def verify_auth_token(token): s = Serializer(app.config['SECRET_KEY']) try: data = s.loads(token) # just to make sure what is inside data # app.logger.info('The data inside token :' + str(data['id'])) except SignatureExpired: # this line below is not necessary et al # comment this line to avoid error: local variable 'data' referenced before assignment # Sess.query.filter_by(user_id=data['id']).first().logged_in = False db.session.commit() app.logger.info('TOKEN :: Token expired.') return None # valid token, but expired # logout stuck in here. dunno why except BadSignature: # comment this line to avoid error: local variable 'data' referenced before assignment # Sess.query.filter_by(user_id=data['id']).first().logged_in = False db.session.commit() app.logger.info('TOKEN :: Invalid token.') return None # invalid token if not Sess.query.filter_by(user_id=data['id']).first().logged_in: app.logger.info('TOKEN :: Not login yet') return None user = User.query.get(data['id']) return user
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return None return User.query.get(data['id'])
def verify_auth_token(token): s = Serializer('SECRET_KEY') try: data = s.loads(token) except: return None return User.objects(student_id=data['id']).first()
def decorated_function(*args, **kwargs): token = request.headers['token'] if token is None: abort(401) s = Serializer(current_app.config.get('SECRET_KEY')) try: s.loads(token) except SignatureExpired: abort(401) # valid token, but expired except BadSignature: abort(401) # invalid token # if redis_store.get(user_id) == token: # kwargs['user_id'] = user_id return f(*args, **kwargs)
def get_user_by_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return None return mongo.db.users.find_one(ObjectId(data['id']))
def confirm_uid_token(token): s = Serializer(current_app.config["CONVEY_UID_KEY"]) try: data = s.loads(token) except: return None return User.query.get(data["id"])
def confirm_auth_token(token): s = Serializer(current_app.config["SECRET_KEY"]) try: data = s.loads(token) except: return None return User.query.get(data["id"])
def generate_auth_token(self, expiration = 600): s = Serializer(secret_key, expires_in=expiration) print ("secret key = ", secret_key) print ("dumps = ", s.dumps({"id": self.id})) serializedData = s.dumps({"id": self.id}) print ("dumps = ", s.loads(serializedData)) return s.dumps({"id": self.id})
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) return User(data['username']) except: return None
def load_user_from_token(cls, token): """ Implements the token_loader method for Flask-Login :param token: The token sent in the user's request """ serializer = TimedJSONWebSignatureSerializer( current_app.secret_key, expires_in=current_app.token_validity_duration ) try: data = serializer.loads(token) except SignatureExpired: return None # valid token, but expired except BadSignature: return None # invalid token user = cls(data['id']) if user.password != data['password']: # The password has been changed by the user. So the token # should also be invalid. return None return user
def verify_auth_token(secret_key, token): serializer = Serializer(secret_key) try: data = serializer.loads(token) except (ValueError, SignatureExpired, BadSignature): return None return User.query.get(data['id'])
def load_token(token, key, secret_key=os.environ.get('SECRET_KEY')): s = Serializer(secret_key) try: data = s.loads(token) except: return None return data.get(key)
def change_user_email(self, token): """ 重置用户邮箱 :param token: 用于验证的 token :return: 成功返回 True,否则返回 False """ s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return False if data.get('reset_uid') != self.user_id: return False new_email = data.get('new_email') if new_email is None: return False if mongo.db.users.find_one({'email': new_email}): return False # 邮箱已存在 self.email = new_email self.avatar_hash = hashlib.md5(self.email.encode('utf-8')).hexdigest() mongo.db.users.update_one({ 'user_id': self.user_id }, { '$set': { 'avatar_hash': self.avatar_hash } }) return True
def get(self, request, token): """ :param request: :param token: token是用户携带的口令,唯一标识用户 :return: """ # 解析口令token,获取用户身份 # 构建序列化器 s = Serializer(settings.SECRET_KEY) try: data = s.loads(token) except SignatureExpired: # 表示token过期 return HttpResponse("链接已过期!") # 表示token未过期, user_id = data.get("confirm") # 查询用户的数据 try: user = User.objects.get(id=user_id) except User.DoesNotExist: # 用户不存在 return HttpResponse("用户不存在!") # 设置用户的激活状态 user.is_active = True user.save() # 返回处理结果 # return HttpResponse("进入到登录页面") return redirect(reverse("users:login"))
def verify_reset_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: user_id = s.loads(token)['user_id'] except: return None return User.query.get(user_id)
def confirm_token(token): s = Serializer(db.app.config['SECRET_KEY']) try: data = s.loads(token) except: return False return data.get('user_id')
def reset_user_password(token, new_password): """ 重置用户密码 :param token: 用于验证的 token :param new_password: 新密码 :return: 成功返回 True,否则返回 False """ s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return False user = User(email=data.get('email')) if not user or not user.user_id: return False if data.get('reset_uid') != user.user_id: return False user.raw_password = new_password mongo.db.users.update_one({ 'user_id': user.user_id }, { '$set': { 'password': user.password } }) return True
def parse_confirm_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return None return data.get('confirm')
def detokenize(token, field=None): s = Serializer(flask.current_app.config['SECRET_KEY']) try: item = s.loads(token) return item.get(field,None) if field else item except BadSignature: return None
def get_token_status(token, operation, return_data=False): """Returns the expired status, invalid status, the user and optionally the content of the JSON Web Signature token. :param token: A valid JSON Web Signature token. :param operation: The function of the token. :param return_data: If set to ``True``, it will also return the content of the token. """ s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY']) user, data = None, None expired, invalid = False, False try: data = s.loads(token) except SignatureExpired: expired = True except (BadSignature, TypeError, ValueError): invalid = True if data is not None: # check if the operation matches the one from the token if operation == data.get("op", None): user = User.query.filter_by(id=data.get('id')).first() else: invalid = True if return_data: return expired, invalid, user, data return expired, invalid, user
def verify_auth_token(token): serializer = Serializer(current_app.config['SECRET_KEY']) try: data = serializer.loads(token) except (SignatureExpired, BadSignature): return False return User.query.get_or_404(data['id'])
def tokenAuth(token): # token decoding s = Serializer( secret_key=app.config['SECRET_KEY'], salt=app.config['AUTH_SALT']) try: data = s.loads(token) # token decoding faild # if it happend a plenty of times, there might be someone # trying to attact your server, so it should be a warning. except SignatureExpired: msg = 'token expired' app.logger.warning(utils.logmsg(msg)) return [None, None, msg] except BadSignature, e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: # the token is tampered. msg = 'token tampered' app.logger.warning(utils.logmsg(msg)) return [None, None, msg] msg = 'badSignature of token' app.logger.warning(utils.logmsg(msg)) return [None, None, msg]
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return None return App.query.filter_by(appid=data['appid']).first()
def get_token_id(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return None return data.get('token_id')
def verify_token(username, token): """ Verify validity of token """ s = TimedJWSSerializer(app.config['SECRET_KEY']) try: ut.pretty_print("Trying to load the token") data = s.loads(token) except SignatureExpired: ut.pretty_print("ERROR: Expired Token") return False except BadSignature: ut.pretty_print("ERROR: Invalid Token") return False else: ut.pretty_print("Token successfully loaded") stored = db.sessions.find_one( filter={'username': data['username']}, sort=[('_id', -1)]) if not stored: return False result = json_util.loads(json_util.dumps(stored)) return pwd_context.verify( data['password'], result['password_hash']) and data['username'] == username
def check_verify_email_token(token): """ 验证token并提取user :param token: 用户信息签名后的结果 :return: user, None """ # 调用 itsdangerous 类,生成对象 # 邮件验证链接有效期:一天 serializer = TimedJSONWebSignatureSerializer(settings.SECRET_KEY, expires_in=60 * 60 * 24) try: # 解析传入的 token 值, 获取数据 data data = serializer.loads(token) except BadData: # 如果传入的 token 中没有值, 则报错 return None else: # 如果有值, 则获取 user_id = data.get('user_id') email = data.get('email') # 获取到值之后, 尝试从 User 表中获取对应的用户 try: user = User.objects.get(id=user_id, email=email) except User.DoesNotExist: # 如果用户不存在, 则返回 None return None else: # 如果存在则直接返回 return user
class TokenAuthenticator(AbstractAuthenticationProvider): def __init__(self, secret_key, expires_in_seconds=600): self._secret_key = secret_key self._serializer = TimedJSONWebSignatureSerializer(self._secret_key, expires_in_seconds) def generate_auth_token(self): return self._serializer.dumps( {USERNAME_FIELD: rest_security.get_username()}) def authenticate(self, userstore): try: open_token = self._serializer.loads(_retrieve_token_from_request()) except SignatureExpired: raise Exception('token expired') except BadSignature: raise Exception('invalid token') username = open_token.get(USERNAME_FIELD) if not username: raise Exception('username not found in token') user = userstore.get_user(username) if not user: raise Exception('failed to authenticate user "{0}", user not found' .format(username)) return user['username']
def verify_token(token): s = TimedSigSerializer(SECRET_KEY) try: data = s.loads(token) except (SignatureExpired, BadSignature): return None return data
def verify_token(token): s = TimedJSONWebSignatureSerializer('keyconfidential') try: data = s.loads(token) except: return None return data
def verify_token(token): s = Serializer(app.config['SECRET_KEY']) try: data = s.loads(token) except (BadSignature, SignatureExpired): return None return data
def change_email(self, token): """Verify the new email for this user.""" s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except (BadSignature, SignatureExpired): return False if data.get('change_email') != self.id: return False new_email = data.get('new_email') if new_email is None: return False if self.query.filter_by(email=new_email).first() is not None: return False self.email = new_email db.session.add(self) db.session.commit() return True
def get_token_info(): """解析「令牌」""" form = TokenValidator().validate_for_api() s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(form.token.data, return_header=True) except SignatureExpired: raise AuthFailed(msg='token is expired', error_code=1003) except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) r = { 'scope': data[0]['scope'], 'uid': data[0]['uid'], 'create_at': data[1]['iat'], # 创建时间 'expire_in': data[1]['exp'] # 有效期 } return Success(data=r)
def reset_password(token, new_password): """ 重置密码 :param token: :param new_password: :return: """ s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token.encode('utf-8')) except: return False user = User.query.get(data.get('reset')) if user is None: return False user.password = new_password db.session.add(user) return True
def verify_auth_token(token): """ Try to load token, success return user id false return None :param token: :return mix: """ s = Serializer(secret_key) try: data = s.loads(token) except SignatureExpired: # Valid Token, but expired return None except BadSignature: # Invalid Token return None uid = data['uid'] return uid
def confirm(self, token): """ 检验令牌和检查令牌中id和已登录用户id是否匹配?如果检验通过,则把新添加的 confirmed 属 性设为 True """ s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return False if data.get('confirm') != self.id: return False self.confirmed = True db.session.add(self) db.session.commit() return True
def check_verify_email_token(token): '''校验邮箱''' serializer = TJWSSerializer( settings.SECRET_KEY, expires_in=constants.VERIFY_EMAIL_TOKEN_EXPIRES) try: data = serializer.loads(token) except BadData: return None else: user_id = data['user_id'] email = data['email'] try: user = User.objects.get(id=user_id, email=email) except User.DoesNotExist: return None else: return user
def generate_auth_token(self, expiration=None): """Generate new security token. Note: calling this automatically rewrites (== revokes) previous token. """ expires_in = expiration or current_app.config['API_TOKEN_LIFETIME'] s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'], expires_in=expires_in) self.token = s.dumps({'id': str(self.id)}) # time based signers in itsdangerous always return bytes, so we decode to store in DB # (there should be no harm done storing the token decoded) self.token = self.token.decode('utf-8') # we need to store the token expiration time since user may change it by revoking the token self.token_expires = s.get_issue_date(s.loads(self.token, return_header=True)[1]) + \ datetime.timedelta(seconds=expires_in) rdb.session.add(self) rdb.session.commit() return self.token, self.token_expires
def confirm(token, check): s = Serializer(Config.SECRET_KEY) try: data = s.loads(token) except: return False a = Users.query.get(data['confirm']) if a != None: if check == 0: if a.confirmed == False: a.confirmed = True db.session.add(a), db.session.commit() return a elif check == 1: if a.confirmed == True and a.confirmed_pass == False: return a return False
def check_email_verify_url(token): """ 对token进行解密,然后查询到用户 :param token: 要解密的用户数据 :return: user or None """ serializer = Serializer(settings.SECRET_KEY, 3600 * 24) try: data = serializer.loads(token) user_id = data.get('user_id') email = data.get('email') try: user = User.objects.get(id=user_id, email=email) return user except User.DoesNotExist: return None except BadData: return None
def validate(self): rv = Form.validate(self) if not rv: return False s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(self.token) user = Account.find_by_id(data.get('reset_id')) if not user: self.token.errors.append("The account this token is for was not found.") return False except (BadSignature, SignatureExpired): self.token.errors.append("This token is invalid or has expired.") return False return user
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token is expired', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] # request 视图函数 # endpoint 视图函数 allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() return User(uid, ac_type, scope)
def parse_token(token): s = Serializer(secret_key=SECRET_KEY, salt=AUTH_SALT) try: data = s.loads(token) return data.get('key'), data.get('code') except SignatureExpired: msg = 'token expired' return msg except BadSignature as e: encoded_payload = e.payload if encoded_payload is not None: try: s.load_payload(encoded_payload) except BadData: msg = 'token tampered' return msg msg = 'badSignature of token' return msg
def validate_token(token): '''Verifies that an access-token is valid and meant for this app. Returns None on fail, and an e-mail on success''' logger.debug('access_token is :%s', token) s = TimedJSONWebSignatureSerializer(globalS.dictDb['SECRET_KEY']) try: data = s.loads(token) logger.debug('data after decoding is :%s', data) except SignatureExpired: logger.warn('valid token, but expired') return '403' # valid token, but expired except BadSignature: logger.warn('invalid token') return None # invalid token return data['ID']
def verify_token(token, token_type="timed_token"): """Return the project id associated to the provided token, None if the provided token is expired or not valid. :param token: Serialized TimedJsonWebToken """ if token_type == "timed_token": serializer = TimedJSONWebSignatureSerializer( current_app.config["SECRET_KEY"]) else: serializer = URLSafeSerializer(current_app.config["SECRET_KEY"]) try: data = serializer.loads(token) except SignatureExpired: return None except BadSignature: return None return data["project_id"]
def get(self, request, token): '''进行用户激活''' serializer = Serializer(settings.SECRET_KEY, 3600) # print('6'*9) try: info = serializer.loads(token) # 获取用户id user_id = info['confirm'] # 根据用户id 获取该用户对象 user = User.objects.get(id=user_id) # 设置该用户对象中的is_active字段的值为1 user.is_active = 1 user.save() # 使用反向解析跳转到登录页 return redirect(reverse("login")) except SignatureExpired as e: # 出现异常表示链接失效 return HttpResponse("激活链接已过期")
def confirm_changemail(self, token): s = Serializer(current_app.config['SECRET_KEY'] + 'changemail') try: data = s.loads(token.encode('utf-8')) except: return False if self.id != data.get('confirm'): return False if data.get('new_email') is None: return False if User.query.filter_by( email=data.get('new_email')).first() is not None: return False self.email = data.get('new_email') self.avatar_hash = hashlib.md5( self.email.encode('utf-8')).hexdigest() or self.gravatar_hash() db.session.add(self) return True
def check_token(token): try: #生成token对象 s = Seralize(current_app.config['SECRET_KEY']) Dict = s.loads(token) #加载出字典 uid = Dict['id'] #获取用访问的id # 获取 访问过来人的对象 u = User.query.get(uid) if not u: raise ValueError except: return False #判断是否没有激活 没有激活 则激活 否则返回真 if not u.confirm: u.confirm = True db.session.add(u) return True
def get(self, request, token): """进行用户激活""" # 进行解密,获取用户信息 serializer = Serializer(settings.SECRET_KEY, 3600) try: info = serializer.loads(token) # 获取用户id user_id = info['confirm'] # 根据id获取用户信息 user = User.objects.get(id=user_id) user.is_active = 1 user.save() # 跳转到登录页面 return redirect(reverse('user:login')) except SignatureExpired as e: # 激活连接已过期 return HttpResponse('激活链接已过期,请重新发送')
def reset_password(token, new_password): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except Exception: return False try: user = User.objects.get(username=data.get('reset')) except Exception: return False user.password = new_password user.save() return True
def verify_auth_token(token): """ Verifies a token. If verificiation succeeds, the return value is the user_id of the user that obtained the token.""" serializer = Serializer(current_app.config['SECRET_KEY']) user_id = None try: data = serializer.loads(token) _, cur = get_db() cur.execute('SELECT id FROM users WHERE id = %s', (data["id"], )) user_id = cur.fetchone()[0] except (SignatureExpired, BadSignature): pass return user_id
def check_token(token): try: token = request.json.get("token") s = Serializer(Config.SECRET_KEY, TOKEN_EXPIRATION_TIME) data = s.loads(token.encode('utf-8')) user_id = data.get("user_id") openid = data.get("openid") user = MDuser.query.filter(MDuser.id == user_id, MDuser.wx_open_id == openid, MDuser.token == token).first() if not user: return False, None return True, user except Exception as e: return False, None
def check_activate_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) #解析token except BadSignature: flash('无效的token') return False except SignatureExpired: flash('token已失效') return False user = User.query.get(data.get('id')) if not user: flash('激活的账户不存在') return False if not user.confirmed: # 没有激活才需要激活 user.confirmed = True db.session.add(user) return True
def check_verify_email_token(token): """ 检查验证邮件的token """ serializer = TJWSSerializer(settings.SECRET_KEY, expires_in=300) try: data = serializer.loads(token) except BadData: return None else: email = data.get('email') user_id = data.get('user_id') try: user = User.objects.get(id=user_id, email=email) except User.DoesNotExist: return None else: return user
def verify_auth_token(token: str): """ Verifies the authentication token for the user. Parameters ---------- token : str Serialized authentication token provided to verify the user's identity Returns ------- User The User object corresponding to the provided authentication token """ s = Serializer(current_app.config['SECRET_KEY']) try: user_id = s.loads(token)['user_id'] except itsdangerous.BadSignature: return None return User.query.get(user_id)
def confirm(self, token): s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except NameError: return False if data.get('confirm') != self.id: return False self.confirmed = True self.active = True self.registration_date = datetime.utcnow() try: db.session.commit() return True except Exception as e: db.session.rollback() print(e) return False
def reset_password(self, token, new_password): """ :summary: 验证token并重设密码 :param token: :param new_password: :return: """ s = TimedJSONWebSignatureSerializer( secret_key=current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return False if data.get('reset_password') != self.id: return False self.password = new_password db.session.add(self) return True
def get(self, request, token): # 激活,加载秘钥和过期时间 serializer = Serializer(settings.SECRET_KEY, 3600) try: #解密 info = serializer.loads(token) #获取用户id user_id = info['id'] #激活用户 user = User.objects.get(id=user_id) user.is_active = 1 user.save() #跳转登陆页面 return redirect(reverse("user:login")) except SignatureExpired as e: # 激活链接已失效 # 实际开发:返回页面让你点击链接再发激活邮件 return redirect(reverse("user:send_agin"))
def change_email(self, token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token.encode('utf-8')) except Exception as e: print(e) return False if data.get('change_email') != self.id: return False new_email = data.get('new_email') if new_email is None: return False if self.query.filter_by(email=new_email).first() is not None: return False self.email = new_email self.avatar_hash = self.gravatar_hash() db.session.add(self) return True
def change_email(self, token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except: return False if data.get('change_email') != self.id: return False new_email = data.get('new_email') if new_email is None: return False if self.query.filter_by(email=new_email).first() is not None: return False self.email = new_email self.avatar_hash = hashlib.md5(self.email.encode('utf-8')).hexdigest() db.session.add(self) db.session.commit() return True
def get(self, request, token): serializer = Serializer(settings.SECRET_KEY, 3600 * 7) try: # 解密 info = serializer.loads(token) # 获取待激活用户id user_id = info['confirm'] # 激活用户 user = User.objects.get(id=user_id) user.is_active = 1 user.save() # 跳转页面 return redirect(reverse('user: login')) except SignatureExpired as e: # 激活链接失效 # 实际开发中,返回页面,再次点击链接发送激活邮件 return HttpResponse('激活链接已失效')