本文整理汇总了Python中cryptography.hazmat.primitives.twofactor.InvalidToken方法的典型用法代码示例。如果您正苦于以下问题:Python twofactor.InvalidToken方法的具体用法?Python twofactor.InvalidToken怎么用?Python twofactor.InvalidToken使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cryptography.hazmat.primitives.twofactor
的用法示例。
在下文中一共展示了twofactor.InvalidToken方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_verify_window
# 需要导入模块: from cryptography.hazmat.primitives import twofactor [as 别名]
# 或者: from cryptography.hazmat.primitives.twofactor import InvalidToken [as 别名]
def test_verify_window(self, time):
time.return_value = self.sample_time
srv = GenericTotpService()
totp = srv.Totp(key=self.sample_key)
srv.verify(totp, '283397', None)
time.return_value = self.sample_time + 30
srv.verify(totp, '283397', None)
time.return_value = self.sample_time + 60
with assert_raises(InvalidToken):
srv.verify(totp, '283397', None)
time.return_value = self.sample_time - 30
with assert_raises(InvalidToken):
srv.verify(totp, '283397', None)
示例2: verify
# 需要导入模块: from cryptography.hazmat.primitives import twofactor [as 别名]
# 或者: from cryptography.hazmat.primitives.twofactor import InvalidToken [as 别名]
def verify(self, totp, code, user):
code = code.replace(' ', '') # Google authenticator puts a space in their codes
code = six.ensure_binary(code) # can't be text
self.enforce_rate_limit(user)
# TODO prohibit re-use of a successful code, although it seems unlikely with a 30s window
# see https://tools.ietf.org/html/rfc6238#section-5.2 paragraph 5
# try the 1 previous time-window and current
# per https://tools.ietf.org/html/rfc6238#section-5.2 paragraph 1
windows = asint(config.get('auth.multifactor.totp.windows', 2))
for time_window in range(windows):
try:
return totp.verify(code, time() - time_window*30)
except InvalidToken:
last_window = (time_window == windows - 1)
if last_window:
raise
示例3: verify
# 需要导入模块: from cryptography.hazmat.primitives import twofactor [as 别名]
# 或者: from cryptography.hazmat.primitives.twofactor import InvalidToken [as 别名]
def verify(self, hotp, counter):
if not constant_time.bytes_eq(self.generate(counter), hotp):
raise InvalidToken("Supplied HOTP value does not match.")
示例4: verify
# 需要导入模块: from cryptography.hazmat.primitives import twofactor [as 别名]
# 或者: from cryptography.hazmat.primitives.twofactor import InvalidToken [as 别名]
def verify(self, totp, time):
if not constant_time.bytes_eq(self.generate(time), totp):
raise InvalidToken("Supplied TOTP value does not match.")
示例5: do_multifactor
# 需要导入模块: from cryptography.hazmat.primitives import twofactor [as 别名]
# 或者: from cryptography.hazmat.primitives.twofactor import InvalidToken [as 别名]
def do_multifactor(self, code, mode, **kwargs):
if not asbool(config.get('auth.multifactor.totp', False)):
raise wexc.HTTPNotFound
if 'multifactor-username' not in session:
tg.flash('Your multifactor login was disrupted, please start over.', 'error')
plugin.AuthenticationProvider.get(request).logout() # clears all cookies that might be interfering
redirect('/auth/', {'return_to': kwargs.get('return_to', '')})
user = M.User.by_username(session['multifactor-username'])
try:
if mode == 'totp':
totp_service = TotpService.get()
totp = totp_service.get_totp(user)
totp_service.verify(totp, code, user)
elif mode == 'recovery':
recovery = RecoveryCodeService.get()
recovery.verify_and_remove_code(user, code)
h.auditlog_user('Logged in using a multifactor recovery code', user=user)
except (InvalidToken, InvalidRecoveryCode):
c.form_errors['code'] = 'Invalid code, please try again.'
h.auditlog_user('Multifactor login - invalid code', user=user)
return self.multifactor(mode=mode, **kwargs)
except MultifactorRateLimitError:
c.form_errors['code'] = 'Multifactor rate limit exceeded, slow down and try again later.'
h.auditlog_user('Multifactor login - rate limit', user=user)
return self.multifactor(mode=mode, **kwargs)
else:
plugin.AuthenticationProvider.get(request).login(user=user, multifactor_success=True)
return_to = self._verify_return_to(kwargs.get('return_to'))
redirect(return_to)
示例6: totp_set
# 需要导入模块: from cryptography.hazmat.primitives import twofactor [as 别名]
# 或者: from cryptography.hazmat.primitives.twofactor import InvalidToken [as 别名]
def totp_set(self, code, **kw):
if not asbool(config.get('auth.multifactor.totp', False)):
raise wexc.HTTPNotFound
key = session['totp_new_key']
totp_service = TotpService.get()
totp = totp_service.Totp(key)
try:
totp_service.verify(totp, code, c.user)
except InvalidToken:
h.auditlog_user('Failed to set up multifactor TOTP (wrong code)')
c.form_errors['code'] = 'Invalid code, please try again.'
return self.totp_new(**kw)
else:
h.auditlog_user('Set up multifactor TOTP')
totp_service.set_secret_key(c.user, key)
c.user.set_pref('multifactor', True)
c.user.set_tool_data('allura', multifactor_date=datetime.utcnow())
c.user.set_tool_data('allura', pwd_reset_preserve_session=session.id) # other sessions will have to re-auth; preserve this one
del session['totp_new_key']
session.save()
tg.flash('Two factor authentication has now been set up.')
email_body = g.jinja2_env.get_template('allura:templates/mail/twofactor_enabled.md').render(dict(
user=c.user,
config=config,
))
send_system_mail_to_user(c.user, 'Two-Factor Authentication Enabled', email_body)
redirect('/auth/preferences/multifactor_recovery')
示例7: test_rate_limiting
# 需要导入模块: from cryptography.hazmat.primitives import twofactor [as 别名]
# 或者: from cryptography.hazmat.primitives.twofactor import InvalidToken [as 别名]
def test_rate_limiting(self, time):
time.return_value = self.sample_time
srv = self.Service()
user = self.mock_user()
totp = srv.Totp(key=self.sample_key)
# 4th attempt (good or bad) will trip over the default limit of 3 in 30s
with assert_raises(InvalidToken):
srv.verify(totp, '34dfvdasf', user)
with assert_raises(InvalidToken):
srv.verify(totp, '234asdfsadf', user)
srv.verify(totp, '283397', user)
with assert_raises(MultifactorRateLimitError):
srv.verify(totp, '283397', user)