Nicer local token generation.

No more +, / or = characters.
2016-06-01 14:18:00 +02:00
parent 3a06e02b4d
commit 4aa44c42c8
1 changed files with 23 additions and 8 deletions
--- a/pillar/application/modules/local_auth.py
+++ b/pillar/application/modules/local_auth.py
@@ -2,7 +2,7 @@ import base64
 import datetime
 import hashlib
 import logging
-import rsa
+import rsa.randnum
 import bcrypt
 from bson import tz_util
 from eve.methods.post import post_internal
@@ -64,13 +64,28 @@ def make_token():
    hashed_password = hash_password(password, salt)
    if hashed_password != credentials['token']:
        return abort(403)
-    # Generate Token
+
-    token = base64.b64encode(rsa.randnum.read_random_bits(256))
+    token = generate_and_store_token(user['_id'])
-    # TODO look into alternative implementations
+    return jsonify(token=token['token'])
-    token_expiry = datetime.datetime.now(tz=tz_util.utc) + datetime.timedelta(
+
-        days=15)
+
-    store_token(user['_id'], token, token_expiry)
+def generate_and_store_token(user_id, days=15, prefix=''):
-    return jsonify(token=token)
+    """Generates token based on random bits.
    :param user_id: ObjectId of the owning user.
    :param days: token will expire in this many days.
    :param prefix: the token will be prefixed by this string, for easy identification.
    :return: the token document.
    """
    random_bits = rsa.randnum.read_random_bits(256)
    # Use 'xy' as altargs to prevent + and / characters from appearing.
    # We never have to b64decode the string anyway.
    token = prefix + base64.b64encode(random_bits, altchars='xy').strip('=')
    token_expiry = datetime.datetime.now(tz=tz_util.utc) + datetime.timedelta(days=days)
    return store_token(user_id, token, token_expiry)
 def hash_password(password, salt):