def test_bad_duration(self): """test: limits of human time delta format""" test_vector = { "24h 3m 4m 3s": 0, "1k 1h": 0, } for duration, _seconds in list(test_vector.items()): with pytest.raises(DurationParsingException): parse_duration(duration) return
def test_ISO8601_duration(self): """test: parse ISO8601 time delta format""" test_vector = { "PT45S": 45.0, "PT5H10M": 18600.0, "P1DT12H": 129600.0, "P8W": 4838400.0, "P2YT3H10M": 63083400.0, "P0D": 0.0, "P23DT23H": 2070000.0, "P3Y6M4DT12H30M5S": 110550605.0, "PT5H": 18000.0, "PT36H": 129600.0, "P1M": 2592000.0, "P3D": 259200.0, "P7Y": 220752000.0, "PT0S": 0.0, "P5Y": 157680000.0, "P4Y": 126144000.0, "P2Y": 63072000.0, "P23M": 59616000.0, "PT10M": 600.0, "PT1M": 60.0, } for duration, seconds in list(test_vector.items()): timedelta = parse_duration(duration, time_delta_compliant=False) assert seconds == timedelta.total_seconds()
def test_duration(self): """test: parse human time delta format""" test_vector = { "24h 3s": 86403.0, "1d 2h 1m": 93660.0, } for duration, seconds in list(test_vector.items()): timedelta = parse_duration(duration) assert seconds == timedelta.total_seconds()
def create_auth_cookie(user, client, state="authenticated", state_data=None): """ create and auth_cookie value from the authenticated user and client :param user: the authenticated user :param client: the requesting client :param state: the state info for the authentication :return: the hmac256digest of the user data the expiration time as datetime the expiration time as string """ secret = get_cookie_secret() key = binascii.unhexlify(secret) # ---------------------------------------------------------------------- -- # handle expiration calculation expiry = get_cookie_expiry() if expiry is False: # default should be at max 1 hour delta = datetime.timedelta(seconds=1 * 60 * 60) else: delta = parse_duration(expiry) now = datetime.datetime.utcnow() expires = now + delta expiration = expires.strftime(TIMEFORMAT) # ---------------------------------------------------------------------- -- # build the cache data if state_data is not None: state_data = copy.deepcopy(state_data) # we have to serialize the user object # - we do this currently in a very limited way where the resolver # specification is missing! user_dict = {"login": user.login, "realm": user.realm} data = [user_dict, client, expiration, state, state_data] hash_data = ("%r" % data).encode("utf-8") digest = hmac.new(key, hash_data, digestmod=hashlib.sha256).digest() auth_cookie = base64.urlsafe_b64encode(digest).decode().strip("=") Cookie_Cache[auth_cookie] = data return auth_cookie, expires, expiration
def create_auth_cookie(user, client, state='authenticated', state_data=None): """ create and auth_cookie value from the authenticated user and client :param user: the authenticated user :param client: the requesting client :param state: the state info for the authentication :return: the hmac256digest of the user data the expiration time as datetime the expiration time as string """ secret = get_cookie_secret() key = binascii.unhexlify(secret) # ---------------------------------------------------------------------- -- # handle expiration calculation expiry = get_cookie_expiry() if expiry is False: # default should be at max 1 hour delta = datetime.timedelta(seconds=1 * 60 * 60) else: delta = parse_duration(expiry) now = datetime.datetime.utcnow() expires = now + delta expiration = expires.strftime(TIMEFORMAT) # ---------------------------------------------------------------------- -- # build the cache data if state_data is not None: state_data = copy.deepcopy(state_data) data = [user, client, expiration, state, state_data] hash_data = ("%r" % data).encode('utf-8') digest = hmac.new(key, hash_data, digestmod=hashlib.sha256).digest() auth_cookie = base64.urlsafe_b64encode(digest).decode().strip("=") Cookie_Cache[auth_cookie] = data return auth_cookie, expires, expiration
def create_auth_cookie(user, client, state='authenticated', state_data=None): """ create and auth_cookie value from the authenticated user and client :param user: the authenticated user :param client: the requesting client :param state: the state info for the authentication :return: the hmac256digest of the user data the expiration time as datetime the expiration time as string """ secret = get_cookie_secret() key = binascii.unhexlify(secret) # ---------------------------------------------------------------------- -- # handle expiration calculation expiry = get_cookie_expiry() if expiry is False: # default should be at max 1 hour delta = datetime.timedelta(seconds=1 * 60 * 60) else: delta = parse_duration(expiry) now = datetime.datetime.utcnow() expires = now + delta expiration = expires.strftime(TIMEFORMAT) # ---------------------------------------------------------------------- -- # build the cache data data = [user, client, expiration, state, state_data] digest = hmac.new(key, "%r" % data, digestmod=hashlib.sha256).digest() auth_cookie = base64.urlsafe_b64encode(digest).decode().strip("=") Cookie_Cache[auth_cookie] = data return auth_cookie, expires, expiration
def create_auth_cookie(config, user, client): """ create and auth_cookie value from the authenticated user and client :param user: the authenticated user :param client: the requesting client :return: the encrypted cookie value, the expires datetime object and the expiration time as string """ secret = get_cookie_secret(config) expiry = get_cookie_expiry(config) if expiry: delta = parse_duration(expiry) else: # default should be at max 1 hour delta = datetime.timedelta(seconds=1 * 60 * 60) now = datetime.datetime.now() expires = now + delta expiration = expires.strftime(TIMEFORMAT) key = binascii.unhexlify(secret) username = "******" % user if type(user) == User: username = "******" % (user.login, user.realm) iv = os.urandom(SECRET_LEN) try: enc = aes_encrypt_data(username + "|" + client + '|' + expiration, key, iv) except Exception as exx: log.exception("Failed to create encrypted cookie %r" % exx) raise exx auth_cookie = "%s%s" % (binascii.hexlify(iv), binascii.hexlify(enc)) return auth_cookie, expires, expiration
def get_otp_detail(self, otp, window='24h'): """ provide information belonging to one otp :param otp: the otp for which the timestamp is searched :param window: string, in human readable '2h' or iso8601 format 'PT2H' """ from linotp.lib.type_utils import parse_duration window = parse_duration(window).total_seconds() # ------------------------------------------------------------------ -- time_step = self.timeStepping T0 = time.time() + self.shift counter = time2counter(T0, timeStepping=time_step) # ------------------------------------------------------------------ -- # prepare the hmac operation secObj = self._get_secret_object() hmac2Otp = HmacOtp( secObj, counter, self.otplen, self.getHashlib(self.hashlibStr)) matching_counter = hmac2Otp.checkOtp( otp, int(window // time_step), symetric=True) # ------------------------------------------------------------------ -- # matching_counter =-1 : no otp found in the current time frame if matching_counter == -1: log.info('no matching otp found in window: %r', window) return False, None # ------------------------------------------------------------------ -- # do not provide information of otps in the future if matching_counter >= counter: log.info('otp is in future - no info for future otps') return False, None # ------------------------------------------------------------------ -- # all fine - now return the time stamp and the utc time format time_stamp = counter2time( matching_counter, timeStepping=time_step) time_info = datetime.datetime.utcfromtimestamp(time_stamp) return True, { 'serial' : self.getSerial(), 'otp': otp, 'counter': matching_counter, 'time': time_info.isoformat(), 'seconds': int(time_stamp), 'span': time_step, }