def topic(self):
""" generate tokens, one with lifetime, one with expires """
lt = timedelta(seconds=exp)
now = datetime.utcnow()
not_before = (now + timedelta(minutes=nbf)) if nbf else None
if callable(privk):
token = privk(payload, alg, lt, not_before=not_before)
else:
token = jwt.generate_jwt(payload,
privk,
alg,
lt,
not_before=not_before)
yield clock_tick(timedelta(milliseconds=1500)), token
now = datetime.utcnow()
not_before = (now + timedelta(minutes=nbf)) if nbf else None
if callable(privk):
token = privk(payload,
alg,
expires=(now + lt),
not_before=not_before)
else:
token = jwt.generate_jwt(payload,
privk,
alg,
expires=(now + lt),
not_before=not_before)
yield clock_tick(timedelta(milliseconds=1500)), token
def topic(self):
""" Generate 10 tokens """
#pylint: disable=W0201
self.tokens = {}
for _ in xrange(10):
#pylint: disable=W0631
yield jwt.generate_jwt(payload, privk, alg, timedelta(seconds=5))
def topic(self):
""" Generate 10 tokens """
#pylint: disable=W0201
self.tokens = {}
for _ in xrange(10):
#pylint: disable=W0631
yield jwt.generate_jwt(payload, privk, alg,
timedelta(seconds=5))
def token(username):
global database_user
key = RSA.generate(2048)
priv_pem = key.exportKey()
payload = {'url': 'neo0.xyz', 'name': username, 'level': 'low'}
priv_key = RSA.importKey(priv_pem)
access_token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
return access_token
def make_bench_verify_token(alg):
""" Return function which will generate token for particular algorithm """
privk = priv_keys[alg].get('default', priv_key)
token = jwt.generate_jwt(payload, privk, alg, timedelta(days=1))
def f(_):
""" Verify token """
pubk = pub_keys[alg].get('default', pub_key)
jwt.verify_jwt(token, pubk, [alg])
return f
def make_bench_verify_token(alg):
""" Return function which will generate token for particular algorith """
privk = priv_keys[alg].get('default', priv_key)
token = jwt.generate_jwt(payload, privk, alg, timedelta(days=1))
def f(_):
""" Verify token """
pubk = pub_keys[alg].get('default', pub_key)
jwt.verify_jwt(token, pubk)
return f
def create_custom_token(self, uid, additional_claims=None):
service_account_email = self.credentials.service_account_email
private_key = RSA.importKey(self.credentials._private_key_pkcs8_pem)
payload = {
"iss": service_account_email,
"sub": service_account_email,
"aud": "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
"uid": uid
}
if additional_claims:
payload["claims"] = additional_claims
exp = datetime.timedelta(minutes=60)
return jwt.generate_jwt(payload, private_key, "RS256", exp)
def topic(self):
""" generate tokens, one with lifetime, one with expires """
lt = timedelta(seconds=exp)
now = datetime.utcnow()
not_before = (now + timedelta(minutes=nbf)) if nbf else None
if callable(privk):
token = privk(payload, alg, lt, not_before=not_before)
else:
token = jwt.generate_jwt(payload, privk, alg, lt,
not_before=not_before)
yield clock_tick(timedelta(milliseconds=1500)), token
now = datetime.utcnow()
not_before = (now + timedelta(minutes=nbf)) if nbf else None
if callable(privk):
token = privk(payload, alg,
expires=(now + lt),
not_before=not_before)
else:
token = jwt.generate_jwt(payload, privk, alg,
expires=(now + lt),
not_before=not_before)
yield clock_tick(timedelta(milliseconds=1500)), token
def create_custom_token(self, uid, additional_claims=None):
service_account_email = self.credentials.service_account_email
private_key = RSA.importKey(self.credentials._private_key_pkcs8_pem)
payload = {
"iss": service_account_email,
"sub": service_account_email,
"aud": "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
"uid": uid
}
if additional_claims:
payload["claims"] = additional_claims
exp = datetime.timedelta(minutes=60)
return jwt.generate_jwt(payload, private_key, "RS256", exp)
def get_token(**kwargs):
service_private_pem = kwargs.get("service_private_pem")
if not service_private_pem:
raise ValueError("service_private_pem is not defined")
aud = kwargs.get("aud", None)
exp = kwargs.get("exp", None)
family_name = kwargs.get("family_name", None)
given_name = kwargs.get("given_name", None)
token_payload = {
"aud": aud,
"exp": exp,
"family_name": family_name,
"given_name": given_name,
"ver": "1.0"
}
iss = kwargs.get("iss", None)
if iss:
token_payload["iss"] = iss
nbf = kwargs.get("nbf", None)
if nbf:
token_payload["nbf"] = nbf
oid = kwargs.get("oid", None)
if oid:
token_payload["oid"] = oid
sub = kwargs.get("sub", None)
if sub:
token_payload["sub"] = sub
tid = kwargs.get("tid", None)
if tid:
token_payload["tid"] = tid
unique_name = kwargs.get("unique_name", None)
if unique_name:
token_payload["unique_name"] = unique_name
upn = kwargs.get("upn", None)
if upn:
token_payload["upn"] = upn
priv_key = RSA.importKey(service_private_pem)
token = jwt.generate_jwt(token_payload, priv_key, 'RS256', exp)
return token
def get_token(**kwargs):
service_private_pem = kwargs.get("service_private_pem")
if not service_private_pem:
raise ValueError("service_private_pem is not defined")
aud = kwargs.get("aud", None)
exp = kwargs.get("exp", None)
family_name = kwargs.get("family_name", None)
given_name = kwargs.get("given_name", None)
token_payload = {
"aud": aud,
"exp": exp,
"family_name": family_name,
"given_name": given_name,
"ver": "1.0"
}
iss = kwargs.get("iss", None)
if iss:
token_payload["iss"] = iss
nbf = kwargs.get("nbf", None)
if nbf:
token_payload["nbf"] = nbf
oid = kwargs.get("oid", None)
if oid:
token_payload["oid"] = oid
sub = kwargs.get("sub", None)
if sub:
token_payload["sub"] = sub
tid = kwargs.get("tid", None)
if tid:
token_payload["tid"] = tid
unique_name = kwargs.get("unique_name", None)
if unique_name:
token_payload["unique_name"] = unique_name
upn = kwargs.get("upn", None)
if upn:
token_payload["upn"] = upn
priv_key = RSA.importKey(service_private_pem)
token = jwt.generate_jwt(token_payload, priv_key, 'RS256', exp)
return token
def dashboard_get_logic(self, request, validated_GET_rqst_params,
response_raw_data, rqst_errors):
payload = {
'dashboard': 199534,
'organization': 32342,
'env': {
"MYVAR": 42
}
}
token = jwt.generate_jwt(payload, settings.CHARTIO_ORG_SECRET, 'HS256',
datetime.timedelta(days=1))
iframe_src_url = '%s/%s' % (settings.CHARTIO_BASE_URL, token)
response_raw_data['iframe_url'] = iframe_src_url
def token(request):
data = JSONParser().parse(request)
token_serializer = TokenRequestSerializer(data=data)
if not token_serializer.is_valid():
return Response(status=status.HTTP_400_BAD_REQUEST)
email = token_serializer.validated_data['email']
password = token_serializer.validated_data['password']
if User.objects.filter(username=email).exists():
user = authenticate(username=email, password=password)
if user is None:
return Response(status=status.HTTP_401_UNAUTHORIZED)
else:
if user.is_active:
# assign claims
claims = {}
claim_set = UserClaim.objects.filter(email=email)
for claim in claim_set:
claims[claim.claim_name] = claim.claim_value
claims['email'] = email
# Generate the JWT
jwt = generate_jwt(claims, settings.HMAC_SECRET, 'HS512', datetime.timedelta(days=365))
response_data = {'token':jwt}
return JsonResponse(response_data, status=status.HTTP_201_CREATED)
else:
return Response(status=status.HTTP_202_ACCEPTED)
else:
user = User.objects.create_user(username=email, email=email, password=password)
user.is_active = False
user.save()
# Generate the verification key and email
rng = random.SystemRandom()
key = rng.randint(1000000, 2000000000)
user_verification = UserVerification(email=email, validation_key=key)
user_verification.save()
VerificationEmail.send(email, key)
# Store any registration claims
if 'claims' in token_serializer.validated_data.keys():
claims = token_serializer.validated_data['claims']
for claim_name in claims:
user_claim = UserClaim(email=email, claim_name=claim_name, claim_value=claims[claim_name])
user_claim.save()
return Response(status=status.HTTP_202_ACCEPTED)
def generateToken(userid, userPassword):
priv_pem=getUserPrivatekey(userid)
if priv_pem is None:
print "Error in get user private pem."
return None
payload = { 'userid': userid, 'password': userPassword }
priv_key = RSA.importKey(priv_pem)
if priv_key is None:
print "Error in generate user private key."
return None
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
if updateUserToken(userid,token):
return token
else:
print "Error in store user token."
return None
def get_token(user, code, **kwargs):
aud = None
exp = None
family_name = None
given_name = None
token_payload = {
"aud": aud,
"exp": exp,
"family_name": family_name,
"given_name": given_name,
"ver": "1.0"
}
service_private_pem = kwargs.get("service_private_pem")
if not service_private_pem:
raise SystemError("service_private_pem is not defined")
priv_key = RSA.importKey(service_private_pem)
token = jwt.generate_jwt(token_payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
return token
def retrieve_token(request):
"""Retrieve a token with the one time code
@method: GET
@params:
- GET: code: the one time code
- GET: r: the calling app
@returns
- JSON Web Token
"""
# Is the caller allowed to use us?
referer = request.referer
verify_caller(request, referer)
# is there a JWT in the headers? if so - we need to unpack it
# and augment ito
# is the code valid?
try:
claims = verify_token(request)
except:
# no existing token...
claims = None
code = request.matchdict.get('code')
if code == None:
log.error("%s: No code supplied. Raising HTTPUnauthorized" % request.client_addr)
raise HTTPUnauthorized
log.info("%s: Retrieve token for '%s'" % (request.client_addr, code))
# grab a handle to the database
db = mdb(request)
# use the code to lookup the token
doc = db.code.find_one({ 'code': code })
if doc is None:
# no document found for code
log.info("%s: Code: %s not found. Raising Unauthorized" % (request.client_addr, code))
raise HTTPUnauthorized
# delete the code
log.info("%s: Found token. Removing OTC" % request.client_addr)
db.code.remove({ 'code': code })
# use the token to get the user data
token = doc['token']
doc = db.session.find_one({ 'token': token })
if doc is None:
# no document found for token
log.info("%s: Couldn't find session for token. Raising Unauthorized." % request.client_addr)
raise HTTPUnauthorised
# load the pub and private keys
path = os.path.dirname(request.registry.settings.get('app.config'))
config = request.registry.app_config['general']
f = open(os.path.join(path, config['jwt.priv']), 'r')
private_key = f.read()
f.close()
private_key = RSA.importKey(private_key)
#print dir(private_key)
admins = get_app_admins(request, referer)
is_admin = False
if doc['groups'] is not None:
for g in doc['groups']:
if g in admins:
is_admin = True
apps = {}
if claims is not None:
apps = claims['apps']
apps[referer] = {
'admin': is_admin
}
user = {
'name': doc['fullname'],
'email': doc['email'],
'token': doc['token'],
'groups': doc['groups']
}
user_data = {
'user': user,
'apps': apps
}
# generate the jwt
session_lifetime = int(request.registry.app_config['general']['session.lifetime'])
log.info("%s: Creating JWT for '%s'." % (request.client_addr, user_data['user']['name']))
token = jwt.generate_jwt(user_data, private_key, 'PS256', timedelta(seconds=session_lifetime))
log.info("%s: Returning JWT." % request.client_addr)
return token
def get(self, id):
# This grabs the Chart ID from URL
try:
dashboardID = id.split("/")[0]
except:
dashboardID = id
# This grabs the iFrame height from URL
try:
height = str(id.split("/")[1]) + "px"
if height == "px":
height = "100%"
except:
height = "100%"
# This grabs the iFrame width from URL
try:
width = str(id.split("/")[2]) + "px"
if width == "px":
width = "100%"
except:
width = "100%"
# Here is the important info for the Chart.io payload
ORGANIZATION_SECRET = Info.query().fetch()[0].secret
BASE_URL = 'https://embed.chartio.com/d/'
BASE_URL = BASE_URL + str(dashboardID)
payload = {
'dashboard': int(dashboardID),
'organization': 14483,
'env': {
"MYVAR": 42
}
}
token = jwt.generate_jwt(payload, ORGANIZATION_SECRET, 'HS256',
datetime.timedelta(days=1))
iFrameURL = '<iframe id="dashboard" src="%s/%s"></iframe>' % (BASE_URL,
token)
# This handles user authentication by checking for @optimizely.com
user = users.get_current_user()
if user:
url = users.create_login_url(self.request.uri)
email = user.nickname()
else:
url = users.create_login_url(self.request.uri)
email = "none"
template_values = {
'iFrameURL': iFrameURL,
'dashboardID': dashboardID,
'url': url,
'email': email,
'height': height,
'width': width,
}
# This will handle the redirect to the login if a user isn't logged in with an @optimizely.com email
try:
user.nickname().index('@optimizely.com')
except:
template = JINJA_ENVIRONMENT.get_template('login.html')
self.response.write(template.render(template_values))
else:
template = JINJA_ENVIRONMENT.get_template('dashboard.html')
self.response.write(template.render(template_values))
def topic(self):
""" Generate token """
return jwt.generate_jwt(payload, pub_pem, 'HS256', timedelta(seconds=60))
def f(_):
""" Generate token """
privk = priv_keys[alg].get("default", priv_key)
jwt.generate_jwt(payload, privk, alg, timedelta(seconds=5))
def topic(self):
""" Generate token """
return jwt.generate_jwt(payload, key, alg, timedelta(seconds=60))
def topic(self):
""" Generate the token """
return jwt.generate_jwt(payload, generated_key, 'RS256', timedelta(seconds=10))
def f(_):
""" Generate token """
privk = priv_keys[alg].get('default', priv_key)
jwt.generate_jwt(payload, privk, alg, timedelta(seconds=5))
