1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2013 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
25 from mediagoblin
import mg_globals
27 _log
= logging
.getLogger(__name__
)
29 # produces base64 alphabet
30 alphabet
= string
.ascii_letters
+ "-_"
33 # Use the system (hardware-based) random number generator if it exists.
34 # -- this optimization is lifted from Django
36 getrandbits
= random
.SystemRandom().getrandbits
37 except AttributeError:
38 getrandbits
= random
.getrandbits
44 def load_key(filename
):
46 key_file
= open(filename
)
48 __itsda_secret
= key_file
.read()
53 def create_key(key_dir
, key_filepath
):
55 old_umask
= os
.umask(077)
58 if not os
.path
.isdir(key_dir
):
60 _log
.info("Created %s", key_dir
)
61 key
= str(getrandbits(192))
62 key_file
= tempfile
.NamedTemporaryFile(dir=key_dir
, suffix
='.bin',
66 os
.rename(key_file
.name
, key_filepath
)
70 if (key_file
is not None) and (not key_file
.closed
):
72 os
.unlink(key_file
.name
)
74 _log
.info("Saved new key for It's Dangerous")
79 key_dir
= mg_globals
.app_config
["crypto_path"]
80 key_filepath
= os
.path
.join(key_dir
, 'itsdangeroussecret.bin')
82 load_key(key_filepath
)
83 except IOError, error
:
84 if error
.errno
!= errno
.ENOENT
:
86 create_key(key_dir
, key_filepath
)
89 def get_timed_signer_url(namespace
):
91 This gives a basic signing/verifying object.
93 The namespace makes sure signed tokens can't be used in
94 a different area. Like using a forgot-password-token as
99 .. code-block:: python
102 TOKEN_VALID_DAYS = 10
105 _signer = get_timed_signer_url("session cookie")
106 def create_token(obj):
107 return _signer.dumps(obj)
108 def parse_token(token):
109 # This might raise an exception in case
110 # of an invalid token, or an expired token.
111 return _signer.loads(token, max_age=TOKEN_VALID_DAYS*24*3600)
114 http://pythonhosted.org/itsdangerous/#itsdangerous.URLSafeTimedSerializer
116 assert __itsda_secret
is not None
117 return itsdangerous
.URLSafeTimedSerializer(__itsda_secret
,
120 def random_string(length
):
121 """ Returns a URL safe base64 encoded crypographically strong string """
123 for i
in range(length
):
124 n
= getrandbits(6) # 6 bytes = 2^6 = 64
125 n
= divmod(n
, base
)[1]
126 rstring
+= alphabet
[n
]