def create_signature(cls, method, base, params, consumer_secret, token_secret=''): """ Returns HMAC-SHA1 signature as specified at: http://oauth.net/core/1.0a/#rfc.section.9.2 :param str method: HTTP method of the request to be signed. :param str base: Base URL of the request without query string an fragment. :param dict params: Dictionary or list of tuples of the request parameters. :param str consumer_secret: :attr:`.core.Consumer.secret` :param str token_secret: Access token secret as specified in http://oauth.net/core/1.0a/#anchor3. :returns: The signature string. """ base_string = _create_base_string(method, base, params) key = cls._create_key(consumer_secret, token_secret) hashed = hmac.new(six.b(key), base_string.encode('utf-8'), hashlib.sha1) base64_encoded = binascii.b2a_base64(hashed.digest())[:-1] return base64_encoded
def csrf_generator(secret): """ Generates CSRF token. Inspired by this article: http://blog.ptsecurity.com/2012/10/random-number-security-in-python.html :returns: :class:`str` Random unguessable string. """ # Create hash from random string plus salt. hashed = hashlib.md5(uuid.uuid4().bytes + six.b(secret)).hexdigest() # Each time return random portion of the hash. span = 5 shift = random.randint(0, span) return hashed[shift:shift - span - 1]
def _authorization_header(cls, credentials): """ Creates authorization headers if the provider supports it. See: http://en.wikipedia.org/wiki/Basic_access_authentication. :param credentials: :class:`.Credentials` :returns: Headers as :class:`dict`. """ if cls._x_use_authorization_header: res = ':'.join((credentials.consumer_key, credentials.consumer_secret)) res = base64.b64encode(six.b(res)).decode() return {'Authorization': 'Basic {0}'.format(res)} else: return {}