예제 #1
0
 def validate_answer(self, answer, team):
     """Validate the nonce-based flag."""
     try:
         decoded_answer = self._decode(answer)
     except TypeError:
         app.logger.error('Invalid padding for answer.')
         return False
     if len(decoded_answer) != (
             self.NONCE_BITS + self.AUTHENTICATOR_BITS) // 8:
         app.logger.error('Invalid length of decoded answer in %s',
                          type(self).__name__)
         return False
     nonce = decoded_answer[:self.NONCE_BITS//8]
     authenticator = decoded_answer[self.NONCE_BITS//8:]
     if not utils.compare_digest(authenticator,
                                 self.compute_authenticator(nonce)):
         app.logger.error('Invalid nonce flag: %s', answer)
         return False
     # At this point, it's a valid flag, but need to check for reuse.
     # We do this by inserting and primary key checks will fail in the
     # commit phase.
     if team:
         models.NonceFlagUsed.create(
                 self.challenge, self.unpack_nonce(nonce),
                 team)
     return True
예제 #2
0
 def validate_answer(self, answer, team):
     """Validate the nonce-based flag."""
     try:
         decoded_answer = self._decode(answer)
     except TypeError:
         app.logger.error('Invalid padding for answer.')
         return False
     if len(decoded_answer) != (self.NONCE_BITS +
                                self.AUTHENTICATOR_BITS) // 8:
         app.logger.error('Invalid length of decoded answer in %s',
                          type(self).__name__)
         return False
     nonce = decoded_answer[:self.NONCE_BITS // 8]
     authenticator = decoded_answer[self.NONCE_BITS // 8:]
     if not utils.compare_digest(authenticator,
                                 self.compute_authenticator(nonce)):
         app.logger.error('Invalid nonce flag: %s', answer)
         return False
     # At this point, it's a valid flag, but need to check for reuse.
     # We do this by inserting and primary key checks will fail in the
     # commit phase.
     if team:
         models.NonceFlagUsed.create(self.challenge,
                                     self.unpack_nonce(nonce), team)
     return True
예제 #3
0
 def verify_token(self, token, token_type='pwreset'):
     """Verify a user-specific token."""
     token = utils.to_bytes(token)
     try:
         decoded = base64.urlsafe_b64decode(token)
         expires, mac = decoded.split(b':', 1)
     except ValueError:
         raise errors.ValidationError('Invalid token.')
     if float(expires) < time.time():
         raise errors.ValidationError('Expired token.')
     expected = self.get_token(token_type=token_type, expires=int(expires))
     if not utils.compare_digest(expected, token):
         raise errors.ValidationError('Invalid token.')
     return True
예제 #4
0
 def verify_token(self, token, token_type='pwreset'):
     """Verify a user-specific token."""
     token = utils.to_bytes(token)
     try:
         decoded = base64.urlsafe_b64decode(token)
         expires, mac = decoded.split(b':', 1)
     except ValueError:
         raise errors.ValidationError('Invalid token.')
     if float(expires) < time.time():
         raise errors.ValidationError('Expired token.')
     expected = self.get_token(token_type=token_type, expires=int(expires))
     if not utils.compare_digest(expected, token):
         raise errors.ValidationError('Invalid token.')
     return True
예제 #5
0
 def validate_answer(self, answer, unused_team):
     if not self.challenge.answer_hash:
         return False
     return utils.compare_digest(
         pbkdf2.crypt(answer, self.challenge.answer_hash),
         self.challenge.answer_hash)
예제 #6
0
 def validate_answer(self, answer, team):
     if not team:
         return False
     return utils.compare_digest(self.construct_mac(team), answer)
예제 #7
0
 def validate_answer(self, answer, unused_team):
     if not self.challenge.answer_hash:
         return False
     return utils.compare_digest(
             pbkdf2.crypt(answer, self.challenge.answer_hash),
             self.challenge.answer_hash)
예제 #8
0
 def validate_answer(self, answer, team):
     if not team:
         return False
     return utils.compare_digest(
             self.construct_mac(team),
             answer)