Attachment 'securitystring.old.py'

Download

   1 """
   2     MoinMoin - Handle the Security String
   3     Frankie 
   4 """
   5 import os, hmac, string, random
   6 from MoinMoin import caching
   7 
   8 try:
   9    import cPickle as pickle
  10 except ImportError:
  11    import pickle
  12 
  13 # Set pickle protocol, see http://docs.python.org/lib/node64.html
  14 try:
  15    # Requires 2.3
  16    PICKLE_PROTOCOL = pickle.HIGHEST_PROTOCOL
  17 except AttributeError:
  18    # Use protocol 1, binary format compatible with all python versions
  19    PICKLE_PROTOCOL = 1
  20 
  21 
  22 # Follow http://moinmoin.wikiwikiweb.de/MoinMoinBugs/Cookie_is_not_secure_enough
  23 # This code is write by Nir Soffer
  24 
  25 def gen(number):
  26     safe = string.ascii_letters + string.digits + '_-'
  27     return "%s" % (''.join([random.choice(safe) for i in range(number)]))
  28 
  29 ###
  30 
  31 def luck():
  32     # ':=:' is FrankieChow luck string. maybe you can change this to
  33     #   self.cfg.site_luck_string
  34     return ':=:'
  35     
  36 def make_security_key(securitystring, userid):
  37     """
  38     Make the hmac value for
  39       Key: securitystring
  40       msg: userid
  41     """
  42     return hmac.new(securitystring, userid).hexdigest()
  43 
  44 class SecurityString:
  45 
  46     def __init__(self, request):
  47 
  48         # This is for cache for uid2security_string.
  49         arena = 'user'
  50         key = 'uid2security_hmac_string'
  51         self.cache = caching.CacheEntry(request, arena, key)
  52 	self.request = request
  53 
  54     def _load_cache(self):
  55         try:
  56            return pickle.loads(self.cache.content())
  57         except: 
  58            return {}
  59     
  60     def _update_cache(self, uid2security_hmac_string):
  61         self.cache.update( pickle.dumps(uid2security_hmac_string, PICKLE_PROTOCOL) )
  62     
  63     # Update the cache of uid2security_hmac_string, 
  64     #    don't need pass the user class obj.
  65     def update_uid2security_hmac_string_cache(self, storage_securitystring, storage_uid):
  66         storage_uid2security_hmac_string = self._load_cache()
  67         storage_uid2security_hmac_string[storage_uid] = make_security_key(storage_securitystring, storage_uid)
  68         self._update_cache(storage_uid2security_hmac_string)
  69     
  70     def cal_security_userid(self, security_cookie, user):
  71         """
  72 	pass the security_cookie and return the user.id or None
  73         """
  74         # storage the user Obj and Request.
  75 	self.user = user
  76     
  77         # Please care about the cookie syntax is change Maybe it have bug.
  78 	try:
  79             self.hmac_string, self.uid = security_cookie.split( luck() )[:2]
  80 	except:
  81 	    return None
  82     
  83         # First load the cache do auth.
  84         uid2security_hmac_string = self._load_cache()
  85         # In here. the cache hasn't user info.
  86         #   Please check it more then one time.
  87         if uid2security_hmac_string.has_key(self.uid):
  88             # user can use the old cookie contents to login MoinMoin.
  89        	    # But, when the user modifty the security_string.
  90        	    #   after see more then one page ( Not only UserPreferences )
  91     	    #   then cache contents will change.
  92             if uid2security_hmac_string[self.uid] == self.hmac_string:
  93                 return self.uid
  94             else:
  95     	        # If cann't auth by cache. then will find the security_string in user's
  96     	        # datafile. and do the auth again
  97     	        if self._validateSecurityString():
  98     	           # If can success auth. then update the cache.
  99     	           uid2security_hmac_string[self.uid] = self.hmac_string
 100     	           self._update_cache(uid2security_hmac_string)
 101     	           return self.uid
 102     	        else: return None
 103         else:
 104             if self._validateSecurityString():
 105     	        uid2security_hmac_string[self.uid] = self.hmac_string
 106     	        self._update_cache(uid2security_hmac_string)
 107                 return self.uid
 108             else: return None
 109     
 110     def _validateSecurityString(self):
 111         # Get UserList
 112         userslist = self.user.getUserList(self.request)
 113         if self.uid in userslist:
 114            thisuser = self.user.User(self.request, id=self.uid)
 115            thisuser.load_from_id()
 116            securitystring = thisuser.security_string
 117            if self.hmac_string == make_security_key(securitystring, self.uid):
 118                return True
 119            else: return False
 120         else: return False

Attached Files

To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.
  • [get | view] (2005-12-29 12:11:24, 10.1 KB) [[attachment:security_string.patch]]
  • [get | view] (2006-01-07 08:59:28, 10.0 KB) [[attachment:security_string11.patch]]
  • [get | view] (2006-01-07 11:50:10, 11.4 KB) [[attachment:security_string13.patch]]
  • [get | view] (2006-01-08 01:35:46, 11.6 KB) [[attachment:security_string15.patch]]
  • [get | view] (2006-01-09 00:05:23, 11.6 KB) [[attachment:security_string16.patch]]
  • [get | view] (2006-01-21 11:44:21, 11.9 KB) [[attachment:security_string17.patch]]
  • [get | view] (2005-12-30 06:26:38, 8.9 KB) [[attachment:security_string6.patch]]
  • [get | view] (2005-12-30 09:14:39, 7.0 KB) [[attachment:security_string7.patch]]
  • [get | view] (2006-01-05 11:04:41, 10.6 KB) [[attachment:security_string8.patch]]
  • [get | view] (2006-01-04 15:03:44, 4.1 KB) [[attachment:securitystring.old.py]]
  • [get | view] (2006-01-04 15:04:58, 4.1 KB) [[attachment:securitystring.py]]
 All files | Selected Files: delete move to page copy to page

You are not allowed to attach a file to this page.