def verify_auth_token(token):
s = Serializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
# just to make sure what is inside data
# app.logger.info('The data inside token :' + str(data['id']))
except SignatureExpired:
# this line below is not necessary et al
# comment this line to avoid error: local variable 'data' referenced before assignment
# Sess.query.filter_by(user_id=data['id']).first().logged_in = False
db.session.commit()
app.logger.info('TOKEN :: Token expired.')
return None # valid token, but expired
# logout stuck in here. dunno why
except BadSignature:
# comment this line to avoid error: local variable 'data' referenced before assignment
# Sess.query.filter_by(user_id=data['id']).first().logged_in = False
db.session.commit()
app.logger.info('TOKEN :: Invalid token.')
return None # invalid token
if not Sess.query.filter_by(user_id=data['id']).first().logged_in:
app.logger.info('TOKEN :: Not login yet')
return None
user = User.query.get(data['id'])
return user
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
return User.query.get(data['id'])
def verify_auth_token(token):
s = Serializer('SECRET_KEY')
try:
data = s.loads(token)
except:
return None
return User.objects(student_id=data['id']).first()
def decorated_function(*args, **kwargs):
token = request.headers['token']
if token is None:
abort(401)
s = Serializer(current_app.config.get('SECRET_KEY'))
try:
s.loads(token)
except SignatureExpired:
abort(401) # valid token, but expired
except BadSignature:
abort(401) # invalid token
# if redis_store.get(user_id) == token:
# kwargs['user_id'] = user_id
return f(*args, **kwargs)
def get_user_by_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
return mongo.db.users.find_one(ObjectId(data['id']))
def confirm_uid_token(token):
s = Serializer(current_app.config["CONVEY_UID_KEY"])
try:
data = s.loads(token)
except:
return None
return User.query.get(data["id"])
def confirm_auth_token(token):
s = Serializer(current_app.config["SECRET_KEY"])
try:
data = s.loads(token)
except:
return None
return User.query.get(data["id"])
def generate_auth_token(self, expiration = 600):
s = Serializer(secret_key, expires_in=expiration)
print ("secret key = ", secret_key)
print ("dumps = ", s.dumps({"id": self.id}))
serializedData = s.dumps({"id": self.id})
print ("dumps = ", s.loads(serializedData))
return s.dumps({"id": self.id})
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
return User(data['username'])
except:
return None
def load_user_from_token(cls, token):
"""
Implements the token_loader method for Flask-Login
:param token: The token sent in the user's request
"""
serializer = TimedJSONWebSignatureSerializer(
current_app.secret_key,
expires_in=current_app.token_validity_duration
)
try:
data = serializer.loads(token)
except SignatureExpired:
return None # valid token, but expired
except BadSignature:
return None # invalid token
user = cls(data['id'])
if user.password != data['password']:
# The password has been changed by the user. So the token
# should also be invalid.
return None
return user
def verify_auth_token(secret_key, token):
serializer = Serializer(secret_key)
try:
data = serializer.loads(token)
except (ValueError, SignatureExpired, BadSignature):
return None
return User.query.get(data['id'])
def load_token(token, key, secret_key=os.environ.get('SECRET_KEY')):
s = Serializer(secret_key)
try:
data = s.loads(token)
except:
return None
return data.get(key)
def change_user_email(self, token):
"""
重置用户邮箱
:param token: 用于验证的 token
:return: 成功返回 True,否则返回 False
"""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return False
if data.get('reset_uid') != self.user_id:
return False
new_email = data.get('new_email')
if new_email is None:
return False
if mongo.db.users.find_one({'email': new_email}):
return False # 邮箱已存在
self.email = new_email
self.avatar_hash = hashlib.md5(self.email.encode('utf-8')).hexdigest()
mongo.db.users.update_one({
'user_id': self.user_id
}, {
'$set': {
'avatar_hash': self.avatar_hash
}
})
return True
def get(self, request, token):
"""
:param request:
:param token: token是用户携带的口令,唯一标识用户
:return:
"""
# 解析口令token,获取用户身份
# 构建序列化器
s = Serializer(settings.SECRET_KEY)
try:
data = s.loads(token)
except SignatureExpired:
# 表示token过期
return HttpResponse("链接已过期!")
# 表示token未过期,
user_id = data.get("confirm")
# 查询用户的数据
try:
user = User.objects.get(id=user_id)
except User.DoesNotExist:
# 用户不存在
return HttpResponse("用户不存在!")
# 设置用户的激活状态
user.is_active = True
user.save()
# 返回处理结果
# return HttpResponse("进入到登录页面")
return redirect(reverse("users:login"))
def verify_reset_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
user_id = s.loads(token)['user_id']
except:
return None
return User.query.get(user_id)
def confirm_token(token):
s = Serializer(db.app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return False
return data.get('user_id')
def reset_user_password(token, new_password):
"""
重置用户密码
:param token: 用于验证的 token
:param new_password: 新密码
:return: 成功返回 True,否则返回 False
"""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return False
user = User(email=data.get('email'))
if not user or not user.user_id:
return False
if data.get('reset_uid') != user.user_id:
return False
user.raw_password = new_password
mongo.db.users.update_one({
'user_id': user.user_id
}, {
'$set': {
'password': user.password
}
})
return True
def parse_confirm_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
return data.get('confirm')
def detokenize(token, field=None):
s = Serializer(flask.current_app.config['SECRET_KEY'])
try:
item = s.loads(token)
return item.get(field,None) if field else item
except BadSignature:
return None
def get_token_status(token, operation, return_data=False):
"""Returns the expired status, invalid status, the user and optionally
the content of the JSON Web Signature token.
:param token: A valid JSON Web Signature token.
:param operation: The function of the token.
:param return_data: If set to ``True``, it will also return the content
of the token.
"""
s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
user, data = None, None
expired, invalid = False, False
try:
data = s.loads(token)
except SignatureExpired:
expired = True
except (BadSignature, TypeError, ValueError):
invalid = True
if data is not None:
# check if the operation matches the one from the token
if operation == data.get("op", None):
user = User.query.filter_by(id=data.get('id')).first()
else:
invalid = True
if return_data:
return expired, invalid, user, data
return expired, invalid, user
def verify_auth_token(token):
serializer = Serializer(current_app.config['SECRET_KEY'])
try:
data = serializer.loads(token)
except (SignatureExpired, BadSignature):
return False
return User.query.get_or_404(data['id'])
def tokenAuth(token):
# token decoding
s = Serializer(
secret_key=app.config['SECRET_KEY'],
salt=app.config['AUTH_SALT'])
try:
data = s.loads(token)
# token decoding faild
# if it happend a plenty of times, there might be someone
# trying to attact your server, so it should be a warning.
except SignatureExpired:
msg = 'token expired'
app.logger.warning(utils.logmsg(msg))
return [None, None, msg]
except BadSignature, e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
# the token is tampered.
msg = 'token tampered'
app.logger.warning(utils.logmsg(msg))
return [None, None, msg]
msg = 'badSignature of token'
app.logger.warning(utils.logmsg(msg))
return [None, None, msg]
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
return App.query.filter_by(appid=data['appid']).first()
def get_token_id(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return None
return data.get('token_id')
def verify_token(username, token):
"""
Verify validity of token
"""
s = TimedJWSSerializer(app.config['SECRET_KEY'])
try:
ut.pretty_print("Trying to load the token")
data = s.loads(token)
except SignatureExpired:
ut.pretty_print("ERROR: Expired Token")
return False
except BadSignature:
ut.pretty_print("ERROR: Invalid Token")
return False
else:
ut.pretty_print("Token successfully loaded")
stored = db.sessions.find_one(
filter={'username': data['username']}, sort=[('_id', -1)])
if not stored:
return False
result = json_util.loads(json_util.dumps(stored))
return pwd_context.verify(
data['password'],
result['password_hash']) and data['username'] == username
def check_verify_email_token(token):
"""
验证token并提取user
:param token: 用户信息签名后的结果
:return: user, None
"""
# 调用 itsdangerous 类,生成对象
# 邮件验证链接有效期:一天
serializer = TimedJSONWebSignatureSerializer(settings.SECRET_KEY,
expires_in=60 * 60 * 24)
try:
# 解析传入的 token 值, 获取数据 data
data = serializer.loads(token)
except BadData:
# 如果传入的 token 中没有值, 则报错
return None
else:
# 如果有值, 则获取
user_id = data.get('user_id')
email = data.get('email')
# 获取到值之后, 尝试从 User 表中获取对应的用户
try:
user = User.objects.get(id=user_id, email=email)
except User.DoesNotExist:
# 如果用户不存在, 则返回 None
return None
else:
# 如果存在则直接返回
return user
class TokenAuthenticator(AbstractAuthenticationProvider):
def __init__(self, secret_key, expires_in_seconds=600):
self._secret_key = secret_key
self._serializer = TimedJSONWebSignatureSerializer(self._secret_key,
expires_in_seconds)
def generate_auth_token(self):
return self._serializer.dumps(
{USERNAME_FIELD: rest_security.get_username()})
def authenticate(self, userstore):
try:
open_token = self._serializer.loads(_retrieve_token_from_request())
except SignatureExpired:
raise Exception('token expired')
except BadSignature:
raise Exception('invalid token')
username = open_token.get(USERNAME_FIELD)
if not username:
raise Exception('username not found in token')
user = userstore.get_user(username)
if not user:
raise Exception('failed to authenticate user "{0}", user not found'
.format(username))
return user['username']
def verify_token(token):
s = TimedSigSerializer(SECRET_KEY)
try:
data = s.loads(token)
except (SignatureExpired, BadSignature):
return None
return data
def verify_token(token):
s = TimedJSONWebSignatureSerializer('keyconfidential')
try:
data = s.loads(token)
except:
return None
return data
def verify_token(token):
s = Serializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return None
return data
def change_email(self, token):
"""Verify the new email for this user."""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return False
if data.get('change_email') != self.id:
return False
new_email = data.get('new_email')
if new_email is None:
return False
if self.query.filter_by(email=new_email).first() is not None:
return False
self.email = new_email
db.session.add(self)
db.session.commit()
return True
def get_token_info():
"""解析「令牌」"""
form = TokenValidator().validate_for_api()
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(form.token.data, return_header=True)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
r = {
'scope': data[0]['scope'],
'uid': data[0]['uid'],
'create_at': data[1]['iat'], # 创建时间
'expire_in': data[1]['exp'] # 有效期
}
return Success(data=r)
def reset_password(token, new_password):
"""
重置密码
:param token:
:param new_password:
:return:
"""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token.encode('utf-8'))
except:
return False
user = User.query.get(data.get('reset'))
if user is None:
return False
user.password = new_password
db.session.add(user)
return True
def verify_auth_token(token):
"""
Try to load token, success return user id false return None
:param token:
:return mix:
"""
s = Serializer(secret_key)
try:
data = s.loads(token)
except SignatureExpired:
# Valid Token, but expired
return None
except BadSignature:
# Invalid Token
return None
uid = data['uid']
return uid
def confirm(self, token):
"""
检验令牌和检查令牌中id和已登录用户id是否匹配?如果检验通过,则把新添加的 confirmed 属
性设为 True
"""
s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return False
if data.get('confirm') != self.id:
return False
self.confirmed = True
db.session.add(self)
db.session.commit()
return True
def check_verify_email_token(token):
'''校验邮箱'''
serializer = TJWSSerializer(
settings.SECRET_KEY,
expires_in=constants.VERIFY_EMAIL_TOKEN_EXPIRES)
try:
data = serializer.loads(token)
except BadData:
return None
else:
user_id = data['user_id']
email = data['email']
try:
user = User.objects.get(id=user_id, email=email)
except User.DoesNotExist:
return None
else:
return user
def generate_auth_token(self, expiration=None):
"""Generate new security token.
Note: calling this automatically rewrites (== revokes) previous token.
"""
expires_in = expiration or current_app.config['API_TOKEN_LIFETIME']
s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'],
expires_in=expires_in)
self.token = s.dumps({'id': str(self.id)})
# time based signers in itsdangerous always return bytes, so we decode to store in DB
# (there should be no harm done storing the token decoded)
self.token = self.token.decode('utf-8')
# we need to store the token expiration time since user may change it by revoking the token
self.token_expires = s.get_issue_date(s.loads(self.token, return_header=True)[1]) + \
datetime.timedelta(seconds=expires_in)
rdb.session.add(self)
rdb.session.commit()
return self.token, self.token_expires
def confirm(token, check):
s = Serializer(Config.SECRET_KEY)
try:
data = s.loads(token)
except:
return False
a = Users.query.get(data['confirm'])
if a != None:
if check == 0:
if a.confirmed == False:
a.confirmed = True
db.session.add(a), db.session.commit()
return a
elif check == 1:
if a.confirmed == True and a.confirmed_pass == False:
return a
return False
def check_email_verify_url(token):
"""
对token进行解密,然后查询到用户
:param token: 要解密的用户数据
:return: user or None
"""
serializer = Serializer(settings.SECRET_KEY, 3600 * 24)
try:
data = serializer.loads(token)
user_id = data.get('user_id')
email = data.get('email')
try:
user = User.objects.get(id=user_id, email=email)
return user
except User.DoesNotExist:
return None
except BadData:
return None
def validate(self):
rv = Form.validate(self)
if not rv:
return False
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(self.token)
user = Account.find_by_id(data.get('reset_id'))
if not user:
self.token.errors.append("The account this token is for was not found.")
return False
except (BadSignature, SignatureExpired):
self.token.errors.append("This token is invalid or has expired.")
return False
return user
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='token is invalid',
error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired',
error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# request 视图函数 # endpoint 视图函数
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def parse_token(token):
s = Serializer(secret_key=SECRET_KEY, salt=AUTH_SALT)
try:
data = s.loads(token)
return data.get('key'), data.get('code')
except SignatureExpired:
msg = 'token expired'
return msg
except BadSignature as e:
encoded_payload = e.payload
if encoded_payload is not None:
try:
s.load_payload(encoded_payload)
except BadData:
msg = 'token tampered'
return msg
msg = 'badSignature of token'
return msg
def validate_token(token):
'''Verifies that an access-token is valid and
meant for this app.
Returns None on fail, and an e-mail on success'''
logger.debug('access_token is :%s', token)
s = TimedJSONWebSignatureSerializer(globalS.dictDb['SECRET_KEY'])
try:
data = s.loads(token)
logger.debug('data after decoding is :%s', data)
except SignatureExpired:
logger.warn('valid token, but expired')
return '403' # valid token, but expired
except BadSignature:
logger.warn('invalid token')
return None # invalid token
return data['ID']
def verify_token(token, token_type="timed_token"):
"""Return the project id associated to the provided token,
None if the provided token is expired or not valid.
:param token: Serialized TimedJsonWebToken
"""
if token_type == "timed_token":
serializer = TimedJSONWebSignatureSerializer(
current_app.config["SECRET_KEY"])
else:
serializer = URLSafeSerializer(current_app.config["SECRET_KEY"])
try:
data = serializer.loads(token)
except SignatureExpired:
return None
except BadSignature:
return None
return data["project_id"]
def get(self, request, token):
'''进行用户激活'''
serializer = Serializer(settings.SECRET_KEY, 3600)
# print('6'*9)
try:
info = serializer.loads(token)
# 获取用户id
user_id = info['confirm']
# 根据用户id 获取该用户对象
user = User.objects.get(id=user_id)
# 设置该用户对象中的is_active字段的值为1
user.is_active = 1
user.save()
# 使用反向解析跳转到登录页
return redirect(reverse("login"))
except SignatureExpired as e:
# 出现异常表示链接失效
return HttpResponse("激活链接已过期")
def confirm_changemail(self, token):
s = Serializer(current_app.config['SECRET_KEY'] + 'changemail')
try:
data = s.loads(token.encode('utf-8'))
except:
return False
if self.id != data.get('confirm'):
return False
if data.get('new_email') is None:
return False
if User.query.filter_by(
email=data.get('new_email')).first() is not None:
return False
self.email = data.get('new_email')
self.avatar_hash = hashlib.md5(
self.email.encode('utf-8')).hexdigest() or self.gravatar_hash()
db.session.add(self)
return True
def check_token(token):
try:
#生成token对象
s = Seralize(current_app.config['SECRET_KEY'])
Dict = s.loads(token) #加载出字典
uid = Dict['id'] #获取用访问的id
# 获取 访问过来人的对象
u = User.query.get(uid)
if not u:
raise ValueError
except:
return False
#判断是否没有激活 没有激活 则激活 否则返回真
if not u.confirm:
u.confirm = True
db.session.add(u)
return True
def get(self, request, token):
"""进行用户激活"""
# 进行解密,获取用户信息
serializer = Serializer(settings.SECRET_KEY, 3600)
try:
info = serializer.loads(token)
# 获取用户id
user_id = info['confirm']
# 根据id获取用户信息
user = User.objects.get(id=user_id)
user.is_active = 1
user.save()
# 跳转到登录页面
return redirect(reverse('user:login'))
except SignatureExpired as e:
# 激活连接已过期
return HttpResponse('激活链接已过期,请重新发送')
def reset_password(token, new_password):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except Exception:
return False
try:
user = User.objects.get(username=data.get('reset'))
except Exception:
return False
user.password = new_password
user.save()
return True
def verify_auth_token(token):
""" Verifies a token. If verificiation succeeds, the return value is the
user_id of the user that obtained the token."""
serializer = Serializer(current_app.config['SECRET_KEY'])
user_id = None
try:
data = serializer.loads(token)
_, cur = get_db()
cur.execute('SELECT id FROM users WHERE id = %s', (data["id"], ))
user_id = cur.fetchone()[0]
except (SignatureExpired, BadSignature):
pass
return user_id
def check_token(token):
try:
token = request.json.get("token")
s = Serializer(Config.SECRET_KEY, TOKEN_EXPIRATION_TIME)
data = s.loads(token.encode('utf-8'))
user_id = data.get("user_id")
openid = data.get("openid")
user = MDuser.query.filter(MDuser.id == user_id,
MDuser.wx_open_id == openid,
MDuser.token == token).first()
if not user:
return False, None
return True, user
except Exception as e:
return False, None
def check_activate_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token) #解析token
except BadSignature:
flash('无效的token')
return False
except SignatureExpired:
flash('token已失效')
return False
user = User.query.get(data.get('id'))
if not user:
flash('激活的账户不存在')
return False
if not user.confirmed: # 没有激活才需要激活
user.confirmed = True
db.session.add(user)
return True
def check_verify_email_token(token):
"""
检查验证邮件的token
"""
serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300)
try:
data = serializer.loads(token)
except BadData:
return None
else:
email = data.get('email')
user_id = data.get('user_id')
try:
user = User.objects.get(id=user_id, email=email)
except User.DoesNotExist:
return None
else:
return user
def verify_auth_token(token: str):
"""
Verifies the authentication token for the user.
Parameters
----------
token : str
Serialized authentication token provided to verify the user's identity
Returns
-------
User
The User object corresponding to the provided authentication token
"""
s = Serializer(current_app.config['SECRET_KEY'])
try:
user_id = s.loads(token)['user_id']
except itsdangerous.BadSignature:
return None
return User.query.get(user_id)
def confirm(self, token):
s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except NameError:
return False
if data.get('confirm') != self.id:
return False
self.confirmed = True
self.active = True
self.registration_date = datetime.utcnow()
try:
db.session.commit()
return True
except Exception as e:
db.session.rollback()
print(e)
return False
def reset_password(self, token, new_password):
"""
:summary: 验证token并重设密码
:param token:
:param new_password:
:return:
"""
s = TimedJSONWebSignatureSerializer(
secret_key=current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return False
if data.get('reset_password') != self.id:
return False
self.password = new_password
db.session.add(self)
return True
def get(self, request, token):
# 激活,加载秘钥和过期时间
serializer = Serializer(settings.SECRET_KEY, 3600)
try:
#解密
info = serializer.loads(token)
#获取用户id
user_id = info['id']
#激活用户
user = User.objects.get(id=user_id)
user.is_active = 1
user.save()
#跳转登陆页面
return redirect(reverse("user:login"))
except SignatureExpired as e:
# 激活链接已失效
# 实际开发:返回页面让你点击链接再发激活邮件
return redirect(reverse("user:send_agin"))
def change_email(self, token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token.encode('utf-8'))
except Exception as e:
print(e)
return False
if data.get('change_email') != self.id:
return False
new_email = data.get('new_email')
if new_email is None:
return False
if self.query.filter_by(email=new_email).first() is not None:
return False
self.email = new_email
self.avatar_hash = self.gravatar_hash()
db.session.add(self)
return True
def change_email(self, token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except:
return False
if data.get('change_email') != self.id:
return False
new_email = data.get('new_email')
if new_email is None:
return False
if self.query.filter_by(email=new_email).first() is not None:
return False
self.email = new_email
self.avatar_hash = hashlib.md5(self.email.encode('utf-8')).hexdigest()
db.session.add(self)
db.session.commit()
return True
def get(self, request, token):
serializer = Serializer(settings.SECRET_KEY, 3600 * 7)
try:
# 解密
info = serializer.loads(token)
# 获取待激活用户id
user_id = info['confirm']
# 激活用户
user = User.objects.get(id=user_id)
user.is_active = 1
user.save()
# 跳转页面
return redirect(reverse('user: login'))
except SignatureExpired as e:
# 激活链接失效
# 实际开发中,返回页面,再次点击链接发送激活邮件
return HttpResponse('激活链接已失效')
