From: Quentin Smith <quentin@mit.edu>
Date: Sun, 7 Oct 2007 21:17:25 +0000 (-0400)
Subject: Generate real authentication tokens
X-Git-Tag: sipb-xen-www/1~91
X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/commitdiff_plain/c35e6d015fca903c82d3d29598d321ea20d52adc?ds=sidebyside

Generate real authentication tokens

svn path=/trunk/web/; revision=118
---

diff --git a/templates/main.py b/templates/main.py
index d4ac4e6..7a6ec8b 100755
--- a/templates/main.py
+++ b/templates/main.py
@@ -5,6 +5,9 @@ import cgi
 import os
 import string
 import subprocess
+import time
+import cPickle
+import base64
 
 print 'Content-Type: text/html\n'
 sys.stderr = sys.stdout
@@ -206,7 +209,20 @@ def vnc(user, fields):
     machine = testMachineId(user, fields.getfirst('machine_id'))
     if machine is None: #gave error page already
         return
-    token = 'quentin'
+    
+    TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN"
+
+    data = {}
+    data["user"] = user
+    data["machine"]=machine
+    data["expires"]=time.time()+(5*60)
+    pickledData = cPickle.dumps(data)
+    m = hmac.new(TOKEN_KEY, digestmod=sha)
+    m.update(pickledData)
+    token = {'data': pickledData, 'digest': m.digest()}
+    token = cPickle.dumps(token)
+    token = base64.urlsafe_b64encode(token)
+    
     d = dict(user=user,
              machine=machine,
              hostname='localhost',