projects / invirt/packages/invirt-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Generate real authentication tokens
[invirt/packages/invirt-web.git] / templates / main.py
diff --git a/templates/main.py b/templates/main.py
index d4ac4e6..7a6ec8b 100755 (executable)
--- a/templates/main.py
+++ b/templates/main.py
@@ -5,6 +5,9 @@ import cgi
 import os
 import string
 import subprocess
+import time
+import cPickle
+import base64
 
 print 'Content-Type: text/html\n'
 sys.stderr = sys.stdout
@@ -206,7 +209,20 @@ def vnc(user, fields):
     machine = testMachineId(user, fields.getfirst('machine_id'))
     if machine is None: #gave error page already
         return
-    token = 'quentin'
+    
+    TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN"
+
+    data = {}
+    data["user"] = user
+    data["machine"]=machine
+    data["expires"]=time.time()+(5*60)
+    pickledData = cPickle.dumps(data)
+    m = hmac.new(TOKEN_KEY, digestmod=sha)
+    m.update(pickledData)
+    token = {'data': pickledData, 'digest': m.digest()}
+    token = cPickle.dumps(token)
+    token = base64.urlsafe_b64encode(token)
+    
     d = dict(user=user,
              machine=machine,
              hostname='localhost',
Unnamed repository; edit this file 'description' to name the repository.