def create_keypair(user, current_session, encryption_key, expire=86400): existing_keypairs = 0 for keypair in user.hmac_keypairs: if not keypair.check_and_archive(current_session): existing_keypairs += 1 if existing_keypairs >= 2: raise UserError("You can only have at most 2 keypairs") key = Fernet(encryption_key) # default to 1 day, max to 30 days try: expire = int(expire) except ValueError: raise UserError("Expiration has to be an integer representing" " expiration time in seconds") if expire > 2592000: raise UserError("Max expiration time is 30 days(2592000 seconds)") expire = min(expire, 2592000) result = dict(access_key=random_str(20), secret_key=random_str(40)) keypair = HMACKeyPair(access_key=result['access_key'], secret_key=key.encrypt(result['secret_key']), expire=expire, user_id=user.id) current_session.add(keypair) current_session.commit() return result
def test_id_token_has_nonce(oauth_test_client): nonce = random_str(10) data = {"confirm": "yes", "nonce": nonce} oauth_test_client.authorize(data=data) response_json = oauth_test_client.token(data=data).response.json id_token = validate_jwt(response_json["id_token"]) assert "nonce" in id_token assert nonce == id_token["nonce"]
def set_csrf(response): """ Create a cookie for CSRF protection if one does not yet exist. """ if not flask.request.cookies.get('csrftoken'): secure = app.config.get('SESSION_COOKIE_SECURE', True) response.set_cookie('csrftoken', random_str(40), secure=secure) return response
def test_id_token_has_nonce(client, oauth_client): nonce = random_str(10) data = { 'client_id': oauth_client.client_id, 'redirect_uri': oauth_client.url, 'response_type': 'code', 'scope': 'openid user', 'state': random_str(10), 'confirm': 'yes', 'nonce': nonce, } response_json = ( oauth2.get_token_response(client, oauth_client, code_request_data=data) .json ) id_token = validate_jwt(response_json['id_token'], {'openid'}) assert 'nonce' in id_token assert nonce == id_token['nonce']
def test_user_delete_cascade(db_session): """ test deleting a user will cascade to its children """ user = User(username="******") client = Client( name="test_client", user=user, client_id=random_str(40), client_secret=random_str(60), ) db_session.add(user) db_session.add(client) db_session.flush() assert len(user.clients) == 1 db_session.delete(user) assert db_session.query(Client).filter_by( client_id=client.client_id).count() == 0
def generate_csrf_token(): """ Generate a token used for CSRF protection. If the session does not currently have such a CSRF token, assign it one from a random string. Then return the session's CSRF token. """ if '_csrf_token' not in flask.session: flask.session['_csrf_token'] = random_str(20) return flask.session['_csrf_token']
def set_csrf(response): """ Create a cookie for CSRF protection if one does not yet exist """ if not flask.request.cookies.get("csrftoken"): secure = config.get("SESSION_COOKIE_SECURE", True) response.set_cookie("csrftoken", random_str(40), secure=secure) if flask.request.method in ["POST", "PUT", "DELETE"]: current_session.commit() return response