def test_cant_decode_token_with_wrong_key():
    token = generate_token({
        "key1": "value1",
        "key2": "value2"},
        secret_key=TEST_SECRET_KEY,
        salt="1234567890")

    with pytest.raises(InvalidToken):
        decode_token(token, 'WrongKeyWrongKeyWrongKeyWrongKeyWrongKeyXXX=', '1234567890')
Exemplo n.º 2
0
def decode_reset_password_token(token):
    data = decode_token(token, current_app.config['SECRET_KEY'],
                        current_app.config['RESET_PASSWORD_SALT'],
                        1 * ONE_DAY_IN_SECONDS)
    timestamp = parse_fernet_timestamp(token)

    email_address = data.get('email_address', None)

    if email_address is None:
        raise ValueError(
            "Required argument email address was not returned from token decoding"
        )

    user = User.query.filter(User.email_address == email_address).first()
    user_last_changed_password_at = user.password_changed_at
    """
        timestamp of token returned from parse_fernet_timestamp does not use ms,
        User model does so if you compare
        these two immediately - like you will in a test, this will return a false positive
    """
    if timestamp < user_last_changed_password_at.replace(microsecond=0):
        current_app.logger.info(
            "Token generated earlier than password was last changed")
        raise InvalidToken(
            "Token generated earlier than password was last changed")

    return data
def decode_user_token(token):
    data = decode_token(
        token,
        current_app.config['SECRET_KEY'],
        current_app.config['SUPPLIER_INVITE_TOKEN_SALT'],
        14 * ONE_DAY_IN_SECONDS
    )
    return data
Exemplo n.º 4
0
def test_can_generate_token():
    token = generate_token({
        "key1": "value1",
        "key2": "value2"
    },
                           secret_key=TEST_SECRET_KEY,
                           salt="1234567890")

    token = decode_token(token, TEST_SECRET_KEY, '1234567890')
    assert {"key1": "value1", "key2": "value2"} == token
Exemplo n.º 5
0
def decode_creation_token(token):
    try:
        data = decode_token(token, current_app.config['SECRET_KEY'],
                            current_app.config['SIGNUP_INVITATION_TOKEN_SALT'],
                            14 * ONE_DAY_IN_SECONDS)
    except InvalidToken:
        raise InvalidToken

    if not set(('name', 'email_address')).issubset(set(data.keys())):
        raise InvalidToken

    return data
Exemplo n.º 6
0
def decode_user_creation_token(token):
    data = decode_token(token, current_app.config['SECRET_KEY'],
                        current_app.config['SIGNUP_INVITATION_TOKEN_SALT'],
                        14 * ONE_DAY_IN_SECONDS)

    # snake case is required for tokens created with future api
    if not set(('name', 'email_address')).issubset(set(data.keys())):
        # TODO: remove legacy camel case check when old invites are no longer active - 1W
        if not set(('name', 'emailAddress')).issubset(set(data.keys())):
            raise InvalidToken
        raise InvalidToken
    return data