def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
return User.query.get(data['id'])
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
return User.query.get(data['id'])
def verify_reset_token(token):
s = Serializer(app.config['SECRET_KEY'])
try:
agent_id = s.loads(token)['agent_id']
except ValueError:
return None
return Agent.query.get(agent_id)
def verify_reset_token(token):
s = Serializer(current_app.config['CUSTOMER_SECRET_KEY'])
try:
ssn = s.loads(token)['ssn']
except:
return None
return db.session.query(Customer).get(ssn)
def verify_reset_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
user_id = s.loads(token)['user_id']
except:
return None
return Librarian.query.get(user_id)
def validate_token(user, token, operation, new_password=None):
s = Serializer(current_app.config['SECRET_KEY'])
# print(token)
try:
data = s.loads(token)
except (SignatureExpired, BadSignature) as e:
print('------------------------------', e)
return False
if operation != data.get('operation') or user.id != data.get('id'):
return False
if operation == Operations.CONFIRM:
user.confirmed = True
elif operation == Operations.RESET_PASSWORD:
user.set_password(new_password)
elif operation == Operations.CHANGE_EMAIL:
new_email = data.get('new_email')
if new_email is None:
return False
if User.query.filter_by(email=new_email).first() is not None:
return False
user.email = new_email
else:
return False
db.session.commit()
return True
def verify_reset_token(token):
s = Serializer(current_app.secret_key)
try:
user_id = s.loads(token)['user_id']
except:
return None
return User.query.get(user_id)
def verify_auth_token(token):
s = Serializer(FlaskApp().app.config['SECRET_KEY'])
try:
data = s.loads(token)
except SignatureExpired:
return None
except BadSignature:
return None
return g.session.query(TUser).get(data['id'])
def verify_auth_token(token):
"""方法接受的参数是一个令牌,
如果令牌可用就返回对应的用户"""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
return User.query.get(data['id'])
def verify_auth_token(token,key):
s = Serializer(key)
try:
data = s.loads(token)
except SignatureExpired:
return None # valid token, but expired
except BadSignature:
return None # invalid token
user = modelo.findUsuariobyId(data['idUsuario'])
return {"idUsuario": user.id_usuario,"idCliente":user.id_cliente}
def confirm(self, token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token.encode('utf-8'))
except:
return False
if data.get('confirm') == self.id:
self.confirmed = True
db.session.add(self)
return True
def verify_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
uid = data.get('id')
if uid:
return User.query.get(uid)
return None
def verify_auth_token(cls, token):
s = Serializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
except SignatureExpired:
return None # valid token, but expired
except BadSignature:
return None # invalid token
user = cls.get(data['id'])
return user
def confirm(self, token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except Exception:
return False
if data.get('confirm') != self.id:
return False
self.confirmed = True
db.session.add(self)
return True
def confirm(self, token):
s = Serializer(current_app.config["SECRET_KEY"])
try:
data = s.loads(token)
except:
return False
if data.get("confirm") != self.id:
return False
self.confirmed = True
db.session.add(self)
return True
def confirm(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
s.loads(token)
except BadSignature:
return render_template('Link_expired.html')
data = s.loads(token)
id = data.get('confirm')
user = MongoClient().blog.User.find_one({'_id': ObjectId(id)})
if user is None:
flash('认证连接无效或已超时。')
if user.get('activate'):
flash('此账户已激活。')
return redirect(url_for('main.index'))
MongoClient().blog.User.update({'_id': ObjectId(id)},
{'$set': {
'activate': True
}})
time.sleep(1)
flash('您已激活您的账户,谢谢!')
return redirect(url_for('main.index'))
def reset_password(token, new_password):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token.encode('utf-8'))
except:
return False
user = User.query.filter_by(id=data.get('reset'))
if not user:
return False
user.password = new_password
db.session.add(user)
return True
def get(self, request, token):
serializer = Serializer(settings.SECRET_KEY, 3600)
try:
info = serializer.loads(token)
user_id = info['comfirm']
user = User.objects.get(id=user_id)
user.is_active = 1
user.save()
return HttpResponse('active succec!', content_type='text/html')
except SignatureExpired as e:
return HttpResponse('the active url is expired', content_type='text/html')
def verify_auth_token(token):
s = Serializer(secret_key)
try:
data = s.loads(token)
except SignatureExpired:
# Valid Token, but expired
return None
except BadSignature:
# Invalid Token
return None
user_id = data['id']
return user_id
def reset_password(self, token, new_password):
"""Verify the new password for this user."""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return False
if data.get('reset') != self.id:
return False
self.password = new_password
db.session.add(self)
db.session.commit()
return True
def verify_token_for(token):
if token == None or len(token) <= 0 : return False
serializer = Serializer(SECURITY_PASSWORD_SALT)
data = serializer.loads(token,SECURITY_PASSWORD_SALT)
if data != None:
id = data.id
username = data.username
email = data.email
currentUser = system.user_datastore.find_user(id=id,username=username,email=email)
if currentUser != None: return True
else: return False
return False
def confirm_account(self, token):
"""Verify that the provided token is for this user's id."""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return False
if data.get('confirm') != self.id:
return False
self.confirmed = True
db.session.add(self)
db.session.commit()
return True
def get(self, request, token):
#进行解密
seeializer = Serializer(settings.SECRET_KEY, 3600)
try:
info = seeializer.loads(token)
user_id = info['confirm']
user = User.objects.get(id=user_id)
user.is_active = 1
user.save()
return redirect(reverse('user:login'))
except SignatureExpired as f:
return HttpResponse('<h1>链接以失效')
def verify_auth_token(token):
"""Validate the token whether is night."""
serializer = Serializer(current_app.config['SECRET_KEY'])
try:
# serializer object already has tokens in itself and wait for
# compare with token from HTTP Request /api/posts Method `POST`.
data = serializer.loads(token)
except SignatureExpired:
return None
except BadSignature:
return None
user = User.query.filter_by(id=data['id']).first()
return user
def fun(*args, **kwargs):
token = request.cookies.get("x-token")
if not token:
return jsonify({"status": "false", "message": "最好重新登录"})
try:
s = Serializer(current_app.config["SECRET_KEY"], expires_in=3600)
data = s.loads(token)
except BadSignature:
return jsonify({'status': "false", 'message': '登录无效'})
except SignatureExpired:
return jsonify({'status': "false", 'message': '登录超时'})
# cookie携带的信息有效,根据值查询当前用户
current_user = BuyerUser.query.filter(BuyerUser.username == data["username"]).first()
g.current_user = current_user
return f(*args, **kwargs)
def wrapper(*args, **kwargs):
parser = reqparse.RequestParser()
parser.add_argument('token', type=str)
args = parser.parse_args()
token = args['token']
if token is None:
return to_json('token required')
s = Serializer(SERECT_KEY)
try:
data = s.loads(token)
except SignatureExpired:
return to_json('token expired')
except BadSignature:
return to_json('token useless')
kwargs['id'] = data['id']
return func(*args, **kwargs)
def verify_auth_token(token):
"""Validate the token whether is night."""
serializer = Serializer(
current_app.config['SECRET_KEY'])
try:
# serializer object already has tokens in itself and wait for
# compare with token from HTTP Request /api/posts Method `POST`.
data = serializer.loads(token)
except SignatureExpired:
return None
except BadSignature:
return None
user = User.query.filter_by(id=data['id']).first()
return user
def change_email(self, token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token.encode('utf-8'))
except:
return False
if data.get('change_email') != self.id:
return False
new_email = data.get('new_email')
if new_email is None:
return False
if self.query.filter_by(email=new_email).first():
return False
self.email = new_email
self.avatar_hash = self.gravatar_hash()
db.session.add(self)
return True
def verify_auth_token(token: str) -> Optional[object]:
serializer = Serializer(SECRET_KEY)
try:
data = serializer.loads(token)
except SignatureExpired:
# Valid token, but expired.
return None
except BadSignature:
# Invalid token.
return None
user = User.query.get(data['id'])
return user
def reset_password(token, newpassword):
s = Serializer(current_app.config["SECRET_KEY"], str(600))
try:
data = s.loads(token)
except:
return False
else:
uid = data.get('id')
user = User.query.get(uid)
user.password = newpassword
try:
db.session.add(user)
db.session.commit()
except:
db.rollback()
return False
return True
def change_email(self, token):
"""Verify the new email for this user."""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return False
if data.get('change_email') != self.id:
return False
new_email = data.get('new_email')
if new_email is None:
return False
if self.query.filter_by(email=new_email).first() is not None:
return False
self.email = new_email
db.session.add(self)
db.session.commit()
return True
def change_email(self, token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return False
if data.get('change_email') != self.id:
return False
new_email = data.get('new_email')
if new_email is None:
return False
if self.query.filter_by(email=new_email).first() is not None:
return False
self.email = new_email
self.avatar_hash = hashlib.md5(
self.email.encode('utf-8')).hexdigest()
db.session.add(self)
return True
def A():
a = Serializer('mima')
token_a = a.dumps('test')
print(token_a)
b = Serializer('mima')
c = b.loads(token_a)
print(c)
roles_permissions_map = {
'Locked': ['FOLLOW', 'COLLECT'],
'User': ['FOLLOW', 'COLLECT','COMMENT','UPLOAD'],
'Moderator':['FOLLOW','COLLECT','COMMENT','UPLOAD','MODERATE'],
'Administrator':['FOLLOW','COLLECT','COMMENT','UPLOAD','MODERATE','ADMINISTER']
}
for key, value in roles_permissions_map.items():
print(key,value)
def check_verify_email_token(token):
"""token解码及查询user"""
# 1.创建加密序列化器对象,设置时长
serializer = Serializer(settings.SECRET_KEY, 24 * 60 * 60)
# 2. 调用loads方法对token解密
try:
data = serializer.loads(token)
except BadData:
return None
else:
# 3 .取出user_id 和email 然后用这两个字段查到唯一的那个用户
user_id = data.get('user_id')
email = data.get('email')
try:
user = User.objects.get(id=user_id, email=email)
except User.DoseNotExist:
return None
else:
return user
def verify_auth_token(token):
s = Serializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
except SignatureExpired:
return None # valid token, but expired
except BadSignature:
return None # invalid token
user = User.query.get(data['id'])
return user
# class User(db.Model):
# __tablename__ = 'users'
# id = db.Column(db.Integer, primary_key = True)
# username = db.Column(db.String(32), index = True)
# password_hash = db.Column(db.String(128))
#
# def hash_password(self, password):
# self.password_hash = generate_password_hash(password=password)
#
# def verify_password(self, password):
# return check_password_hash(self.password_hash, password)
from itsdangerous import Serializer
if __name__ == '__main__':
from itsdangerous import Serializer
s = Serializer('secret-key', '36000')
a = s.dumps({'rrr': 1})
b = Serializer('secret-key')
data = s.loads(a)
print(data['rrr'])
print(data)
def main():
"""Primary CLI application logic."""
try:
opts, args = getopt.getopt(sys.argv[1:], "h:v", ["help",
"dservers=",
"dqueue=",
"secret=",
"bserver=",
"hserver=",
"rserver=",
"rchannel=",
"bfiltername=",
"hllname=",
"mode=",
"sleep="])
except getopt.GetoptError as err:
print(str(err))
usage()
sys.exit()
modes = ("generate", "listen", "check", "adaptive", "initialize", "subscriber")
# set defaults
mode = None
dservers = "localhost:7712,localhost:7711"
dqueue = "objbomber"
secret = "coolsecretbro"
bserver = "localhost:8673"
hserver = "localhost:4553"
rserver = "localhost:6379"
rchannel = "objbomber"
bfiltername = "objbomber"
hllname = "objbomber"
sleep = None
userhomedir = os.path.expanduser("~")
# flippin' switches...
for o, a in opts:
if o in ("-h", "--help"):
usage()
sys.exit()
elif o in ("--dservers"):
dservers = a
elif o in ("--queue"):
dqueue = [a]
elif o in ("--secret"):
secret = a
elif o in ("--bserver"):
bserver = a
elif o in ("--hserver"):
hserver = a
elif o in ("--rserver"):
rserver = a
elif o in ("--rchannel"):
rchannel = a
elif o in ("--bfiltername"):
bfiltername = a
elif o in ("--hllname"):
hllname = a
elif o in ("--mode"):
if a in modes:
mode = a
else:
usage()
sys.exit()
elif o in ("--listen"):
mode_listen = True
elif o in ("--check"):
mode_check = True
elif o in ("--sleep"):
sleep = int(a)
else:
assert False, "unhandled option"
checkdqueue = dqueue + ".check"
if sleep in (None, 0):
sleep = 0.0001
# mode must be set
if not mode:
usage()
sys.exit()
# Handler for the cryptographic signatures
# TODO: secret should be "secret" + a version number
s = Serializer(secret)
# config basics
datadir = userhomedir + "/.objbomber"
# prepare servers and queue lists
dservers = dservers.split(",")
bserver = [bserver]
hserver = hserver
# all modes use Disque
logging.info("Connecting to Disque...")
disque_client = Client(dservers)
disque_client.connect()
if mode in ("check", "listen"):
logging.info("Creating Bloomd Client...")
bloomd_client = BloomdClient(bserver)
bfilter = bloomd_client.create_filter(bfiltername)
# add pyhlld
logging.info("Creating HLLD Client... - not yet used")
hlld_client = HlldClient(hserver)
hll = hlld_client.create_set(hllname)
if mode in ("check", "listen", "generate", "subscriber"):
# add redis hll & pubsub
logging.info("Creating Redis Client...")
rhost, rport = rserver.split(":")
redd = redis.StrictRedis(host=rhost, port=rport, db=0)
redpubsub = redd.pubsub()
if mode in ("subscriber"):
redpubsub.subscribe(rchannel)
if mode in ("generate"):
# TODO: check on how well LevelDB handles
# multiple clients
db = leveldb.LevelDB(datadir + '/notary')
# special mode to handle our first run
# TODO: push into a function
# TODO: handle filesystem errors
# TODO: reconsider using Cement for all of this
# TODO: generate an instance GUID
if mode == "initialize":
UUID = uuid.uuid4()
logging.info("Our system UUID is now: %s" % UUID)
# TODO: save and load this uuid
# check to see if there is a ~/.objbomber directory, quit if there is
# TODO: this does not handle errors in initalization
logging.info("Checking for .objbomber in %s..." % userhomedir)
if os.path.exists(datadir):
logging.info("Already been initialized!")
# TODO: print some information about how to handle this
sys.exit()
# TODO: make one
os.mkdir(datadir, 0700)
# generate our RSA signing key
# TODO: make # of bits in key a flag
logging.info("Begining to create our notary key.")
logging.info("Reading from RNG.")
rng = Random.new().read
logging.info("Generating RSA key...")
privRSAkey = RSA.generate(4096, rng)
privPEM = privRSAkey.exportKey()
pubRSAkey = privRSAkey.publickey()
pubPEM = pubRSAkey.exportKey()
logging.info("Key generated.")
# save privkey to disk
with open(datadir + "/privkey.pem", "w") as keyfile:
keyfile.write(privPEM)
keyfile.close()
os.chmod(datadir + "/privkey.pem", 0700)
logging.info("Unencrypted RSA key written to disk.")
# save the pubkey
with open(datadir + "/pubkey.pem", "w") as keyfile:
keyfile.write(pubPEM)
keyfile.close()
logging.info("Public RSA key written to disk.")
logging.info("Creating crypto notary storage.")
leveldb.LevelDB(datadir + '/notary')
# we absolutely must quit here, or we will get stuck in
# an infinate loop
sys.exit()
# load our secret key (TODO: this is probably better as try/exc)
# and build our contexts
with open(datadir + "/privkey.pem", "r") as keyfile:
privRSAkey = RSA.importKey(keyfile.read())
while True:
# TODO: Adaptive Mode - this mode should peek the queues, and
# make a decision about where this thread can make the most
# impact on its own.
if mode == "adaptive":
# TODO: Do some queue peeking.
# TODO: Make some decisions about which mode to adapt to.
pass
# TODO: All modes should be placed into functions.
# Listen Mode - Listens to the queue, pulls out jobs,
# validates the signature, puts them in bloomd
if mode == "listen":
logging.info("Getting Jobs from Disque.")
jobs = disque_client.get_job([dqueue])
print("Got %d jobs." % len(jobs))
for queue_name, job_id, job in jobs:
logging.debug("Handling a job: %s" % job)
try:
job = s.loads(job)
logging.debug("Job Authenticated: %s" % job)
except:
logging.warning("Job did not pass authentication.")
disque_client.nack_job(job_id)
# add to bloom filter
try:
bfilter.add(job)
except:
logging.warning("Job was not added to bloomd.")
disque_client.nack_job(job_id)
try:
hllResponse = hll.add(job)
except:
logging.warning("Job was not added to hlld.")
disque_client.nack_job(job_id)
# TODO: add redis HLL support
# tell disque that this job has been processed
disque_client.ack_job(job_id)
# sign the check job
job = s.dumps(job)
# throw this message on the check queue
disque_client.add_job(checkdqueue, job)
elif mode == "check":
# TODO
# Check the secondary disque queue for checks
# Ask the bloom filter if they have seen this
logging.info("Getting Jobs from Disque.")
jobs = disque_client.get_job([checkdqueue])
for queue_name, job_id, job in jobs:
logging.debug("Checking: %s" % job)
try:
job = s.loads(job)
except:
disque_client.nack_job(job_id)
# we don't NACK on failed cache hits
if job in bfilter:
logging.info("Confirming: %s" % job)
else:
logging.info("Not found in bloom filter: %s" % job)
disque_client.ack_job(job_id)
elif mode == "generate":
# TODO - where will these messages come from?
# for now they will just be random numbers, but
# really we should make them objects to really be
# testing serialization
msg = [random.randint(1000, 1000000),
random.randint(1000, 1000000)]
# itsdangerous serialization & signing
msg = s.dumps(msg)
# Now that this message is serialized, we can sign it again with a
# public key.
# TODO: incorporate saving the signature into the notary records
msghash = SHA.new(msg)
signer = PKCS1_v1_5.new(privRSAkey)
signature = signer.sign(msghash)
assert signer.verify(msghash, signature)
record = {'message': msg, 'signature': signature}
record = pickle.dumps(record)
# send the job over to Disque
# TODO: add more command line flags for queuing
job_id = disque_client.add_job(dqueue, msg)
logging.debug("Added a job to Disque: %s" % msg)
# publish just the signature on redis pubsub
redd.publish(rchannel, signature)
# TODO: save the publication in the notary
# TODO: do more then just save the signatures
# TODO: add a GUID to the key
key = datetime.datetime.now().strftime("%Y-%m-%d-%H-%M-%S-%f")
db.Put(key, record)
# testing the results of leveldb's store, this is a test, and
# an expensive test
sig2 = db.Get(key)
sig2 = pickle.loads(sig2)['signature']
assert signer.verify(msghash, sig2)
elif mode == "subscriber":
msg = redpubsub.get_message()
# TODO: do something useful, like log
if msg:
print("got a message")
time.sleep(sleep)
def verify_auth_token(token):
s = Serializer(config.SECRET_KEY)
try:
data = s.loads(token)
except Exception, e:
return None
class User(Base):
__tablename__ = 'users'
id = Column(Integer, primary_key=True)
name = Column(String(100))
password = Column(String(500))
salt = Column(String(100))
user = session.query(User).filter_by(name="Josh").first()
salt = user.salt
signer = Serializer(secretKey, salt=salt)
passwordOld = "super new car"
password = "******"
passwd = signer.dumps(password).split(".")[1]
oldPass = user.password
if signer.loads("\"" + passwordOld + "\"." + oldPass):
print True
user.password = passwd
session.commit()
