def tokenAuth(token):
"""
token验证模块
验证token的正确性,有效性,以及是否被修改
:param token: token码
:return: 通过返回 [userId, roleId, msg]
未通过返回 None, None, msg]
"""
s = Serializer(secret_key=parser.secret_key_token, salt=parser.auth_salt)
try:
data = s.loads(token)
except SignatureExpired:
msg = 'token expired'
return [None, None, msg]
except BadSignature, e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
# the token is tampered.
msg = 'token tampered'
return [None, None, msg]
msg = 'badSignature of token'
return [None, None, msg]
def RftokenAuth(rf_token):
"""
rf_token验证模块
验证rf_token的正确性,有效性,以及是否被修改
:param rf_token: rf_token码
:return: 通过返回用户名,用户角色,和最新的token的列表
未通过返回[None, None, msg]
"""
s = Serializer(secret_key=parser.secret_key_rf_token,
salt=parser.auth_salt)
try:
data = s.loads(rf_token)
except SignatureExpired:
msg = 'token expired'
return [None, None, msg]
except BadSignature, e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
# the token is tampered.
msg = 'token tampered'
return [None, None, msg]
msg = 'badSignature of token'
return [None, None, msg]
def token_auth(token):
"""
验证token
:param token:
:return:
"""
s = Serializer(secret_key=SECURE_KEY['SECRET_KEY'],
salt=SECURE_KEY['AUTH_SALT'])
data = dict()
try:
data = s.loads(token)
except SignatureExpired:
logger.info('*' * 20 + 'token expired' + '*' * 20)
raise exceptions.ValidationError('token过期')
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
logger.info('*' * 20 + 'bad signature of token' + '*' * 20)
raise exceptions.ValidationError('token篡改')
except Exception as e:
logger.info('*' * 20 + 'wrong token with unknown reason' + '*' * 20)
raise exceptions.ValidationError('未知错误')
if 'user_id' not in data or 'is_student' not in data:
logger.info('*' * 20 + 'illegal payload inside' + '*' * 20)
raise exceptions.ValidationError('不合法的载体')
refresh = False
# 如果token过期时间与当前时间相隔10分钟以内,则需要刷新token
if (data['iat'] - time.time()) / 60 < 10:
refresh = True
return data['user_id'], data['is_student'], refresh
def validateToken(token):
s = Serializer(secret_key=secret_key, salt=salt)
try:
data = s.loads(token)
except SignatureExpired:
msg = 'toekn expired'
return {'code': 401, 'error_code': 'auth_01', 'message': msg}
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
msg = 'token tampered'
return {'code': 401, 'error_code': 'auth_01', 'message': msg}
msg = 'badSignature of token'
return {'code': 401, 'error_code': 'auth_01', 'message': msg}
except:
msg = 'wrong token with unknown reason'
return {'code': 401, 'error_code': 'auth_01', 'message': msg}
if 'userid' not in data:
msg = 'illegal payload inside'
return {'code': 401, 'error_code': 'auth_01', 'message': msg}
msg = 'user(' + str(data['userid']) + ') logged in by token.'
userId = data['userid']
return {
'code': 200,
'error_code': 'auth_00',
'message': msg,
'userid': userId
}
def tokenAuth(token):
# token decoding
s = Serializer(
secret_key=app.config['SECRET_KEY'],
salt=app.config['AUTH_SALT'])
try:
data = s.loads(token)
# token decoding faild
# if it happend a plenty of times, there might be someone
# trying to attact your server, so it should be a warning.
except SignatureExpired:
msg = 'token expired'
app.logger.warning(utils.logmsg(msg))
return [None, None, msg]
except BadSignature, e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
# the token is tampered.
msg = 'token tampered'
app.logger.warning(utils.logmsg(msg))
return [None, None, msg]
msg = 'badSignature of token'
app.logger.warning(utils.logmsg(msg))
return [None, None, msg]
def validateToken(token):
"""
# 解析token
:param token: 输入toke
:return: 解析结果
"""
s = Serializer(secret_key=SECRET_KEY, salt=SALT)
try:
data = s.loads(token)
except SignatureExpired:
return {'code': 401, 'message': 'toekn expired'} # token过期
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
return {'code': 401, 'message': 'token tampered'} # token篡改
return {'code': 401, 'message': 'badSignature of token'} # 签名有误
except Exception:
return {
'code': 401,
'message': 'wrong token with unknown reason'
} # 令牌错误
if 'userid' not in data:
return {'code': 401, 'message': 'illegal payload inside'} # 非法载荷
return {
'code': 200,
'userid': data['userid'],
'message': f"user({data['userid']}) logged in by token."
}
def verify_token(token, token_type='access'):
"""
验证Token
:param token:
:param token_type:
:return:
"""
user_id = get_token_user_id(token)
Log.logger.info('verify token user_id is {}, token is {}'.format(
user_id, token))
token_info = RedisManager.get_cache(pack_token_key(user_id, token_type))
if not token_info:
return {
'status': CODE['TOKEN_ERROR'],
'data': {},
'message': MESSAGE.get(CODE['TOKEN_ERROR'])
}
s = Serializer(secret_key=TOKEN_SECRET_KEY)
try:
s.loads(token, return_header=True)
except SignatureExpired:
return {
'status': CODE['TOKEN_EXPIRED'],
'data': {},
'message': MESSAGE.get(CODE['TOKEN_EXPIRED'])
}
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload:
try:
s.load_payload(encoded_payload)
except BadData:
return {
'status': CODE['TOKEN_ERROR'],
'data': {},
'message': MESSAGE.get(CODE['TOKEN_ERROR'])
}
return {
'status': CODE['TOKEN_ERROR'],
'data': {},
'message': MESSAGE.get(CODE['TOKEN_ERROR'])
}
except Exception as e:
Log.logger.error("check token error is {}".format(e))
return {
'status': CODE['TOKEN_ERROR'],
'data': {},
'message': MESSAGE.get(CODE['TOKEN_ERROR'])
}
if token != token_info:
return {
'status': CODE['TOKEN_ERROR'],
'data': {},
'message': MESSAGE.get(CODE['TOKEN_ERROR'])
}
return {'status': 0, 'data': {'user_id': user_id}}
def tokenAuth(token):
# token decoding
s = Serializer(
secret_key=JWT_SECRET_KEY,
algorithm_name=JWT_ALG,
salt=JWT_SALT
)
try:
data = s.loads(token)
# token decoding faild
# if it happend a plenty of times, there might be someone
# trying to attact your server, so it should be a warning.
except SignatureExpired:
# token已经超时失效
msg = 'token expired'
logger.warning(msg)
return [None, None, msg]
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
# token已经被篡改
msg = 'token tampered'
logger.warning(msg)
return [None, None, msg]
# payload不完整
msg = 'badSignature of token'
logger.warning(msg)
return [None, None, msg]
except:
msg = 'wrong token with unknown reason'
logger.warning(msg)
return [None, None, msg]
if ('user_id' not in data) or ('role_id' not in data):
# 数据不合法,密钥和盐值泄露
msg = 'illegal payload inside'
logger.warning(msg)
return [None, None, msg]
msg = 'user(' + str(data['user_id']) + ') logged in by token.'
# app.logger.info(msg)
user_id = data['user_id']
role_id = data['role_id']
return [user_id, role_id, msg]
def parse_token(token):
s = Serializer(secret_key=SECRET_KEY, salt=AUTH_SALT)
try:
data = s.loads(token)
return data.get('key'), data.get('code')
except SignatureExpired:
msg = 'token expired'
return msg
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
msg = 'token tampered'
return msg
msg = 'badSignature of token'
return msg
def confirm(token):
"""Confirm token # 确认令牌,返回确认状态
Args:
token (str): To be verified token
Returns:
object: app.common.result.Result
"""
# token decoding
s = Serializer(
secret_key=current_app.config['SECRET_KEY'],
salt=current_app.config['AUTH_SALT'])
data = {}
try:
data = s.loads(token)
# token decoding faild
# if it happend a plenty of times, there might be someone
# trying to attact your server, so it should be a warning.
except SignatureExpired:
msg = 'token expired'
# current_app.logger.warning(msg)
return Result.error(data,status=Status.TOKEN_SIGNATURE_EXPIRED.status, message=Status.TOKEN_SIGNATURE_EXPIRED.message)
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
# the token is tampered.
msg = 'token tampered'
return Result.error(data,status=Status.TOKEN_TAMPERED.status, message=Status.TOKEN_TAMPERED.message)
msg = 'badSignature of token'
return Result.error(data,status=Status.TOKEN_BADSIGNATURE.status, message=Status.TOKEN_BADSIGNATURE.message)
except:
msg = 'wrong token with unknown reason'
return Result.error(data,status=Status.TOKEN_UNKNOWN_REASON.status, message=Status.TOKEN_UNKNOWN_REASON.message)
if ('id' not in data) :
msg = 'illegal payload inside'
return Result.error(data,status=Status.TOKEN_ILLEGAL.status, message=Status.TOKEN_ILLEGAL.message)
return Result.success(data=data,status=Status.TOKEN_SUCCESS.status, message=Status.TOKEN_SUCCESS.message)
def tokenAuth(token):
'''
解码jwt数据
:param token: jwt字符串
:return: 返回解密后的数据
'''
s = Serializer(secret_key='4180da82-0c83-4d66-ab14-e2793573ecaa',
salt='16fcf475-5180-4916-83c1-5ff79616eaa9')
try:
# 使用序列化器的loads函数对加密后的数据进行解密
data = s.loads(token)
except SignatureExpired: # token超时
msg = 'token expired'
return [None, msg]
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
# the token is tampered;token被篡改
msg = 'token tampered'
return [None, msg]
msg = 'badSignature of token' # token错误
return [None, msg]
except:
msg = 'wrong token with unknown reason'
return [None, msg]
if ('user_name' not in data) or ('user_passwd'
not in data) or ('user_address'
not in data):
msg = 'illegal payload inside'
return [None, msg]
msg = 'user(' + data['user_name'] + ') logged in by token.'
user_name = data['user_name']
user_passwd = data['user_passwd']
user_address = data['user_address']
return [user_name, user_passwd, user_address, msg]
def decrypt(cls, jwttoken):
"""解密"""
s = Serializer(
secret_key=config["jwt_secret_key"],
salt=config["jwt_salt"],
)
try:
jwt_data = s.loads(jwttoken)
except SignatureExpired as e:
assert False, 'Token已过期'
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
assert False, 'Token被篡改'
assert False, 'Token有误'
except Exception as e:
assert False, '未知错误【解析Token】'
assert not set(jwt_data.keys()) - set(cls.palyload_keys), 'Token不合法'
return jwt_data
def decrypt(token):
s = Serializer(secret_key=SECURE_KEY['SECRET_KEY'],
salt=SECURE_KEY['AUTH_SALT'])
try:
data = s.loads(token)
except SignatureExpired:
msg = 'token expired'
print(msg)
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
msg = 'token tampered'
print(msg)
msg = 'badSignature of token'
print(msg)
except:
msg = 'wrong token with unknown reason'
print(msg)
return data
def validate_token(user, token, operation, new_password=None):
print('validate_token secret====',current_app.config['SECRET_KEY'])
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except SignatureExpired:
return SignatureExpired.message
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
return BadData.message
# return False
if operation != data.get('operation') or user.id != data.get('id'):
return False
if operation == Operations.CONFIRM:
user.confirmed = True
elif operation == Operations.RESET_PASSWORD:
user.set_password(new_password)
elif operation == Operations.CHANGE_EMAIL:
new_email = data.get('new_email')
if new_email is None:
return False
if User.query.filter_by(email=new_email).first() is not None:
return False
user.email = new_email
else:
return False
db.session.commit()
return True
def parser_token(token):
s = Serializer(secret_key=secret_key,salt=salt_str)
try:
return {"msg":"解析成功","code":1,"data":s.loads(token)}
except itsdangerous.SignatureExpired:
return {"msg":"token已过期请重新登录","code":-1}
except itsdangerous.BadSignature as e:
if e.payload:
try:
s = s.load_payload(e.payload)
print(s)
return {"msg": "secret_key 和 salt可能已经泄露", "code": -1}
except:pass
return {"msg": "token被篡改", "code": -1}
except:
return {"msg": "解析失败 未知原因!", "code": -1}
data = {'user_id': '789456123', 'iat': timestamp}
print(data)
token = s.dumps(data)
print(token)
s = Serializer(secret_key=SECURE_KEY['SECRET_KEY'], salt=SECURE_KEY['AUTH_SALT'])
try:
data = s.loads(token)
except SignatureExpired:
msg = 'token expired'
print(msg)
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
msg = 'token tampered'
print(msg)
msg = 'badSignature of token'
print(msg)
except:
msg = 'wrong token with unknown reason'
print(msg)
print(data)
if 'user_id' not in data:
msg = 'illegal payload inside'
print(msg)
msg = 'user(' + data['user_id'] + ') logged in by token.'
userId = data['user_id']
