def _IsXsrfTokenWellFormedAndNotExpired(user_email, action_id, xsrf_token):
"""Determine if the submitted xsrf token is well-formed and has not expired.
By well-formed, we mean if the the submitted xsrf token can be decoded and
will match the generated xsrf token using the same criteria (i.e. check
forgery).
The xsrfutil validate_token() method enforces a default token timeout of
1 hour (60 seconds).
Args:
user_email: String email address of the form [email protected].
action_id: String identifier of the action for which authorization
is requested.
xsrf_token: A string of the xsrf token.
Returns:
A boolean, True if the token is well-formed and has not expired.
Otherwise, False.
"""
is_xsrf_token_well_formed_and_not_expired = xsrfutil.validate_token(
key=appengine.xsrf_secret_key(),
token=xsrf_token,
user_id=user_email,
action_id=action_id)
_LOG.debug('Is xsrf token well-formed and not expired for %s: %s',
user_email, is_xsrf_token_well_formed_and_not_expired)
return is_xsrf_token_well_formed_and_not_expired
def _IsXsrfTokenWellFormedAndNotExpired(user_email, action_id, xsrf_token):
"""Determine if the submitted xsrf token is well-formed and has not expired.
By well-formed, we mean if the the submitted xsrf token can be decoded and
will match the generated xsrf token using the same criteria (i.e. check
forgery).
The xsrfutil validate_token() method enforces a default token timeout of
1 hour (60 seconds).
Args:
user_email: String email address of the form [email protected].
action_id: String identifier of the action for which authorization
is requested.
xsrf_token: A string of the xsrf token.
Returns:
A boolean, True if the token is well-formed and has not expired.
Otherwise, False.
"""
is_xsrf_token_well_formed_and_not_expired = xsrfutil.validate_token(
key=appengine.xsrf_secret_key(), token=xsrf_token,
user_id=user_email, action_id=action_id)
_LOG.debug('Is xsrf token well-formed and not expired for %s: %s',
user_email, is_xsrf_token_well_formed_and_not_expired)
return is_xsrf_token_well_formed_and_not_expired
def test_build_and_parse_state(self):
secret = appengine.xsrf_secret_key()
# Secret shouldn't change from call to call.
secret2 = appengine.xsrf_secret_key()
self.assertEqual(secret, secret2)
# Secret shouldn't change if memcache goes away.
memcache.delete(appengine.XSRF_MEMCACHE_ID, namespace=appengine.OAUTH2CLIENT_NAMESPACE)
secret3 = appengine.xsrf_secret_key()
self.assertEqual(secret2, secret3)
# Secret should change if both memcache and the model goes away.
memcache.delete(appengine.XSRF_MEMCACHE_ID, namespace=appengine.OAUTH2CLIENT_NAMESPACE)
model = appengine.SiteXsrfSecretKey.get_or_insert("site")
model.delete()
secret4 = appengine.xsrf_secret_key()
self.assertNotEqual(secret3, secret4)
def test_build_and_parse_state(self):
secret = appengine.xsrf_secret_key()
# Secret shouldn't change from call to call.
secret2 = appengine.xsrf_secret_key()
self.assertEqual(secret, secret2)
# Secret shouldn't change if memcache goes away.
memcache.delete(appengine.XSRF_MEMCACHE_ID,
namespace=appengine.OAUTH2CLIENT_NAMESPACE)
secret3 = appengine.xsrf_secret_key()
self.assertEqual(secret2, secret3)
# Secret should change if both memcache and the model goes away.
memcache.delete(appengine.XSRF_MEMCACHE_ID,
namespace=appengine.OAUTH2CLIENT_NAMESPACE)
model = appengine.SiteXsrfSecretKey.get_or_insert('site')
model.delete()
secret4 = appengine.xsrf_secret_key()
self.assertNotEqual(secret3, secret4)
def validate_return_url(state, session_id):
token, return_url = state.split(_sep, 1)
if not xsrfutil.validate_token(
xsrf_secret_key(),
token,
session_id,
action_id=str(return_url)
):
raise InvalidXsrfTokenError()
return return_url
def GenerateXsrfToken(self, current_user):
"""Generate a xsrf token.
Args:
current_user: Appengine user object of the current user.
Returns:
A string of the xsrf token.
"""
_LOG.info('Generating xsrf token for %s.', current_user.nickname())
xsrf_token = xsrfutil.generate_token(appengine.xsrf_secret_key(),
current_user.user_id())
_LOG.debug('Successfully generated xsrf token for %s.',
current_user.nickname())
return xsrf_token
def GenerateXsrfToken(self, current_user):
"""Generate a xsrf token.
Args:
current_user: Appengine user object of the current user.
Returns:
A string of the xsrf token.
"""
_LOG.info('Generating xsrf token for %s.', current_user.nickname())
xsrf_token = xsrfutil.generate_token(appengine.xsrf_secret_key(),
current_user.user_id())
_LOG.debug('Successfully generated xsrf token for %s.',
current_user.nickname())
return xsrf_token
def GenerateXsrfToken(user_email, action_id):
"""Generate a xsrf token.
Args:
user_email: String email address of the form [email protected].
action_id: String identifier of the action for which authorization
is requested.
Returns:
A string of the xsrf token.
"""
_LOG.info('Generating xsrf token for %s.', user_email)
xsrf_token = xsrfutil.generate_token(key=appengine.xsrf_secret_key(),
user_id=user_email,
action_id=action_id)
_LOG.debug('Successfully generated xsrf token for %s.', user_email)
return xsrf_token
def GenerateXsrfToken(user_email, action_id):
"""Generate a xsrf token.
Args:
user_email: String email address of the form [email protected].
action_id: String identifier of the action for which authorization
is requested.
Returns:
A string of the xsrf token.
"""
_LOG.info('Generating xsrf token for %s.', user_email)
xsrf_token = xsrfutil.generate_token(key=appengine.xsrf_secret_key(),
user_id=user_email,
action_id=action_id)
_LOG.debug('Successfully generated xsrf token for %s.', user_email)
return xsrf_token
def _IsXsrfTokenWellFormedAndNotExpired(self, current_user, xsrf_token):
"""Determine if the submitted xsrf token is well-formed and has not expired.
By well-formed, we mean if the the submitted xsrf token can be decoded and
will match the generated xsrf token using the same criteria (i.e. check
forgery).
Args:
current_user: Appengine user object of the current user.
xsrf_token: A string of the xsrf token.
Returns:
A boolean, true if the token is well-formed and has not expired.
Otherwise, false.
"""
is_xsrf_token_well_formed_and_not_expired = xsrfutil.validate_token(
appengine.xsrf_secret_key(), xsrf_token, current_user.user_id())
_LOG.debug('Is xsrf token well-formed and not expired for %s: %s',
current_user.nickname(),
is_xsrf_token_well_formed_and_not_expired)
return is_xsrf_token_well_formed_and_not_expired
def _IsXsrfTokenWellFormedAndNotExpired(self, current_user, xsrf_token):
"""Determine if the submitted xsrf token is well-formed and has not expired.
By well-formed, we mean if the the submitted xsrf token can be decoded and
will match the generated xsrf token using the same criteria (i.e. check
forgery).
Args:
current_user: Appengine user object of the current user.
xsrf_token: A string of the xsrf token.
Returns:
A boolean, true if the token is well-formed and has not expired.
Otherwise, false.
"""
is_xsrf_token_well_formed_and_not_expired = xsrfutil.validate_token(
appengine.xsrf_secret_key(), xsrf_token, current_user.user_id())
_LOG.debug('Is xsrf token well-formed and not expired for %s: %s',
current_user.nickname(),
is_xsrf_token_well_formed_and_not_expired)
return is_xsrf_token_well_formed_and_not_expired
def regenerate_csrf_token(self):
session_cookie = self.request.cookies.get('session')
token = xsrfutil.generate_token(xsrf_secret_key(), session_cookie)
self.session['csrf_token'] = token
return token
def regenerate_csrf_token(self):
session_cookie = self.request.cookies.get('session')
token = xsrfutil.generate_token(xsrf_secret_key(), session_cookie)
self.session['csrf_token'] = token
return token
def sign_return_url(return_url, session_id):
token = xsrfutil.generate_token(
xsrf_secret_key(), session_id, action_id=str(return_url)
)
return _sep.join((token, return_url,))