def deserialize_verbose(token=submitted_token): # START 1 OMIT import macaroons # token = "MDAyNmxvY2F0aW9uIGh0dHA6Ly93d3cucHl0aG9uLm9yLmlkLwowMDIzaWRlbnRpZmllciBrb3BkYXJfbWVtYmVyc19vbmx5CjAwMmZzaWduYXR1cmUgPTBa1YP4kNcWeZ9bEeBLautN8R9XueRXQ5uHZ4eQFxAK" # first, we attempt to rehydrate a valid macaroon instance from the string # // HL try: print('Token to be deserialized: %s' % token) submitted_macaroon = macaroons.deserialize(token) # // HL # we can check its details print('submitted_macaroon.inspect():') print(submitted_macaroon.inspect()) except macaroons.MacaroonError: print('The token provided is not a valid macaroon: %s' % token) except: print 'An unknown error occurred while deserializing the token'
#!/usr/bin/env python import macaroons from datetime import datetime, timedelta client_token = 'MDAyNmxvY2F0aW9uIGh0dHA6Ly93d3cucHl0aG9uLm9yLmlkLwowMDIzaWRlbnRpZmllciBrb3BkYXJfbWVtYmVyc19vbmx5CjAwMTdjaWQgdXNlcmlkPXNoaXJrZXkKMDAyZnNpZ25hdHVyZSA9JIzWgSX2dH5F1eGGsPnNPg0axz7mkh6AnRByzR5/uAo=' # START 1 OMIT # user can take the original token provided by the web service, # and apply additional constraints to it client_macaroon = macaroons.deserialize(client_token) # // HL timeout = datetime.now().date() # // HL new_macaroon = client_macaroon.add_first_party_caveat('date=%s' % timeout) # // HL print 'newly constrained macaroon:\n', new_macaroon.inspect() # this new token can now be delegated to another user for limited against the service delegation_token = new_macaroon.serialize() # END 1 OMIT
def deserialize(token=submitted_token): import macaroons return macaroons.deserialize(token)
def verify_token(token, secret=test_secret): m = macaroons.deserialize(token) v = macaroons.Verifier() v.satisfy_general(check_time) return v.verify(m, secret)
#!/usr/bin/env python import macaroons from create_the_token import get_secret from datetime import datetime, timedelta client_token = 'MDAyNmxvY2F0aW9uIGh0dHA6Ly93d3cucHl0aG9uLm9yLmlkLwowMDIzaWRlbnRpZmllciBrb3BkYXJfbWVtYmVyc19vbmx5CjAwMTdjaWQgdXNlcmlkPXNoaXJrZXkKMDAyZnNpZ25hdHVyZSA9JIzWgSX2dH5F1eGGsPnNPg0axz7mkh6AnRByzR5/uAo=' # user can take the original token provided by the web service, # and apply additional constraints to it client_macaroon = macaroons.deserialize(client_token) # // HL timeout = datetime.now().date() # // HL new_macaroon = client_macaroon.add_first_party_caveat('date=%s' % timeout) # // HL print 'newly constrained macaroon:\n', new_macaroon.inspect() # this new token can now be delegated to another user for limited against the service delegation_token = new_macaroon.serialize() path='shirkey' # START 1 OMIT # servis_kopdar obtains token from third party (not original client) print delegation_token asserting_macaroon = macaroons.deserialize(delegation_token) print 'Asserting macaroon: \n', asserting_macaroon.inspect() # the web service must support constraint checking for the specified caveat # so let's add a check for this constraint def get_access_to_user_resource_path(user_macaroon, resource_path): # first, we establish our Verifier as before v = macaroons.Verifier() v.satisfy_exact('userid=%s' % resource_path) v.satisfy_exact('date=%s' % datetime.now().date()) # // HL return v.verify(user_macaroon, get_secret())