def test_equal(self): # Test compare_digest functionality with equal (byte/text) strings. for s in ("a", "bcd", "xyz123"): a = s*100 b = s*100 self.assertTrue(secrets.compare_digest(a, b)) self.assertTrue(secrets.compare_digest(a.encode('utf-8'), b.encode('utf-8')))
def check_token(token: str, uuid: str): if not redis.exists("revocation-" + uuid): raise HTTPException(status_code=404) if (not ADMIN_TOKEN or not secrets.compare_digest(token, ADMIN_TOKEN)) \ and not secrets.compare_digest(token, redis.get("revocation-" + uuid).decode()): raise HTTPException(status_code=401, detail="ID and token combination is invalid.")
def verify_auth(credentials: HTTPBasicCredentials = Depends(sec)): correct_username = secrets.compare_digest(credentials.username, username) correct_password = secrets.compare_digest(credentials.password, password) if not (correct_password and correct_username): raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="", headers={"WWW-Authenticate": "Basic"}) return credentials.username
def check_usrnm_passwd(credentials): correct_usrnm = secrets.compare_digest(credentials.username, correct_login) correct_password = secrets.compare_digest(credentials.password, correct_passwd) if not (correct_usrnm and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorised - incorrect login or password!", headers={"WWW-Authenticate": "Basic"}, )
def _auth(headers): if 'Authorization' not in headers: return False username, password = base64.standard_b64decode( headers['Authorization'][6:]).decode("utf-8").split(":") correct_username = secrets.compare_digest(username, "hoge") correct_password = secrets.compare_digest( password, str(datetime.datetime.now().minute)) return all([correct_username, correct_password])
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)) -> str: correct_username = secrets.compare_digest(credentials.username, "moo") correct_password = secrets.compare_digest(credentials.password, "haha") if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Moo haha", ) return credentials.username
def test_unequal(self): # Test compare_digest functionality with unequal (byte/text) strings. self.assertFalse(secrets.compare_digest("abc", "abcd")) self.assertFalse(secrets.compare_digest(b"abc", b"abcd")) for s in ("x", "mn", "a1b2c3"): a = s*100 + "q" b = s*100 + "k" self.assertFalse(secrets.compare_digest(a, b)) self.assertFalse(secrets.compare_digest(a.encode('utf-8'), b.encode('utf-8')))
def check_auth(credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, app.login) correct_password = secrets.compare_digest(credentials.password, app.password) if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect login or password", headers={"WWW-Authenticate": "Basic"}, )
def test_unequal(self): self.assertFalse(secrets.compare_digest('abc', 'abcd')) self.assertFalse(secrets.compare_digest(b'abc', b'abcd')) for s in ('x', 'mn', 'a1b2c3'): a = s * 100 + 'q' b = s * 100 + 'k' self.assertFalse(secrets.compare_digest(a, b)) self.assertFalse( secrets.compare_digest(a.encode('utf-8'), b.encode('utf-8')))
def auth_basic_auth(credentials: HTTPBasicCredentials = Depends(HTTPBasic())): correct_user = secrets.compare_digest(credentials.username, app.username) correct_pass = secrets.compare_digest(credentials.password, app.password) if not (correct_user and correct_pass): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect credentials" ) return True
def check_credentials(credentials: HTTPBasicCredentials = Depends(security)): correct_username = compare_digest(credentials.username, API_USER) correct_password = compare_digest(credentials.password, API_PASS) if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect email or password", headers={"WWW-Authenticate": "Basic"}, ) return credentials
def authorize(credentials: HTTPBasicCredentials = Depends(security)) -> bool: correct_username = secrets.compare_digest(credentials.username, config.API_USERNAME) correct_password = secrets.compare_digest(credentials.password, config.API_PASSWORD) if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect credentials", headers={"WWW-Authenticate": "Basic"}, ) return True
def auth_container(credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, usr) correct_password = secrets.compare_digest(credentials.password, pwd) if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorized", headers={"Auth": "Adv"}, ) return credentials.username
def get_current_username(credentials: HTTPBasicCredentials = Depends(safety)): correct_username = secrets.compare_digest(credentials.username, "wilkrafal") correct_password = secrets.compare_digest(credentials.password, "password123") if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect email or password", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)): correct_userid = secrets.compare_digest(credentials.username, get_passwords(credentials.username)) correct_password = secrets.compare_digest(credentials.password, get_passwords(credentials.password)) if not (correct_userid and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect userid or password", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
def authorization(credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, "4dm1n") correct_password = secrets.compare_digest(credentials.password, "NotSoSecurePa$$") if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect email or password", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
def basic_auth(credentials: HTTPBasicCredentials = Depends(security)): correct_username = compare_digest(credentials.username, token) correct_password = compare_digest(credentials.password, token) if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token", headers={"WWW-Authenticate": "Basic"}, ) return token
def check_credential(credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, USERNAME) correct_password = secrets.compare_digest(credentials.password, PASSWORD) if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect username or password", headers={"WWW-Authenticate": "Basic"}, ) return True
def valid(credentials: HTTPBasicCredentials = Depends(security)): username = secrets.compare_digest(credentials.username, "user") password = secrets.compare_digest(credentials.password, "password") if not (username and password): raise HTTPException( status_code=401, detail="Incorrect email or password", headers={"WWW-Authenticate": "Basic"}, ) return True
def to_auth(credentials: HTTPBasicCredentials = Depends(_security)) -> str: correct_username = secrets.compare_digest(credentials.username, _username or "") correct_password = secrets.compare_digest(credentials.password, _password or "") if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect email or password", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, "admin") correct_password = secrets.compare_digest(credentials.password, "12345") if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Неверный логин или пароль", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, config['DEFAULT']['username']) correct_password = secrets.compare_digest(credentials.password, config['DEFAULT']['password']) if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect email or password", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
def wrapper(credentials: HTTPBasicCredentials = Security(security)): if not ( secrets.compare_digest(credentials.username, username) and secrets.compare_digest(credentials.password, password) ): logger.warning("401 raised, returning: access denied.") raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Incorrect user name or password", )
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, "appy") correct_password = secrets.compare_digest(credentials.password, "appy") if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Infigon Industrial API : ERROR : Auth Failed", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
def get_current_user(response: Response, credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, "trudnY") correct_password = secrets.compare_digest(credentials.password, "PaC13Nt") if not (correct_username and correct_password): raise HTTPException( status_code=401, detail="Incorrect email or password") session_token = sha256(bytes(f"{credentials.username}{credentials.password}{app.secret_key}", encoding='utf8')).hexdigest() app.session_tokens.append(session_token) response.set_cookie(key="session_token", value=session_token) response.headers["Location"] = "/welcome" response.status_code = status.HTTP_302_FOUND
def validate_token(record, provided_token, stored_token, validator=default_validator): if record and secrets.compare_digest(provided_token, stored_token) and validator(): return record else: # still do a digest compare of equal sizes to resist timing attacks secrets.compare_digest(provided_token, "a" * len(provided_token)) return False
def verify_login_account( credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, "qa") correct_password = secrets.compare_digest(credentials.password, "123456") if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid Login Account!", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, config["main"]["admin-username"]) correct_password = secrets.compare_digest(credentials.password, config["main"]["admin-password"]) if not (correct_username and correct_password): print("ERROR: invalid logon details") raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Incorrect email or password", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
def authethicate(credentials: Optional[HTTPBasicCredentials] = Depends( app.security)): if not credentials: return False correct_username = secrets.compare_digest(credentials.username, "trudnY") correct_password = secrets.compare_digest(credentials.password, "PaC13Nt") if not (correct_username and correct_password): return False return True
def login_token(credentials: HTTPBasicCredentials = Depends(security)): correct_username = compare_digest(credentials.username, username) correct_password = compare_digest(credentials.password, password) if correct_username and correct_password: token_value = sha256(f"{username}{password}{app.token_secret_key}". encode()).hexdigest() if len(app.token) == 3: app.token.pop(0) app.token.append(token_value) return {"token": token_value} else: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
def get_current_username( credentials: HTTPBasicCredentials = Depends(security)): correct_username = secrets.compare_digest(credentials.username, "trudnY") correct_password = secrets.compare_digest(credentials.password, "PaC13Nt") if not (correct_username and correct_password): raise HTTPException(status_code=401, detail="Unauthorized") session_token = sha256( bytes(f"{credentials.username}{credentials.password}{app.secret_key}", encoding='utf8')).hexdigest() app.tokens_list.append(session_token) print(app.tokens_list) return session_token
async def post(self, request): """ POST to the Talos API :param request: aiohttp Request :return: Response object """ log.info("API POST") headers = request.headers # Verify token user_token = headers.get("token") username = headers.get("username") server_token = self.app["settings"]["tokens"].get(username, None) if user_token is None or server_token is None: return web.Response(text="Invalid Token/Unknown User", status=403) known = secrets.compare_digest(user_token, server_token) if not known: return web.Response(text="Invalid Token/Unknown User", status=403) # And finally we can do what the request is asking try: path = "_".join(request.path.split("/")[1:]) data = await request.json() return await self.dispatch(path, data) except json.JSONDecodeError: return web.Response(text="Malformed JSON in request", status=400)
async def validate(req, clientid, token): if not (await shared.redis.exists(f"users:{clientid}:validation_token")): logger.log(45, f"No validation token available for user {clientid} (IP: {req.ip})") raise Forbidden("No validation token available for this account") validation_token = await (shared.redis.get(f"users:{clientid}:validation_token")) if not compare_digest(token.encode(), validation_token): logger.log(45, f"Wrong validation token for user {clientid} (IP: {req.ip})") raise Forbidden("Wrong validation token") async with shared.postgres.transaction(): stmt = await shared.postgres.prepare("SELECT set_user_verified($1);") await stmt.fetch(clientid) return text("ok")
async def reset(req, clientid): if not (await shared.redis.exists(f"users:{clientid}:reset_token")): logger.log(45, f"No reset token available for user {clientid} (IP: {req.ip})") raise Forbidden("No reset token available for this account") reset_token = await (shared.redis.get(f"users:{clientid}:reset_token")) if not compare_digest(req.json["token"].encode(), reset_token): logger.log(45, f"Wrong reset token for user {clientid} (IP: {req.ip})") raise Forbidden("Wrong reset token") async with shared.postgres.transaction(): stmt = await shared.postgres.prepare("UPDATE tb_users SET password = $1 WHERE userid = $2") await stmt.fetch(bcrypt.hashpw(req.json["password"].encode(), bcrypt.gensalt()), clientid) return text("ok")
def check_user(user: User, password: str) -> bool: hashpass, salt = user_info[user].hashed_password target_hash_pass = hash_password(password, salt)[0] sleep(random.expovariate(10)) return secrets.compare_digest(hashpass, target_hash_pass)
def test_bool(self): # Test that compare_digest returns a bool. self.assertIsInstance(secrets.compare_digest("abc", "abc"), bool) self.assertIsInstance(secrets.compare_digest("abc", "xyz"), bool)