Mercurial > p > roundup > code
view roundup/cgi/timestamp.py @ 7809:be6cb2e0d471
feat: add support for rotating jwt keys
This allows jwt_secret to have multiple ',' separated secrets. The
first/leftmost should be used to sign new JWTs. All of them are used
(starting from left/newest) to try to verify a JWT.
If the first secret is < 32 chars in length JWTs are disabled. If any
of the other secrets are < 32 chars, the configuration code causes the
software to exit. This prevents insecure (too short) secrets from
being used.
Updated doc examples and tests.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 14 Mar 2024 19:04:19 -0400 |
| parents | 216662fbaaee |
| children |
line wrap: on
line source
'''Set of functions of adding/checking timestamp to be used to limit form submission for cgi actions. ''' import base64 import binascii import struct import time from roundup.cgi.exceptions import FormError from roundup.i18n import _ from roundup.anypy.strings import b2s, s2b def pack_timestamp(): return b2s(base64.b64encode(struct.pack("i", int(time.time()))).strip()) def unpack_timestamp(s): try: timestamp = struct.unpack("i", base64.b64decode(s2b(s)))[0] except (struct.error, binascii.Error, TypeError): raise FormError(_("Form is corrupted.")) return timestamp class Timestamped: def timecheck(self, field, delay): try: created = unpack_timestamp(self.form[field].value) except KeyError: raise FormError(_("Form is corrupted, missing: %s.") % field) if time.time() - created < delay: raise FormError(_("Responding to form too quickly.")) return True