本文整理汇总了Python中django.utils.crypto.salted_hmac方法的典型用法代码示例。如果您正苦于以下问题:Python crypto.salted_hmac方法的具体用法?Python crypto.salted_hmac怎么用?Python crypto.salted_hmac使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类django.utils.crypto
的用法示例。
在下文中一共展示了crypto.salted_hmac方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _make_token_with_timestamp
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def _make_token_with_timestamp(self, user, timestamp):
# timestamp is number of days since 2001-1-1. Converted to
# base 36, this gives us a 3 digit string until about 2121
ts_b36 = int_to_base36(timestamp)
# By hashing on the internal state of the user and using state
# that is sure to change (the password salt will change as soon as
# the password is set, at least for current Django auth, and
# last_login will also change), we produce a hash that will be
# invalid as soon as it is used.
# We limit the hash to 20 chars to keep URL short
key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
# Ensure results are consistent across DB backends
login_timestamp = '' if user.last_login is None else user.last_login.replace(microsecond=0, tzinfo=None)
value = (six.text_type(user.pk) + user.password +
six.text_type(login_timestamp) + six.text_type(timestamp))
hash = salted_hmac(key_salt, value).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
示例2: _make_token_with_timestamp
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def _make_token_with_timestamp(self, user, timestamp):
# timestamp is number of days since 2001-1-1. Converted to
# base 36, this gives us a 3 digit string until about 2121
ts_b36 = int_to_base36(timestamp)
# By hashing on the internal state of the user and using state
# that is sure to change (the password salt will change as soon as
# the password is set, at least for current Django auth, and
# last_login will also change), we produce a hash that will be
# invalid as soon as it is used.
# We limit the hash to 20 chars to keep URL short
hash = salted_hmac(
self.key_salt,
self._make_hash_value(user, timestamp),
secret=self.secret,
).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
示例3: _make_token_with_timestamp
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def _make_token_with_timestamp(self, user, timestamp):
# timestamp is number of days since 2001-1-1. Converted to
# base 36, this gives us a 3 digit string until about 2121
ts_b36 = int_to_base36(timestamp)
# By hashing on the internal state of the user and using state
# that is sure to change (the password salt will change as soon as
# the password is set, at least for current Django auth, and
# last_login will also change), we produce a hash that will be
# invalid as soon as it is used.
# We limit the hash to 20 chars to keep URL short
key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
# Ensure results are consistent across DB backends
if user.date_updated:
login_timestamp = user.date_updated.replace(microsecond=0, tzinfo=None)
elif user.last_login:
login_timestamp = user.last_login.replace(microsecond=0, tzinfo=None)
else:
login_timestamp = user.date_joined.replace(microsecond=0, tzinfo=None)
value = (six.text_type(user.pk) + user.password +
six.text_type(login_timestamp) + six.text_type(timestamp))
hash = salted_hmac(key_salt, value).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
示例4: send_sender_confirmation
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def send_sender_confirmation(self, use_https, domain):
stripped_email = strip_email(self.sender_email)
if BlacklistedEmail.objects.filter(stripped_email=stripped_email).count():
return
blacklist_digest = salted_hmac(BLACKLIST_HMAC_SALT, self.sender_email).hexdigest()
blacklist_url = reverse('messaging:blacklist_email', kwargs={'email': self.sender_email, 'digest': blacklist_digest})
self.sender_email_token = readable_random_token(alphanumeric=True)
context = {
'message': self,
'protocol': 'https' if use_https else 'http',
'domain': domain,
'recipient': self.sender_email,
'blacklist_url': blacklist_url,
}
subject = render_to_string('messaging/sender_confirmation_subject.txt', context)
subject = ' '.join(subject.splitlines())
body_txt = render_to_string('messaging/sender_confirmation_mail.txt', context)
body_html = render_to_string('messaging/sender_confirmation_mail.html', context)
send_html_mail(subject, body_txt, body_html, self.sender_email)
self.save()
示例5: send_to_recipient
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def send_to_recipient(self, use_https, domain):
stripped_email = strip_email(self.recipient_email)
if BlacklistedEmail.objects.filter(stripped_email=stripped_email).count():
return
blacklist_digest = salted_hmac(BLACKLIST_HMAC_SALT, self.recipient_email).hexdigest()
blacklist_url = reverse('messaging:blacklist_email', kwargs={'email': self.recipient_email, 'digest': blacklist_digest})
self.recipient_email_token = readable_random_token(alphanumeric=True)
self.status = Message.STATUS.sent
context = {
'message': self,
'protocol': 'https' if use_https else 'http',
'domain': domain,
'recipient': self.recipient_email,
'blacklist_url': blacklist_url,
}
subject = render_to_string('messaging/recipient_subject.txt', context)
subject = ' '.join(subject.splitlines())
body_txt = render_to_string('messaging/recipient_mail.txt', context)
body_html = render_to_string('messaging/recipient_mail.html', context)
send_html_mail(subject, body_txt, body_html, self.recipient_email)
self.save()
示例6: _make_hash_value
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def _make_hash_value(self, user, timestamp):
"""
Hash the user's primary key and some user state that's sure to change
after a password reset to produce a token that invalidated when it's
used:
1. The password field will change upon a password reset (even if the
same password is chosen, due to password salting).
2. The last_login field will usually be updated very shortly after
a password reset.
Failing those things, settings.PASSWORD_RESET_TIMEOUT_DAYS eventually
invalidates the token.
Running this data through salted_hmac() prevents password cracking
attempts using the reset token, provided the secret isn't compromised.
"""
# Truncate microseconds so that tokens are consistent even if the
# database doesn't support microseconds.
login_timestamp = '' if user.last_login is None else user.last_login.replace(microsecond=0, tzinfo=None)
return str(user.pk) + user.password + str(login_timestamp) + str(timestamp)
示例7: _make_token_with_timestamp
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def _make_token_with_timestamp(self, user, timestamp):
# timestamp is number of days since 2001-1-1. Converted to
# base 36, this gives us a 3 digit string until about 2121
ts_b36 = int_to_base36(timestamp)
# By hashing on the internal state of the user and using state
# that is sure to change (the password salt will change as soon as
# the password is set, at least for current Django auth, and
# last_login will also change), we produce a hash that will be
# invalid as soon as it is used.
# We limit the hash to 20 chars to keep URL short
hash = salted_hmac(
self.key_salt,
self._make_hash_value(user, timestamp),
).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
示例8: _hash
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def _hash(self, value):
"""
Creates an HMAC/SHA1 hash based on the value and the project setting's
SECRET_KEY, modified to make it unique for the present purpose.
"""
key_salt = 'django.contrib.messages'
return salted_hmac(key_salt, value).hexdigest()
示例9: get_session_auth_hash
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def get_session_auth_hash(self):
"""
Returns an HMAC of the password field.
"""
key_salt = "django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash"
return salted_hmac(key_salt, self.password).hexdigest()
# A few helper functions for common logic between User and AnonymousUser.
示例10: base64_hmac
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def base64_hmac(salt, value, key):
return b64_encode(salted_hmac(salt, value, key).digest())
示例11: get_dispatch_hash
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def get_dispatch_hash(cls, dispatch_id: int, message_id: int) -> str:
"""Returns a hash string for validation purposes.
:param dispatch_id:
:param message_id:
"""
return salted_hmac('%s' % dispatch_id, '%s|%s' % (message_id, dispatch_id)).hexdigest()
示例12: _hash
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def _hash(self, value):
"""
Create an HMAC/SHA1 hash based on the value and the project setting's
SECRET_KEY, modified to make it unique for the present purpose.
"""
key_salt = 'django.contrib.messages'
return salted_hmac(key_salt, value).hexdigest()
示例13: get_session_auth_hash
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def get_session_auth_hash(self):
"""
Return an HMAC of the password field.
"""
key_salt = "django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash"
return salted_hmac(key_salt, self.password).hexdigest()
示例14: _make_token_with_timestamp
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def _make_token_with_timestamp(self, user, timestamp):
ts_b36 = int_to_base36(timestamp)
key_salt = 'users.utils.EmailActivationTokenGenerator'
login_timestamp = '' if user.last_login is None else \
user.last_login.replace(microsecond=0, tzinfo=None)
value = (six.text_type(user.pk) + six.text_type(user.email) +
six.text_type(login_timestamp) + six.text_type(timestamp))
hash = salted_hmac(key_salt, value).hexdigest()[::2]
return '%s-%s' % (ts_b36, hash)
示例15: get_zoom_sid
# 需要导入模块: from django.utils import crypto [as 别名]
# 或者: from django.utils.crypto import salted_hmac [as 别名]
def get_zoom_sid(request: HttpRequest) -> str:
# This is used to prevent CSRF attacks on the Zoom OAuth
# authentication flow. We want this value to be unpredictable and
# tied to the session, but we don’t want to expose the main CSRF
# token directly to the Zoom server.
csrf.get_token(request)
# Use 'mark_sanitized' to cause Pysa to ignore the flow of user controlled
# data out of this function. 'request.META' is indeed user controlled, but
# post-HMAC ouptut is no longer meaningfully controllable.
return mark_sanitized(
""
if getattr(request, "_dont_enforce_csrf_checks", False)
else salted_hmac("Zulip Zoom sid", request.META["CSRF_COOKIE"]).hexdigest()
)