示例#1
0
    def check_csrf(self):
        """
        Get a CSRF token from CGI request headers and validate it. If validation
        fails, render an error and exit early.

        In our current JSONRPC style, we can send custom headers, so we look for the
        CSRF token in a header. We may switch to a form-submission-based approach,
        in which case we would need to update this code to look for a CSRF token in
        the POST parameters.
        """
        if (self.HTTP_X_CSRF_TOKEN in os.environ and
                self.is_csrf_token(os.environ[self.HTTP_X_CSRF_TOKEN])):
            pass
        else:
            common.render_error('Invalid CSRF token.')
示例#2
0
    def check_csrf(self):
        """
        Get a CSRF token from CGI request headers and validate it. If validation
        fails, render an error and exit early.

        In our current JSONRPC style, we can send custom headers, so we look for the
        CSRF token in a header. We may switch to a form-submission-based approach,
        in which case we would need to update this code to look for a CSRF token in
        the POST parameters.
        """
        if (self.HTTP_X_CSRF_TOKEN in os.environ
                and self.is_csrf_token(os.environ[self.HTTP_X_CSRF_TOKEN])):
            pass
        else:
            common.render_error('Invalid CSRF token.')
示例#3
0
 def is_password(self, candidate):
     """
     Returns true iff the candidate password equals the stored one.
     """
     if self.rate_limit_remaining() > 0:
         with open(self.password_filename, 'r') as f:
             hashed = f.read().strip()
         if hashed == pbkdf2.crypt(candidate, unicode(hashed)):
             return True
         else:
             # Increment rate limit on failures.
             self.increment_rate_limit()
             return False
     else:
         common.render_error('Too many failed login attempts. Try again tomorrow.')
示例#4
0
 def is_password(self, candidate):
     """
     Returns true iff the candidate password equals the stored one.
     """
     if self.rate_limit_remaining() > 0:
         with open(self.password_filename, 'r') as f:
             hashed = f.read().strip()
         if hashed == pbkdf2.crypt(candidate, unicode(hashed)):
             return True
         else:
             # Increment rate limit on failures.
             self.increment_rate_limit()
             return False
     else:
         common.render_error(
             'Too many failed login attempts. Try again tomorrow.')