Главная Обзор Помощь
Вход
221V
/
Misago
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: a47556bc15
Ветки Метки
Misago
/
misago
/
users
/
tokens.py

tokens.py 2.0 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. import base64
    2. 

  2. from hashlib import sha256
    3. 

  3. from time import time
    4. 

  4. 

  5. from django.conf import settings
    6. 

  6. 

  7. 

  8. """
    9. 

  9. Token creation
    10. 

  10. 

  11. Token is base encoded string containing three values:
    12. 

  12. 

  13. - days since unix epoch (so we can validate token expiration)
    14. 

  14. - hash unique for current state of user model
    15. 

  15. - token checksum for discovering manipulations
    16. 

  16. """
    17. 

  17. def make(user, token_type):
    18. 

  18.     user_hash = make_hash(user, token_type)
    19. 

  19.     creation_day = days_since_epoch()
    20. 

  20. 

  21.     obfuscated = base64.b64encode('%s%s' % (user_hash, creation_day))
    22. 

  22.     obfuscated = obfuscated.rstrip('=')
    23. 

  23.     checksum = make_checksum(obfuscated)
    24. 

  24. 

  25.     return '%s%s' % (checksum, obfuscated)
    26. 

  26. 

  27. 

  28. def make_hash(user, token_type):
    29. 

  29.     seeds = (
    30. 

  30.         user.pk,
    31. 

  31.         user.email,
    32. 

  32.         user.password,
    33. 

  33.         user.last_login.replace(microsecond=0, tzinfo=None),
    34. 

  34.         token_type,
    35. 

  35.         settings.SECRET_KEY,
    36. 

  36.     )
    37. 

  37. 

  38.     return sha256('+'.join([unicode(s) for s in seeds])).hexdigest()[:8]
    39. 

  39. 

  40. 

  41. def days_since_epoch():
    42. 

  42.     return int(time() / (25 * 3600))
    43. 

  43. 

  44. 

  45. def make_checksum(obfuscated):
    46. 

  46.     return sha256('%s:%s' % (settings.SECRET_KEY, obfuscated)).hexdigest()[:8]
    47. 

  47. 

  48. 

  49. def is_valid(user, token_type, token):
    50. 

  50.     checksum = token[:8]
    51. 

  51.     obfuscated = token[8:]
    52. 

  52. 

  53.     if checksum != make_checksum(obfuscated):
    54. 

  54.         return False
    55. 

  55. 

  56.     unobfuscated = base64.b64decode(obfuscated + '=' * (-len(obfuscated) % 4))
    57. 

  57.     user_hash = unobfuscated[:8]
    58. 

  58. 

  59.     if user_hash != make_hash(user, token_type):
    60. 

  60.         return False
    61. 

  61. 

  62.     creation_day = int(unobfuscated[8:])
    63. 

  63.     return creation_day + 5 >= days_since_epoch()
    64. 

  64. 

  65. 

  66. """
    67. 

  67. Convenience functions for activation token
    68. 

  68. """
    69. 

  69. ACTIVATION_TOKEN = 'activation'
    70. 

  70. 

  71. 

  72. def make_activation_token(user):
    73. 

  73.     return make(user, ACTIVATION_TOKEN)
    74. 

  74. 

  75. 

  76. def is_activation_token_valid(user, token):
    77. 

  77.     return is_valid(user, ACTIVATION_TOKEN, token)
    78. 

  78. 

  79. 

  80. """
    81. 

  81. Convenience functions for password reset token
    82. 

  82. """
    83. 

  83. PASSWORD_RESET_TOKEN = 'reset_password'
    84. 

  84. 

  85. 

  86. def make_password_reset_token(user):
    87. 

  87.     return make(user, PASSWORD_RESET_TOKEN)
    88. 

  88. 

  89. 

  90. def is_password_reset_token_valid(user, token):
    91. 

  91.     return is_valid(user, PASSWORD_RESET_TOKEN, token)
    92.