def __init__(self, initial=None, sid=None, new=False): def on_update(self): self.modified = True SecureCookie.__init__(self, initial, on_update) self.sid = sid self.new = new self.modified = False
def set_cookie(self, response, name, data, path=None, expires=None, secret_key=None, max_age=None, secure=False, httponly=True, force=True): """store data under the named cookie as a securecookie in the response""" if secret_key is None: secret_key = self.config.get('secret_key', None) cookie = SecureCookie(data, secret_key=secret_key) path = path or self.config.get('session_cookie_path') or \ self.config.get('application_root') or '/' cookie.save_cookie(response, key=name, expires=expires, max_age=max_age, path=path, domain=self.config.session_cookie_domain, secure=secure, httponly=httponly, force=force)
def saveOAuthToken(next, token, secret, max_age=3000): secretKey = current_app.config['SECRET_KEY'].encode('utf-8') data = SecureCookie({"token": token, "secret": secret}, secretKey) expires = datetime.utcnow() + timedelta(seconds=max_age) resp = make_response(next) resp.set_cookie('zapfauth_token', data.serialize(), expires=expires) return resp
def get_cookie_obj(cookie): cookie_data = request.cookies.get(cookie, None) if cookie_data is None: cookie_obj = SecureCookie(secret_key=app.config["SECRET_KEY"]) else: cookie_obj = SecureCookie.unserialize(cookie_data, app.config["SECRET_KEY"]) return cookie_obj
def fake_login(request): if request.method == 'GET': return Response("FAKE LOGIN", mimetype="text/html") elif request.method == 'POST': response = Response("LOGGED IN", mimetype="text/html") cookie = SecureCookie({"logged_in": True}, SECRET_KEY) response.set_cookie('session_data', cookie.serialize()) return response
def client_session(req): data = request.cookies.get('ruanbo') if not data: return SecureCookie({ "foo": 42, "baz": (1, 2, 3) }, secret_key=SECRET_KEY) return SecureCookie.unserialize(data, SECRET_KEY)
def get_from_cookie(cookie, key): cookie_data = request.cookies.get(cookie, None) if cookie_data is None: cookie_obj = SecureCookie(secret_key=app.config["SECRET_KEY"]) else: cookie_obj = SecureCookie.unserialize(cookie_data, app.config["SECRET_KEY"]) print("Getting cookie data: ", dict(cookie_obj)) return cookie_obj.get(key)
def __init__(self, initial=None, sid=None, new=False, secret_key=None): def on_update(self): self.modified = True SecureCookie.__init__(self, initial, secret_key=secret_key, new=new) self.sid = sid self.new = new self.modified = False if self.sid is None: self.sid = generate_key()
def test_basic_support(): c = SecureCookie(secret_key=b'foo') assert c.new assert not c.modified assert not c.should_save c['x'] = 42 assert c.modified assert c.should_save s = c.serialize() c2 = SecureCookie.unserialize(s, b'foo') assert c is not c2 assert not c2.new assert not c2.modified assert not c2.should_save assert c2 == c c3 = SecureCookie.unserialize(s, b'wrong foo') assert not c3.modified assert not c3.new assert c3 == {} c4 = SecureCookie({'x': 42}, 'foo') c4_serialized = c4.serialize() assert SecureCookie.unserialize(c4_serialized, 'foo') == c4
def test_basic_support(): c = SecureCookie(secret_key=b"foo") assert c.new assert not c.modified assert not c.should_save c["x"] = 42 assert c.modified assert c.should_save s = c.serialize() c2 = SecureCookie.unserialize(s, b"foo") assert c is not c2 assert not c2.new assert not c2.modified assert not c2.should_save assert c2 == c c3 = SecureCookie.unserialize(s, b"wrong foo") assert not c3.modified assert not c3.new assert c3 == {} c4 = SecureCookie({"x": 42}, "foo") c4_serialized = c4.serialize() assert SecureCookie.unserialize(c4_serialized, "foo") == c4
def set_gaema_user(service, user): gaema_user_key = GAEMA_USER_KEY_FORMAT % service if hasattr(settings, "GAEMA_STORAGE") and settings.GAEMA_STORAGE == "cookie": secure_cookie = SecureCookie(user, secret_key=settings.SECRET_KEY) user_data = secure_cookie.serialize() set_cookie(gaema_user_key, user_data) else: from kay.sessions import renew_session renew_session(local.request) local.request.session[gaema_user_key] = user local.request.session.modified = True
def save_session(self, session, response): # 这个函数将在构造好了response后调用,此函数逻辑是如何session有内容,就将其 # 保存在数据库,然后构建一个新的Securecookie,在传入sid的值,然后保存在response # 中 if session is not None: if session.should_save: self.session_store.save(session) secure_cookie = SecureCookie({}, secret_key=self.secret_key) secure_cookie['sid'] = session.sid # 这里必须要有一次额外的赋值,否则secure_cookie的should_save为False secure_cookie.save_cookie(response, self.session_cookie_name)
def set_cookie(self, response, name, data, path = None, expires = None, secret_key = None, max_age = None, secure = False, httponly = True, force = True): """store data under the named cookie as a securecookie in the response""" if secret_key is None: secret_key = self.config.get('secret_key', None) cookie = SecureCookie(data, secret_key=secret_key) path = path or self.config.get('session_cookie_path') or \ self.config.get('application_root') or '/' cookie.save_cookie(response, key=name, expires=expires, max_age=max_age, path=path, domain=self.config.session_cookie_domain, secure=secure, httponly=httponly, force=force)
def save_session_to_cookie(response): secret = current_app.config.get("session_secret") if secret: session = local.session if session: if not isinstance(session, SecureCookie): session = SecureCookie(session, secret) expires = None lifetime = current_app.config.get("session_lifetime") if lifetime: expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=lifetime) session_name = current_app.config.get("session_cookie_name") or "session" session.save_cookie(response, session_name, expires=expires)
def set_to_cookie(req_response, cookie, key, value): cookie_data = request.cookies.get(cookie, None) if cookie_data is None: cookie_obj = SecureCookie(secret_key=app.config["SECRET_KEY"]) else: cookie_obj = SecureCookie.unserialize(cookie_data, app.config["SECRET_KEY"]) cookie_obj[key] = value all_cookies = session.get(ALL_COOKIES_KEY, []) if cookie not in all_cookies: all_cookies.append(cookie) session[ALL_COOKIES_KEY] = all_cookies req_response.set_cookie(cookie, cookie_obj.serialize())
def test_wrapper_support(self): req = Request.from_values() resp = Response() c = SecureCookie.load_cookie(req, secret_key='foo') assert c.new c['foo'] = 42 assert c.secret_key == 'foo' c.save_cookie(resp) req = Request.from_values(headers={ 'Cookie': 'session="%s"' % parse_cookie(resp.headers['set-cookie'])['session'] }) c2 = SecureCookie.load_cookie(req, secret_key='foo') assert not c2.new assert c2 == c
def test_wrapper_support(self): req = Request.from_values() resp = Response() c = SecureCookie.load_cookie(req, secret_key="foo") assert c.new c["foo"] = 42 assert c.secret_key == "foo" c.save_cookie(resp) req = Request.from_values( headers={"Cookie": 'session="%s"' % parse_cookie(resp.headers["set-cookie"])["session"]} ) c2 = SecureCookie.load_cookie(req, secret_key="foo") assert not c2.new assert c2 == c
def test_wrapper_support(): req = Request.from_values() resp = Response() c = SecureCookie.load_cookie(req, secret_key=b'foo') assert c.new c['foo'] = 42 assert c.secret_key == b'foo' c.save_cookie(resp) req = Request.from_values(headers={ 'Cookie': 'session="%s"' % parse_cookie(resp.headers['set-cookie'])['session'] }) c2 = SecureCookie.load_cookie(req, secret_key=b'foo') assert not c2.new assert c2 == c
def post_process(self, environ, headers): user = User.get_current() if not user: cookies = http.parse_cookie(environ) if self.name in cookies: raw = http.dump_cookie(self.name, '', expires=1) headers.append((utils.to_native('Set-Cookie'), raw)) return cookie = SecureCookie({ 'uid': user.id, 'session_token': user.get_session_token(), }, self.secret) raw = http.dump_cookie(self.name, cookie.serialize(), expires=self.expires, max_age=self.max_age) headers.append((utils.to_native('Set-Cookie'), raw))
def get_request(self, environ): request = Request(environ) request.app = self.app request.translations = load_core_translations(self.app.cfg['language']) request.is_admin = False request.is_somebody = False cookie_name = self.app.cfg['session_cookie_name'] session = SecureCookie.load_cookie( request, cookie_name, self.app.cfg['secret_key'].encode('utf-8')) request.session = session engine = self.app.database_engine user_id = session.get('uid') if user_id: admin_privilege = engine.execute( privileges.select( privileges.c.name == 'BLOG_ADMIN')).fetchone() admin = engine.execute( user_privileges.select( and_( user_privileges.c.user_id == int(user_id), user_privileges.c.privilege_id == admin_privilege.privilege_id))).fetchone() request.is_somebody = True request.is_admin = admin is not None return request
def getOAuthToken(): secretKey = current_app.config['SECRET_KEY'].encode('utf-8') cookie = request.cookies.get('zapfauth_token') if not cookie: return None data = SecureCookie.unserialize(cookie, secretKey) return (data["token"], data["secret"])
def login(): #import logging #logging.info('sgvsevr') form = LoginForm() if request.method == 'POST': if form.validate_on_submit(): user = User.query.filter_by(account=form.name.data).first() if user is not None and user.verify_password(form.password.data): resp = make_response(redirect(url_for('account.index', account=user.account))) cookie_value = SecureCookie({'user': form.name.data, 'rn': user.username, 'uid': user.id, 'permission': user.permission, 'timestamp': time.time()}, SECRET_KEY).serialize() # x = SecureCookie.unserialize(value, SECRET_KEY) resp.set_cookie('info', cookie_value, expires=time.time() + COOKIE_EXPIRES) # expires=COOKIE_EXPIRES return resp flash('1-Invalid username or password.') return render_template('login.html', form=form) flash('用户名或密码错误') return render_template('login.html', form=form) else: cookie_info = request.cookies.get('info') if cookie_info: info = SecureCookie.unserialize(cookie_info, SECRET_KEY) user, timesite = info.get('user'), info.get('timestamp') _user = User.query.filter_by(account=user).first() if _user: if (time.time() - timesite) < COOKIE_EXPIRES: return redirect(url_for('account.index', account=user)) return render_template('login.html', form=form) return render_template('login.html', form=form)
def get_request(self, environ): request = Request(environ) request.app = self.app request.translations = load_core_translations(self.app.cfg['language']) request.is_admin = False request.is_somebody = False cookie_name = self.app.cfg['session_cookie_name'] session = SecureCookie.load_cookie( request, cookie_name, self.app.cfg['secret_key'].encode('utf-8') ) request.session = session engine = self.app.database_engine user_id = session.get('uid') if user_id: admin_privilege = engine.execute( privileges.select(privileges.c.name=='BLOG_ADMIN') ).fetchone() admin = engine.execute(user_privileges.select(and_( user_privileges.c.user_id==int(user_id), user_privileges.c.privilege_id==admin_privilege.privilege_id ))).fetchone() request.is_somebody = True request.is_admin = admin is not None return request
def oauth_callback(self, request): if request.args.get("denied") is not None: return False try: oauth_data = SecureCookie.unserialize(request.cookies["twitter_oauth"], self.consumer_secret) except KeyError: return False oauth_token = oauth2.Token(oauth_data["oauth_token"], oauth_data["oauth_token_secret"]) oauth_token.set_verifier(request.args.get("oauth_verifier")) oauth_consumer = oauth2.Consumer(key=self.consumer_key, secret=self.consumer_secret) oauth_client = oauth2.Client(oauth_consumer, oauth_token) resp, content = oauth_client.request(ACCESS_TOKEN_URL, "POST") if resp["status"] != "200": return False oauth_data = dict(parse_qsl(content)) user_data = twitter.Api(consumer_key=self.consumer_key, consumer_secret=self.consumer_secret, access_token_key=oauth_data["oauth_token"], access_token_secret=oauth_data["oauth_token_secret"]).VerifyCredentials().AsDict() return (user_data["id"], dict(user_data, **oauth_data))
def __init__(self, environ, app=None): RequestBase.__init__(self, environ) self.queries = [] self.metanav = [] self.navbar = [] self.ctxnavbar = {} if app is None: app = get_application() self.app = app engine = self.app.database_engine # get the session and try to get the user object for this request. from ilog.database import db, User user = None cookie_name = app.cfg['cookie_name'] session = SecureCookie.load_cookie(self, cookie_name, app.secret_key) user_id = session.get('uid') if user_id: user = User.query.options( db.eagerload('groups'), db.eagerload('groups', 'privileges') ).get(user_id) if user is None: self.locale = self.app.default_locale self.translations = self.app.default_translations user = User.query.get_nobody() else: self.locale = Locale(user.locale) self.translations = i18n.load_translations(self.locale) self.user = user self.user.update_last_login() db.commit() self.session = session
def init_cookie(self): """ Ensures that a cookie'd subject id exists """ #self._app.logger.debug("Init cookie hit for {}".format(request.path)) # Don't bother setting the cookie on favicon hits # TODO: Make this more gooder if request.path == '/favicon.ico/': request.exp_enabled = False return exp_cookie = SecureCookie.load_cookie(request, key=self.FLASK_EXPERIMENT_COOKIE_NAME, secret_key=self._app.secret_key) subj_id = exp_cookie.get('id') if not subj_id: subj_id = uuid4().hex exp_cookie['id'] = subj_id set_exp = request.args.get('experiment') set_var = request.args.get('variant') request.exp_cookie = exp_cookie request.experiments = self.mgr.get_subject_experiments(subj_id) if set_exp and set_var: self.mgr.update_subject_experiments(subj_id, set_exp, set_var) request.experiments = self.mgr.get_subject_experiments(subj_id) #self._app.logger.debug("Subject {} experiments {}".format( #subj_id, request.experiments)) request.exp_enabled = True
def tag_session(req): app = get_app() cookie_name = app.conf['sessions/cookie_name'] session = SecureCookie.load_cookie(req, cookie_name, app.conf['sessions/secret']) req.session = session local.session = session
def get(self): args = self.request.args response_type = args.get("response_type") client_id = args.get("client_id") redirect_uri = args.get("redirect_uri") scope = args.get("scope") state = args.get("state","") if response_type is None or client_id is None or redirect_uri is None: return self.error("The request invalid") data = self.request.cookies.get("l") if data is not None: login_data = SecureCookie.unserialize(data, self.settings.secret_key) else: self.settings.log.debug("cookie for user login data not found") login_data = {} if not login_data.has_key("username"): # not logged in, show login form self.settings.log.debug("redirecting to login form") return self.login_form() else: # logged in, retrieve an auth code and do the redirect username = login_data['username'] am = self.settings.authmanager try: token, auth_code = am.new_token(username, client_id) except usermanager.errors.ClientNotFound, e: return self.error("the client_id is incorrect") q = { 'code' : auth_code, 'state' : state, } url = redirect_uri+"?"+urllib.urlencode(q) return werkzeug.redirect(url)
def setup_cookie(self): from screener.database import User, session self.session = SecureCookie.load_cookie( self, application.config.cookie_name, application.config.secret_key.encode('utf-8') ) def new_user(): user = User() session.add(user) return user if 'uuid' not in self.session: self.login(new_user(), permanent=True) self.session.setdefault('flashes', []).append( "A unique cookie has been sent to your browser that " "enables you to see your private images when browsing the " "categories.<br>Otherwise, you can only access them by " "their direct URL.") else: user = User.query.get(self.session.get('uuid')) if not user: self.login(new_user(), permanent=True) self.session.setdefault('flashes', []).append( "A unique cookie has been sent to your browser that " "enables you to see your private images when browsing the " "categories.<br>Otherwise, you can only access them by " "their direct URL.") else: self.login(user) self.user.update_last_visit() session.commit() self.cleanup_old_sessions()
def open_session(self, request): """Creates or opens a new session. Default implementation requires that `securecookie.secret_key` is set. """ key = self.secret_key if key is not None: return SecureCookie.load_cookie(request, self.session_cookie_name, secret_key=key)
def is_authorized(self, request, op_request): data = request.cookies.get('session_data') if data: session = SecureCookie.unserialize(data, SECRET_KEY) if session.get("logged_in", False) == True: return True return False
def post_process(self, environ, headers): user = User.get_current() if not user: cookies = http.parse_cookie(environ) if self.name in cookies: raw = http.dump_cookie(self.name, '', expires=1) headers.append(('Set-Cookie', raw)) return cookie = SecureCookie( { 'uid': user.id, 'session_token': user.get_session_token(), }, self.secret) raw = http.dump_cookie(self.name, cookie.serialize(), expires=self.expires, max_age=self.max_age) headers.append(('Set-Cookie', raw))
def open_session(self, request): # """ :param request: Request实例 """ #创建或打开一个新的session,默认的实现是存储所有的session数据到一个签名的cookie中, # 前提是secret_key属性被设置 key = self.secret_key if key is not None: return SecureCookie.load_cookie(request, 'session', secret_key=key)
def test_wrapper_support(): req = Request.from_values() resp = Response() c = SecureCookie.load_cookie(req, secret_key=b"foo") assert c.new c["foo"] = 42 assert c.secret_key == b"foo" c.save_cookie(resp) req = Request.from_values( headers={ "Cookie": 'session="%s"' % parse_cookie(resp.headers["set-cookie"])["session"] }) c2 = SecureCookie.load_cookie(req, secret_key=b"foo") assert not c2.new assert c2 == c
def open_session(self, request): """创建或打开一个新的session。默认的实现是存储所有的用户会话(session) 数据到一个签名的cookie中。这需要secret_key属性被设置。 :param request: request_class的实例。 """ key = self.secret_key if key is not None: return SecureCookie.load_cookie(request, self.session_cookie_name, secret_key=key)
def oauth_callback(self, request): try: callback_url = SecureCookie.unserialize(request.cookies["facebook_oauth"], self.client_secret)["callback_url"] except KeyError: return False access_token = facebook.get_access_token_from_code(request.args.get("code"), callback_url, self.client_id, self.client_secret)["access_token"] user = facebook.GraphAPI(access_token).get_object("me") return (int(user["id"]), dict(user, access_token=access_token))
def open_session(self, request): """ 获取请求对应的session数据,当没有session时,可以创建请求对应的session信息 创建的前提是需要配置了secret_key """ key = self.secret_key if key is not None: return SecureCookie.load_cookie(request, self.session_cookie_name, secret_key=key)
def _get_flash_msg(request): if 'ls_message' in request.cookies: update_message = SecureCookie.unserialize( request.cookies['ls_message'], settings.SECRET_KEY, ) delete_cookie('ls_message') return update_message['m'] else: return None
def open_session(self, request): """Creates or opens a new session. Default implementation stores all session data in a signed cookie. This requires that the :attr:`secret_key` is set. :param request: an instance of :attr:`request_class`. """ key = self.secret_key if key is not None: return SecureCookie.load_cookie(request, self.session_cookie_name, secret_key=key)
def get(self, **kw): """post a new vote to this poll""" _id = self.item._id data = self.request.cookies.get("qlpoll") if data is not None: poll_data = SecureCookie.unserialize(data, self.settings.secret_key) else: poll_data = {'_id' : None} voted = poll_data['_id']==_id return {'voted' : voted}
def load_session_from_cookie(request): secret = current_app.config.get("session_secret") if secret: session_name = current_app.config.get("session_cookie_name") or "session" local.session = SecureCookie.load_cookie(request, session_name, secret_key=secret) request._flash = local.session.pop("_flash", {}) csrf_token() # all session should have csrf token else: local.session = {} local.session["_flash"] = {}
def open_session(self, request): ''' load_cookie: data = request.cookies.get(key) if not data: return cls(secret_key=secret_key) return cls.unserialize(data, secret_key) ''' return SecureCookie.load_cookie(request, key=self.session_cookie_name, secret_key=self.secret_key)
def test_basic_support(self): c = SecureCookie(secret_key='foo') assert c.new assert not c.modified assert not c.should_save c['x'] = 42 assert c.modified assert c.should_save s = c.serialize() c2 = SecureCookie.unserialize(s, 'foo') assert c is not c2 assert not c2.new assert not c2.modified assert not c2.should_save assert c2 == c c3 = SecureCookie.unserialize(s, 'wrong foo') assert not c3.modified assert not c3.new assert c3 == {}
def open_session(self, resource): """creates or opens a new session""" key = self.secret_key if key is not None: return SecureCookie.load_cookie( # here, we should use global request # which is a context-local object # request, # so this request is the global request... Request(environ), # request, self.session_cookie_name, secret_key=key)
def test_basic_support(self): c = SecureCookie(secret_key=b'foo') assert c.new assert not c.modified assert not c.should_save c['x'] = 42 assert c.modified assert c.should_save s = c.serialize() c2 = SecureCookie.unserialize(s, b'foo') assert c is not c2 assert not c2.new assert not c2.modified assert not c2.should_save self.assert_equal(c2, c) c3 = SecureCookie.unserialize(s, b'wrong foo') assert not c3.modified assert not c3.new self.assert_equal(c3, {})
def oauth_callback(self, request): try: callback_url = SecureCookie.unserialize(request.cookies["foursquare_oauth"], self.client_secret)["callback_url"] except KeyError: return False client = foursquare.Foursquare(client_id=self.client_id, client_secret=self.client_secret, redirect_uri=callback_url) access_token = client.oauth.get_token(request.args.get("code")) client.set_access_token(access_token) user = client.users() return (int(user["user"]["id"]), dict(user, access_token=access_token))
def open_session(self, resource): """creates or opens a new session""" key = self.secret_key if key is not None: return SecureCookie.load_cookie( # here, we should use global request # which is a context-local object # request, # so this request is the global request... Request(environ), # request, self.session_cookie_name, secret_key=key )
def get_secure_cookie(self): """ Returns the secure cookie object from werkzeug :return: SecureCookie """ secret_key = self.state.environment.get('secret_key') if not secret_key: raise Exception('\'secret_key\' value must be set in environment') if not self._secure_cookie: self._secure_cookie = SecureCookie.load_cookie( self, secret_key=secret_key.encode()) return self._secure_cookie
def get_gaema_user(service): try: gaema_user_key = GAEMA_USER_KEY_FORMAT % service if hasattr(settings, "GAEMA_STORAGE") and \ settings.GAEMA_STORAGE == "cookie": user_data = local.request.cookies.get(gaema_user_key, None) if user_data: return SecureCookie.unserialize(user_data, secret_key=settings.SECRET_KEY) else: return local.request.session.get(gaema_user_key, None) except Exception, e: raise InternalServerError('Getting gaema_user failed, reason: %s' % e)
def test_basic_support(self): c = SecureCookie(secret_key="foo") assert c.new print c.modified, c.should_save assert not c.modified assert not c.should_save c["x"] = 42 assert c.modified assert c.should_save s = c.serialize() c2 = SecureCookie.unserialize(s, "foo") assert c is not c2 assert not c2.new assert not c2.modified assert not c2.should_save assert c2 == c c3 = SecureCookie.unserialize(s, "wrong foo") assert not c3.modified assert not c3.new assert c3 == {}
def login(): username = request.values.get('username', '') password = request.values.get('password', '') ret_data = {} is_login = db.check_user(username, password) if is_login: ret_data['status'] = 'ok' else: ret_data['status'] = 'error' ret_data['message'] = 'Username or password is wrong!' resp = Response(json.dumps(ret_data)) if is_login: # New and save `uid` to cookie cookie = SecureCookie(secret_key=app.secret_key) cookie['uid'] = username cookie['is_guest'] = False cookie.save_cookie(resp, key='auth', max_age=USER_COOKIE_AGE) return resp
def open_session(self, request): # 这里的逻辑是,在构建请求环境的时候,用secure_cookie.load_cookie从 # 请求中加载session内容,从中读取出sid值,再根据sid从数据库中读取session # 真正的内容,并用这些内容构建一个真正的,在视图函数中使用的session对象 # 这个函数的返回值会成为_request_ctx_stack的栈顶的session对象 key = self.secret_key if key is not None: secure_cookie = SecureCookie.load_cookie( request, self.session_cookie_name, secret_key=self.secret_key) sid = secure_cookie.get('sid') if sid is not None: request_session = self.session_store.get(sid) else: request_session = self.session_store.new() return request_session