self): if 'token' in request.args: identity_id = secure_serializer.loads(request.args['token'], max_age=3600, salt='reset-password') identity = Identity.get(identity_id) if not identity: raise BadData('Identity does not exist') return self._reset_password(identity) else: return self._request_token()
def verify_public_key(token): '''Attempt to validate a public key.''' t = TimedToken( secret_key=current_app.config['SECRET_KEY'], expires_in=current_app.config.get('TOKEN_DURATION', 3600) ) try: data = t.loads(token) except (BadSignature, SignatureExpired): # Don't give away more information than needed # Just say, "You gave me a bad public key." raise BadData("Invalid public key.") else: return Member.query.get(data['id'])
def verify_hmac(hmac, public_key, payload): '''Attempt to verify a payload sent by a client. Client payloads are encrypted with their private key and timed to prevent replay. ''' member = verify_public_key(public_key) if not member: # Don't give away more information than needed # Just say, "You didn't give us a valid public key." raise BadData("Invalid public key.") private_key = PrivateKey(member.id) payload = organize_payload(payload) t = TimedToken( secret_key=private_key, expires_in=current_app.config.get('HMAC_DURATION', 5) ) return t.loads(hmac) == payload
def loads(self, token, max_age=0, return_timestamp=False): raise BadData("Invalid token")
def loads(data): if data[:3] != 'FK:': raise BadData('Not a fake token') else: return json.loads(data[3:])