예제 #1
0
    def _BaseCookie__ParseString(self, str, patt=cookies._CookiePattern):
        i = 0            # Our starting point
        n = len(str)     # Length of string
        M = None         # current morsel

        while 0 <= i < n:
            # Start looking for a cookie
            match = patt.search(str, i)
            if not match: break          # No more cookies

            K,V = match.group("key"), match.group("val")
            i = match.end(0)

            # Parse the key, value in case it's metainfo
            if K[0] == "$":
                # We ignore attributes which pertain to the cookie
                # mechanism as a whole.  See RFC 2109.
                # (Does anyone care?)
                if M:
                    try:
                        M[ K[1:] ] = V
                    except cookies.CookieError:
                        # We don't care.
                        pass
            elif K.lower() in cookies.Morsel._reserved:
                if M:
                    M[ K ] = cookies._unquote(V)
            else:
                rval, cval = self.value_decode(V)
                try:
                    self._BaseCookie__set(K, rval, cval)
                    M = self[K]
                except cookies.CookieError as e:
                    eventlog.warning(e)
예제 #2
0
    def __ParseString(self, str, patt=Cookie._CookiePattern):
        i = 0  # Our starting point
        n = len(str)  # Length of string
        M = None  # current morsel

        while 0 <= i < n:
            # Start looking for a cookie
            match = patt.search(str, i)
            if not match: break  # No more cookies

            K, V = match.group("key"), match.group("val")
            i = match.end(0)

            # Parse the key, value in case it's metainfo
            if K[0] == "$":
                # We ignore attributes which pertain to the cookie
                # mechanism as a whole.  See RFC 2109.
                # (Does anyone care?)
                if M:
                    M[K[1:]] = V
            elif K.lower() in Cookie.Morsel._reserved:
                if M:
                    M[K] = Cookie._unquote(V)
            else:
                if not SIG_PATTERN.search(V):
                    pass
                uval = Cookie._unquote(V)
                real_val = uval[:-SIG_LEN]
                try:
                    sig = b64decode(uval[-SIG_LEN:])
                except TypeError:
                    # Incorrect padding
                    raise BadSignatureError("Bad signature for cookie '%s'" %
                                            K)
                # TODO: use constant time string comparison
                if sig != hmac.new(self.key + K, real_val, sha256).digest():
                    raise BadSignatureError("Bad signature for cookie '%s'" %
                                            K)
                self._BaseCookie__set(K, real_val, V)
                M = self[K]
예제 #3
0
파일: signedcookie.py 프로젝트: aht/suas
    def __ParseString(self, str, patt=Cookie._CookiePattern):
        i = 0  # Our starting point
        n = len(str)  # Length of string
        M = None  # current morsel

        while 0 <= i < n:
            # Start looking for a cookie
            match = patt.search(str, i)
            if not match:
                break  # No more cookies

            K, V = match.group("key"), match.group("val")
            i = match.end(0)

            # Parse the key, value in case it's metainfo
            if K[0] == "$":
                # We ignore attributes which pertain to the cookie
                # mechanism as a whole.  See RFC 2109.
                # (Does anyone care?)
                if M:
                    M[K[1:]] = V
            elif K.lower() in Cookie.Morsel._reserved:
                if M:
                    M[K] = Cookie._unquote(V)
            else:
                if not SIG_PATTERN.search(V):
                    pass
                uval = Cookie._unquote(V)
                real_val = uval[:-SIG_LEN]
                try:
                    sig = b64decode(uval[-SIG_LEN:])
                except TypeError:
                    # Incorrect padding
                    raise BadSignatureError("Bad signature for cookie '%s'" % K)
                    # TODO: use constant time string comparison
                if sig != hmac.new(self.key + K, real_val, sha256).digest():
                    raise BadSignatureError("Bad signature for cookie '%s'" % K)
                self._BaseCookie__set(K, real_val, V)
                M = self[K]
예제 #4
0
    def deserialize(self, name, value, max_age=None):
        """Deserializes a signed cookie value.

        :param name:
            Cookie name.
        :param value:
            A cookie value to be deserialized.
        :param max_age:
            Maximum age in seconds for a valid cookie. If the cookie is older
            than this, returns None.
        :returns:
            The deserialized secure cookie, or None if it is not valid.
        """
        if not value:
            return None

        # Unquote for old WebOb.
        value = Cookie._unquote(value)

        parts = value.split('|')
        if len(parts) != 3:
            return None

        signature = self._get_signature(name, parts[0], parts[1])

        if not security.compare_hashes(parts[2], signature):
            logging.warning('Invalid cookie signature %r', value)
            return None

        if max_age is not None:
            if int(parts[1]) < self._get_timestamp() - max_age:
                logging.warning('Expired cookie %r', value)
                return None

        try:
            return self._decode(parts[0])
        except Exception, e:
            logging.warning('Cookie value failed to be decoded: %r', parts[0])
            return None
예제 #5
0
    def deserialize(self, name, value, max_age=None):
        """Deserializes a signed cookie value.

        :param name:
            Cookie name.
        :param value:
            A cookie value to be deserialized.
        :param max_age:
            Maximum age in seconds for a valid cookie. If the cookie is older
            than this, returns None.
        :returns:
            The deserialized secure cookie, or None if it is not valid.
        """
        if not value:
            return None

        # Unquote for old WebOb.
        value = Cookie._unquote(value)

        parts = value.split('|')
        if len(parts) != 3:
            return None

        signature = self._get_signature(name, parts[0], parts[1])

        if not security.compare_hashes(parts[2], signature):
            logging.warning('Invalid cookie signature %r', value)
            return None

        if max_age is not None:
            if int(parts[1]) < self._get_timestamp() - max_age:
                logging.warning('Expired cookie %r', value)
                return None

        try:
            return self._decode(parts[0])
        except Exception, e:
            logging.warning('Cookie value failed to be decoded: %r', parts[0])
            return None
예제 #6
0
파일: secure.py 프로젝트: ddierschow/bamca
 def cookie_decode(self, val):
     return self.cipher.decrypt(Cookie._unquote(val)).strip()
예제 #7
0
 def cookie_decode(self, val):
     return self.cipher.decrypt(Cookie._unquote(val)).strip()