def test_verify_hash(in_app_context):
data = hash_data(u'hellö')
assert verify_hash(data, u'hellö') is True
assert verify_hash(data, u'hello') is False
legacy_data = hashlib.md5(encode_string(u'hellö')).hexdigest()
assert verify_hash(legacy_data, u'hellö') is True
assert verify_hash(legacy_data, u'hello') is False
def test_verify_hash(in_app_context):
data = hash_data("hellö")
assert verify_hash(data, "hellö") is True
assert verify_hash(data, "hello") is False
legacy_data = hashlib.md5(encode_string("hellö")).hexdigest()
assert verify_hash(legacy_data, "hellö") is True
assert verify_hash(legacy_data, "hello") is False
def _verify_token(self, token, user):
if not self.token_verified_cache.get_verify_hash_result(
token, user.id):
if not verify_hash(compare_data=user.password, hashed_data=token):
raise UnauthorizedError(
failed_auth_message.format(user.username))
else:
self.token_verified_cache.cache_verify_hash_result(
token, user.id)
def _verify_token(self, token, user):
if not self.token_verified_cache.get_verify_hash_result(
token, user.id):
if not verify_hash(compare_data=user.password, hashed_data=token):
raise_unauthorized_user_error(
'Authentication failed for {0}'.format(user))
else:
self.token_verified_cache.cache_verify_hash_result(
token, user.id)
def _verify_token(self, token, user):
if not self.token_verified_cache.get_verify_hash_result(token,
user.id):
if not verify_hash(compare_data=user.password, hashed_data=token):
raise_unauthorized_user_error(
'Authentication failed for {0}'.format(user)
)
else:
self.token_verified_cache.cache_verify_hash_result(token,
user.id)
def verify_token(token):
serialized = TimedJSONWebSignatureSerializer(app.config['SECRET_KEY'], salt="api_token")
try:
data = serialized.loads(token)
user_id = data["user_id"]
user = User.query.filter_by(id=user_id).first()
if not user or not verify_hash(data['validation_check'], user.password):
logger.warn('Invalid authentication token. token invalid after password change')
return None
return user
except SignatureExpired:
return None # valid token, but expired
except BadSignature:
return None # invalid token
def reset_password_token_status(token):
"""Returns the expired status, invalid status, and user of a password reset
token. For example::
expired, invalid, user, data = reset_password_token_status('...')
:param token: The password reset token
"""
expired, invalid, user, data = get_token_status(
token, 'reset', 'RESET_PASSWORD', return_data=True
)
if not invalid and user:
if user.password:
if not verify_hash(data[1], user.password):
invalid = True
return expired, invalid, user
def confirm_change_email_token_status(token):
"""Returns the expired status, invalid status, user, and new email
of a confirmation token. For example::
expired, invalid, user, new_email = (
confirm_change_email_token_status('...'))
Based on confirm_email_token_status in Flask-Security.
:param token: The confirmation token
"""
expired, invalid, user, token_data = get_token_status(token,
'confirm',
'CONFIRM_EMAIL',
return_data=True)
new_email = None
if not invalid and user:
user_id, token_email_hash, new_email = token_data
invalid = not verify_hash(token_email_hash, user.email)
return expired, invalid, user, new_email
def _authenticate_token(self, token):
"""Make sure that the token passed exists, is valid, is not expired,
and that the user contained within it exists in the DB
:param token: An authentication token
:return: A tuple: (A user object, its hashed password)
"""
self.logger.debug('Authenticating token')
expired, invalid, user, data, error = \
user_handler.get_token_status(token)
if expired:
raise_unauthorized_user_error('Token is expired')
elif invalid or (not isinstance(data, list) or len(data) != 2):
raise_unauthorized_user_error(
'Authentication token is invalid:\n{0}'.format(error))
elif not user:
raise_unauthorized_user_error('No authentication info provided')
elif not verify_hash(compare_data=user.password, hashed_data=data[1]):
raise_unauthorized_user_error(
'Authentication failed for {0}'.format(user))
return user
