本文整理汇总了Python中werkzeug.security.safe_str_cmp函数的典型用法代码示例。如果您正苦于以下问题:Python safe_str_cmp函数的具体用法?Python safe_str_cmp怎么用?Python safe_str_cmp使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了safe_str_cmp函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_safe_str_cmp_no_builtin
def test_safe_str_cmp_no_builtin():
import werkzeug.security as sec
prev_value = sec._builtin_safe_str_cmp
sec._builtin_safe_str_cmp = None
assert safe_str_cmp('a', 'ab') is False
assert safe_str_cmp('str', 'str') is True
assert safe_str_cmp('str1', 'str2') is False
sec._builtin_safe_str_cmp = prev_value示例2: upload_dance
def upload_dance():
if app.config['RG_VERIFY_ENDPOINT']:
user_id, user_token = request.form['user_id'], request.form['user_token']
check_token = hmac.new(app.config['RG_VERIFY_SECRET'], user_id, hashlib.sha1).hexdigest()
if not safe_str_cmp(user_token, check_token):
abort(403)
gif = request.files['moves']
gif_data = gif.read()
if gif and check_gif(gif_data):
dance_id = hashlib.sha1(gif_data).hexdigest()
dance = {
'_id': dance_id,
'ts': time.time(),
'ip': request.remote_addr,
'ua': request.user_agent.string,
'status': 'new',
}
if app.config['RG_VERIFY_ENDPOINT']:
dance['rg_id'] = user_id
g.db.save(dance)
with open(os.path.join(app.config['UPLOAD_FOLDER'], dance_id + '.gif'), 'w') as out:
out.write(gif_data)
json_data = dance_json(dance)
json_data['token'] = dance_owner_token(dance_id)
return json.jsonify(json_data)示例3: check_password_hash
def check_password_hash(self, password):
if PYVER < 3 and isinstance(password, unicode):
password = password.encode('u8')
elif PYVER >= 3 and isinstance(password, bytes):
password = password.decode('utf-8')
password = str(password)
return safe_str_cmp(bcrypt.hashpw(password, self.password), self.password)示例4: before_request
def before_request():
connect_db()
if request.method not in ['GET', 'HEAD', 'OPTIONS']:
if (not request.headers.get('X-CSRFT') or
not session.get('csrft') or
not safe_str_cmp(session['csrft'], request.headers['X-CSRFT'])):
abort(400)
g.is_reviewer = False
auth = request.authorization
if (auth and request.scheme == 'https' and
safe_str_cmp(auth.username, app.config['REVIEWER_USERNAME'])):
crypted = bcrypt.hashpw(auth.password, app.config['REVIEWER_PASSWORD'])
if safe_str_cmp(crypted, app.config['REVIEWER_PASSWORD']):
g.is_reviewer = True示例5: confirm_reset_password_token
def confirm_reset_password_token(token):
max_age_key = 'USERS_RESET_PASSWORD_TOKEN_MAX_AGE_IN_SECONDS'
max_age = current_app.config[max_age_key]
salt = current_app.config['USERS_RESET_PASSWORD_TOKEN_SALT']
serializer = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])
user, data = None, None
expired, invalid = False, False
try:
data = serializer.loads(
token,
max_age=max_age,
salt=salt)
except SignatureExpired:
d, data = serializer.loads_unsafe(token, salt=salt)
expired = True
except (BadSignature, TypeError, ValueError):
invalid = True
if data:
user = User.get(id=data[0])
if not invalid and user and user.password:
password_hash = hashlib.md5(user.password).hexdigest()
if not safe_str_cmp(password_hash, data[1]):
invalid = True
expired = expired and (user is not None)
logger.debug("reset password token confirmed?",
expired=expired, invalid=invalid, user=user, data=data)
return expired, invalid, user, data示例6: compare_password
def compare_password(hashed_password, password):
if safe_str_cmp(bcrypt.hashpw(password.encode('utf-8'), hashed_password.encode('utf-8')), hashed_password):
print "It matches"
return True
else:
print "It does not match"
return False示例7: check_password_hash
def check_password_hash(self, pw_hash, password):
'''Tests a password hash against a candidate password. The candidate
password is first hashed and then subsequently compared in constant
time to the existing hash. This will either return `True` or `False`.
Example usage of :class:`check_password_hash` would look something
like this::
pw_hash = bcrypt.generate_password_hash('secret', 10)
bcrypt.check_password_hash(pw_hash, 'secret') # returns True
:param pw_hash: The hash to be compared against.
:param password: The password to compare.
'''
# Python 3 unicode strings must be encoded as bytes before hashing.
if PY3 and isinstance(pw_hash, bytes):
pw_hash = pw_hash.decode('utf-8')
if PY3 and isinstance(password, bytes):
password = password.decode('utf-8')
if not PY3 and isinstance(pw_hash, unicode):
pw_hash = pw_hash.encode('utf-8')
if not PY3 and isinstance(password, unicode):
password = password.encode('utf-8')
return safe_str_cmp(bcrypt.hashpw(password, pw_hash), pw_hash)示例8: add_response
def add_response():
try:
token, uses = session.get('csrf', '').split(':', 1)
except:
flash('Whoa! Looks like there was a problem', 'error')
return redirect(url_for('home'))
else:
_token = request.form.get('_token', '')
_token, uses = _token.split(':', 1)
if not safe_str_cmp(token, _token) or not int(uses) <= 10:
flash('Looks like there was a problem', 'error')
return redirect(url_for('home'))
else:
session['csrf'] = '{}:{}'.format(token, int(uses) + 1)
qid = request.form.get('question', 0)
resp = request.form.get('your-answer', '')
if resp is None or '' == resp:
flash('Whoa there, enter a response.', 'error')
return redirect(url_for('question', id=qid))
resp_count = g.redis.incr('response:{}:count'.format(qid))
g.redis.set('response:{}:{}'.format(qid, resp_count), resp)
flash('Your response has been added!')
return redirect(url_for('question', id=qid))示例9: add_message
def add_message():
try:
token, uses = session.get('csrf', '').split(':', 1)
except:
flash('Whoa! Looks like there was a problem', 'error')
return redirect(url_for('home'))
else:
_token = request.form.get('_token', '')
_token, uses = _token.split(':', 1)
if not safe_str_cmp(token, _token) or not int(uses) <= 10:
flash('Looks like there was a problem', 'error')
return redirect(url_for('home'))
else:
session['csrf'] = '{}:{}'.format(token, int(uses) + 1)
msg = request.form.get('your-question')
if msg is None or '' == msg:
flash('Please ask a question', 'warning')
return redirect(url_for('home'))
count = g.redis.incr('question_counter')
if 'messages' not in session:
session['messages'] = [count]
else:
session['messages'].append(count)
g.redis.set('message:{}'.format(count), msg)
flash('Your question has been asked, just hang out here (or come back '
'later for your answers')
return redirect(url_for('listen'))示例10: remove_dance
def remove_dance(dance_id):
token = request.headers.get('X-Owner-Token')
if not token or not safe_str_cmp(token, dance_owner_token(dance_id)):
abort(403)
dance = g.db[dance_id]
dance['status'] = 'removed'
g.db.save(dance)
return '', 200示例11: bcrypt_check
def bcrypt_check(data, password):
import bcrypt
try:
encoded = data.encode('utf-8')
encoded2 = bcrypt.hashpw(password.encode('utf-8'), encoded)
except Exception:
raise ValueError('Invalid hash format')
return safe_str_cmp(encoded, encoded2)示例12: test_login
def test_login(username, password):
password = password.encode('utf-8')
pw_hash = current_app.redis.get('user:' + username + ':password')
if not pw_hash:
return False
if not safe_str_cmp(hashlib.sha1(password).hexdigest(), pw_hash):
return False
return True示例13: is_valid_password
def is_valid_password(self, password):
"""
Check if given password is valid.
"""
return safe_str_cmp(
bcrypt.hashpw(password.encode('utf-8'), self.password_hash.encode('utf-8')),
self.password_hash
)示例14: _token_loader
def _token_loader(token):
try:
data = _security.remember_token_serializer.loads(token)
user = _security.datastore.find_user(id=data[0])
if user and safe_str_cmp(md5(user.password), data[1]):
return user
except:
pass
return AnonymousUser()示例15: test_safe_str_cmp
def test_safe_str_cmp():
assert safe_str_cmp("a", "a") is True
assert safe_str_cmp(b"a", u"a") is True
assert safe_str_cmp("a", "b") is False
assert safe_str_cmp(b"aaa", "aa") is False
assert safe_str_cmp(b"aaa", "bbb") is False
assert safe_str_cmp(b"aaa", u"aaa") is True
assert safe_str_cmp(u"aaa", u"aaa") is True