sindre
/
Beelance
關注 1
收藏 0
複製 0
程式碼 問題 6 合併請求 0 版本發佈 0 Wiki 活動
瀏覽代碼

hash match

https
jakobsn 6 年之前
父節點
88667a300a
當前提交
6d0415f89e
共有 1 個檔案被更改,包括 39 行新增9 行删除
統一視圖
Diff Options
Show Stats Download Patch File Download Diff File
  1. +39
    -9
      src/app/views/login.py

+ 39
- 9
src/app/views/login.py 查看文件

@@ -4,6 +4,7 @@ import models.login
from views.utils import get_nav_bar from views.utils import get_nav_bar
import os, hmac, base64, pickle, hashlib import os, hmac, base64, pickle, hashlib
from io import StringIO from io import StringIO
from deepdiff import DeepDiff


# Get html templates # Get html templates
render = web.template.render('templates/') render = web.template.render('templates/')
@@ -23,13 +24,34 @@ class Login():
:return: The login page showing other users if logged in :return: The login page showing other users if logged in
""" """
session = web.ctx.session session = web.ctx.session

# If the user selected 'remember me' they log in automatically
try:
print("secret" ,self.secret)
cookies = web.cookies()
print("cookie", cookies)
remember_hash = bytes(cookies.remember[2:][:-1], 'ascii')
print("remember_hash")
print(remember_hash)
print(remember_hash == b'gANdcQAoWCAAAAAxN2UxZWJmOGJiODhkNzdmZWNjM2E5MmYxMTFkMjU4OHEBWAUAAABhZG1pbnECZS4=')

encode = base64.b64decode(remember_hash)
print("dencode", encode)

username, sign = pickle.loads(encode)


if self.sign_username(username) == sign:
print("HASH MATCH")
except Exception as e:
raise e

if session.username: if session.username:
friends = models.login.get_users() friends = models.login.get_users()
else: else:
friends = [[],[]] friends = [[],[]]
nav = get_nav_bar(session) nav = get_nav_bar(session)
if 1 == 1:
print(web.cookies())



return render.login(nav, login_form, friends) return render.login(nav, login_form, friends)


@@ -48,8 +70,14 @@ class Login():
session.username = user[0][1] session.username = user[0][1]
session.userid = user[0][0] session.userid = user[0][0]
print('remember me') print('remember me')
web.setcookie('remember', self.rememberme())
remember = self.rememberme()
web.setcookie('remember', remember , 12000000)
print("equal at start?", remember == b'gANdcQAoWCAAAAAxN2UxZWJmOGJiODhkNzdmZWNjM2E5MmYxMTFkMjU4OHEBWAUAAABhZG1pbnECZS4=')
cookies = web.cookies()
print("equal at start?", cookies.remember == b'gANdcQAoWCAAAAAxN2UxZWJmOGJiODhkNzdmZWNjM2E5MmYxMTFkMjU4OHEBWAUAAABhZG1pbnECZS4=')
print(remember)
print(cookies.remember)
print(DeepDiff(remember, cookies.remember, 'ascii'))
else: else:
friends = [[],[]] friends = [[],[]]
nav = get_nav_bar(session) nav = get_nav_bar(session)
@@ -57,8 +85,9 @@ class Login():


def rememberme(self): def rememberme(self):
session = web.ctx.session session = web.ctx.session
creds = [session.username , self.sign() ]
creds = [ session.username, self.sign() ]
print(creds) print(creds)
print("save", base64.b64encode(pickle.dumps(creds)))
return base64.b64encode(pickle.dumps(creds)) return base64.b64encode(pickle.dumps(creds))


def sign(self): def sign(self):
@@ -68,17 +97,18 @@ class Login():
@classmethod @classmethod
def sign_username(self, username): def sign_username(self, username):
secret = base64.b64decode(self.secret) secret = base64.b64decode(self.secret)
print(secret)
print(username) print(username)
return hmac.HMAC(secret, username.encode('utf-8')).hexdigest()
return hmac.HMAC(secret, username.encode('ascii')).hexdigest()
@classmethod @classmethod
def valid_rememberme(self, cookie): def valid_rememberme(self, cookie):
userame, userid, sign = pickle.load(StringIO.StringIO(base64.b64decode(cookie)))
if User.sign_username(user) == sign:
userame, sign = pickle.load(StringIO(base64.b64decode(cookie)))
if self.sign_username(user) == sign:
return True return True
return False return False
@classmethod @classmethod
def from_rememberme(self, cookie): def from_rememberme(self, cookie):
user, sign= pickle.load(StringIO.StringIO(base64.b64decode(cookie)))
user, sign= pickle.load(StringIO(base64.b64decode(cookie)))
return user return user

Write Preview
Loading…
取消
儲存