heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Docs for get_timed_signer_url.

Browse Source
This commit is contained in:
Elrond 2013-03-22 19:09:19 +01:00
parent 5907154a59
commit 5a8aae3aba
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
mediagoblin/tools/crypto.py
View File

@ -50,6 +50,32 @@ def setup_crypto():
def get_timed_signer_url(namespace): def get_timed_signer_url(namespace):
"""
This gives a basic signing/verifying object.
The namespace makes sure signed tokens can't be used in
a different area. Like using a forgot-password-token as
a session cookie.
Basic usage:
.. code-block:: python
_signer = None
TOKEN_VALID_DAYS = 10
def setup():
global _signer
_signer = get_timed_signer_url("session cookie")
def create_token(obj):
return _signer.dumps(obj)
def parse_token(token):
# This might raise an exception in case
# of an invalid token, or an expired token.
return _signer.loads(token, max_age=TOKEN_VALID_DAYS*24*3600)
For more details see
http://pythonhosted.org/itsdangerous/#itsdangerous.URLSafeTimedSerializer
"""
assert __itsda_secret is not None assert __itsda_secret is not None
return itsdangerous.URLSafeTimedSerializer(__itsda_secret, return itsdangerous.URLSafeTimedSerializer(__itsda_secret,
salt=namespace) salt=namespace)