From c35e6d015fca903c82d3d29598d321ea20d52adc Mon Sep 17 00:00:00 2001
From: Quentin Smith <quentin@mit.edu>
Date: Sun, 7 Oct 2007 17:17:25 -0400
Subject: [PATCH] Generate real authentication tokens

svn path=/trunk/web/; revision=118
---
 templates/main.py |   18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/templates/main.py b/templates/main.py
index d4ac4e6..7a6ec8b 100755
--- a/templates/main.py
+++ b/templates/main.py
@@ -5,6 +5,9 @@ import cgi
 import os
 import string
 import subprocess
+import time
+import cPickle
+import base64
 
 print 'Content-Type: text/html\n'
 sys.stderr = sys.stdout
@@ -206,7 +209,20 @@ def vnc(user, fields):
     machine = testMachineId(user, fields.getfirst('machine_id'))
     if machine is None: #gave error page already
         return
-    token = 'quentin'
+    
+    TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN"
+
+    data = {}
+    data["user"] = user
+    data["machine"]=machine
+    data["expires"]=time.time()+(5*60)
+    pickledData = cPickle.dumps(data)
+    m = hmac.new(TOKEN_KEY, digestmod=sha)
+    m.update(pickledData)
+    token = {'data': pickledData, 'digest': m.digest()}
+    token = cPickle.dumps(token)
+    token = base64.urlsafe_b64encode(token)
+    
     d = dict(user=user,
              machine=machine,
              hostname='localhost',
-- 
1.7.9.5