def generate_token(location, secret=None, identifier=None, expires=None): if secret is None: log.warning('No secret specified, using insecure test secret') secret = test_secret if identifier is None: identifier = location m = macaroons.create(location, secret, identifier) if expires is None: log.warning('Token will never expire since no expire time specified') else: delta = expires - time.time() if delta < 0: log.warning('Expiration time %s occurs in the past', expires) m = m.add_first_party_caveat(TIME_CAVEAT_PREFIX + str(expires)) log.debug('auth token generated:\n%s', m.inspect()) return m.serialize()
... string name, ... int balance ... with authorization ... ''') True >>> import hyperdex.client >>> c = hyperdex.client.Client(HOST, PORT) >>> SECRET = 'super secret password' >>> account = 'account number of john smith' >>> c.put('accounts', account, {'name': 'John Smith', 'balance': 10}, secret=SECRET) True >>> c.get('accounts', account) Traceback (most recent call last): HyperDexClientException: ... it is unauthorized [HYPERDEX_CLIENT_UNAUTHORIZED] >>> import macaroons >>> M = macaroons.create('account number', SECRET, '') >>> token = M.serialize() >>> c.get('accounts', account, auth=[token]) {'name': 'John Smith', 'balance': 10} >>> c.atomic_add('accounts', account, {'balance': 5}, auth=[token]) True >>> c.get('accounts', account, auth=[token]) {'name': 'John Smith', 'balance': 15} >>> M = macaroons.create('account number', SECRET, '') >>> M = M.add_first_party_caveat('op = read') >>> token = M.serialize() >>> c.get('accounts', account, auth=[token]) {'name': 'John Smith', 'balance': 15} >>> c.atomic_add('accounts', account, {'balance': 5}, auth=[token]) Traceback (most recent call last): HyperDexClientException: ... it is unauthorized [HYPERDEX_CLIENT_UNAUTHORIZED]
def get_macaroon(): servis_kopdar = macaroons.create(location, secret, public) return servis_kopdar.serialize()
# END 1 OMIT def get_macaroon(): servis_kopdar = macaroons.create(location, secret, public) return servis_kopdar.serialize() def get_secret(): return secret if __name__ == "__main__": # START 2 OMIT # with these three arguments, we can now create the macaroon servis_kopdar = macaroons.create(location, secret, public) # // HL # we now hold a reference to our newly instantiated macaroon object print(servis_kopdar) # we can inspect the HMAC signature of this message print('.signature: %s' % servis_kopdar.signature) # // HL # or the other public metadata, like identifier or location print('.identifier: %s' % servis_kopdar.identifier) # // HL print('.location: %s' % servis_kopdar.location) # // HL # or all the metadata + signature in a single call print('.inspect():') print servis_kopdar.inspect() # // HL
... attributes ... string name, ... int balance ... with authorization ... ''') True >>> import hyperdex.client >>> c = hyperdex.client.Client(HOST, PORT) >>> SECRET = 'this is the password for the account' >>> c.put('accounts', 3735928559, {'name': 'John Smith', 'balance': 10, '__secret': SECRET}) True >>> c.get('accounts', 3735928559) Traceback (most recent call last): HyperDexClientException: HyperDexClientException: server ... denied the request because it is unauthorized [HYPERDEX_CLIENT_UNAUTHORIZED] >>> import macaroons >>> M = macaroons.create('account 3735928559', SECRET, '') >>> token = M.serialize() >>> c.get('accounts', 3735928559, auth=[token]) {'name': 'John Smith', 'balance': 10} >>> c.atomic_add('accounts', 3735928559, {'balance': 5}, auth=[token]) True >>> c.get('accounts', 3735928559, auth=[token]) {'name': 'John Smith', 'balance': 15} >>> M = macaroons.create('account 3735928559', SECRET, '') >>> M = M.add_first_party_caveat('op = read') >>> token = M.serialize() >>> c.get('accounts', 3735928559, auth=[token]) {'name': 'John Smith', 'balance': 15} >>> c.atomic_add('accounts', 3735928559, {'balance': 5}, auth=[token]) Traceback (most recent call last): HyperDexClientException: HyperDexClientException: server ... denied the request because it is unauthorized [HYPERDEX_CLIENT_UNAUTHORIZED]