def generate_token(user, operation, expire_in=None, **kwargs): s = Serializer(current_app.config['SECRET_KEY']) data = {'id': user.id, 'operation': operation} data.update(**kwargs) token = s.dumps(data) print('generate', token) return token
def get_authorization(user): serializer = Serializer(secret_key=app.config['SECRET_KEY'],salt=config.SECURITY_PASSWORD_SALT) authorization_code = "%s-%s" % (user.username,user.email) authorization_code = serializer.dumps(authorization_code) digester = hashlib.md5() digester.update(authorization_code) return digester.hexdigest()
def generate_auth_token(usuario,idCliente,key, expiration=600000000): s = Serializer(key,expires_in=expiration) usr =modelo.findUsuariobyNombreNcliente(idCliente,usuario) if usr is None: return token=s.dumps({'idUsuario': usr.Usuarios.id_usuario, 'idCliente': usr.Clientes.id_cliente}) jsonLog = {"token": token} return jsonLog
def generate_auth_token(self, expiration=604800): """ 生成token,7天有效期 :param expiration: :return: """ s = Serializer(config.SECRET_KEY, expiration) return s.dumps({'id': self.id}).decode('utf-8')
def generate_token(self, expiration=600): """ 生成token :param expiration: 默认过期时间为600秒 :return: """ # 序列化器 s = Serializer(current_app.config['SECRET_KEY'], expiration) return s.dumps({'id': self.id}).decode('utf-8')
def build_local_part(name, uid): """Build local part as 'name-uid-digest', ensuring length < 64.""" key = current_app.config["SECRET_KEY"] serializer = Serializer(key) signature = serializer.dumps(uid) digest = md5(signature) local_part = name + "+" + uid + "-" + digest if len(local_part) > 64: if (len(local_part) - len(digest) - 1) > 64: # even without digest, it's too long raise ValueError( "Cannot build reply address: local part exceeds 64 characters" ) local_part = local_part[:64] return local_part
def build_local_part(name, uid): """Build local part as 'name-uid-digest', ensuring length < 64.""" tag = current_app.config["MAIL_ADDRESS_TAG_CHAR"] key = current_app.config["SECRET_KEY"] serializer = Serializer(key) signature = serializer.dumps(uid) digest = md5(signature) local_part = name + tag + uid + "-" + digest if len(local_part) > 64: if (len(local_part) - len(digest) - 1) > 64: # even without digest, it's too long raise ValueError( "Cannot build reply address: local part exceeds 64 " "characters") local_part = local_part[:64] return local_part
def rest_login(): username = request.form['username'] password = request.form['password'] user = user_datastore.find_user(username=username) if user is not None and utils.verify_password(password,user.password): session['current_active_user'] = user session['rest_user'] = {'user':user,'authorization':None} serializer = Serializer(secret_key=app.config['SECRET_KEY'],salt=config.SECURITY_PASSWORD_SALT) authorization_code = "%s-%s" % (user.username,user.email) authorization_code = serializer.dumps(authorization_code) found_sites = UserSite.objects(user=user) sites = [] for found in found_sites: site = {'name':found.name,'url':found.url,'username':found.username,'password':found.password,'folder':found.folder ,'settings':{'favourite':found.settings['favourite'],'autologin':found.settings['autologin'],'autofill':found.settings['autofill']}, 'id':str(found.id)} if found.fields is not None and len(found.fields) > 0: site['fields'] = [] for field in found.fields: site['fields'].append({ 'name':field['name'], 'value':field['value'], 'type':str(field['type']).lower() }) else: site['fields'] = [] site['fields'].append({'name':'username','type':'text','value':site['username']}) site['fields'].append({'name':'password','type':'text','value':site['password']}) sites.append(site) digester = hashlib.md5() digester.update(authorization_code) authorization = digester.hexdigest() account = {'name':user.name,'email':user.email,'username':user.username,'authorization':authorization} response = Response(dumps({'success':True,'sites':sites,'account':account,'authorization':authorization}),status=200,mimetype='application/json') response.headers['Authorization'] = digester.hexdigest() session['rest_user']['authorization'] = digester.hexdigest() response.set_cookie('authorization',value=digester.hexdigest(),expires=False) return response else: return flask.jsonify({'success':False})
def A(): a = Serializer('mima') token_a = a.dumps('test') print(token_a) b = Serializer('mima') c = b.loads(token_a) print(c) roles_permissions_map = { 'Locked': ['FOLLOW', 'COLLECT'], 'User': ['FOLLOW', 'COLLECT','COMMENT','UPLOAD'], 'Moderator':['FOLLOW','COLLECT','COMMENT','UPLOAD','MODERATE'], 'Administrator':['FOLLOW','COLLECT','COMMENT','UPLOAD','MODERATE','ADMINISTER'] } for key, value in roles_permissions_map.items(): print(key,value)
def build_local_part(name, uid): """ Build local part as 'name-uid-digest', ensuring length < 64. """ tag = current_app.config['MAIL_ADDRESS_TAG_CHAR'] key = current_app.config['SECRET_KEY'] serializer = Serializer(key) signature = serializer.dumps(uid) digest = hashlib.md5(signature).digest() digest = base64.b32encode(digest).split('=', 1)[0] # remove base32 padding # digest = unicode(digest) local_part = name + tag + uid + u'-' + digest if len(local_part) > 64: if (len(local_part) - len(digest) - 1) > 64: # even without digest, it's too long raise ValueError( 'Cannot build reply address: local part exceeds 64 ' 'characters') local_part = local_part[:64] return local_part
def post(self, request): """ solve the request data :param request: :return: """ username = request.POST.get('user_name') password = request.POST.get('pwd') email = request.POST.get('email') allow = request.POST.get('allow') if not all([username, password, email]): return render(request, 'register.html', {'errmsg': '数据不完整'}) # 校验邮箱 if not re.match(r'^[a-z0-9][\w.\-]*@[a-z0-9\-]+(\.[a-z]{2,5}){1,2}$', email): return render(request, 'register.html', {'errmsg': '邮箱格式不正确'}) if allow != 'on': return render(request, 'register.html', {'errmsg': '请同意协议'}) try: user = User.objects.get(username=username) except User.DoesNotExist: user = None if user: return render(request, 'register.html', {'errmsg': 'the user has be registered'}) # really register user = User.objects.create_user(username, email, password) user.is_active = 0 user.save() serializer = Serializer(settings.SECRET_KEY, 3600) info = {'confirm': user.id} token = serializer.dumps(info) token = token.decode() send_register_active_email.delay(email, username, token) # todo redirect index return HttpResponse(b'ok', content_type='text/html')
def post(self, request): # 接收数据 username = request.POST.get('user_name') password = request.POST.get('pwd') email = request.POST.get('email') # 进行数据校验 if not all([username, password, email]): return render(request, 'user/register.html', {'errmsg': '数据不完整更'}) # 校验邮箱 if not re.match(r'^[a-z0-9][\w.\-]*@[a-z0-9\-]+(\.[a-z]{2,5}){1,2}$', email): return render(request, 'user/register.html', {'errmsg': '邮箱格式不正确'}) # 校验是否存在用户 try: user = User.objects.get(username=username) except User.DoesNotExist: user = None if user: return render(request, 'user/register.html', {'errmsg': '用户已存在'}) # 业务处理 user = User.objects.create_user(username, email, password) user.is_active = 1 user.save() # 注册成功需要通过邮箱返回激活链接 # 使用itsdangerous生成激活的token信息 seeializer = Serializer(settings.SECRET_KEY, 3600) info = {'confirm': user.id} # 进行加密 token = seeializer.dumps(info) # 转换类型 token = token.decode() # 组织邮件内容 send_mail_register(email, username, token) # 返回应答 return redirect(reverse('goods:index'))
def generate_email_change_token(self, new_email): s = Serializer(current_app.config['SECRET_KEY']) return s.dumps({ 'change_email': self.id, 'new_email': new_email }).decode('utf-8')
def generate_auth_token(self): s = Serializer(app.config['SECRET_KEY']) return s.dumps({'id': self.id})
def generate_auth_token(self, expiration): """使用编码后的用户id 字段值生成一个签名令牌,还指定了以秒 为单位的过期时间""" s = Serializer(current_app.config['SECRET_KEY'], expires_in=expiration) return s.dumps('id', 'self.id')
def generate_auth_token(self, expiration): s = Serializer(current_app.config['SECRET_KEY'], expires_in=expiration) return s.dumps({'id': self.id}).decode('utf-8')
def generate_token(self, expire=600): secret_key = current_app.config.get('SECRET_KEY') s = Serializer(secret_key, str(expire)) temp = s.dumps({'id': self.id}) return temp
def gen_token(uid, expiration=30 * 24 * 60 * 60): s = Serializer(SERECT_KEY, expires_in=expiration) return s.dumps({'id': uid})
def generate_email_change_token(self, new_email, expiration=3600): """Generate an email change token to email an existing user.""" s = Serializer(current_app.config['SECRET_KEY'], expiration) return s.dumps({'change_email': self.id, 'new_email': new_email})
def main(): """Primary CLI application logic.""" try: opts, args = getopt.getopt(sys.argv[1:], "h:v", ["help", "dservers=", "dqueue=", "secret=", "bserver=", "hserver=", "rserver=", "rchannel=", "bfiltername=", "hllname=", "mode=", "sleep="]) except getopt.GetoptError as err: print(str(err)) usage() sys.exit() modes = ("generate", "listen", "check", "adaptive", "initialize", "subscriber") # set defaults mode = None dservers = "localhost:7712,localhost:7711" dqueue = "objbomber" secret = "coolsecretbro" bserver = "localhost:8673" hserver = "localhost:4553" rserver = "localhost:6379" rchannel = "objbomber" bfiltername = "objbomber" hllname = "objbomber" sleep = None userhomedir = os.path.expanduser("~") # flippin' switches... for o, a in opts: if o in ("-h", "--help"): usage() sys.exit() elif o in ("--dservers"): dservers = a elif o in ("--queue"): dqueue = [a] elif o in ("--secret"): secret = a elif o in ("--bserver"): bserver = a elif o in ("--hserver"): hserver = a elif o in ("--rserver"): rserver = a elif o in ("--rchannel"): rchannel = a elif o in ("--bfiltername"): bfiltername = a elif o in ("--hllname"): hllname = a elif o in ("--mode"): if a in modes: mode = a else: usage() sys.exit() elif o in ("--listen"): mode_listen = True elif o in ("--check"): mode_check = True elif o in ("--sleep"): sleep = int(a) else: assert False, "unhandled option" checkdqueue = dqueue + ".check" if sleep in (None, 0): sleep = 0.0001 # mode must be set if not mode: usage() sys.exit() # Handler for the cryptographic signatures # TODO: secret should be "secret" + a version number s = Serializer(secret) # config basics datadir = userhomedir + "/.objbomber" # prepare servers and queue lists dservers = dservers.split(",") bserver = [bserver] hserver = hserver # all modes use Disque logging.info("Connecting to Disque...") disque_client = Client(dservers) disque_client.connect() if mode in ("check", "listen"): logging.info("Creating Bloomd Client...") bloomd_client = BloomdClient(bserver) bfilter = bloomd_client.create_filter(bfiltername) # add pyhlld logging.info("Creating HLLD Client... - not yet used") hlld_client = HlldClient(hserver) hll = hlld_client.create_set(hllname) if mode in ("check", "listen", "generate", "subscriber"): # add redis hll & pubsub logging.info("Creating Redis Client...") rhost, rport = rserver.split(":") redd = redis.StrictRedis(host=rhost, port=rport, db=0) redpubsub = redd.pubsub() if mode in ("subscriber"): redpubsub.subscribe(rchannel) if mode in ("generate"): # TODO: check on how well LevelDB handles # multiple clients db = leveldb.LevelDB(datadir + '/notary') # special mode to handle our first run # TODO: push into a function # TODO: handle filesystem errors # TODO: reconsider using Cement for all of this # TODO: generate an instance GUID if mode == "initialize": UUID = uuid.uuid4() logging.info("Our system UUID is now: %s" % UUID) # TODO: save and load this uuid # check to see if there is a ~/.objbomber directory, quit if there is # TODO: this does not handle errors in initalization logging.info("Checking for .objbomber in %s..." % userhomedir) if os.path.exists(datadir): logging.info("Already been initialized!") # TODO: print some information about how to handle this sys.exit() # TODO: make one os.mkdir(datadir, 0700) # generate our RSA signing key # TODO: make # of bits in key a flag logging.info("Begining to create our notary key.") logging.info("Reading from RNG.") rng = Random.new().read logging.info("Generating RSA key...") privRSAkey = RSA.generate(4096, rng) privPEM = privRSAkey.exportKey() pubRSAkey = privRSAkey.publickey() pubPEM = pubRSAkey.exportKey() logging.info("Key generated.") # save privkey to disk with open(datadir + "/privkey.pem", "w") as keyfile: keyfile.write(privPEM) keyfile.close() os.chmod(datadir + "/privkey.pem", 0700) logging.info("Unencrypted RSA key written to disk.") # save the pubkey with open(datadir + "/pubkey.pem", "w") as keyfile: keyfile.write(pubPEM) keyfile.close() logging.info("Public RSA key written to disk.") logging.info("Creating crypto notary storage.") leveldb.LevelDB(datadir + '/notary') # we absolutely must quit here, or we will get stuck in # an infinate loop sys.exit() # load our secret key (TODO: this is probably better as try/exc) # and build our contexts with open(datadir + "/privkey.pem", "r") as keyfile: privRSAkey = RSA.importKey(keyfile.read()) while True: # TODO: Adaptive Mode - this mode should peek the queues, and # make a decision about where this thread can make the most # impact on its own. if mode == "adaptive": # TODO: Do some queue peeking. # TODO: Make some decisions about which mode to adapt to. pass # TODO: All modes should be placed into functions. # Listen Mode - Listens to the queue, pulls out jobs, # validates the signature, puts them in bloomd if mode == "listen": logging.info("Getting Jobs from Disque.") jobs = disque_client.get_job([dqueue]) print("Got %d jobs." % len(jobs)) for queue_name, job_id, job in jobs: logging.debug("Handling a job: %s" % job) try: job = s.loads(job) logging.debug("Job Authenticated: %s" % job) except: logging.warning("Job did not pass authentication.") disque_client.nack_job(job_id) # add to bloom filter try: bfilter.add(job) except: logging.warning("Job was not added to bloomd.") disque_client.nack_job(job_id) try: hllResponse = hll.add(job) except: logging.warning("Job was not added to hlld.") disque_client.nack_job(job_id) # TODO: add redis HLL support # tell disque that this job has been processed disque_client.ack_job(job_id) # sign the check job job = s.dumps(job) # throw this message on the check queue disque_client.add_job(checkdqueue, job) elif mode == "check": # TODO # Check the secondary disque queue for checks # Ask the bloom filter if they have seen this logging.info("Getting Jobs from Disque.") jobs = disque_client.get_job([checkdqueue]) for queue_name, job_id, job in jobs: logging.debug("Checking: %s" % job) try: job = s.loads(job) except: disque_client.nack_job(job_id) # we don't NACK on failed cache hits if job in bfilter: logging.info("Confirming: %s" % job) else: logging.info("Not found in bloom filter: %s" % job) disque_client.ack_job(job_id) elif mode == "generate": # TODO - where will these messages come from? # for now they will just be random numbers, but # really we should make them objects to really be # testing serialization msg = [random.randint(1000, 1000000), random.randint(1000, 1000000)] # itsdangerous serialization & signing msg = s.dumps(msg) # Now that this message is serialized, we can sign it again with a # public key. # TODO: incorporate saving the signature into the notary records msghash = SHA.new(msg) signer = PKCS1_v1_5.new(privRSAkey) signature = signer.sign(msghash) assert signer.verify(msghash, signature) record = {'message': msg, 'signature': signature} record = pickle.dumps(record) # send the job over to Disque # TODO: add more command line flags for queuing job_id = disque_client.add_job(dqueue, msg) logging.debug("Added a job to Disque: %s" % msg) # publish just the signature on redis pubsub redd.publish(rchannel, signature) # TODO: save the publication in the notary # TODO: do more then just save the signatures # TODO: add a GUID to the key key = datetime.datetime.now().strftime("%Y-%m-%d-%H-%M-%S-%f") db.Put(key, record) # testing the results of leveldb's store, this is a test, and # an expensive test sig2 = db.Get(key) sig2 = pickle.loads(sig2)['signature'] assert signer.verify(msghash, sig2) elif mode == "subscriber": msg = redpubsub.get_message() # TODO: do something useful, like log if msg: print("got a message") time.sleep(sleep)
def generate_auth_token(self) -> str: serializer = Serializer(SECRET_KEY) return serializer.dumps({'id': self.id}).decode("utf-8")
def get_reset_token(self, expires_sec=3600): s = Serializer(current_app.config['SECRET_KEY'], expires_sec) return s.dumps({'user_id': self.id}).decode('utf-8')
def generate_token_for(user,expiration=100): if user == None: return None serializer = Serializer(SECURITY_PASSWORD_SALT) token = serializer.dumps({"username":str(user.username),'id':str(user.id)}).decode('utf-8') return token
def generate_auth_token(self, expiration=600): s = Serializer(secret_key, expires_in=expiration) return s.dumps({'id': self.id})
def generate_confirmation_token(self, expiration=3600): s = Serializer((current_app.config["SECRET_KEY"], expiration)) return s.dumps({"confirm": self.id})
def generate_password_reset_token(self, expiration=3600): """ Generate a password reset change token to email to an existing user. """ s = Serializer(current_app.config['SECRET_KEY'], expiration) return s.dumps({'reset': self.id})
def generate_reset_token(self): s = Serializer(current_app.config['SECRET_KEY']) return s.dumps({'reset': self.id})
def generate_confirmation_token(self, expiration=3600): s = Serializer(current_app.config['SECRET_KEY'], expiration) return s.dumps({'confirm': self.id})
def generate_reset_token(self, expiration=600): s = Serializer(current_app.config['SECRET_KEY'], expiration) return s.dumps({'id': self.id})
def get_reset_token(self, expires_sec=1800): s = Serializer(current_app.secret_key, expires_sec) return s.dumps({'user_id': self.id}).decode("utf-8")
def generate_confirmation_token(self): s = Serializer(secret_key=current_app.config['SECRET_KEY']) return s.dumps({'confirm': self.id})
def generate_confirmation_token(self, expiration=604800): """Generate a confirmation token to email a new user.""" s = Serializer(current_app.config['SECRET_KEY'], expiration) return s.dumps({'confirm': self.id})
class User(Base): __tablename__ = 'users' id = Column(Integer, primary_key=True) name = Column(String(100)) password = Column(String(500)) salt = Column(String(100)) user = session.query(User).filter_by(name="Josh").first() salt = user.salt signer = Serializer(secretKey, salt=salt) passwordOld = "super new car" password = "******" passwd = signer.dumps(password).split(".")[1] oldPass = user.password if signer.loads("\"" + passwordOld + "\"." + oldPass): print True user.password = passwd session.commit()
def generate_auth_token(self, expiration): s = Serializer(current_app.config['SECRET_KEY']) return s.dumps({'id': self.id})
def generate_auth_token(self, expiration=600): s = Serializer(app.config['SECRET_KEY'], expires_in=expiration) return s.dumps({'id': self.id})
from itsdangerous import Serializer if __name__ == '__main__': from itsdangerous import Serializer s = Serializer('secret-key', '36000') a = s.dumps({'rrr': 1}) b = Serializer('secret-key') data = s.loads(a) print(data['rrr']) print(data)