def test_secure_cookie_serializer(self): serializer = securecookie.SecureCookieSerializer(b"secret-key") serializer._get_timestamp = lambda: 1 value = ["a", "b", "c"] result = b"WyJhIiwiYiIsImMiXQ==|1|38" b"837d6af8ac1ded9292b83924fc8521ce76f47e" rv = serializer.serialize(b"foo", value) self.assertEqual(rv, result) rv = serializer.deserialize(b"foo", result) self.assertEqual(rv, value) # no value rv = serializer.deserialize(b"foo", None) self.assertEqual(rv, None) # not 3 parts rv = serializer.deserialize(b"foo", b"a|b") self.assertEqual(rv, None) # bad signature rv = serializer.deserialize(b"foo", result + b"foo") self.assertEqual(rv, None) # too old rv = serializer.deserialize(b"foo", result, max_age=-86400) self.assertEqual(rv, None) # not correctly encoded serializer2 = securecookie.SecureCookieSerializer(b"foo") serializer2._encode = lambda x: b"foo" result2 = serializer2.serialize(b"foo", value) rv2 = serializer2.deserialize(b"foo", result2) self.assertEqual(rv2, None)
def test_secure_cookie_serializer(self): serializer = securecookie.SecureCookieSerializer('secret-key') serializer._get_timestamp = lambda: 1 value = ['a', 'b', 'c'] result = 'WyJhIiwiYiIsImMiXQ==|1|38837d6af8ac1ded9292b83924fc8521ce76f47e' rv = serializer.serialize('foo', value) self.assertEqual(rv, result) rv = serializer.deserialize('foo', result) self.assertEqual(rv, value) # no value rv = serializer.deserialize('foo', None) self.assertEqual(rv, None) # not 3 parts rv = serializer.deserialize('foo', 'a|b') self.assertEqual(rv, None) # bad signature rv = serializer.deserialize('foo', result + 'foo') self.assertEqual(rv, None) # too old rv = serializer.deserialize('foo', result, max_age=-86400) self.assertEqual(rv, None) # not correctly encoded serializer2 = securecookie.SecureCookieSerializer('foo') serializer2._encode = lambda x: 'foo' result2 = serializer2.serialize('foo', value) rv2 = serializer2.deserialize('foo', result2) self.assertEqual(rv2, None)
def do_business(self, stop_on_error=False): super(RetrieveDct, self).do_business(stop_on_error) secret = self._find_secret.result serializer = securecookie.SecureCookieSerializer(str(secret)) data = serializer.deserialize(self.name, self.signed, self.max_age) if data: self.result = json.loads(data)
def do_business(self, stop_on_error=False): super(SignCmd, self).do_business(stop_on_error) secret = self.result if secret: value = json.dumps(self.dct) serializer = securecookie.SecureCookieSerializer(str(secret[0])) self.result = serializer.serialize(self.name, value) else: self.result = None
def do_business(self, stop_on_error=False): super(RetrieveCmd, self).do_business(stop_on_error) secrets = self.result if secrets: for s in secrets: serializer = securecookie.SecureCookieSerializer(str(s)) data = serializer.deserialize(self.name, self.signed, self.max_age) if data: self.result = json.loads(data) return self.result = None
def test_me(self): make_pr(124, ['human'], {'title': 'huge pr!'}) # no cookie: we get redirected resp = app.get('/pr') self.assertEqual(resp.status_code, 302) self.assertEqual(resp.location, 'http://localhost/github_auth/pr') # set the session cookie directly (easier than the full login flow) serializer = securecookie.SecureCookieSerializer( app.app.config['webapp2_extras.sessions']['secret_key']) cookie = serializer.serialize('session', {'user': '******'}) # we have a cookie now: we should get results for 'human' app.cookies['session'] = cookie resp = app.get('/pr', headers={'Cookie': 'session=%s' % cookie}) self.assertEqual(resp.status_code, 200) self.assertIn('huge pr!', resp)
def setUp(self): super(_TestBase, self).setUp() self.browser_api_key = 'browser_api_key_value' self.client_id = 'client_id_value' self.email = '*****@*****.**' self.host = 'localhost:80' self.photo_url = 'http://photo' self.provider_id = 'provider_id_value' self.old_users_service = users.UsersServiceManager.get() self.scheme = 'http' self.serializer = securecookie.SecureCookieSerializer('notasecret') self.server_api_key = 'server_api_key_value' self.service_account_email = '*****@*****.**' self.service_account_key = 'service_account_key_value' self.title = 'title_value' self.user_id = '1234' self.gitkit_user = gitkitclient.GitkitUser( email=self.email, photo_url=self.photo_url, provider_id=self.provider_id, user_id=self.user_id) self.admins = ['*****@*****.**', '*****@*****.**'] self.enabled = False self.config_yaml = { gitkit._CONFIG_YAML_ADMINS_NAME: self.admins, gitkit._CONFIG_YAML_ENABLED_NAME: self.enabled, } self.properties = self._get_properties( self.browser_api_key, self.client_id, self.server_api_key, self.service_account_email, self.service_account_key, self.title, ) users.UsersServiceManager.set(gitkit.UsersService)
def serializer(self): # Serializer and deserializer for signed cookies. return securecookie.SecureCookieSerializer(self.config['secret_key'])
def channel_send(data): body = '' if 'body' in data: body = data['body'] extra = { 'action_id': data['action'].key_id_str, 'body': render_template(body, data).strip() } output = data.copy() for k in ('account', 'action', 'input', 'entity'): del output[k] output.update(extra) return channel.send_message(data['recipient'], json.dumps(output)) secure_cookie = securecookie.SecureCookieSerializer(settings.COOKIE_SECRET) def pad(s): return s + b"\0" * (AES.block_size - len(s) % AES.block_size) def encrypt(message, key=None, key_size=256): if key is None: key = settings.AES_KEY message = pad(message) iv = Random.new().read(AES.block_size) cipher = AES.new(key, AES.MODE_CBC, iv) return iv + cipher.encrypt(message)
def _serializer(): engineauth_config = config.load_config() return securecookie.SecureCookieSerializer( engineauth_config['secret_key'])
def make_session(**kwargs): # set the session cookie directly (easier than the full login flow) serializer = securecookie.SecureCookieSerializer( app.app.config['webapp2_extras.sessions']['secret_key']) return serializer.serialize('session', kwargs)
def __init__(self, app, config): self.app = app self.app.config = webapp2.Config(config) secret_key = config['webapp2_extras.sessions']['secret_key'] self.serializer = securecookie.SecureCookieSerializer(secret_key)
def do_business(self, stop_on_error=False): super(SignDct, self).do_business(stop_on_error) secret = self._find_secret.result value = json.dumps(self.dct) serializer = securecookie.SecureCookieSerializer(str(secret)) self.result = serializer.serialize(self.name, value)
def get_cookie_for_session(self, session_object): sessions_secret = get_secrets().get('sessions_secret') serializer = securecookie.SecureCookieSerializer(sessions_secret) return serializer.serialize('session', {'_sid': session_object.key.id()})
# limitations under the License. import logging import urllib import uuid from google.cloud import datastore import httplib2 from oauth2client import client from webapp2_extras import securecookie import webapp2 from dns_sync import api from dns_sync import config COOKIE_SIGNER = securecookie.SecureCookieSerializer(config.get_project_id()) COOKIE_MAX_AGE_SECS = 60 * 60 class UserOauth2Token(datastore.Entity): """Stores user access tokens in the datastore. These tokens are deleted when users signs out or a 401 (invalid auth) is returned from the API. The Key is a random string which is also the cookie value. """ KIND = 'UserOauth2Token' def __init__(self, entity_id, credentials, is_admin=False): super(UserOauth2Token, self).__init__(key=api.CLIENTS.datastore.key(