def test_equal(self):
# Test compare_digest functionality with equal (byte/text) strings.
for s in ("a", "bcd", "xyz123"):
a = s*100
b = s*100
self.assertTrue(secrets.compare_digest(a, b))
self.assertTrue(secrets.compare_digest(a.encode('utf-8'), b.encode('utf-8')))
def check_token(token: str, uuid: str):
if not redis.exists("revocation-" + uuid):
raise HTTPException(status_code=404)
if (not ADMIN_TOKEN or not secrets.compare_digest(token, ADMIN_TOKEN)) \
and not secrets.compare_digest(token, redis.get("revocation-" + uuid).decode()):
raise HTTPException(status_code=401,
detail="ID and token combination is invalid.")
def verify_auth(credentials: HTTPBasicCredentials = Depends(sec)):
correct_username = secrets.compare_digest(credentials.username, username)
correct_password = secrets.compare_digest(credentials.password, password)
if not (correct_password and correct_username):
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED,
detail="",
headers={"WWW-Authenticate": "Basic"})
return credentials.username
def check_usrnm_passwd(credentials):
correct_usrnm = secrets.compare_digest(credentials.username, correct_login)
correct_password = secrets.compare_digest(credentials.password, correct_passwd)
if not (correct_usrnm and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Unauthorised - incorrect login or password!",
headers={"WWW-Authenticate": "Basic"},
)
def _auth(headers):
if 'Authorization' not in headers:
return False
username, password = base64.standard_b64decode(
headers['Authorization'][6:]).decode("utf-8").split(":")
correct_username = secrets.compare_digest(username, "hoge")
correct_password = secrets.compare_digest(
password, str(datetime.datetime.now().minute))
return all([correct_username, correct_password])
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)) -> str:
correct_username = secrets.compare_digest(credentials.username, "moo")
correct_password = secrets.compare_digest(credentials.password, "haha")
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Moo haha",
)
return credentials.username
def test_unequal(self):
# Test compare_digest functionality with unequal (byte/text) strings.
self.assertFalse(secrets.compare_digest("abc", "abcd"))
self.assertFalse(secrets.compare_digest(b"abc", b"abcd"))
for s in ("x", "mn", "a1b2c3"):
a = s*100 + "q"
b = s*100 + "k"
self.assertFalse(secrets.compare_digest(a, b))
self.assertFalse(secrets.compare_digest(a.encode('utf-8'), b.encode('utf-8')))
def check_auth(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, app.login)
correct_password = secrets.compare_digest(credentials.password, app.password)
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect login or password",
headers={"WWW-Authenticate": "Basic"},
)
def test_unequal(self):
# Test compare_digest functionality with unequal (byte/text) strings.
self.assertFalse(secrets.compare_digest("abc", "abcd"))
self.assertFalse(secrets.compare_digest(b"abc", b"abcd"))
for s in ("x", "mn", "a1b2c3"):
a = s*100 + "q"
b = s*100 + "k"
self.assertFalse(secrets.compare_digest(a, b))
self.assertFalse(secrets.compare_digest(a.encode('utf-8'), b.encode('utf-8')))
def test_unequal(self):
self.assertFalse(secrets.compare_digest('abc', 'abcd'))
self.assertFalse(secrets.compare_digest(b'abc', b'abcd'))
for s in ('x', 'mn', 'a1b2c3'):
a = s * 100 + 'q'
b = s * 100 + 'k'
self.assertFalse(secrets.compare_digest(a, b))
self.assertFalse(
secrets.compare_digest(a.encode('utf-8'), b.encode('utf-8')))
def auth_basic_auth(credentials: HTTPBasicCredentials = Depends(HTTPBasic())):
correct_user = secrets.compare_digest(credentials.username, app.username)
correct_pass = secrets.compare_digest(credentials.password, app.password)
if not (correct_user and correct_pass):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect credentials"
)
return True
def check_credentials(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = compare_digest(credentials.username, API_USER)
correct_password = compare_digest(credentials.password, API_PASS)
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password",
headers={"WWW-Authenticate": "Basic"},
)
return credentials
def authorize(credentials: HTTPBasicCredentials = Depends(security)) -> bool:
correct_username = secrets.compare_digest(credentials.username, config.API_USERNAME)
correct_password = secrets.compare_digest(credentials.password, config.API_PASSWORD)
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect credentials",
headers={"WWW-Authenticate": "Basic"},
)
return True
def auth_container(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, usr)
correct_password = secrets.compare_digest(credentials.password, pwd)
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Unauthorized",
headers={"Auth": "Adv"},
)
return credentials.username
def get_current_username(credentials: HTTPBasicCredentials = Depends(safety)):
correct_username = secrets.compare_digest(credentials.username, "wilkrafal")
correct_password = secrets.compare_digest(credentials.password, "password123")
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password",
headers={"WWW-Authenticate": "Basic"},
)
return credentials.username
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)):
correct_userid = secrets.compare_digest(credentials.username, get_passwords(credentials.username))
correct_password = secrets.compare_digest(credentials.password, get_passwords(credentials.password))
if not (correct_userid and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect userid or password",
headers={"WWW-Authenticate": "Basic"},
)
return credentials.username
def authorization(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, "4dm1n")
correct_password = secrets.compare_digest(credentials.password, "NotSoSecurePa$$")
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password",
headers={"WWW-Authenticate": "Basic"},
)
return credentials.username
def basic_auth(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = compare_digest(credentials.username, token)
correct_password = compare_digest(credentials.password, token)
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token",
headers={"WWW-Authenticate": "Basic"},
)
return token
def check_credential(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, USERNAME)
correct_password = secrets.compare_digest(credentials.password, PASSWORD)
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Basic"},
)
return True
def valid(credentials: HTTPBasicCredentials = Depends(security)):
username = secrets.compare_digest(credentials.username, "user")
password = secrets.compare_digest(credentials.password, "password")
if not (username and password):
raise HTTPException(
status_code=401,
detail="Incorrect email or password",
headers={"WWW-Authenticate": "Basic"},
)
return True
def to_auth(credentials: HTTPBasicCredentials = Depends(_security)) -> str:
correct_username = secrets.compare_digest(credentials.username, _username or "")
correct_password = secrets.compare_digest(credentials.password, _password or "")
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password",
headers={"WWW-Authenticate": "Basic"},
)
return credentials.username
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, "admin")
correct_password = secrets.compare_digest(credentials.password, "12345")
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Неверный логин или пароль",
headers={"WWW-Authenticate": "Basic"},
)
return credentials.username
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, config['DEFAULT']['username'])
correct_password = secrets.compare_digest(credentials.password, config['DEFAULT']['password'])
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password",
headers={"WWW-Authenticate": "Basic"},
)
return credentials.username
def wrapper(credentials: HTTPBasicCredentials = Security(security)):
if not (
secrets.compare_digest(credentials.username, username)
and secrets.compare_digest(credentials.password, password)
):
logger.warning("401 raised, returning: access denied.")
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Incorrect user name or password",
)
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, "appy")
correct_password = secrets.compare_digest(credentials.password, "appy")
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Infigon Industrial API : ERROR : Auth Failed",
headers={"WWW-Authenticate": "Basic"},
)
return credentials.username
def get_current_user(response: Response, credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, "trudnY")
correct_password = secrets.compare_digest(credentials.password, "PaC13Nt")
if not (correct_username and correct_password):
raise HTTPException(
status_code=401, detail="Incorrect email or password")
session_token = sha256(bytes(f"{credentials.username}{credentials.password}{app.secret_key}", encoding='utf8')).hexdigest()
app.session_tokens.append(session_token)
response.set_cookie(key="session_token", value=session_token)
response.headers["Location"] = "/welcome"
response.status_code = status.HTTP_302_FOUND
def validate_token(record,
provided_token,
stored_token,
validator=default_validator):
if record and secrets.compare_digest(provided_token,
stored_token) and validator():
return record
else:
# still do a digest compare of equal sizes to resist timing attacks
secrets.compare_digest(provided_token, "a" * len(provided_token))
return False
def verify_login_account(
credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, "qa")
correct_password = secrets.compare_digest(credentials.password, "123456")
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid Login Account!",
headers={"WWW-Authenticate": "Basic"},
)
return credentials.username
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, config["main"]["admin-username"])
correct_password = secrets.compare_digest(credentials.password, config["main"]["admin-password"])
if not (correct_username and correct_password):
print("ERROR: invalid logon details")
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password",
headers={"WWW-Authenticate": "Basic"},
)
return credentials.username
def authethicate(credentials: Optional[HTTPBasicCredentials] = Depends(
app.security)):
if not credentials:
return False
correct_username = secrets.compare_digest(credentials.username, "trudnY")
correct_password = secrets.compare_digest(credentials.password, "PaC13Nt")
if not (correct_username and correct_password):
return False
return True
def login_token(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = compare_digest(credentials.username, username)
correct_password = compare_digest(credentials.password, password)
if correct_username and correct_password:
token_value = sha256(f"{username}{password}{app.token_secret_key}".
encode()).hexdigest()
if len(app.token) == 3:
app.token.pop(0)
app.token.append(token_value)
return {"token": token_value}
else:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
def get_current_username(
credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, "trudnY")
correct_password = secrets.compare_digest(credentials.password, "PaC13Nt")
if not (correct_username and correct_password):
raise HTTPException(status_code=401, detail="Unauthorized")
session_token = sha256(
bytes(f"{credentials.username}{credentials.password}{app.secret_key}",
encoding='utf8')).hexdigest()
app.tokens_list.append(session_token)
print(app.tokens_list)
return session_token
async def post(self, request):
"""
POST to the Talos API
:param request: aiohttp Request
:return: Response object
"""
log.info("API POST")
headers = request.headers
# Verify token
user_token = headers.get("token")
username = headers.get("username")
server_token = self.app["settings"]["tokens"].get(username, None)
if user_token is None or server_token is None:
return web.Response(text="Invalid Token/Unknown User", status=403)
known = secrets.compare_digest(user_token, server_token)
if not known:
return web.Response(text="Invalid Token/Unknown User", status=403)
# And finally we can do what the request is asking
try:
path = "_".join(request.path.split("/")[1:])
data = await request.json()
return await self.dispatch(path, data)
except json.JSONDecodeError:
return web.Response(text="Malformed JSON in request", status=400)
async def validate(req, clientid, token):
if not (await shared.redis.exists(f"users:{clientid}:validation_token")):
logger.log(45, f"No validation token available for user {clientid} (IP: {req.ip})")
raise Forbidden("No validation token available for this account")
validation_token = await (shared.redis.get(f"users:{clientid}:validation_token"))
if not compare_digest(token.encode(), validation_token):
logger.log(45, f"Wrong validation token for user {clientid} (IP: {req.ip})")
raise Forbidden("Wrong validation token")
async with shared.postgres.transaction():
stmt = await shared.postgres.prepare("SELECT set_user_verified($1);")
await stmt.fetch(clientid)
return text("ok")
async def reset(req, clientid):
if not (await shared.redis.exists(f"users:{clientid}:reset_token")):
logger.log(45, f"No reset token available for user {clientid} (IP: {req.ip})")
raise Forbidden("No reset token available for this account")
reset_token = await (shared.redis.get(f"users:{clientid}:reset_token"))
if not compare_digest(req.json["token"].encode(), reset_token):
logger.log(45, f"Wrong reset token for user {clientid} (IP: {req.ip})")
raise Forbidden("Wrong reset token")
async with shared.postgres.transaction():
stmt = await shared.postgres.prepare("UPDATE tb_users SET password = $1 WHERE userid = $2")
await stmt.fetch(bcrypt.hashpw(req.json["password"].encode(), bcrypt.gensalt()), clientid)
return text("ok")
def check_user(user: User, password: str) -> bool:
hashpass, salt = user_info[user].hashed_password
target_hash_pass = hash_password(password, salt)[0]
sleep(random.expovariate(10))
return secrets.compare_digest(hashpass, target_hash_pass)
def test_bool(self):
# Test that compare_digest returns a bool.
self.assertIsInstance(secrets.compare_digest("abc", "abc"), bool)
self.assertIsInstance(secrets.compare_digest("abc", "xyz"), bool)
