How to use the itsdangerous.BadSignature function in itsdangerous
To help you get started, we’ve selected a few itsdangerous examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
Fuyukai / Kyoukai / kyoukai / ext / sessions / sessionhandler.py View on Github 
def _get_id(self, request: Request):
"""
Checks a request for the cookie headers.
"""
cook = request.cookies.get("KySess")
if not cook:
return None
# Load, and unsign.
try:
id = self.signer.unsign(cook)
except itsdangerous.BadSignature:
return None
else:
return iddef get_user_by_token(token: str) -> Optional[User]:
"""Return User using passed token.
:param token: authorization token
:return: User if found or None
"""
serializer = Serializer(AppConfiguration.get('api', 'secret_key'))
try:
data = serializer.loads(token)
except SignatureExpired:
return None # Valid token, but expired
except BadSignature:
return None # Invalid token
return User.query.get(data['id'])def index(app, environ, request):
if request.method == 'POST':
if request.form.getfirst('secret') == app.SECRET:
return 301, '', {
'Location': '/admin/',
'Set-Cookie': setcookie('admin', app.signer.dumps('*'),
max_age=app.MAX_AGE, path='/')}
return 403, '', {}
else:
try:
app.unsign(request.cookies.get('admin', ''))
except (SignatureExpired, BadSignature):
return 200, render('login.mako').encode('utf-8'), {'Content-Type': 'text/html'}
ctx = {'app': app, 'request': request}
return 200, render('admin.mako', **ctx).encode('utf-8'), {'Content-Type': 'text/html'}def send_sms():
token = request.form['token']
place_key = request.form['place']
message = request.form['message']
s = Serializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
except SignatureExpired:
return jsonify(error="Token expired: %s" % token), 400
except BadSignature:
return jsonify(error="Invalid token: %s" % token), 400
scope_in_list = data['scope'] # Get scope from token
if 'send-sms' not in scope_in_list: # TODO Implement a better way to handle this?
return jsonify(error="This token can not be used to send sms."), 403
place = Place.find(key=place_key)
if not place:
return jsonify(error="Invalid place: '%s'" % place_key), 400
phone = data['phone'] # Get phone number of the user who sent the sms to init this request.
user = Member.find(phone=phone)
if user is None: # This is never going to happen. We already checked this in authorize. But still.
return jsonify(error="No user found with %s." % phone), 404
has_permission = rbac.can(user, "write", place) # TODO Change the action to 'send-sms' when its added.def verify_token(token):
s = Serializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (SignatureExpired, BadSignature):
return None
return datadef verify_token(token):
s = Serializer(app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (BadSignature, SignatureExpired):
return None
user = models.User.query.get(data['id'])
return userdef verify_auth_token(token):
s = Serializer(DevelopmentConfig.SECRET_KEY)
try:
data = s.loads(token)
except SignatureExpired:
return None # valid token, but expired
except BadSignature:
return None # invalid token
user = User.query.get(data['user_id'])
return user"""Validate state token returned by authentication."""
try:
# Attempt to decode state
state_token = GENERATOR.loads(
state,
max_age=timedelta(minutes=60).total_seconds()
)
except SignatureExpired:
# Token has expired
report_event('token_expired', {
'state': state
})
abort(400)
except BadSignature:
# Token is not authorized
report_event('token_not_authorized', {
'state': state
})
abort(401)
if state_token != PROJECT_INFO['client_id']:
# Token is not authorized
report_event('token_not_valid', {
'state': state,
'state_token': state_token
})
abort(401)def validate_auth(cls, req):
"""check if auth_enabled and JWT token from request is valid"""
auth_enabled = cls.auth_enabled
if auth_enabled is not None and not auth_enabled():
return True
jwt = req.cookies.get(cls.cookie_name, None)
if jwt is None:
return False
try:
value = cls.serializer.loads(jwt)
return value == cls.token
except BadSignature:
return Falseitsdangerous
Safely pass data to untrusted environments and back.
Package Health Score
92 / 100Popular itsdangerous functions
- itsdangerous.BadData
- itsdangerous.BadSignature
- itsdangerous.base64_decode
- itsdangerous.json
- itsdangerous.json.dump
- itsdangerous.json.dumps
- itsdangerous.json.JSONEncoder
- itsdangerous.json.JSONEncoder.default
- itsdangerous.json.load
- itsdangerous.json.loads
- itsdangerous.JSONWebSignatureSerializer
- itsdangerous.Serializer
- itsdangerous.SignatureExpired
- itsdangerous.Signer
- itsdangerous.simplejson.dumps
- itsdangerous.TimedJSONWebSignatureSerializer
- itsdangerous.TimedSerializer
- itsdangerous.TimestampSigner
- itsdangerous.URLSafeSerializer
- itsdangerous.URLSafeTimedSerializer