Главная Обзор Помощь
Вход
221V
/
Misago
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: 0d3b72cccf
Ветки Метки
Misago
/
misago
/
users
/
tokens.py

tokens.py 2.1 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. """
    2. 

  2. Token creation
    3. 

  3. 

  4. Token is base encoded string containing three values:
    5. 

  5. 

  6. - days since unix epoch (so we can validate token expiration)
    7. 

  7. - hash unique for current state of user model
    8. 

  8. - token checksum for discovering manipulations
    9. 

  9. """
    10. 

  10. import base64
    11. 

  11. from hashlib import sha256
    12. 

  12. from time import time
    13. 

  13. 

  14. from django.conf import settings
    15. 

  15. from django.utils import six
    16. 

  16. from django.utils.encoding import force_bytes
    17. 

  17. 

  18. 

  19. def make(user, token_type):
    20. 

  20.     user_hash = _make_hash(user, token_type)
    21. 

  21.     creation_day = _days_since_epoch()
    22. 

  22. 

  23.     obfuscated = base64.b64encode(force_bytes('%s%s' % (user_hash, creation_day))).decode()
    24. 

  24.     obfuscated = obfuscated.rstrip('=')
    25. 

  25.     checksum = _make_checksum(obfuscated)
    26. 

  26. 

  27.     return '%s%s' % (checksum, obfuscated)
    28. 

  28. 

  29. 

  30. def is_valid(user, token_type, token):
    31. 

  31.     checksum = token[:8]
    32. 

  32.     obfuscated = token[8:]
    33. 

  33. 

  34.     if checksum != _make_checksum(obfuscated):
    35. 

  35.         return False
    36. 

  36. 

  37.     unobfuscated = base64.b64decode(obfuscated + '=' * (-len(obfuscated) % 4)).decode()
    38. 

  38.     user_hash = unobfuscated[:8]
    39. 

  39. 

  40.     if user_hash != _make_hash(user, token_type):
    41. 

  41.         return False
    42. 

  42. 

  43.     creation_day = int(unobfuscated[8:])
    44. 

  44.     return creation_day + 5 >= _days_since_epoch()
    45. 

  45. 

  46. 

  47. def _make_hash(user, token_type):
    48. 

  48.     seeds = [
    49. 

  49.         user.pk,
    50. 

  50.         user.email,
    51. 

  51.         user.password,
    52. 

  52.         user.last_login.replace(microsecond=0, tzinfo=None),
    53. 

  53.         token_type,
    54. 

  54.         settings.SECRET_KEY,
    55. 

  55.     ]
    56. 

  56. 

  57.     return sha256(force_bytes('+'.join([six.text_type(s) for s in seeds]))).hexdigest()[:8]
    58. 

  58. 

  59. 

  60. def _days_since_epoch():
    61. 

  61.     return int(time() / (25 * 3600))
    62. 

  62. 

  63. 

  64. def _make_checksum(obfuscated):
    65. 

  65.     return sha256(force_bytes('%s:%s' % (settings.SECRET_KEY, obfuscated))).hexdigest()[:8]
    66. 

  66. 

  67. 

  68. ACTIVATION_TOKEN = 'activation'
    69. 

  69. 

  70. 

  71. def make_activation_token(user):
    72. 

  72.     return make(user, ACTIVATION_TOKEN)
    73. 

  73. 

  74. 

  75. def is_activation_token_valid(user, token):
    76. 

  76.     return is_valid(user, ACTIVATION_TOKEN, token)
    77. 

  77. 

  78. 

  79. PASSWORD_CHANGE_TOKEN = 'change_password'
    80. 

  80. 

  81. 

  82. def make_password_change_token(user):
    83. 

  83.     return make(user, PASSWORD_CHANGE_TOKEN)
    84. 

  84. 

  85. 

  86. def is_password_change_token_valid(user, token):
    87. 

  87.     return is_valid(user, PASSWORD_CHANGE_TOKEN, token)
    88.