Trees       Indices       Help   
Package oauth2client :: Module xsrfutil
[hide private]
[frames] | no frames]

Module xsrfutil

source code

Helper methods for creating & verifying XSRF tokens.
Authors:
"Doug Coker" <dcoker@google.com>, "Joe Gregorio" <jcgregorio@google.com>
Functions [hide private]
 
generate_token(key, user_id, action_id="", when=None)
Generates a URL-safe token for the given user, action, time tuple.		 source code
 
validate_token(key, token, user_id, action_id="", current_time=None)
Validates that the given token authorizes the user for the action.		 source code
Variables [hide private]
  DELIMITER = ':'
  DEFAULT_TIMEOUT_SECS = 1* 60* 60
Function Details [hide private]

generate_token(key, user_id, action_id="", when=None)

source code  
Generates a URL-safe token for the given user, action, time tuple.

Args:
  key: secret key to use.
  user_id: the user ID of the authenticated user.
  action_id: a string identifier of the action they requested
    authorization for.
  when: the time in seconds since the epoch at which the user was
    authorized for this action. If not set the current time is used.

Returns:
  A string XSRF protection token.
Decorators:
  • @util.positional(2)

validate_token(key, token, user_id, action_id="", current_time=None)

source code  
Validates that the given token authorizes the user for the action.

Tokens are invalid if the time of issue is too old or if the token
does not match what generateToken outputs (i.e. the token was forged).

Args:
  key: secret key to use.
  token: a string of the token generated by generateToken.
  user_id: the user ID of the authenticated user.
  action_id: a string identifier of the action they requested
    authorization for.

Returns:
  A boolean - True if the user is authorized for the action, False
  otherwise.
Decorators:
  • @util.positional(3)

   Trees       Indices       Help   
Generated by Epydoc 3.0.1 on Tue Aug 6 12:16:42 2013 http://epydoc.sourceforge.net