1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2013 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 from mediagoblin
import mg_globals
25 _log
= logging
.getLogger(__name__
)
28 # Use the system (hardware-based) random number generator if it exists.
29 # -- this optimization is lifted from Django
31 getrandbits
= random
.SystemRandom().getrandbits
32 except AttributeError:
33 getrandbits
= random
.getrandbits
39 def load_key(filename
):
41 key_file
= open(filename
)
43 __itsda_secret
= key_file
.read()
48 def create_key(key_dir
, key_filepath
):
50 old_umask
= os
.umask(077)
53 if not os
.path
.isdir(key_dir
):
55 _log
.info("Created %s", key_dir
)
56 key
= str(getrandbits(192))
57 key_file
= tempfile
.NamedTemporaryFile(dir=key_dir
, suffix
='.bin',
61 os
.rename(key_file
.name
, key_filepath
)
65 if (key_file
is not None) and (not key_file
.closed
):
67 os
.unlink(key_file
.name
)
69 _log
.info("Saved new key for It's Dangerous")
74 key_dir
= mg_globals
.app_config
["crypto_path"]
75 key_filepath
= os
.path
.join(key_dir
, 'itsdangeroussecret.bin')
77 load_key(key_filepath
)
78 except IOError, error
:
79 if error
.errno
!= errno
.ENOENT
:
81 create_key(key_dir
, key_filepath
)
84 def get_timed_signer_url(namespace
):
86 This gives a basic signing/verifying object.
88 The namespace makes sure signed tokens can't be used in
89 a different area. Like using a forgot-password-token as
94 .. code-block:: python
100 _signer = get_timed_signer_url("session cookie")
101 def create_token(obj):
102 return _signer.dumps(obj)
103 def parse_token(token):
104 # This might raise an exception in case
105 # of an invalid token, or an expired token.
106 return _signer.loads(token, max_age=TOKEN_VALID_DAYS*24*3600)
109 http://pythonhosted.org/itsdangerous/#itsdangerous.URLSafeTimedSerializer
111 assert __itsda_secret
is not None
112 return itsdangerous
.URLSafeTimedSerializer(__itsda_secret
,