Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
assert Token.create(identity, timestamp) == Token.create(identity, timestamp)
assert Token.create(identity, timestamp) != Token.create(identity, timestamp + 1)
cipher_text = Token.create(identity)
assert Token.check(identity, cipher_text) == True
cipher_text = Token.create(identity, timestamp - TOKEN_TIME_OUT)
pytest.raises(TokenTimeout, Token.check, identity, cipher_text)
key = Token.get_key(identity)
aes_obj = AES.new(key, AES.MODE_CBC, key[1:] + 'x')
cipher_text = base64.b16encode(aes_obj.encrypt('error timestamp '))
pytest.raises(TokenInvalid, Token.check, identity, cipher_text)
Token.get_key.return_value = 't' * 16
pytest.raises(TokenInvalid, Token.check, identity, cipher_text)
# error key
Token.get_key.return_value = 'p' * 13
pytest.raises(TokenKeyInvalid, Token.create, identity)
pytest.raises(TokenKeyInvalid, Token.check, identity, cipher_text)
def check(self, identity, cipher_text):
"""Check Token is valid or invalid.
:param str identity: Username or App Id
:param str cipher_text: Token value
:return: bool. Token Valid or Invalid
:raise TokenInvalid: Token invalid
:raise TokenKeyInvalid: Key must be 16 bytes long
:raise TokenTimeout: Token time out
"""
if len(cipher_text) % 16 != 0:
raise TokenInvalid('Token must be a multiple of 16 in length')
key = self.__key_provider(identity)
try:
aes_obj = AES.new(key, AES.MODE_CBC, key[1:] + 'x')
except ValueError:
raise TokenKeyInvalid('Key must be 16 bytes long')
try:
byte_text = aes_obj.decrypt(base64.b16decode(cipher_text, True)).rstrip(b'\x00')
plaintext = byte_text[: -16]
except binascii.Error: # base64 raise
raise TokenInvalid('Token invalid')
try:
# check time
if time.time() - int(plaintext) > TOKEN_TIME_OUT:
raise TokenTimeout('Token time out')
except ValueError:
raise TokenInvalid('Token invalid, must be timestamp')
key = self.__key_provider(identity)
try:
aes_obj = AES.new(key, AES.MODE_CBC, key[1:] + 'x')
except ValueError:
raise TokenKeyInvalid('Key must be 16 bytes long')
try:
byte_text = aes_obj.decrypt(base64.b16decode(cipher_text, True)).rstrip(b'\x00')
plaintext = byte_text[: -16]
except binascii.Error: # base64 raise
raise TokenInvalid('Token invalid')
try:
# check time
if time.time() - int(plaintext) > TOKEN_TIME_OUT:
raise TokenTimeout('Token time out')
except ValueError:
raise TokenInvalid('Token invalid, must be timestamp')
return True
:raise TokenInvalid: Token invalid
:raise TokenKeyInvalid: Key must be 16 bytes long
:raise TokenTimeout: Token time out
"""
if len(cipher_text) % 16 != 0:
raise TokenInvalid('Token must be a multiple of 16 in length')
key = self.__key_provider(identity)
try:
aes_obj = AES.new(key, AES.MODE_CBC, key[1:] + 'x')
except ValueError:
raise TokenKeyInvalid('Key must be 16 bytes long')
try:
byte_text = aes_obj.decrypt(base64.b16decode(cipher_text, True)).rstrip(b'\x00')
plaintext = byte_text[: -16]
except binascii.Error: # base64 raise
raise TokenInvalid('Token invalid')
try:
# check time
if time.time() - int(plaintext) > TOKEN_TIME_OUT:
raise TokenTimeout('Token time out')
except ValueError:
raise TokenInvalid('Token invalid, must be timestamp')
return True