def _IsXsrfTokenWellFormedAndNotExpired(user_email, action_id, xsrf_token): """Determine if the submitted xsrf token is well-formed and has not expired. By well-formed, we mean if the the submitted xsrf token can be decoded and will match the generated xsrf token using the same criteria (i.e. check forgery). The xsrfutil validate_token() method enforces a default token timeout of 1 hour (60 seconds). Args: user_email: String email address of the form [email protected]. action_id: String identifier of the action for which authorization is requested. xsrf_token: A string of the xsrf token. Returns: A boolean, True if the token is well-formed and has not expired. Otherwise, False. """ is_xsrf_token_well_formed_and_not_expired = xsrfutil.validate_token( key=appengine.xsrf_secret_key(), token=xsrf_token, user_id=user_email, action_id=action_id) _LOG.debug('Is xsrf token well-formed and not expired for %s: %s', user_email, is_xsrf_token_well_formed_and_not_expired) return is_xsrf_token_well_formed_and_not_expired
def test_build_and_parse_state(self): secret = appengine.xsrf_secret_key() # Secret shouldn't change from call to call. secret2 = appengine.xsrf_secret_key() self.assertEqual(secret, secret2) # Secret shouldn't change if memcache goes away. memcache.delete(appengine.XSRF_MEMCACHE_ID, namespace=appengine.OAUTH2CLIENT_NAMESPACE) secret3 = appengine.xsrf_secret_key() self.assertEqual(secret2, secret3) # Secret should change if both memcache and the model goes away. memcache.delete(appengine.XSRF_MEMCACHE_ID, namespace=appengine.OAUTH2CLIENT_NAMESPACE) model = appengine.SiteXsrfSecretKey.get_or_insert("site") model.delete() secret4 = appengine.xsrf_secret_key() self.assertNotEqual(secret3, secret4)
def test_build_and_parse_state(self): secret = appengine.xsrf_secret_key() # Secret shouldn't change from call to call. secret2 = appengine.xsrf_secret_key() self.assertEqual(secret, secret2) # Secret shouldn't change if memcache goes away. memcache.delete(appengine.XSRF_MEMCACHE_ID, namespace=appengine.OAUTH2CLIENT_NAMESPACE) secret3 = appengine.xsrf_secret_key() self.assertEqual(secret2, secret3) # Secret should change if both memcache and the model goes away. memcache.delete(appengine.XSRF_MEMCACHE_ID, namespace=appengine.OAUTH2CLIENT_NAMESPACE) model = appengine.SiteXsrfSecretKey.get_or_insert('site') model.delete() secret4 = appengine.xsrf_secret_key() self.assertNotEqual(secret3, secret4)
def validate_return_url(state, session_id): token, return_url = state.split(_sep, 1) if not xsrfutil.validate_token( xsrf_secret_key(), token, session_id, action_id=str(return_url) ): raise InvalidXsrfTokenError() return return_url
def GenerateXsrfToken(self, current_user): """Generate a xsrf token. Args: current_user: Appengine user object of the current user. Returns: A string of the xsrf token. """ _LOG.info('Generating xsrf token for %s.', current_user.nickname()) xsrf_token = xsrfutil.generate_token(appengine.xsrf_secret_key(), current_user.user_id()) _LOG.debug('Successfully generated xsrf token for %s.', current_user.nickname()) return xsrf_token
def GenerateXsrfToken(user_email, action_id): """Generate a xsrf token. Args: user_email: String email address of the form [email protected]. action_id: String identifier of the action for which authorization is requested. Returns: A string of the xsrf token. """ _LOG.info('Generating xsrf token for %s.', user_email) xsrf_token = xsrfutil.generate_token(key=appengine.xsrf_secret_key(), user_id=user_email, action_id=action_id) _LOG.debug('Successfully generated xsrf token for %s.', user_email) return xsrf_token
def _IsXsrfTokenWellFormedAndNotExpired(self, current_user, xsrf_token): """Determine if the submitted xsrf token is well-formed and has not expired. By well-formed, we mean if the the submitted xsrf token can be decoded and will match the generated xsrf token using the same criteria (i.e. check forgery). Args: current_user: Appengine user object of the current user. xsrf_token: A string of the xsrf token. Returns: A boolean, true if the token is well-formed and has not expired. Otherwise, false. """ is_xsrf_token_well_formed_and_not_expired = xsrfutil.validate_token( appengine.xsrf_secret_key(), xsrf_token, current_user.user_id()) _LOG.debug('Is xsrf token well-formed and not expired for %s: %s', current_user.nickname(), is_xsrf_token_well_formed_and_not_expired) return is_xsrf_token_well_formed_and_not_expired
def regenerate_csrf_token(self): session_cookie = self.request.cookies.get('session') token = xsrfutil.generate_token(xsrf_secret_key(), session_cookie) self.session['csrf_token'] = token return token
def sign_return_url(return_url, session_id): token = xsrfutil.generate_token( xsrf_secret_key(), session_id, action_id=str(return_url) ) return _sep.join((token, return_url,))