flask.sessions BadSignature Example Code
BadSignature is a class within the flask.sessions module of the Flask project.
Example 1 from FlaskBB
FlaskBB (project website) is a Flask-based forum web application. The web app allows users to chat in an open message board or send private messages in plain text or Markdown.
FlaskBB is provided as open source under this license.
FlaskBB / flaskbb / tokens / serializer.py
# serializer.py
from datetime import timedelta
from itsdangerous import (BadData, BadSignature, SignatureExpired,
TimedJSONWebSignatureSerializer)
from ..core import tokens
_DEFAULT_EXPIRY = timedelta(hours=1)
class FlaskBBTokenSerializer(tokens.TokenSerializer):
def __init__(self, secret_key, expiry=_DEFAULT_EXPIRY):
self._serializer = TimedJSONWebSignatureSerializer(
secret_key, int(expiry.total_seconds())
)
def dumps(self, token):
return self._serializer.dumps(
{
'id': token.user_id,
'op': token.operation,
}
)
def loads(self, raw_token):
try:
parsed = self._serializer.loads(raw_token)
except SignatureExpired:
raise tokens.TokenError.expired()
except BadSignature: # pragma: no branch
raise tokens.TokenError.invalid()
except BadData: # pragma: no cover
raise tokens.TokenError.bad()
else:
return tokens.Token(user_id=parsed['id'], operation=parsed['op'])
## ... source file continues with no further BadSignature examples...
Example 2 from flask-base
flask-base (project documentation) provides boilerplate code for new Flask web apps. The purpose of the boilerplate is to stitch together disparate libraries that are commonly used in Flask projects, such as Redis for fast caching and transient data storage, SendGrid for transactional email, SQLAlchemy for persistent data storage through a relational database backend, Flask-WTF for form handling and many others.
flask-base is provided as open source under the MIT license.
flask-base / app / models / user.py
# user.py
from flask import current_app
from flask_login import AnonymousUserMixin, UserMixin
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
from itsdangerous import BadSignature, SignatureExpired
from werkzeug.security import check_password_hash, generate_password_hash
from .. import db, login_manager
class Permission:
GENERAL = 0x01
ADMINISTER = 0xff
class Role(db.Model):
__tablename__ = 'roles'
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(64), unique=True)
index = db.Column(db.String(64))
default = db.Column(db.Boolean, default=False, index=True)
permissions = db.Column(db.Integer)
users = db.relationship('User', backref='role', lazy='dynamic')
@staticmethod
def insert_roles():
roles = {
'User': (Permission.GENERAL, 'main', True),
'Administrator': (
## ... source file abbreviated to get to BadSignature examples ...
@password.setter
def password(self, password):
self.password_hash = generate_password_hash(password)
def verify_password(self, password):
return check_password_hash(self.password_hash, password)
def generate_confirmation_token(self, expiration=604800):
s = Serializer(current_app.config['SECRET_KEY'], expiration)
return s.dumps({'confirm': self.id})
def generate_email_change_token(self, new_email, expiration=3600):
s = Serializer(current_app.config['SECRET_KEY'], expiration)
return s.dumps({'change_email': self.id, 'new_email': new_email})
def generate_password_reset_token(self, expiration=3600):
s = Serializer(current_app.config['SECRET_KEY'], expiration)
return s.dumps({'reset': self.id})
def confirm_account(self, token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return False
if data.get('confirm') != self.id:
return False
self.confirmed = True
db.session.add(self)
db.session.commit()
return True
def change_email(self, token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return False
if data.get('change_email') != self.id:
return False
new_email = data.get('new_email')
if new_email is None:
return False
if self.query.filter_by(email=new_email).first() is not None:
return False
self.email = new_email
db.session.add(self)
db.session.commit()
return True
def reset_password(self, token, new_password):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return False
if data.get('reset') != self.id:
return False
self.password = new_password
db.session.add(self)
db.session.commit()
return True
@staticmethod
def generate_fake(count=100, **kwargs):
from sqlalchemy.exc import IntegrityError
from random import seed, choice
from faker import Faker
fake = Faker()
roles = Role.query.all()
seed()
for i in range(count):
u = User(
first_name=fake.first_name(),
last_name=fake.last_name(),
email=fake.email(),
password='password',
## ... source file continues with no further BadSignature examples...
Example 3 from Flask-Security-Too
Flask-Security-Too (PyPi page and project documentation) is a maintained fork of the original Flask-Security project that makes it easier to add common security features to Flask web applications. A few of the critical goals of the Flask-Security-Too project are ensuring JavaScript client-based single-page applications (SPAs) can work securely with Flask-based backends and that guidance by the OWASP organization is followed by default.
The Flask-Security-Too project is provided as open source under the MIT license.
Flask-Security-Too / flask_security / utils.py
# utils.py
import abc
import base64
import datetime
from functools import partial
import hashlib
import hmac
import time
from typing import Dict, List
import warnings
from datetime import timedelta
from urllib.parse import parse_qsl, parse_qs, urlsplit, urlunsplit, urlencode
import urllib.request
import urllib.error
from flask import _request_ctx_stack, current_app, flash, g, request, session, url_for
from flask.json import JSONEncoder
from flask_login import login_user as _login_user
from flask_login import logout_user as _logout_user
from flask_login import current_user
from flask_login import COOKIE_NAME as REMEMBER_COOKIE_NAME
from flask_principal import AnonymousIdentity, Identity, identity_changed, Need
from flask_wtf import csrf
from wtforms import validators, ValidationError
from itsdangerous import BadSignature, SignatureExpired
from speaklater import is_lazy_string
from werkzeug.local import LocalProxy
from werkzeug.datastructures import MultiDict
from .quart_compat import best
from .signals import user_authenticated
_security = LocalProxy(lambda: current_app.extensions["security"])
_datastore = LocalProxy(lambda: _security.datastore)
_pwd_context = LocalProxy(lambda: _security.pwd_context)
_hashing_context = LocalProxy(lambda: _security.hashing_context)
localize_callback = LocalProxy(lambda: _security.i18n_domain.gettext)
FsPermNeed = partial(Need, "fsperm")
FsPermNeed.__doc__ = """A need with the method preset to `"fsperm"`."""
def _(translate):
return translate
## ... source file abbreviated to get to BadSignature examples ...
if config_value("EMAIL_PLAINTEXT"):
body = _security.render_template("%s/%s.txt" % ctx, **context)
if config_value("EMAIL_HTML"):
html = _security.render_template("%s/%s.html" % ctx, **context)
sender = _security.email_sender
if isinstance(sender, LocalProxy):
sender = sender._get_current_object()
_security._mail_util.send_mail(
template, subject, recipient, str(sender), body, html, context.get("user", None)
)
def get_token_status(token, serializer, max_age=None, return_data=False):
serializer = getattr(_security, serializer + "_serializer")
max_age = get_max_age(max_age)
user, data = None, None
expired, invalid = False, False
try:
data = serializer.loads(token, max_age=max_age)
except SignatureExpired:
d, data = serializer.loads_unsafe(token)
expired = True
except (BadSignature, TypeError, ValueError):
invalid = True
if data:
user = _datastore.find_user(fs_uniquifier=data[0])
expired = expired and (user is not None)
if return_data:
return expired, invalid, user, data
else:
return expired, invalid, user
def check_and_get_token_status(token, serializer, within=None):
serializer = getattr(_security, serializer + "_serializer")
max_age = within.total_seconds()
data = None
expired, invalid = False, False
try:
data = serializer.loads(token, max_age=max_age)
except SignatureExpired:
d, data = serializer.loads_unsafe(token)
expired = True
except (BadSignature, TypeError, ValueError):
invalid = True
return expired, invalid, data
def get_identity_attributes(app=None) -> List:
app = app or current_app
iattrs = app.config["SECURITY_USER_IDENTITY_ATTRIBUTES"]
if iattrs:
return [[*f][0] for f in iattrs]
return []
def get_identity_attribute(attr, app=None) -> Dict:
app = app or current_app
iattrs = app.config["SECURITY_USER_IDENTITY_ATTRIBUTES"]
if iattrs:
details = [
mapping[attr] for mapping in iattrs if list(mapping.keys())[0] == attr
]
if details:
return details[0]
return {}
## ... source file continues with no further BadSignature examples...
Sponsored By
Software errors are inevitable. Chaos is not. Try Sentry for free.
1. Introduction
2. Development Environments
3. Data
4. Web Development
5. Deployment
6. DevOps
Changelog
What Full Stack Means
About the Author
Future Directions
Page Statuses
Flask ExtensionsFlask Example Codeflask.app BadRequestflask.app Flaskflask.app Headersflask.blueprints Blueprintflask.cli FlaskGroupflask.cli ScriptInfoflask redirectflask.cli with_appcontextflask.ctx after_this_requestflask.ctx has_app_contextflask.ctx has_request_contextflask.globals current_appflask requestflask.globals gflask.globals requestflask.globals sessionflask.helpers flashflask.helpers make_responseflask.helpers send_fileflask.helpers url_forflask.json JSONEncoderflask.json jsonifyflask.sessions BadSignatureflask.sessions SessionInterfaceflask.sessions SessionMixinflask.signals Namespaceflask.signals got_request_exceptionflask.templating render_templateflask.templating render_template_stringflask.views MethodViewflask.views Viewflask.views http_method_funcsflask_sqlalchemy.SQLAlchemy Model ...or view the full table of contents.
Full Stack Python
Full Stack Python
is an open book that explains concepts in plain language and provides
helpful resources for those topics.
Updates via Twitter & Facebook.
Updates via Twitter & Facebook.