Mercurial > templog

comparison web/secure.py @ 189:101c66da848d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
watcher script
author Matt Johnston <matt@ucc.asn.au>
date Sun, 09 Feb 2014 11:41:13 +0800
parents adbf70d1449f
children 8318d50d766d
comparison
equal deleted inserted replaced
188:ae5efca89001 189:101c66da848d
2 import time 2 import time
3 import fcntl 3 import fcntl
4 import hmac 4 import hmac
5 import binascii 5 import binascii
6 import sys 6 import sys
7 import hashlib
8
9 import bottle
7 10
8 import config 11 import config
9 12
10 __all__ = ["get_csrf_blob", "check_csrf_blob", "setup_csrf"] 13 __all__ = ["get_csrf_blob", "check_csrf_blob", "setup_csrf", "get_user_hash"]
14
15 HASH=hashlib.sha1
11 16
12 def get_user_hash(): 17 def get_user_hash():
13 return "aaa" 18 if bottle.request.environ.get('SSL_CLIENT_VERIFY', '') != 'GENEROUS':
19 return 'FAILVERIFY'
20 blob = bottle.request.environ.get('SSL_CLIENT_CERT')
21 if not blob:
22 return 'NOCERT'
23
24 b64 = ''.join(l for l in blob.split('\n')
25 if not l.startswith('-'))
26
27 return HASH(binascii.a2b_base64(b64)).hexdigest()
14 28
15 def setup_csrf(): 29 def setup_csrf():
16 NONCE_SIZE=16 30 NONCE_SIZE=16
17 global _csrf_fd, _csrf_key 31 global _csrf_fd, _csrf_key
18 _csrf_fd = open('%s/csrf.dat' % config.DATA_PATH, 'r+') 32 _csrf_fd = open('%s/csrf.dat' % config.DATA_PATH, 'r+')