コード例 #1
0
ファイル: cookie.py プロジェクト: timothyclemans/djangocg 
 def _hash(self, value):
     """
     Creates an HMAC/SHA1 hash based on the value and the project setting's
     SECRET_KEY, modified to make it unique for the present purpose.
     """
     key_salt = 'djangocg.contrib.messages'
     return salted_hmac(key_salt, value).hexdigest()
コード例 #2
0
ファイル: forms.py プロジェクト: timothyclemans/djangocg 
 def generate_security_hash(self, content_type, object_pk, timestamp):
     """
     Generate a HMAC security hash from the provided info.
     """
     info = (content_type, object_pk, timestamp)
     key_salt = "djangocg.contrib.forms.CommentSecurityForm"
     value = "-".join(info)
     return salted_hmac(key_salt, value).hexdigest()
コード例 #3
0
ファイル: utils.py プロジェクト: timothyclemans/djangocg 
def form_hmac(form):
    """
    Calculates a security hash for the given Form instance.
    """
    data = []
    for bf in form:
        # Get the value from the form data. If the form allows empty or hasn't
        # changed then don't call clean() to avoid trigger validation errors.
        if form.empty_permitted and not form.has_changed():
            value = bf.data or ''
        else:
            value = bf.field.clean(bf.data) or ''
        if isinstance(value, six.string_types):
            value = value.strip()
        data.append((bf.name, value))

    pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
    key_salt = 'djangocg.contrib.formtools'
    return salted_hmac(key_salt, pickled).hexdigest()
コード例 #4
0
ファイル: tokens.py プロジェクト: timothyclemans/djangocg 
    def _make_token_with_timestamp(self, user, timestamp):
        # timestamp is number of days since 2001-1-1.  Converted to
        # base 36, this gives us a 3 digit string until about 2121
        ts_b36 = int_to_base36(timestamp)

        # By hashing on the internal state of the user and using state
        # that is sure to change (the password salt will change as soon as
        # the password is set, at least for current Django auth, and
        # last_login will also change), we produce a hash that will be
        # invalid as soon as it is used.
        # We limit the hash to 20 chars to keep URL short
        key_salt = "djangocg.contrib.auth.tokens.PasswordResetTokenGenerator"

        # Ensure results are consistent across DB backends
        login_timestamp = user.last_login.replace(microsecond=0, tzinfo=None)

        value = (six.text_type(user.id) + user.password +
                six.text_type(login_timestamp) + six.text_type(timestamp))
        hash = salted_hmac(key_salt, value).hexdigest()[::2]
        return "%s-%s" % (ts_b36, hash)
コード例 #5
0
ファイル: base.py プロジェクト: timothyclemans/djangocg 
 def _hash(self, value):
     key_salt = "djangocg.contrib.sessions" + self.__class__.__name__
     return salted_hmac(key_salt, value).hexdigest()