def create(cls, user, subject, token=None): if subject == cls.SUBJECT_BEARER: user = str(user) token = token or security.generate_random_string(entropy=128) # Bearer tokens must be unique on their own, without a user scope. key = cls.get_key('', subject, token) entity = cls( key=key, user=user, subject=subject, token=token, refresh_token=security.generate_random_string(entropy=128)) # Refresh tokens must be unique ok = cls.unique_model.create('%s.refresh_token:%s' % (cls.__name__, entity.refresh_token)) if ok: entity.put() else: logging.warning( 'Unable to create a unique user token for user %s', user) entity = None else: entity = super(UserToken, cls).create(user, subject, token) return entity
def send_venue_email(venue, order, host_url, jinja2, move=False, format_type=DEFAULT_TYPE): if venue.emails: if move: text = u'Заказ №%s перенесен на эту точку приготовления' % order.key.id() else: text = u'Новый заказ №%s поступил в систему из мобильного приложения' % order.key.id() item_values = order_items_values(order) item_values['venue'] = venue item_values['delivery_type_str'] = DELIVERY_MAP[order.delivery_type] order.payment_type_str = PAYMENT_TYPE_MAP[order.payment_type_id] if config.EMAIL_REQUESTS: order.email_key_done = security.generate_random_string(entropy=256) order.email_key_cancel = security.generate_random_string(entropy=256) order.email_key_postpone = security.generate_random_string(entropy=256) if order.delivery_type == DELIVERY: order.email_key_confirm = security.generate_random_string(entropy=256) order.put() item_values['done_url'] = '%s/email/order/close?key=%s' % (host_url, order.email_key_done) item_values['cancel_url'] = '%s/email/order/cancel?key=%s' % (host_url, order.email_key_cancel) item_values['postpone_url'] = '%s/email/order/postpone?key=%s' % (host_url, order.email_key_postpone) item_values['minutes'] = POSTPONE_MINUTES if order.delivery_type == DELIVERY: item_values['confirm_url'] = '%s/email/order/confirm?key=%s' % (host_url, order.email_key_confirm) for email in venue.emails: if email: template = '' if format_type == DEFAULT_TYPE: template = '/company/delivery/items.html' elif format_type == MINIMIZED: template = '/company/delivery/items_tashir.html' deferred.defer(send_email, EMAIL_FROM, email, text, jinja2.render_template(template, **item_values))
def create(cls, user, subject, token=None): """Creates a new token for the given user, if any. :param user: User unique ID, or None if no user is to be associated with the created token. :param subject: The subject of the key. Currently have: - 'auth' - 'verify_email' - 'password_reset' - 'access' :param token: Optionally an existing token may be provided. If None, a random token will be generated. :returns: The newly created :class:`UserToken`. """ if user is not None: user = str( user ) if token is None: if subject == 'access': # We use 16 uppercase alphanumeric characters for access # keys pool = map( chr, range( 65, 91 ) ) pool.extend( [ str( x ) for x in range( 0, 10 ) ] ) token = security.generate_random_string( length=16, pool=pool ) else: token = security.generate_random_string(entropy=128) key = cls.get_key( user, subject, token ) entity = cls( key=key, user=user, subject=subject, token=token ) entity.put( ) return entity
def create(cls, user, subject, token=None): if subject == cls.SUBJECT_BEARER: user = str(user) token = token or security.generate_random_string(entropy=128) # Bearer tokens must be unique on their own, without a user scope. key = cls.get_key("", subject, token) entity = cls( key=key, user=user, subject=subject, token=token, refresh_token=security.generate_random_string(entropy=128), ) # Refresh tokens must be unique ok = cls.unique_model.create("%s.refresh_token:%s" % (cls.__name__, entity.refresh_token)) if ok: entity.put() else: logging.warning("Unable to create a unique user token for user %s", user) entity = None else: entity = super(UserToken, cls).create(user, subject, token) return entity
def create(cls, user, subject, token=None): """Creates a new token for the given user, if any. :param user: User unique ID, or None if no user is to be associated with the created token. :param subject: The subject of the key. Currently have: - 'auth' - 'verify_email' - 'password_reset' - 'access' :param token: Optionally an existing token may be provided. If None, a random token will be generated. :returns: The newly created :class:`UserToken`. """ if user is not None: user = str( user ) if token is None: if subject == 'access': # We use 16 uppercase alphanumeric characters for access # keys pool = map( chr, range( 65, 91 ) ) pool.extend( [ str( x ) for x in range( 0, 10 ) ] ) token = security.generate_random_string( length=16, pool=pool ) else: token = security.generate_random_string(entropy=128) key = cls.get_key( user, subject, token ) entity = cls( key=key, user=user, subject=subject, token=token ) entity.put( ) return entity
def email_change_request( self, email ): # request an email address to be modified. Create a rollback option. result = 'cannot_remove' emailCurrent = self.enki_user.email userId = self.enki_user.key.id() if email != '' and enki.libuser.exist_EnkiUser( email ): # if the new email matches an existing verified user email, reject it if emailCurrent == email: result = 'same' else: result = ERROR_EMAIL_IN_USE # Note: send an email to emailcurrent regardless to prevent email checking (see below) else: if email == '': # if the user erased the email, and they can log in through auth, store "removed" in the email field, so it isn't overwritten by an auth login with a verified email if self.enki_user.auth_ids_provider: self.enki_user.email = 'removed' self.enki_user.put() result = 'removed' else: return result else: # email the new, unverified address with a link to allow the user to verify the email tokenEntity = EnkiModelTokenVerify.get_by_user_id_email_type( userId, email, 'emailchange' ) if tokenEntity: # if a verify token for the same new email address and user already exists, use its token token = tokenEntity.token else: # otherwise create a new token token = security.generate_random_string( entropy = 256 ) emailToken = EnkiModelTokenVerify( token = token, email = email, user_id = userId, type = 'emailchange' ) emailToken.put() link = enki.libutil.get_local_url( 'emailchangeconfirm', { 'verifytoken': token }) self.send_email( email, MSG.SEND_EMAIL_EMAIL_CHANGE_CONFIRM_SUBJECT(), MSG.SEND_EMAIL_EMAIL_CHANGE_CONFIRM_BODY( link, email )) result = 'change' if emailCurrent and emailCurrent != 'removed' and result != 'same': # email the current, verified address in case they want to undo the change (useful if account has been hacked) # skip this step if the current email is empty (case if user logged in with auth id without email with e.g. Steam) or "removed". # If the email is already in use, mask the fact to prevent email checking. tokenEntity = enki.libuser.get_EmailRollbackToken_by_user_id_email( userId, emailCurrent ) if tokenEntity: # if the old email is already in the archive, use its token token = tokenEntity.token else: # otherwise create a new token token = security.generate_random_string( entropy = 256 ) emailOldToken = EnkiModelTokenEmailRollback( token = token, email = emailCurrent, user_id = userId ) emailOldToken.put() if result == ERROR_EMAIL_IN_USE: self.add_debugmessage( '''Comment - whether the email is available or not, the feedback through both the UI AND EMAIL is identical to prevent email checking.''' ) link = enki.libutil.get_local_url( 'emailrollback', { 'rollbacktoken': token } ) self.send_email( emailCurrent, MSG.SEND_EMAIL_EMAIL_CHANGE_UNDO_SUBJECT(), MSG.SEND_EMAIL_EMAIL_CHANGE_UNDO_BODY( link, emailCurrent )) return result
def create(cls, user, subject, token=None): """Fetches a user token.""" token = token or security.generate_random_string(entropy=64) key = cls.get_key(user, subject, token) entity = cls(key=key, user=user, subject=subject, token=token) entity.put() return entity
def account_deletion_request(self, delete_posts=False): token_type = 'accountdelete' if delete_posts: token_type = 'accountandpostsdelete' # if the user has an email, create an email verify token, send it to the email address tokenEntity = EnkiModelTokenVerify.get_by_user_id_email_type( self.enki_user.key.id(), self.enki_user.email, token_type) if tokenEntity: # if a verify token for the same new email address and user already exists, use its token token = tokenEntity.token else: # otherwise create a new token token = security.generate_random_string(entropy=256) delete_account_token = EnkiModelTokenVerify( token=token, user_id=self.enki_user.key.id(), email=self.enki_user.email, type=token_type) delete_account_token.put() link = enki.libutil.get_local_url( 'accountdeleteconfirm', {'verifytoken': delete_account_token.token}) delete_posts_message = '' if delete_posts: self.send_email(self.enki_user.email, MSG.SEND_EMAIL_ACCOUT_POSTS_DELETE_SUBJECT(), MSG.SEND_EMAIL_ACCOUT_POSTS_DELETE_BODY(link)) else: self.send_email(self.enki_user.email, MSG.SEND_EMAIL_ACCOUT_DELETE_SUBJECT(), MSG.SEND_EMAIL_ACCOUT_DELETE_BODY(link))
def create(cls, user, subject, token=None): user = str(user) token = token or security.generate_random_string(entropy=128) key_name = "%s.%s.%s" %(user,subject,token) new_entity = cls(key_name=key_name, user=user, subject=subject, token=token) new_entity.put() return new_entity
def create(cls, user, subject, token=None, expiration=None, delete_past_tokens=False): """Creates a new token for the given user. :param user: User unique ID. :param subject: The subject of the key. Examples: - 'auth' - 'signup' :param token: Optionally an existing token may be provided. If None, a random token will be generated. :returns: The newly created :class:`UserToken`. """ user = str(user) token = token or security.generate_random_string(entropy=128) key = cls.get_key(user, subject, token) if delete_past_tokens: ndb.delete_multi(cls.query(cls.user == user, cls.subject == subject).iter(keys_only=True)) entity = cls(key=key, user=user, subject=subject, token=token, expiration=expiration) entity.put() return entity
def create(cls, user, subject, token=None): """Fetches a user token.""" token = token or security.generate_random_string(entropy=64) key = cls.get_key(user, subject, token) entity = cls(key=key, user=user, subject=subject, token=token) entity.put() return entity
def get(self): # Get the parameters that Meraki sends to us. base_grant_url = self.request.get("base_grant_url") user_continue_url = self.request.get("user_continue_url") if (not base_grant_url or not user_continue_url): token = self.request.cookies.get("grant_token") if not token: # We should really only be getting here through the Meraki AP, so if # we're not, just send us back to the main website. logging.debug("Redirecting to main website.") self.redirect("http://www.hackerdojo.com") return # Otherwise, we're good to go. logging.info("Got existing session: %s" % (token)) response = self.render("templates/splash.html", login_url="/grant") self.response.out.write(response) return # Save them to memcache. token = security.generate_random_string(12) memcache.set(token, [base_grant_url, user_continue_url]) self.response.set_cookie("grant_token", token) logging.debug("Saving access token: %s" % (token)) # Hide the parameters. redirect_url = self._remove_params(["base_grant_url", "user_continue_url"]) self.redirect(redirect_url)
def dispatch(self): """Wraps the dispatch method to add session handling.""" self.session_store = sessions.get_store(request=self.request) self.decorator = decorator # Add the user's credentials to the decorator if we have them. if self.me: self.decorator.credentials = self.decorator._storage_class( model=self.decorator._credentials_class, key_name='user:{}'.format(self.me.user_id()), property_name=self.decorator._credentials_property_name).get() else: # Create a session ID for the session if it does not have one already. # This is used to create an opaque string that can be passed to the OAuth2 # authentication server via the 'state' parameter. if not self.session.get('sid'): self.session['sid'] = security.generate_random_string(entropy=128) # Store the state for the session user in a parameter on the flow. # We only need to do this if we're not logged in. self.decorator._create_flow(self) session_user = SessionUser(self.session['sid']) logging.info(self.decorator.flow.params) self.decorator.flow.params['state'] = appengine._build_state_value( self, session_user) try: webapp2.RequestHandler.dispatch(self) finally: self.session_store.save_sessions(self.response)
def job_quote(url, to_address, from_address, object_id): """ Get a quote for job by creating it in test mode. Objects do not have the original file information contained on them, so we require the url. I am told that they will not have a way to query the price for a job before creating it for some time, so this is the most reasonable way. The next most reasonable way might be to encode their pricing structure in code and just calculate it locally. """ logging.info("original object ID: %s", object_id) logging.info("passed in url: %s", url) original_obj = get_object(object_id) # re-create the object in test mode name = "mirror:{}:{}".format(object_id, generate_random_string(8)) logging.info("original object: %s", original_obj) test_obj = create_object( name, url, original_obj["setting"]["id"], test=True) # this might need a file argument? , 'file': ''} # create a job for the object test_job = create_job(name, to_address, from_address, test_obj["id"], test=True) # get the price of the job return float(test_job["price"])
def __init__(self, *args, **kwargs): super(BaseApp, self).__init__(*args, **kwargs) # If we're unit testing, use the same one every time for consistent results. if Config().is_testing: secret = "notasecret" else: # Check that we have a secret key for generating tokens. try: secret = keymaster.get("token_secret") except keymaster.KeymasterError: logging.warning("Found no token secret, generating one.") secret = security.generate_random_string(entropy=128) keymaster.Keymaster.encrypt("token_secret", secret) # Configure webapp2. my_config = { "webapp2_extras.auth": { "user_model": "membership.Membership", "user_attributes": ["first_name", "last_name", "email"] }, "webapp2_extras.sessions": { "secret_key": secret } } self.config = webapp2.Config(my_config)
def create_user(cls, username=None, raw_password=None, email=None): """ Create a Login instance, but method NOT PUT Login TO DB You must run _.put() manually after creating the instance. :param username: username string :param raw_password: raw_password string :param email: emal (optional) :return: Login instance or None """ logging.info('LoginClass:create_user() => Start creating user') if not(username and raw_password): logging.error('LoginClass:create_user() => username or raw_password is empty, return None') return None salt = security.generate_random_string(length=30) logging.info('LoginClass:create_user() => Making salt for password hash ... < %s >' % salt) pw_hash = security.generate_password_hash(raw_password, pepper=PEPPER) logging.info('LoginClass:create_user() => Generatin password hash ... < %s >' % pw_hash) u = Login() u.populate(username=username, pw_hash=pw_hash, email=email) logging.info('LoginClass:create_user() => Make and return Login instance') return u
def job_quote(url, to_address, from_address, object_id): """ Get a quote for job by creating it in test mode. Objects do not have the original file information contained on them, so we require the url. I am told that they will not have a way to query the price for a job before creating it for some time, so this is the most reasonable way. The next most reasonable way might be to encode their pricing structure in code and just calculate it locally. """ logging.info("original object ID: %s", object_id); logging.info("passed in url: %s", url); original_obj = get_object(object_id) # re-create the object in test mode name = "mirror:{}:{}".format(object_id, generate_random_string(8)) logging.info("original object: %s", original_obj); test_obj = create_object(name, url, original_obj["setting"]["id"], test=True) # this might need a file argument? , 'file': ''} # create a job for the object test_job = create_job(name, to_address, from_address, test_obj["id"], test=True) # get the price of the job return float(test_job["price"])
def get(self): # Get the parameters that Meraki sends to us. base_grant_url = self.request.get("base_grant_url") user_continue_url = self.request.get("user_continue_url") if (not base_grant_url or not user_continue_url): token = self.request.cookies.get("grant_token") if not token: # We should really only be getting here through the Meraki AP, so if # we're not, just send us back to the main website. logging.debug("Redirecting to main website.") self.redirect("http://www.hackerdojo.com") return # Otherwise, we're good to go. logging.info("Got existing session: %s" % (token)) response = self.render("templates/splash.html", login_url="/grant") self.response.out.write(response) return # Save them to memcache. token = security.generate_random_string(12) memcache.set(token, [base_grant_url, user_continue_url]) self.response.set_cookie("grant_token", token) logging.debug("Saving access token: %s" % (token)) # Hide the parameters. redirect_url = self._remove_params( ["base_grant_url", "user_continue_url"]) self.redirect(redirect_url)
def __init__(self, *args, **kwargs): super(BaseApp, self).__init__(*args, **kwargs) # If we're unit testing, use the same one every time for consistent results. if Config().is_testing: secret = "notasecret" else: # Check that we have a secret key for generating tokens. try: secret = keymaster.get("token_secret") except keymaster.KeymasterError: logging.warning("Found no token secret, generating one.") secret = security.generate_random_string(entropy=128) keymaster.Keymaster.encrypt("token_secret", secret) # Configure webapp2. my_config = { "webapp2_extras.auth": { "user_model": "membership.Membership", "user_attributes": ["first_name", "last_name", "email"] }, "webapp2_extras.sessions": { "secret_key": secret } } self.config = webapp2.Config(my_config)
def __init__(self, user, subject, token=None, expires=60 * 60 * 24): self.user = str(user) self.subject = subject if token: self.token = token else: self.token = security.generate_random_string(entropy=128) self.key = "%s.%s.%s" % (self.user, self.subject, self.token)
def log_in_session_token_create(self, user): # generate authentication token and add it to the db and the session token = security.generate_random_string(entropy=128) authtoken = EnkiModelTokenAuth(token=token, user_id=user.key.id()) authtoken.put() self.session['auth_token'] = token self.session['user_id'] = user.key.id() self.just_logged_in = True
def _create(cls,**kwargs): assert 'email' in kwargs, 'No email supplied' new_hash = cls(token_hash=security.generate_random_string(length=cls._default_hash_length,pool=security.ALPHANUMERIC)) new_hash.populate(**kwargs) new_hash.put() return new_hash
def log_in_session_token_create( self, user ): # generate authentication token and add it to the db and the session token = security.generate_random_string( entropy = 128 ) authtoken = EnkiModelTokenAuth( token = token, user_id = user.key.id() ) authtoken.put() self.session[ 'auth_token' ] = token self.session[ 'user_id' ] = user.key.id() self.just_logged_in = True
def test_generate_random_string(self): self.assertRaises(ValueError, security.generate_random_string, None) self.assertRaises(ValueError, security.generate_random_string, 0) self.assertRaises(ValueError, security.generate_random_string, -1) self.assertRaises(ValueError, security.generate_random_string, 1, 1) token = security.generate_random_string(16) self.assertTrue(re.match(r'^\w{16}$', token) is not None) token = security.generate_random_string(32) self.assertTrue(re.match(r'^\w{32}$', token) is not None) token = security.generate_random_string(64) self.assertTrue(re.match(r'^\w{64}$', token) is not None) token = security.generate_random_string(128) self.assertTrue(re.match(r'^\w{128}$', token) is not None)
def save(cls, user, name): app = App( user_id=user.key.id(), name=name, lower=name.lower(), token=security.generate_random_string(length=30) ).put() return app
def test_generate_random_string(self): self.assertRaises(ValueError, security.generate_random_string, None) self.assertRaises(ValueError, security.generate_random_string, 0) self.assertRaises(ValueError, security.generate_random_string, -1) self.assertRaises(ValueError, security.generate_random_string, 1, 1) token = security.generate_random_string(16) self.assertTrue(re.match(r'^\w{16}$', token) is not None) token = security.generate_random_string(32) self.assertTrue(re.match(r'^\w{32}$', token) is not None) token = security.generate_random_string(64) self.assertTrue(re.match(r'^\w{64}$', token) is not None) token = security.generate_random_string(128) self.assertTrue(re.match(r'^\w{128}$', token) is not None)
def generate_customer_id(cls): while True: key = security.generate_random_string(entropy=256) customer = cls.query(cls.customer_id == key).get() if not customer: customer = cls.get_by_id(key) if not customer: return key
def post(self): email = self.request.get('email') logging.info('Reset password for email: %s', email) errors = [] messages = [] data = { 'page_title': 'Reset Password', 'errors': errors, 'messages': messages } if not email: errors.append( 'You forgot to enter an email address.' ) else: user = User.user_from_email(email) if not user: errors.append( 'There is no account for this email address. Please check ' 'that you typed in the correct email address.' ) data['email'] = email else: expire = datetime.datetime.now() expire += datetime.timedelta(hours=1) code = generate_random_string(length=30) user.pass_reset_code = code user.pass_reset_expire = expire user.put() subject = 'HMPC: request to change password' logging.info('generated verify code: %s' % code) body = ( 'This is an automated email form HMPC.\n\n' 'Please click the following link (or paste it into the ' 'browser address bar) to change your password. This code ' 'is valid for only one hour.\n\n' 'When you reset your password, you will be redirected to ' 'the login page to login.\n\n' 'http://prelude-hmpc.appspot.com/password/%s\n' ) mail.send_mail( '*****@*****.**', email, subject, body % code ) msg = ( 'An email has been sent to the following email address: %s.' ' Follow the instructions in the email to change your ' 'password.' ) messages.append(msg % email) self.render('reset.html', **data)
def get_session_secret(): try: return str(secrets.get('session')) except KeyError: # Make a new session key -- only happens once per hostname! logging.warning('creating new session key!') session_key = security.generate_random_string(entropy=256) secrets.put('session', session_key) return session_key
def get_session_secret(): try: return str(secrets.get('session')) except KeyError: # Make a new session key -- only happens once per hostname! logging.warning('creating new session key!') session_key = security.generate_random_string(entropy=256) secrets.put('session', session_key) return session_key
def _generate_csrf_token(self, _time=None): """Creates a new random token that can be safely used as a URL param. Token would normally be stored in a user session and passed as 'state' parameter during OAuth 2.0 authorization step. """ now = str(_time or long(time.time())) secret = security.generate_random_string(30, pool=security.ASCII_PRINTABLE) token = self.OAUTH2_CSRF_DELIMITER.join([secret, now]) return base64.urlsafe_b64encode(token)
def create(cls, email, password): conflicts = User.fetchUser(email) if conflicts: return False newUser = User() newUser.email = email newUser.passwordSalt = security.generate_random_string(entropy=64) newUser.hashedPassword = security.hash_password(password, 'sha1', newUser.passwordSalt, passwordPepper) newUser.creationDate = datetime.datetime.now() return newUser.put()
def get_session_secret(): try: return str(get_secret('session')) except (IOError, KeyError): if hostname: # no scary error messages when testing logging.error( 'unable to load secret key! sessions WILL NOT persist!') # This fallback is enough for testing, but in production # will end up invalidating sessions whenever a different instance return security.generate_random_string(entropy=256)
def get_session_secret(): try: return str(get_secret('session')) except (IOError, KeyError): if hostname: # no scary error messages when testing logging.error( 'unable to load secret key! sessions WILL NOT persist!') # This fallback is enough for testing, but in production # will end up invalidating sessions whenever a different instance return security.generate_random_string(entropy=256)
def create(cls, user, subject, token=None): user = str(user) token = token or security.generate_random_string(entropy=128) key_name = "%s.%s.%s" % (user, subject, token) new_entity = cls(key_name=key_name, user=user, subject=subject, token=token) new_entity.put() return new_entity
def create_user(cls, **user_values): """Creates a new user. :param auth_id: A string that is unique to the user. Users may have multiple auth ids. Example auth ids: - own:username - own:[email protected] - google:username - yahoo:username The value of `auth_id` must be unique. :param unique_properties: Sequence of extra property names that must be unique. :param user_values: Keyword arguments to create a new user entity. Since the model is an ``Expando``, any provided custom properties will be saved. To hash a plain password, pass a keyword ``password_raw``. :returns: A tuple (boolean, info). The boolean indicates if the user was created. If creation succeeds, ``info`` is the verification code; otherwise it is a list of duplicated unique properties that caused creation to fail. """ if 'password_raw' in user_values: user_values['password'] = security.generate_password_hash( user_values.pop('password_raw'), length=12) myclient = pymongo.MongoClient(server_config.mongodbURL) mydb = myclient[server_config.mongodbDB] mycol = mydb["users"] user_result = mycol.find_one({"email": user_values['email_address']}) if user_result is None: verify = security.generate_random_string( length=12, pool= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' ) user_dict = { "user_id": None, "password": user_values['password'], "email": user_values['email_address'], "activation_key": verify, "friendly_name": user_values['friendly'], "level": 5 } mycol.insert_one(user_dict) return True, verify else: return False, "Email"
def create(cls, email, name='', password=''): """Creates a new maze with a unique string ID.""" admin_key = security.generate_random_string(entropy=128) # Make sure to avoid ID collisions. maze = True while maze: maze_id = security.generate_random_string(entropy=128) maze = cls.get_by_id(maze_id) # Create the maze with the non-colliding Maze ID. maze = cls(id=maze_id, name=name, admin_email=email, admin_key=admin_key) maze.set_password(password, save=False) maze.flickr = FlickrSettings() maze.instagram = InstagramSettings() maze.facebook = FacebookSettings() return maze.put()
def generate_csrf(self,context): """generate a CSRF token as a hidden form field and a secure cookie""" csrf = security.generate_random_string(length=32) sig = hmac.new(csrf_secret,csrf,hashlib.sha1) sig.update(self.request.headers['X-AppEngine-country']) sig.update(self.request.headers['User-Agent']) sig = sig.digest() context['csrf_token'] ='<input type="hidden" name="csrf_token" value="%s" />'%urllib.quote(binascii.b2a_base64(sig)) sc = securecookie.SecureCookieSerializer(cookie_secret) cookie = sc.serialize(self.CSRF_COOKIE_NAME, csrf) self.response.set_cookie(self.CSRF_COOKIE_NAME, cookie, httponly=True, max_age=3600)
def post( self ): url = settings.URL_PURCHASE_FASTSPRING if not settings.SECRET_FASTSPRING or enki.libutil.is_debug( ) or settings.ENKI_EMULATE_STORE: url = enki.libutil.get_local_url( 'storeemulatefastspring' ) if self.is_logged_in(): purchaser_user_id = self.enki_user.key.id() token = security.generate_random_string( entropy = 256 ) token_purchase = EnkiModelTokenVerify( token = token, user_id = purchaser_user_id, type = 'purchasebyuser' ) token_purchase.put() url = enki.libutil.get_local_url( 'storeemulatefastspring', { 'referrer': token_purchase.token }) self.redirect( url )
def post(self): try: # Detect empty request and valid JSON stripped_json = json.dumps(json.loads(self.request.get('json'))) except ValueError: self.response.write('ERROR: You must provide a valid json.') else: random_string = generate_random_string(length=16) if memcache.add(random_string, stripped_json, MEMCACHE_EXPIRE): self.response.write('%s/%s' % (self.request.host, random_string)) else: self.response.write('ERROR: Could not set cache.')
def password_change_request( self, email ): if enki.libuser.exist_EnkiUser( email ): # create an email verify token, send it to the email address token = security.generate_random_string( entropy = 256 ) emailToken = EnkiModelTokenVerify( token = token, email = email, type = 'passwordchange' ) emailToken.put() link = enki.libutil.get_local_url( 'passwordrecoverconfirm', { 'verifytoken': emailToken.token } ) self.send_email( email, MSG.SEND_EMAIL_PASSWORD_RESET_SUBJECT(), MSG.SEND_EMAIL_PASSWORD_RESET_BODY( link )) result = enki.libutil.ENKILIB_OK else: result = ERROR_EMAIL_NOT_EXIST return result
def post(self): try: # Detect empty request and valid JSON stripped_json = json.dumps(json.loads(self.request.get('json'))) except ValueError: self.response.write('ERROR: You must provide a valid json.') else: random_string = generate_random_string(length=16) if memcache.add(random_string, stripped_json, MEMCACHE_EXPIRE): self.response.write('%s/%s' % (self.request.host, random_string)) else: self.response.write('ERROR: Could not set cache.')
def post(self): url = settings.URL_PURCHASE_FASTSPRING # ------ # Requires enkiDL if self.request.get('download'): ref_url = enki.libutil.get_local_url('store') self.session['sessionrefpath'] = ref_url url_fetcher = '' if settings.URLS_ENKIDL: # shuffle then try to download from locations in sequence random.shuffle(settings.URLS_ENKIDL) for i in range(len(settings.URLS_ENKIDL)): url_enkiDL = settings.URLS_ENKIDL[i] item_to_download = 'product_a' url_fetcher = enki.libenkiDL.URLFetcher() url_fetcher.get_download_URL(url_enkiDL, settings.SECRET_ENKIDL, item_to_download, self.request.remote_addr) if not url_fetcher.error: enki.modelcounter.increment('downloads_product_a') break if url_fetcher and url_fetcher.error: self.response.status_int = 500 self.add_infomessage(MSG.WARNING(), MSG.DOWNLOAD_ERROR()) self.redirect('info') return url = url_fetcher.download_url else: self.add_infomessage(MSG.WARNING(), MSG.DOWNLOAD_ERROR()) self.redirect('info') return # ------- else: if not settings.SECRET_FASTSPRING or enki.libutil.is_debug( ) or settings.ENKI_EMULATE_STORE: url = enki.libutil.get_local_url('storeemulatefastspring') else: enki.modelcounter.increment('purchases_product_a') if self.is_logged_in(): purchaser_user_id = self.enki_user.key.id() token = security.generate_random_string(entropy=256) token_purchase = EnkiModelTokenVerify( token=token, user_id=purchaser_user_id, type='purchasebyuser') token_purchase.put() url += '?referrer=' + token_purchase.token.encode('utf-8') self.redirect(url)
def create_CSRF( self, form_name ): # protect against forging login requests http://en.wikipedia.org/wiki/Cross-site_request_forgery http://www.ethicalhack3r.co.uk/login-cross-site-request-forgery-csrf/ # check if the CSRF token for this form already exists, if so reuse it. Otherwise create a new one and add it to the dictionary sessionCSRFs = self.session.get( 'CSRF' ) if not sessionCSRFs: sessionCSRFs = {} sessionCSRF = sessionCSRFs.get( form_name ) if sessionCSRF: CSRFToken = sessionCSRF else: random = security.generate_random_string( entropy=256 ).encode( 'utf-8' ) CSRFToken = ( random ) sessionCSRFs.update({ form_name : CSRFToken }) self.session[ 'CSRF' ] = sessionCSRFs return form_name + '-' + CSRFToken
def post(self): url = settings.URL_PURCHASE_FASTSPRING if not settings.SECRET_FASTSPRING or enki.libutil.is_debug( ) or settings.ENKI_EMULATE_STORE: url = enki.libutil.get_local_url('storeemulatefastspring') if self.is_logged_in(): purchaser_user_id = self.enki_user.key.id() token = security.generate_random_string(entropy=256) token_purchase = EnkiModelTokenVerify(token=token, user_id=purchaser_user_id, type='purchasebyuser') token_purchase.put() url = enki.libutil.get_local_url( 'storeemulatefastspring', {'referrer': token_purchase.token}) self.redirect(url)
def GetOrMakeSession(request): session_store = sessions.get_store(request=request) session = session_store.get_session() if not session: session['xsrf'] = security.generate_random_string(entropy=128) user = users.get_current_user() if user: if _ANON_USER_KEY in session: AdoptAnonymousProjects(user.email(), session[_ANON_USER_KEY]) else: if _ANON_USER_KEY not in session: session[_ANON_USER_KEY] = MakeAnonUserKey() return session
def post_reauthenticated( self, params ): register = params.get( 'register' ) deregister = params.get( 'deregister' ) if register: # initiate adding a new authentication method to the account for authhandler in settings.HANDLERS: if register == authhandler.get_provider_name(): token = security.generate_random_string( entropy = 256 ) LoginAddToken = EnkiModelTokenVerify( token = token, user_id = self.user_id, auth_ids_provider = register, type = 'loginaddconfirm_1' ) LoginAddToken.put() self.redirect( authhandler.get_button().href ) break elif deregister: self.remove_auth_id( deregister) self.add_infomessage( 'success', MSG.SUCCESS(), MSG.AUTH_PROVIDER_REMOVED( deregister )) self.redirect( enki.libutil.get_local_url( 'accountconnect' ))
def GetOrMakeSession(request): session_store = sessions.get_store(request=request) session = session_store.get_session() if not session: session['xsrf'] = security.generate_random_string(entropy=128) user = users.get_current_user() if user: if _ANON_USER_KEY in session: AdoptAnonymousProjects(user.email(), session[_ANON_USER_KEY]) else: if _ANON_USER_KEY not in session: session[_ANON_USER_KEY] = MakeAnonUserKey() return session
def email_set_request( self, email ): # request the creation of a new account based on an email address result = enki.libuser.validate_email( email ) if result == enki.libutil.ENKILIB_OK : if enki.libuser.exist_EnkiUser( email ): result = ERROR_EMAIL_IN_USE else: # create an email verify token, send it to the email address token = security.generate_random_string( entropy = 256 ) emailToken = EnkiModelTokenVerify( token = token, email = email, type = 'register' ) emailToken.put() link = enki.libutil.get_local_url( 'registerconfirm', { 'verifytoken': emailToken.token }) self.send_email( email, MSG.SEND_EMAIL_REGISTER_CONFIRM_SUBJECT(), MSG.SEND_EMAIL_REGISTER_CONFIRM_BODY( link )) result = enki.libutil.ENKILIB_OK return result
def password_change_request(self, email): if EnkiModelUser.exist_by_email(email): # create an email verify token, send it to the email address token = security.generate_random_string(entropy=256) emailToken = EnkiModelTokenVerify(token=token, email=email, type='passwordchange') emailToken.put() link = enki.libutil.get_local_url( 'passwordrecoverconfirm', {'verifytoken': emailToken.token}) self.send_email(email, MSG.SEND_EMAIL_PASSWORD_RESET_SUBJECT(), MSG.SEND_EMAIL_PASSWORD_RESET_BODY(link)) result = enki.libutil.ENKILIB_OK else: result = self.ERROR_EMAIL_NOT_EXIST return result
def email_set_request(self, email): # request the creation of a new account based on an email address result = enki.libutil.ENKILIB_OK if EnkiModelUser.exist_by_email(email): result = self.ERROR_EMAIL_IN_USE else: # create an email verify token, send it to the email address token = security.generate_random_string(entropy=256) emailToken = EnkiModelTokenVerify(token=token, email=email, type='register') emailToken.put() link = enki.libutil.get_local_url( 'registerconfirm', {'verifytoken': emailToken.token}) self.send_email(email, MSG.SEND_EMAIL_REGISTER_CONFIRM_SUBJECT(), MSG.SEND_EMAIL_REGISTER_CONFIRM_BODY(link)) return result
def create_CSRF( self, form_name ): # protect against forging login requests http://en.wikipedia.org/wiki/Cross-site_request_forgery http://www.ethicalhack3r.co.uk/login-cross-site-request-forgery-csrf/ # check if the CSRF token for this form already exists, if so reuse it. Otherwise create a new one and add it to the dictionary sessionCSRFs = self.session.get('CSRF') if not sessionCSRFs: sessionCSRFs = {} sessionCSRF = sessionCSRFs.get(form_name) if sessionCSRF: CSRFToken = sessionCSRF else: random = security.generate_random_string( entropy=256).encode('utf-8') CSRFToken = (random) sessionCSRFs.update({form_name: CSRFToken}) self.session['CSRF'] = sessionCSRFs return form_name + '-' + CSRFToken
def forgot_password(self): email = self.request.get("email") user = UserProfile.get_by_auth_id(email) if not user: return self.render_json({'success': False, 'title': 'Sorry.', 'message': 'Nenhum usuário com o email "%s" foi encontrado.' %email}) new_password = security.generate_random_string(length=8) user.set_password(new_password) print 'New Password ======================> ', new_password user.put() deferred.defer(send_forgot_password_email, user=user, new_passwd=new_password, _queue='sendEmail') #TODO improve this queue params/conf return self.render_json({'success': True, 'title': 'Senha reiniciada.', 'message': 'Enviamos um email para %s com sua nova senha' %email})
def create( cls, user, email ): """ Creates a new verify email token for the given user for validating the given email. :param user: User unique ID :param email: Email that the token validates :returns: The newly created :class:`VerifyEmailUserToken`. """ user = str( user ) token = security.generate_random_string( entropy=128 ) key = cls.get_key( user, cls.SUBJECT, token ) entity = cls( key=key, user=user, subject=cls.SUBJECT, token=token, email=email.lower( ) ) entity.put( ) return entity
def post(self): uemail = self.request.get('email') upwd = self.request.get('pwd') if uemail == '' or upwd == '': self.redirect('/error') else: user = ndb.Key('User', uemail).get() if user and user.pwd == upwd: token = security.generate_random_string(length=20) session = Session(id=token) session.userKey = user.put() session.put() self.response.set_cookie(key='token', value=token, path='/') self.redirect("/home") else: self.redirect("/login")
def add_newsletter(cls, email, newsletter): entity = cls.get_by_email_newsletter(email, newsletter) if entity: return entity.token else: existing_entity = cls.get_by_email(email) if existing_entity: # add the newsletter to the list existing_entity.newsletters.append(newsletter) existing_entity.put() return existing_entity.token else: # create a new entity token = security.generate_random_string(entropy=256) new_entity = cls(email=email, newsletters=[newsletter], token=token) new_entity.put() return token
def post_reauthenticated(self, params): register = params.get('register') deregister = params.get('deregister') if register: # initiate adding a new authentication method to the account for authhandler in settings.HANDLERS: if register == authhandler.get_provider_name(): token = security.generate_random_string(entropy=256) LoginAddToken = EnkiModelTokenVerify( token=token, user_id=self.user_id, auth_ids_provider=register, type='loginaddconfirm_1') LoginAddToken.put() self.redirect(authhandler.get_button().href) break elif deregister: self.remove_auth_id(deregister) self.add_infomessage('success', MSG.SUCCESS(), MSG.AUTH_PROVIDER_REMOVED(deregister)) self.redirect(enki.libutil.get_local_url('accountconnect'))
def _apply_session_properties(self): # Create a session ID for the session if it does not have one already. # This is used to create an opaque string that can be passed to the OAuth2 # authentication server via the 'state' parameter. if self.session.get('sid', None) is None: self.session['sid'] = security.generate_random_string(entropy=128) # Add the user's credentials to the decorator if we have them. if self.me.registered: self.decorator.credentials = self.decorator._storage_class( self.decorator._credentials_class, None, self.decorator._credentials_property_name, user=self.me).get() else: # Store the state for the session user in a parameter on the flow. # We only need to do this if we're not logged in. self.decorator._create_flow(self) session_user = users.UserStub(self.session['sid']) self.decorator.flow.params['state'] = appengine._build_state_value( self, session_user)