def _hash(self, value): """ Creates an HMAC/SHA1 hash based on the value and the project setting's SECRET_KEY, modified to make it unique for the present purpose. """ key_salt = 'djangocg.contrib.messages' return salted_hmac(key_salt, value).hexdigest()
def generate_security_hash(self, content_type, object_pk, timestamp): """ Generate a HMAC security hash from the provided info. """ info = (content_type, object_pk, timestamp) key_salt = "djangocg.contrib.forms.CommentSecurityForm" value = "-".join(info) return salted_hmac(key_salt, value).hexdigest()
def form_hmac(form): """ Calculates a security hash for the given Form instance. """ data = [] for bf in form: # Get the value from the form data. If the form allows empty or hasn't # changed then don't call clean() to avoid trigger validation errors. if form.empty_permitted and not form.has_changed(): value = bf.data or '' else: value = bf.field.clean(bf.data) or '' if isinstance(value, six.string_types): value = value.strip() data.append((bf.name, value)) pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL) key_salt = 'djangocg.contrib.formtools' return salted_hmac(key_salt, pickled).hexdigest()
def _make_token_with_timestamp(self, user, timestamp): # timestamp is number of days since 2001-1-1. Converted to # base 36, this gives us a 3 digit string until about 2121 ts_b36 = int_to_base36(timestamp) # By hashing on the internal state of the user and using state # that is sure to change (the password salt will change as soon as # the password is set, at least for current Django auth, and # last_login will also change), we produce a hash that will be # invalid as soon as it is used. # We limit the hash to 20 chars to keep URL short key_salt = "djangocg.contrib.auth.tokens.PasswordResetTokenGenerator" # Ensure results are consistent across DB backends login_timestamp = user.last_login.replace(microsecond=0, tzinfo=None) value = (six.text_type(user.id) + user.password + six.text_type(login_timestamp) + six.text_type(timestamp)) hash = salted_hmac(key_salt, value).hexdigest()[::2] return "%s-%s" % (ts_b36, hash)
def _hash(self, value): key_salt = "djangocg.contrib.sessions" + self.__class__.__name__ return salted_hmac(key_salt, value).hexdigest()