1. Advisor
  2. itsdangerous
  3. functions
  4. itsdangerous.TimedSerializer
View all itsdangerous analysis

How to use the itsdangerous.TimedSerializer function in itsdangerous

To help you get started, we’ve selected a few itsdangerous examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github pallets / itsdangerous / tests / test_itsdangerous.py View on Github external
s = self.make_serializer(
            "predictable-key", serializer_kwargs={"sort_keys": True}
        )

        # pickle tests pop serializer kwargs, so skip this test for those
        if not s.serializer_kwargs:
            return

        ts1 = s.dumps({"c": 3, "a": 1, "b": 2})
        ts2 = s.dumps(dict(a=1, b=2, c=3))

        self.assertEqual(ts1, ts2)


class TimedSerializerTestCase(SerializerTestCase):
    serializer_class = itsdangerous.TimedSerializer

    def setUp(self):
        self._time = time.time
        time.time = lambda: 0

    def tearDown(self):
        time.time = self._time

    def test_decode_with_timeout(self):
        secret_key = "predictable-key"
        value = u"hello"

        s = self.make_serializer(secret_key)
        ts = s.dumps(value)
        self.assertNotEqual(ts, itsdangerous.Serializer(secret_key).dumps(value))
github devpi / devpi / server / devpi_server / auth.py View on Github external
def __init__(self, model, secret):
        self.model = model
        self.serializer = itsdangerous.TimedSerializer(secret)
        self.hook = self.model.xom.config.hook.devpiserver_auth_user
github Flowminder / FlowKit / flowauth / backend / flowauth / user_settings.py View on Github external
if "backup_codes_signature" not in json:
        raise InvalidUsage("Must supply signed backup codes.")
    code = json["two_factor_code"]
    try:
        secret = (
            TimestampSigner(current_app.config["SECRET_KEY"])
            .unsign(json["secret"], max_age=86400)
            .decode()
        )
    except BadSignature:
        raise Unauthorized("Two-factor setup attempt has been tampered with.")
    except SignatureExpired:
        raise Unauthorized("Two-factor setup attempt has expired.")

    try:
        backup_codes = TimedSerializer(current_app.config["SECRET_KEY"]).loads(
            json["backup_codes_signature"], max_age=86400
        )
    except BadSignature:
        raise Unauthorized("Two-factor setup attempt has been tampered with.")
    except SignatureExpired:
        raise Unauthorized("Two-factor setup attempt has expired.")

    old_auth = current_user.two_factor_auth
    if old_auth is not None:
        db.session.delete(old_auth)
    auth = TwoFactorAuth(user_id=current_user.id)
    auth.secret_key = secret

    auth.validate(code)
    auth.enabled = True
    db.session.add(auth)
github simplecrypto / simplecoin_multi / simplecoin / rpc.py View on Github external
def __init__(self, config_path='/config.yml', root_suffix='/../',
                 max_age=10):
        self.root = os.path.abspath(os.path.dirname(__file__) + root_suffix)
        self.config = current_app.config
        del current_app.logger.handlers[0]
        current_app.logger.addHandler(ch)

        self.serializer = TimedSerializer(self.config['rpc_signature'])
        self.max_age = max_age
github simplecrypto / simplecoin_multi / simplecoin / rpc_views.py View on Github external
def check_signature():
    g.signer = TimedSerializer(current_app.config['rpc_signature'])
    try:
        g.signed = g.signer.loads(request.data)
    except BadData:
        abort(403)
github getslash / backslash / flask_app / auth.py View on Github external
def _get_token_serializer():
    return TimedSerializer(current_app.config['SECRET_KEY'])
github Flowminder / FlowKit / flowauth / backend / flowauth / user_settings.py View on Github external
def reset_backup_codes():
    """
    Generate a new list of two-factor auth backup codes for the currently logged in user.
    """
    backup_codes = generate_backup_codes()
    serialised_codes = TimedSerializer(current_app.config["SECRET_KEY"]).dumps(
        backup_codes
    )
    return (
        jsonify(
            {"backup_codes": backup_codes, "backup_codes_signature": serialised_codes}
        ),
        200,
    )
github Flowminder / FlowKit / flowauth / backend / flowauth / user_settings.py View on Github external
def confirm_reset_backup_codes():
    """
    Generate a new list of two-factor auth backup codes for the currently logged in user and
    replace any existing backup codes.
    """
    json = request.get_json()
    if "backup_codes_signature" not in json:
        raise InvalidUsage("Must supply signed backup codes.")
    try:
        backup_codes = TimedSerializer(current_app.config["SECRET_KEY"]).loads(
            json["backup_codes_signature"], max_age=86400
        )
    except BadSignature:
        raise Unauthorized("Backup codes been tampered with.")
    except SignatureExpired:
        raise Unauthorized("Backup codes reset has expired.")

    auth = TwoFactorAuth.query.filter(
        TwoFactorAuth.user_id == current_user.id
    ).first_or_404()
    for code in auth.two_factor_backups:
        db.session.delete(code)
    for code in backup_codes:
        backup = TwoFactorBackup(auth_id=auth.user_id)
        backup.backup_code = code
        db.session.add(backup)

itsdangerous

Safely pass data to untrusted environments and back.

GitHub
BSD-3-Clause
Latest version published 7 months ago

Package Health Score

90 / 100
Full package analysis

Popular itsdangerous functions

Similar packages