Attachment 'securitystring.old.py'
Download 1 """
2 MoinMoin - Handle the Security String
3 Frankie
4 """
5 import os, hmac, string, random
6 from MoinMoin import caching
7
8 try:
9 import cPickle as pickle
10 except ImportError:
11 import pickle
12
13 # Set pickle protocol, see http://docs.python.org/lib/node64.html
14 try:
15 # Requires 2.3
16 PICKLE_PROTOCOL = pickle.HIGHEST_PROTOCOL
17 except AttributeError:
18 # Use protocol 1, binary format compatible with all python versions
19 PICKLE_PROTOCOL = 1
20
21
22 # Follow http://moinmoin.wikiwikiweb.de/MoinMoinBugs/Cookie_is_not_secure_enough
23 # This code is write by Nir Soffer
24
25 def gen(number):
26 safe = string.ascii_letters + string.digits + '_-'
27 return "%s" % (''.join([random.choice(safe) for i in range(number)]))
28
29 ###
30
31 def luck():
32 # ':=:' is FrankieChow luck string. maybe you can change this to
33 # self.cfg.site_luck_string
34 return ':=:'
35
36 def make_security_key(securitystring, userid):
37 """
38 Make the hmac value for
39 Key: securitystring
40 msg: userid
41 """
42 return hmac.new(securitystring, userid).hexdigest()
43
44 class SecurityString:
45
46 def __init__(self, request):
47
48 # This is for cache for uid2security_string.
49 arena = 'user'
50 key = 'uid2security_hmac_string'
51 self.cache = caching.CacheEntry(request, arena, key)
52 self.request = request
53
54 def _load_cache(self):
55 try:
56 return pickle.loads(self.cache.content())
57 except:
58 return {}
59
60 def _update_cache(self, uid2security_hmac_string):
61 self.cache.update( pickle.dumps(uid2security_hmac_string, PICKLE_PROTOCOL) )
62
63 # Update the cache of uid2security_hmac_string,
64 # don't need pass the user class obj.
65 def update_uid2security_hmac_string_cache(self, storage_securitystring, storage_uid):
66 storage_uid2security_hmac_string = self._load_cache()
67 storage_uid2security_hmac_string[storage_uid] = make_security_key(storage_securitystring, storage_uid)
68 self._update_cache(storage_uid2security_hmac_string)
69
70 def cal_security_userid(self, security_cookie, user):
71 """
72 pass the security_cookie and return the user.id or None
73 """
74 # storage the user Obj and Request.
75 self.user = user
76
77 # Please care about the cookie syntax is change Maybe it have bug.
78 try:
79 self.hmac_string, self.uid = security_cookie.split( luck() )[:2]
80 except:
81 return None
82
83 # First load the cache do auth.
84 uid2security_hmac_string = self._load_cache()
85 # In here. the cache hasn't user info.
86 # Please check it more then one time.
87 if uid2security_hmac_string.has_key(self.uid):
88 # user can use the old cookie contents to login MoinMoin.
89 # But, when the user modifty the security_string.
90 # after see more then one page ( Not only UserPreferences )
91 # then cache contents will change.
92 if uid2security_hmac_string[self.uid] == self.hmac_string:
93 return self.uid
94 else:
95 # If cann't auth by cache. then will find the security_string in user's
96 # datafile. and do the auth again
97 if self._validateSecurityString():
98 # If can success auth. then update the cache.
99 uid2security_hmac_string[self.uid] = self.hmac_string
100 self._update_cache(uid2security_hmac_string)
101 return self.uid
102 else: return None
103 else:
104 if self._validateSecurityString():
105 uid2security_hmac_string[self.uid] = self.hmac_string
106 self._update_cache(uid2security_hmac_string)
107 return self.uid
108 else: return None
109
110 def _validateSecurityString(self):
111 # Get UserList
112 userslist = self.user.getUserList(self.request)
113 if self.uid in userslist:
114 thisuser = self.user.User(self.request, id=self.uid)
115 thisuser.load_from_id()
116 securitystring = thisuser.security_string
117 if self.hmac_string == make_security_key(securitystring, self.uid):
118 return True
119 else: return False
120 else: return False
Attached Files
To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.You are not allowed to attach a file to this page.