def tokenAuth(token): """ token验证模块 验证token的正确性,有效性,以及是否被修改 :param token: token码 :return: 通过返回 [userId, roleId, msg] 未通过返回 None, None, msg] """ s = Serializer(secret_key=parser.secret_key_token, salt=parser.auth_salt) try: data = s.loads(token) except SignatureExpired: msg = 'token expired' return [None, None, msg] except BadSignature, e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: # the token is tampered. msg = 'token tampered' return [None, None, msg] msg = 'badSignature of token' return [None, None, msg]
def RftokenAuth(rf_token): """ rf_token验证模块 验证rf_token的正确性,有效性,以及是否被修改 :param rf_token: rf_token码 :return: 通过返回用户名,用户角色,和最新的token的列表 未通过返回[None, None, msg] """ s = Serializer(secret_key=parser.secret_key_rf_token, salt=parser.auth_salt) try: data = s.loads(rf_token) except SignatureExpired: msg = 'token expired' return [None, None, msg] except BadSignature, e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: # the token is tampered. msg = 'token tampered' return [None, None, msg] msg = 'badSignature of token' return [None, None, msg]
def token_auth(token): """ 验证token :param token: :return: """ s = Serializer(secret_key=SECURE_KEY['SECRET_KEY'], salt=SECURE_KEY['AUTH_SALT']) data = dict() try: data = s.loads(token) except SignatureExpired: logger.info('*' * 20 + 'token expired' + '*' * 20) raise exceptions.ValidationError('token过期') except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: logger.info('*' * 20 + 'bad signature of token' + '*' * 20) raise exceptions.ValidationError('token篡改') except Exception as e: logger.info('*' * 20 + 'wrong token with unknown reason' + '*' * 20) raise exceptions.ValidationError('未知错误') if 'user_id' not in data or 'is_student' not in data: logger.info('*' * 20 + 'illegal payload inside' + '*' * 20) raise exceptions.ValidationError('不合法的载体') refresh = False # 如果token过期时间与当前时间相隔10分钟以内,则需要刷新token if (data['iat'] - time.time()) / 60 < 10: refresh = True return data['user_id'], data['is_student'], refresh
def validateToken(token): s = Serializer(secret_key=secret_key, salt=salt) try: data = s.loads(token) except SignatureExpired: msg = 'toekn expired' return {'code': 401, 'error_code': 'auth_01', 'message': msg} except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: msg = 'token tampered' return {'code': 401, 'error_code': 'auth_01', 'message': msg} msg = 'badSignature of token' return {'code': 401, 'error_code': 'auth_01', 'message': msg} except: msg = 'wrong token with unknown reason' return {'code': 401, 'error_code': 'auth_01', 'message': msg} if 'userid' not in data: msg = 'illegal payload inside' return {'code': 401, 'error_code': 'auth_01', 'message': msg} msg = 'user(' + str(data['userid']) + ') logged in by token.' userId = data['userid'] return { 'code': 200, 'error_code': 'auth_00', 'message': msg, 'userid': userId }
def tokenAuth(token): # token decoding s = Serializer( secret_key=app.config['SECRET_KEY'], salt=app.config['AUTH_SALT']) try: data = s.loads(token) # token decoding faild # if it happend a plenty of times, there might be someone # trying to attact your server, so it should be a warning. except SignatureExpired: msg = 'token expired' app.logger.warning(utils.logmsg(msg)) return [None, None, msg] except BadSignature, e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: # the token is tampered. msg = 'token tampered' app.logger.warning(utils.logmsg(msg)) return [None, None, msg] msg = 'badSignature of token' app.logger.warning(utils.logmsg(msg)) return [None, None, msg]
def validateToken(token): """ # 解析token :param token: 输入toke :return: 解析结果 """ s = Serializer(secret_key=SECRET_KEY, salt=SALT) try: data = s.loads(token) except SignatureExpired: return {'code': 401, 'message': 'toekn expired'} # token过期 except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: return {'code': 401, 'message': 'token tampered'} # token篡改 return {'code': 401, 'message': 'badSignature of token'} # 签名有误 except Exception: return { 'code': 401, 'message': 'wrong token with unknown reason' } # 令牌错误 if 'userid' not in data: return {'code': 401, 'message': 'illegal payload inside'} # 非法载荷 return { 'code': 200, 'userid': data['userid'], 'message': f"user({data['userid']}) logged in by token." }
def verify_token(token, token_type='access'): """ 验证Token :param token: :param token_type: :return: """ user_id = get_token_user_id(token) Log.logger.info('verify token user_id is {}, token is {}'.format( user_id, token)) token_info = RedisManager.get_cache(pack_token_key(user_id, token_type)) if not token_info: return { 'status': CODE['TOKEN_ERROR'], 'data': {}, 'message': MESSAGE.get(CODE['TOKEN_ERROR']) } s = Serializer(secret_key=TOKEN_SECRET_KEY) try: s.loads(token, return_header=True) except SignatureExpired: return { 'status': CODE['TOKEN_EXPIRED'], 'data': {}, 'message': MESSAGE.get(CODE['TOKEN_EXPIRED']) } except BadSignature as e: encoded_payload = e.payload if encoded_payload: try: s.load_payload(encoded_payload) except BadData: return { 'status': CODE['TOKEN_ERROR'], 'data': {}, 'message': MESSAGE.get(CODE['TOKEN_ERROR']) } return { 'status': CODE['TOKEN_ERROR'], 'data': {}, 'message': MESSAGE.get(CODE['TOKEN_ERROR']) } except Exception as e: Log.logger.error("check token error is {}".format(e)) return { 'status': CODE['TOKEN_ERROR'], 'data': {}, 'message': MESSAGE.get(CODE['TOKEN_ERROR']) } if token != token_info: return { 'status': CODE['TOKEN_ERROR'], 'data': {}, 'message': MESSAGE.get(CODE['TOKEN_ERROR']) } return {'status': 0, 'data': {'user_id': user_id}}
def tokenAuth(token): # token decoding s = Serializer( secret_key=JWT_SECRET_KEY, algorithm_name=JWT_ALG, salt=JWT_SALT ) try: data = s.loads(token) # token decoding faild # if it happend a plenty of times, there might be someone # trying to attact your server, so it should be a warning. except SignatureExpired: # token已经超时失效 msg = 'token expired' logger.warning(msg) return [None, None, msg] except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: # token已经被篡改 msg = 'token tampered' logger.warning(msg) return [None, None, msg] # payload不完整 msg = 'badSignature of token' logger.warning(msg) return [None, None, msg] except: msg = 'wrong token with unknown reason' logger.warning(msg) return [None, None, msg] if ('user_id' not in data) or ('role_id' not in data): # 数据不合法,密钥和盐值泄露 msg = 'illegal payload inside' logger.warning(msg) return [None, None, msg] msg = 'user(' + str(data['user_id']) + ') logged in by token.' # app.logger.info(msg) user_id = data['user_id'] role_id = data['role_id'] return [user_id, role_id, msg]
def parse_token(token): s = Serializer(secret_key=SECRET_KEY, salt=AUTH_SALT) try: data = s.loads(token) return data.get('key'), data.get('code') except SignatureExpired: msg = 'token expired' return msg except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: msg = 'token tampered' return msg msg = 'badSignature of token' return msg
def confirm(token): """Confirm token # 确认令牌,返回确认状态 Args: token (str): To be verified token Returns: object: app.common.result.Result """ # token decoding s = Serializer( secret_key=current_app.config['SECRET_KEY'], salt=current_app.config['AUTH_SALT']) data = {} try: data = s.loads(token) # token decoding faild # if it happend a plenty of times, there might be someone # trying to attact your server, so it should be a warning. except SignatureExpired: msg = 'token expired' # current_app.logger.warning(msg) return Result.error(data,status=Status.TOKEN_SIGNATURE_EXPIRED.status, message=Status.TOKEN_SIGNATURE_EXPIRED.message) except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: # the token is tampered. msg = 'token tampered' return Result.error(data,status=Status.TOKEN_TAMPERED.status, message=Status.TOKEN_TAMPERED.message) msg = 'badSignature of token' return Result.error(data,status=Status.TOKEN_BADSIGNATURE.status, message=Status.TOKEN_BADSIGNATURE.message) except: msg = 'wrong token with unknown reason' return Result.error(data,status=Status.TOKEN_UNKNOWN_REASON.status, message=Status.TOKEN_UNKNOWN_REASON.message) if ('id' not in data) : msg = 'illegal payload inside' return Result.error(data,status=Status.TOKEN_ILLEGAL.status, message=Status.TOKEN_ILLEGAL.message) return Result.success(data=data,status=Status.TOKEN_SUCCESS.status, message=Status.TOKEN_SUCCESS.message)
def tokenAuth(token): ''' 解码jwt数据 :param token: jwt字符串 :return: 返回解密后的数据 ''' s = Serializer(secret_key='4180da82-0c83-4d66-ab14-e2793573ecaa', salt='16fcf475-5180-4916-83c1-5ff79616eaa9') try: # 使用序列化器的loads函数对加密后的数据进行解密 data = s.loads(token) except SignatureExpired: # token超时 msg = 'token expired' return [None, msg] except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: # the token is tampered;token被篡改 msg = 'token tampered' return [None, msg] msg = 'badSignature of token' # token错误 return [None, msg] except: msg = 'wrong token with unknown reason' return [None, msg] if ('user_name' not in data) or ('user_passwd' not in data) or ('user_address' not in data): msg = 'illegal payload inside' return [None, msg] msg = 'user(' + data['user_name'] + ') logged in by token.' user_name = data['user_name'] user_passwd = data['user_passwd'] user_address = data['user_address'] return [user_name, user_passwd, user_address, msg]
def decrypt(cls, jwttoken): """解密""" s = Serializer( secret_key=config["jwt_secret_key"], salt=config["jwt_salt"], ) try: jwt_data = s.loads(jwttoken) except SignatureExpired as e: assert False, 'Token已过期' except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: assert False, 'Token被篡改' assert False, 'Token有误' except Exception as e: assert False, '未知错误【解析Token】' assert not set(jwt_data.keys()) - set(cls.palyload_keys), 'Token不合法' return jwt_data
def decrypt(token): s = Serializer(secret_key=SECURE_KEY['SECRET_KEY'], salt=SECURE_KEY['AUTH_SALT']) try: data = s.loads(token) except SignatureExpired: msg = 'token expired' print(msg) except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: msg = 'token tampered' print(msg) msg = 'badSignature of token' print(msg) except: msg = 'wrong token with unknown reason' print(msg) return data
def validate_token(user, token, operation, new_password=None): print('validate_token secret====',current_app.config['SECRET_KEY']) s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except SignatureExpired: return SignatureExpired.message except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: return BadData.message # return False if operation != data.get('operation') or user.id != data.get('id'): return False if operation == Operations.CONFIRM: user.confirmed = True elif operation == Operations.RESET_PASSWORD: user.set_password(new_password) elif operation == Operations.CHANGE_EMAIL: new_email = data.get('new_email') if new_email is None: return False if User.query.filter_by(email=new_email).first() is not None: return False user.email = new_email else: return False db.session.commit() return True
def parser_token(token): s = Serializer(secret_key=secret_key,salt=salt_str) try: return {"msg":"解析成功","code":1,"data":s.loads(token)} except itsdangerous.SignatureExpired: return {"msg":"token已过期请重新登录","code":-1} except itsdangerous.BadSignature as e: if e.payload: try: s = s.load_payload(e.payload) print(s) return {"msg": "secret_key 和 salt可能已经泄露", "code": -1} except:pass return {"msg": "token被篡改", "code": -1} except: return {"msg": "解析失败 未知原因!", "code": -1}
data = {'user_id': '789456123', 'iat': timestamp} print(data) token = s.dumps(data) print(token) s = Serializer(secret_key=SECURE_KEY['SECRET_KEY'], salt=SECURE_KEY['AUTH_SALT']) try: data = s.loads(token) except SignatureExpired: msg = 'token expired' print(msg) except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: msg = 'token tampered' print(msg) msg = 'badSignature of token' print(msg) except: msg = 'wrong token with unknown reason' print(msg) print(data) if 'user_id' not in data: msg = 'illegal payload inside' print(msg) msg = 'user(' + data['user_id'] + ') logged in by token.' userId = data['user_id']