def lookup_nonce(self, oauth_consumer, oauth_token, nonce): if oauth_token is None: return None logger.warning("!!! In GAEOAuthDataStore.lookup_nonce key_:%s, consumer_key: %s, token_key:%s"%(nonce,oauth_consumer.key_,oauth_token.key_)) nonces = Nonce.all()\ .filter('consumer_key =',oauth_consumer.key_)\ .filter('token_key =',oauth_token.key_)\ .filter('key_ =',nonce).fetch(1000) if len(nonces) == 1: nonce = nonces[0] return nonce.key_ elif len(nonces) == 0: #create a nonce nonce_obj = Nonce(consumer_key=oauth_consumer.key_, token_key=oauth_token.key_, key_=nonce) nonce_obj.put() return None else: raise Exception('More then one nonce matches consumer_key "%s", \ token_key "%s", key_ "%S"'%(oauth_consumer.key,oauth_token.key, nonce))
def post(self, actor_id): """Create a new nonce for an actor.""" logger.debug("top of POST /actors/{}/nonces".format(actor_id)) dbid = Actor.get_dbid(g.tenant, actor_id) try: Actor.from_db(actors_store[dbid]) except KeyError: logger.debug("did not find actor: {}.".format(actor_id)) raise ResourceError( "No actor found with id: {}.".format(actor_id), 404) args = self.validate_post() logger.debug("nonce post args validated: {}.".format(actor_id)) # supply "provided" fields: args['tenant'] = g.tenant args['api_server'] = g.api_server args['db_id'] = dbid args['owner'] = g.user args['roles'] = g.roles # create and store the nonce: nonce = Nonce(**args) Nonce.add_nonce(dbid, nonce) logger.info("nonce added for actor: {}.".format(actor_id)) return ok(result=nonce.display(), msg="Actor nonce created successfully.")
def get(self, request): """ This function initializes the authentication process It builds a challenge which is sent to the client """ # Creates a new nonce associated to this session nonce = Nonce() nonce.save() # Gets the callback uri callback_uri = self.get_callback_uri(request) # Builds the challenge (bitid uri) bitid_uri = bitid.build_uri(callback_uri, nonce.nid) # Gets the qrcode uri qrcode = bitid.qrcode(bitid_uri) context = { "callback_uri": callback_uri, "bitid_uri": bitid_uri, "qrcode": qrcode } return render(request, self.template_name, context)
def save_nonce(client_key, timestamp, nonce, request_token, access_token): n = Nonce(client_key=client_key, timestamp=timestamp, nonce=nonce, request_token=request_token, access_token=access_token) nonces.append(n) return n
def useNonce(self, server_url, timestamp, salt): if abs(timestamp - time.time()) > oid_nonce.SKEW: return False try: nonce = Nonce( server_url=server_url, timestamp=timestamp, salt=salt) nonce.save() except: raise else: return 1
def save_timestamp_and_nonce(self, client_key, timestamp, nonce, request_token=None, access_token=None): nonce = Nonce(nonce, timestamp) nonce.client = Client.query.filter_by(client_key=client_key).one() if request_token: nonce.token = RequestToken.query.filter_by( token=request_token).one() if access_token: nonce.token = AccessToken.query.filter_by(token=access_token).one() db_session.add(nonce) db_session.commit()
def useNonce(self, server_url, timestamp, salt): if abs(timestamp - time.time()) > openid_store.nonce.SKEW: return False query = [ Q(server_url__exact=server_url), Q(timestamp__exact=timestamp), Q(salt__exact=salt), ] try: ononce = Nonce.objects.get(reduce(operator.and_, query)) except Nonce.DoesNotExist: ononce = Nonce(server_url=server_url, timestamp=timestamp, salt=salt) ononce.save() return True ononce.delete() return False
def save_timestamp_and_nonce(self, client_key, timestamp, nonce, request_token=None, access_token=None): client = Client.query(Client.client_key == client_key).get() if client: nonce = Nonce(nonce=nonce, timestamp=timestamp, client=client.key) if request_token: req_token = RequestToken.query( RequestToken.token == request_token).get() nonce.request_token = req_token.key if access_token: token = AccessToken.query( AccessToken.token == access_token).get() nonce.access_token = token.key nonce.put()
def save_timestamp_and_nonce(self, client_key, timestamp, nonce, request_token=None, access_token=None): client = Client.find_one({'client_key': client_key}) if client: nonce = Nonce(nonce, timestamp) nonce.client_id = client['_id'] if request_token: req_token = RequestToken.find_one({'token': request_token}) nonce.request_token_id = req_token['_id'] if access_token: token = AccessToken.find_one({'token': access_token}) nonce.access_token_id = token['_id'] nonce.insert()
def setUp(self): self.user = User(username='******', password='******') self.client = Client(user=self.user, redirect_uris=[REDIRECT_URI], realms=['read'], client_key=CONSUMER_KEY, client_secret=CONSUMER_SECRET) self.request_token = RequestToken(client=self.client, token=REQUEST_TOKEN, secret=REQUEST_TOKEN_SECRET, redirect_uri=REDIRECT_URI, realms=['read'], user=self.user) self.access_token = AccessToken(client=self.client, user=self.user, realms=[REDIRECT_URI], token=ACCESS_TOKEN, secret=ACCESS_TOKEN_SECRET) self.nonce = Nonce(client_key=self.client.client_key, timestamp=TIMESTAMP, nonce=NONCE, request_token=REQUEST_TOKEN, access_token=ACCESS_TOKEN)
def post(self, code=None): response = RESPONSE.copy() if not code: desc = "There is/are missing parameters in the request." response["response"] = "MissingParameters" response["description"] = desc response["code"] = 463 if "X-Signature" in self.request.headers: c_sig = self.request.headers['X-Signature'] s_data = "&".join([ "POST", urllib.quote(self.request.uri), urllib.quote(self.request.body) ]) s_sig = generate_signature(LOGIN_KEY, s_data) logging.info("v: " + s_sig) if c_sig == s_sig: try: body = json.loads(self.request.body) except: desc = "The request body is not in a valid JSON format." response["response"] = "InvalidJSONFormat" response["description"] = desc response["code"] = 406 else: if "nonce" in body and "timestamp" in body: new = False nn = Nonce.get_by_id(body["nonce"]) if nn: expiry = datetime.datetime.now() expiry = int(time.mktime(expiry.timetuple())) expiry -= int(nn.timestamp) expiry /= 60 expiry /= 60 if expiry <= 10: new = True else: desc = "This request seems to be expired already" response["response"] = "RequestExpired" response["description"] = desc response["code"] = 464 else: n = Nonce(id=body["nonce"]) n.nonce = body["nonce"] n.timestamp = int(body["timestamp"]) n.put() new = True if new: logincode = LoginCode.get_by_id(str(code)) if logincode: s = logincode.session.get() if s.expires >= datetime.datetime.now(): user = s.owner.get() if user: t_id = generate_uuid() + generate_uuid( ) token = Token(id=t_id) token.token = t_id token.session = s.key token.token_type = "api" token.put() response = user.to_object(token=t_id) response["response"] = "Successful" response["expires"] = time.mktime( s.expires.timetuple()) response["code"] = 200 else: s.status = False s.put() response[ "response"] = "UserUnavailable" response[ "description"] = "This user seems to be unavailable" response["code"] = 404 else: response["response"] = "SessionExpired" response[ "description"] = "This session seems to be expired already" response["code"] = 465 else: response["response"] = "LoginCodeDoesNotExist" response[ "description"] = "This login code does not exist." response["code"] = 404 else: response["response"] = "MissingParameters" response[ "description"] = "There is/are missing parameters in the request." response["code"] = 463 else: response["response"] = "InvalidSignature" response[ "description"] = "The request signature is invalid or has been tampered." response["code"] = 460 else: response["response"] = "MissingParameters" response[ "description"] = "There is/are missing parameters in the request." response["code"] = 463 wrap_response(self, response)