Server IP : 85.214.239.14 / Your IP : 3.133.135.247 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /proc/3/task/3/root/proc/3/root/lib/python3/dist-packages/pyzor/ |
Upload File : |
"""A collection of utilities that facilitate working with Pyzor accounts. Note that accounts are not necessary (on the client or server), as an "anonymous" account always exists.""" import time import hashlib import pyzor def sign_msg(hashed_key, timestamp, msg, hash_=hashlib.sha1): """Converts the key, timestamp (epoch seconds), and msg into a digest. lower(H(H(M) + ':' T + ':' + K)) M is message T is integer epoch timestamp K is hashed_key H is the hash function (currently SHA1) """ msg = msg.as_string().strip().encode("utf8") digest = hash_() digest.update(hash_(msg).digest()) digest.update((":%d:%s" % (timestamp, hashed_key)).encode("utf8")) return digest.hexdigest().lower() def hash_key(key, user, hash_=hashlib.sha1): """Returns the hash key for this username and password. lower(H(U + ':' + lower(K))) K is key (hex string) U is username H is the hash function (currently SHA1) """ result = ("%s:%s" % (user, key.lower())).encode("utf8") return hash_(result).hexdigest().lower() def verify_signature(msg, user_key): """Verify that the provided message is correctly signed. The message must have "User", "Time", and "Sig" headers. If the signature is valid, then the function returns normally. If the signature is not valid, then a pyzor.SignatureError() exception is raised.""" timestamp = int(msg["Time"]) user = msg["User"] provided_signature = msg["Sig"] # Check that this signature is not too old. if abs(time.time() - timestamp) > pyzor.MAX_TIMESTAMP_DIFFERENCE: raise pyzor.SignatureError("Timestamp not within allowed range.") # Calculate what the correct signature is. hashed_user_key = hash_key(user_key, user) # The signature is not part of the message that is signed. del msg["Sig"] correct_signature = sign_msg(hashed_user_key, timestamp, msg) if correct_signature != provided_signature: raise pyzor.SignatureError("Invalid signature.") class Account(object): def __init__(self, username, salt, key): self.username = username self.salt = salt self.key = key def key_from_hexstr(s): try: salt, key = s.split(",") except ValueError: raise ValueError("Invalid number of parts for key; perhaps you " "forgot the comma at the beginning for the " "salt divider?") return salt, key AnonymousAccount = Account(pyzor.anonymous_user, None, "")