Mercurial > p > roundup > code
view website/issues/extensions/timestamp.py @ 7809:be6cb2e0d471
feat: add support for rotating jwt keys
This allows jwt_secret to have multiple ',' separated secrets. The
first/leftmost should be used to sign new JWTs. All of them are used
(starting from left/newest) to try to verify a JWT.
If the first secret is < 32 chars in length JWTs are disabled. If any
of the other secrets are < 32 chars, the configuration code causes the
software to exit. This prevents insecure (too short) secrets from
being used.
Updated doc examples and tests.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 14 Mar 2024 19:04:19 -0400 |
| parents | 35ea9b1efc14 |
| children |
line wrap: on
line source
import time, struct, base64 from roundup.cgi.actions import RegisterAction from roundup.cgi.exceptions import * def timestamp(): return base64.encodestring(struct.pack("i", time.time())).strip() def unpack_timestamp(s): return struct.unpack("i",base64.decodestring(s))[0] class Timestamped: def check(self): try: created = unpack_timestamp(self.form['opaque'].value) except KeyError: raise FormError("somebody tampered with the form") if time.time() - created < 4: raise FormError("responding to the form too quickly") return True class TimestampedRegister(Timestamped, RegisterAction): def permission(self): self.check() RegisterAction.permission(self) def init(instance): instance.registerUtil('timestamp', timestamp) instance.registerAction('register', TimestampedRegister)