def generate_recovery_token(self): key = random_string(64, "abcdefghijklmnopqrstuvwxyz0123456789") msg = str(int(time.time())) h = hmac_new(key, msg).hexdigest() self.recoverpass_key = key self.save() return msg + '-' + h
def key(request, wikiname=None, itemname=None, attachname=None, content=None, secret=None): """ Calculate a (hard-to-guess) cache key. Important key properties: * The key must be hard to guess (this is because do=get does no ACL checks, so whoever got the key [e.g. from html rendering of an ACL protected wiki page], will be able to see the cached content. * The key must change if the (original) content changes. This is because ACLs on some item may change and even if somebody was allowed to see some revision of some item, it does not implicate that he is allowed to see any other revision also. There will be no harm if he can see exactly the same content again, but there could be harm if he could access a revision with different content. If content is supplied, we will calculate and return a hMAC of the content. If wikiname, itemname, attachname is given, we don't touch the content (nor do we read it ourselves from the attachment file), but we just calculate a key from the given metadata values and some metadata we get from the filesystem. Hint: if you need multiple cache objects for the same source content (e.g. thumbnails of different sizes for the same image), calculate the key only once and then add some different prefixes to it to get the final cache keys. @param request: the request object @param wikiname: the name of the wiki (if not given, will be read from cfg) @param itemname: the name of the page @param attachname: the filename of the attachment @param content: content data as unicode object (e.g. for page content or parser section content) @param secret: secret for hMAC calculation (default: use secret from cfg) """ if secret is None: secret = request.cfg.secrets['action/cache'] if content: hmac_data = content elif itemname is not None and attachname is not None: wikiname = wikiname or request.cfg.interwikiname or request.cfg.siteid fuid = filesys.fuid( AttachFile.getFilename(request, itemname, attachname)) hmac_data = u''.join([wikiname, itemname, attachname, repr(fuid)]) else: raise AssertionError('cache_key called with unsupported parameters') hmac_data = hmac_data.encode('utf-8') key = hmac_new(secret, hmac_data).hexdigest() return key
def key(request, wikiname=None, itemname=None, attachname=None, content=None, secret=None): """ Calculate a (hard-to-guess) cache key. Important key properties: * The key must be hard to guess (this is because do=get does no ACL checks, so whoever got the key [e.g. from html rendering of an ACL protected wiki page], will be able to see the cached content. * The key must change if the (original) content changes. This is because ACLs on some item may change and even if somebody was allowed to see some revision of some item, it does not implicate that he is allowed to see any other revision also. There will be no harm if he can see exactly the same content again, but there could be harm if he could access a revision with different content. If content is supplied, we will calculate and return a hMAC of the content. If wikiname, itemname, attachname is given, we don't touch the content (nor do we read it ourselves from the attachment file), but we just calculate a key from the given metadata values and some metadata we get from the filesystem. Hint: if you need multiple cache objects for the same source content (e.g. thumbnails of different sizes for the same image), calculate the key only once and then add some different prefixes to it to get the final cache keys. @param request: the request object @param wikiname: the name of the wiki (if not given, will be read from cfg) @param itemname: the name of the page @param attachname: the filename of the attachment @param content: content data as unicode object (e.g. for page content or parser section content) @param secret: secret for hMAC calculation (default: use secret from cfg) """ if secret is None: secret = request.cfg.secrets["action/cache"] if content: hmac_data = content elif itemname is not None and attachname is not None: wikiname = wikiname or request.cfg.interwikiname or request.cfg.siteid fuid = filesys.fuid(AttachFile.getFilename(request, itemname, attachname)) hmac_data = u"".join([wikiname, itemname, attachname, repr(fuid)]) else: raise AssertionError("cache_key called with unsupported parameters") hmac_data = hmac_data.encode("utf-8") key = hmac_new(secret, hmac_data).hexdigest() return key
def apply_recovery_token(self, tok, newpass): parts = tok.split('-') if len(parts) != 2: return False try: stamp = int(parts[0]) except ValueError: return False # only allow it to be valid for twelve hours if stamp + 12*60*60 < time.time(): return False # check hmac # key must be of type string h = hmac_new(str(self.recoverpass_key), str(stamp)).hexdigest() if not safe_str_equal(h, parts[1]): return False self.recoverpass_key = "" self.enc_password = encodePassword(self._cfg, newpass) self.save() return True
def apply_recovery_token(self, tok, newpass): parts = tok.split('-') if len(parts) != 2: return False try: stamp = int(parts[0]) except ValueError: return False # only allow it to be valid for twelve hours if stamp + 12 * 60 * 60 < time.time(): return False # check hmac # key must be of type string h = hmac_new(str(self.recoverpass_key), str(stamp)).hexdigest() if h != parts[1]: return False self.recoverpass_key = "" self.enc_password = encodePassword(newpass) self.save() return True
def apply_recovery_token(self, tok, newpass): parts = tok.split('-') if len(parts) != 2: return False try: stamp = int(parts[0]) except ValueError: return False lifetime = self._request.cfg.recovery_token_lifetime * 3600 if time.time() > stamp + lifetime: return False # check hmac # key must be of type string h = hmac_new(str(self.recoverpass_key), str(stamp)).hexdigest() if not safe_str_equal(h, parts[1]): return False self.recoverpass_key = "" self.enc_password = encodePassword(self._cfg, newpass) self.save() return True
def apply_recovery_token(self, tok, newpass): key = self.recoverpass_key parts = tok.split('-') if len(parts) != 2: return False try: stamp = int(parts[0]) except ValueError: return False # only allow it to be valid for twelve hours if stamp + 12*60*60 < time.time(): return False # check hmac h = hmac_new(self.recoverpass_key, str(stamp)).hexdigest() if h != parts[1]: return False self.recoverpass_key = "" self.enc_password = encodePassword(newpass) self.save() return True
def _compute_signature(self, question, timestamp): signature = u"%s%d" % (question, timestamp) return hmac_new(self.secret, signature.encode('utf-8')).hexdigest()
def _compute_signature(self, question, timestamp): return hmac_new(self.secret, "%s%d" % (question, timestamp)).hexdigest()