def get_nonce(environ): """ Create a nonce that will last about an hour. """ user, host, secret = get_nonce_components(environ) time = datetime.utcnow().strftime('%Y%m%d%H') return gen_nonce(user, host, time, secret)
def establish_user_auth(config, store, host, username): user = User(username) mapping_username = '******' % username mapping_tiddler = Tiddler(mapping_username, 'MAPUSER') mapping_tiddler.fields['mapped_user'] = username try: store.delete(user) except StoreError: pass try: store.delete(mapping_tiddler) except IOError: pass user.add_role('MEMBER') user.note = '{}' store.put(user) ensure_bag('MAPUSER', store) store.put(mapping_tiddler) stamp = datetime.utcnow().strftime('%Y%m%d%H') csrf = gen_nonce(username, host, stamp, config['secret']) cookie = make_cookie('tiddlyweb_user', mapping_username, mac_key=config['secret'], httponly=False) return cookie, csrf
def _send_safe_mode(environ, start_response): """ Send a form that initiates safe_mode by asking the user to confirm that they want it and then POSTing back to the same URI. XXX: This should maybe be replaced with a tiddler. However, then that tiddler will be visible in spaces and we don't want that. """ environ['tiddlyweb.title'] = 'Confirm Safe Mode' now = datetime.utcnow().strftime('%Y%m%d%H') user, hostname, secret = get_nonce_components(environ) csrf_token = gen_nonce(user, hostname, now, secret) start_response('200 OK', [('Content-Type', 'text/html; charset=UTF-8')]) return [""" <div id='content'><div class='tiddler'> <form method='POST'> <p>Are you sure you wish to run safe mode?</p> <input type="hidden" name="csrf_token" value="%s" /> <input type='submit' value='Yes' /> </form> <p><a href='/'>Return to my Space.</a></p> </div></div> """ % csrf_token]
def _send_safe_mode(environ, start_response): """ Send a form that initiates safe_mode by asking the user to confirm that they want it and then POSTing back to the same URI. """ environ['tiddlyweb.title'] = 'Confirm Safe Mode' now = datetime.utcnow().strftime('%Y%m%d%H') user, hostname, secret = get_nonce_components(environ) csrf_token = gen_nonce(user, hostname, now, secret) start_response('200 OK', [('Content-Type', 'text/html; charset=UTF-8')]) return [""" <div id='content'><div class='tiddler'> <form method='POST'> <p>Are you sure you wish to run safe mode?</p> <input type="hidden" name="csrf_token" value="%s" /> <input type='submit' value='Yes' /> </form> <p><a href='/'>Return to my Space.</a></p> </div></div> """ % csrf_token]