def _new_sid(req): """ Make a number based on current time, pid, remote ip and two random ints, then hash with md5. This should be fairly unique and very difficult to guess. @param req: the mod_python request object. @type req: mod_python request object. @return: the session identifier. @rtype: 32 hexadecimal string @warning: The current implementation of _new_sid returns an md5 hexdigest string. To avoid a possible directory traversal attack in FileSession the sid is validated using the _check_sid() method and the compiled regex validate_sid_re. The sid will be accepted only if len(sid) == 32 and it only contains the characters 0-9 and a-f. If you change this implementation of _new_sid, make sure to also change the validation scheme, as well as the test_Session_illegal_sid() unit test in test/test.py. """ return uuid4().hex the_time = long(time.time() * 10000) pid = os.getpid() random_generator = _get_generator() rnd1 = random_generator.randint(0, 999999999) rnd2 = random_generator.randint(0, 999999999) remote_ip = req.remote_ip return md5("%d%d%d%d%s" % (the_time, pid, rnd1, rnd2, remote_ip)).hexdigest()
def get_search_query_id(**kwargs): """ Returns unique query indentifier. """ p = kwargs.get('p', '').strip() f = kwargs.get('f', '') cc = kwargs.get('cc', '') wl = kwargs.get('wl', '') return md5(repr((p, f, cc, wl))).hexdigest()
def auto_version_url(file_path): """ Appends modification time of the file to the request URL in order for the browser to refresh the cache when file changes @param file_path: path to the file, e.g js/foo.js @return: file_path with modification time appended to URL """ file_md5 = "" try: file_md5 = md5(open(CFG_WEBDIR + os.sep + file_path).read()).hexdigest() except IOError: pass return file_path + "?%s" % file_md5
def make_cache_key(custom_kbs_files=None): """Create cache key for kbs caches instances This function generates a unique key for a given set of arguments. The files dictionary is transformed like this: {'journal': '/var/journal.kb', 'books': '/var/books.kb'} to "journal=/var/journal.kb;books=/var/books.kb" Then _inspire is appended if we are an INSPIRE site. """ if custom_kbs_files: serialized_args = ('%s=%s' % v for v in custom_kbs_files.iteritems()) serialized_args = ';'.join(serialized_args) else: serialized_args = "default" cache_key = md5(serialized_args).digest() return cache_key
def mail_cookie_create_common(kind, params, cookie_timeout=timedelta(days=1), onetime=False): """Create a unique url to be sent via email to access this authorization @param kind: kind of authorization (e.g. 'pw_reset', 'mail_activation', 'role') @param params: whatever parameters are needed @param cookie_timeout: for how long the url will be valid @param onetime: whetever to remove the cookie after it has used. """ assert (kind in _authorizations_kind) expiration = datetime.today() + cookie_timeout data = (kind, params, expiration, onetime) password = md5(str(random())).hexdigest() cookie_id = run_sql( 'INSERT INTO accMAILCOOKIE (data,expiration,kind,onetime) VALUES ' '(AES_ENCRYPT(%s, %s),%s,%s,%s)', (dumps(data), password, expiration.strftime(_datetime_format), kind, onetime)) cookie = password[:16] + hex(cookie_id)[2:-1] + password[-16:] return cookie
def hash(self, password): if db.engine.name != 'mysql': return md5(password).digest() email = self.__clause_element__().table.columns.email return db.func.aes_encrypt(email, password)
def test_md5(self): self.assertEqual( md5('').hexdigest(), 'd41d8cd98f00b204e9800998ecf8427e') self.assertEqual( md5('test').hexdigest(), '098f6bcd4621d373cade4e832627b4f6')
if identifier: rec_id = search_pattern(p=identifier, f=matching, m='e') if not rec_id: errors.append((docfile, err_desc[2])) continue elif len(rec_id) > 1: errors.append((docfile, err_desc[1])) continue else: rec_id = str(list(rec_id)[0]) rec_info = BibRecDocs(rec_id) if rec_info.bibdocs: for bibdoc in rec_info.bibdocs: attached_files = bibdoc.list_all_files() file_md5 = md5( open(os.path.join(folder, docfile), "rb").read()).hexdigest() num_errors = len(errors) for attached_file in attached_files: if attached_file.checksum == file_md5: errors.append((docfile, err_desc[3])) break elif attached_file.get_full_name() == docfile: errors.append((docfile, err_desc[4])) break if len(errors) > num_errors: continue # Check if user has rights to upload file if req is not None: file_collection = guess_collection_of_a_record(int(rec_id)) auth_code, auth_message = acc_authorize_action(
def _get_record_hash(link): """ Generate a record hash including CFG_SITE_URL so that if CFG_SITE_URL is updated, the QR-code image is invalidated. """ return md5(link).hexdigest()[:8].lower()