def _get_csrf_token(user=None, expires=None): user = user or flask.session.get('user', flask.request.remote_addr) expires = expires or int(time.time()) + 60 * 60 * 24 expires_bytes = struct.pack('<I', expires) msg = utils.to_bytes('%s:' % user) + expires_bytes key = utils.to_bytes(app.config.get('SECRET_KEY')) sig = hmac.new(key, msg, hashlib.sha256).digest() return expires_bytes + sig
def get_token(self, token_type='pwreset', expires=None): """Generate a user-specific token.""" expires = expires or int(time.time()) + 7200 # 2 hours token_plain = '%d:%d:%s:%s' % (self.uid, expires, token_type, self.pwhash) mac = hmac.new(utils.to_bytes(app.config.get('SECRET_KEY')), utils.to_bytes(token_plain), hashlib.sha1).digest() token = utils.to_bytes('%d:' % expires) + mac return base64.urlsafe_b64encode(token)
def get_token(self, token_type='pwreset', expires=None): """Generate a user-specific token.""" expires = expires or int(time.time()) + 7200 # 2 hours token_plain = '%d:%d:%s:%s' % ( self.uid, expires, token_type, self.pwhash) mac = hmac.new( utils.to_bytes(app.config.get('SECRET_KEY')), utils.to_bytes(token_plain), hashlib.sha1).digest() token = utils.to_bytes('%d:' % expires) + mac return base64.urlsafe_b64encode(token)
def new_loads(data, *args, **kwargs): try: prefix = utils.to_bytes(")]}',\n") if data.startswith(prefix): data = data[len(prefix):] return json.loads(data, *args, **kwargs) except Exception as exc: logging.exception('JSON monkeypatch failed: %s', exc)
def verify_token(self, token, token_type='pwreset'): """Verify a user-specific token.""" token = utils.to_bytes(token) try: decoded = base64.urlsafe_b64decode(token) expires, mac = decoded.split(b':', 1) except ValueError: raise errors.ValidationError('Invalid token.') if float(expires) < time.time(): raise errors.ValidationError('Expired token.') expected = self.get_token(token_type=token_type, expires=int(expires)) if not utils.compare_digest(expected, token): raise errors.ValidationError('Invalid token.') return True
def code(self): secret_key = (app.config.get('TEAM_SECRET_KEY') or app.config.get('SECRET_KEY')) return hmac.new(utils.to_bytes(secret_key), self.name.encode('utf-8')).hexdigest()[:12]
def _decode(buf): buf = utils.to_bytes(buf) return base64.b32decode(buf, casefold=True, map01='I')
def get_csrf_token(*args, **kwargs): """Returns a URL-safe base64 CSRF token.""" return base64.b64encode(utils.to_bytes(_get_csrf_token(*args, **kwargs)), b64_vals).decode('utf-8')
import base64 import binascii import flask import functools import hashlib import hmac import jinja2 import struct import time from scoreboard import main from scoreboard import utils app = main.get_app() b64_vals = utils.to_bytes('_-') def _get_csrf_token(user=None, expires=None): user = user or flask.session.get('user', flask.request.remote_addr) expires = expires or int(time.time()) + 60 * 60 * 24 expires_bytes = struct.pack('<I', expires) msg = utils.to_bytes('%s:' % user) + expires_bytes key = utils.to_bytes(app.config.get('SECRET_KEY')) sig = hmac.new(key, msg, hashlib.sha256).digest() return expires_bytes + sig def get_csrf_token(*args, **kwargs): """Returns a URL-safe base64 CSRF token.""" return base64.b64encode(utils.to_bytes(_get_csrf_token(*args, **kwargs)),