From c35e6d015fca903c82d3d29598d321ea20d52adc Mon Sep 17 00:00:00 2001 From: Quentin Smith Date: Sun, 7 Oct 2007 17:17:25 -0400 Subject: [PATCH] Generate real authentication tokens svn path=/trunk/web/; revision=118 --- templates/main.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/templates/main.py b/templates/main.py index d4ac4e6..7a6ec8b 100755 --- a/templates/main.py +++ b/templates/main.py @@ -5,6 +5,9 @@ import cgi import os import string import subprocess +import time +import cPickle +import base64 print 'Content-Type: text/html\n' sys.stderr = sys.stdout @@ -206,7 +209,20 @@ def vnc(user, fields): machine = testMachineId(user, fields.getfirst('machine_id')) if machine is None: #gave error page already return - token = 'quentin' + + TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN" + + data = {} + data["user"] = user + data["machine"]=machine + data["expires"]=time.time()+(5*60) + pickledData = cPickle.dumps(data) + m = hmac.new(TOKEN_KEY, digestmod=sha) + m.update(pickledData) + token = {'data': pickledData, 'digest': m.digest()} + token = cPickle.dumps(token) + token = base64.urlsafe_b64encode(token) + d = dict(user=user, machine=machine, hostname='localhost', -- 1.7.9.5