blob: 8a344969b75cbbcf1759c84ba3478f7863d4fcca [file] [log] [blame]
<?xml version="1.0" encoding="ascii"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>oauth2client.xsrfutil</title>
<link rel="stylesheet" href="epydoc.css" type="text/css" />
<script type="text/javascript" src="epydoc.js"></script>
</head>
<body bgcolor="white" text="black" link="blue" vlink="#204080"
alink="#204080">
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
bgcolor="#a0c0ff" cellspacing="0">
<tr valign="middle">
<!-- Tree link -->
<th>&nbsp;&nbsp;&nbsp;<a
href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>
<!-- Index link -->
<th>&nbsp;&nbsp;&nbsp;<a
href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>
<!-- Help link -->
<th>&nbsp;&nbsp;&nbsp;<a
href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>
<th class="navbar" width="100%"></th>
</tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0">
<tr valign="top">
<td width="100%">
<span class="breadcrumbs">
<a href="oauth2client-module.html">Package&nbsp;oauth2client</a> ::
Module&nbsp;xsrfutil
</span>
</td>
<td>
<table cellpadding="0" cellspacing="0">
<!-- hide/show private -->
<tr><td align="right"><span class="options">[<a href="javascript:void(0);" class="privatelink"
onclick="toggle_private();">hide&nbsp;private</a>]</span></td></tr>
<tr><td align="right"><span class="options"
>[<a href="frames.html" target="_top">frames</a
>]&nbsp;|&nbsp;<a href="oauth2client.xsrfutil-module.html"
target="_top">no&nbsp;frames</a>]</span></td></tr>
</table>
</td>
</tr>
</table>
<!-- ==================== MODULE DESCRIPTION ==================== -->
<h1 class="epydoc">Module xsrfutil</h1><p class="nomargin-top"><span class="codelink"><a href="oauth2client.xsrfutil-pysrc.html">source&nbsp;code</a></span></p>
<pre class="literalblock">
Helper methods for creating &amp; verifying XSRF tokens.
</pre>
<hr />
<div class="fields"> <dl><dt>Authors:</dt>
<dd>
&quot;Doug Coker&quot; &lt;dcoker@google.com&gt;,
&quot;Joe Gregorio&quot; &lt;jcgregorio@google.com&gt;
</dd>
</dl>
</div><!-- ==================== FUNCTIONS ==================== -->
<a name="section-Functions"></a>
<table class="summary" border="1" cellpadding="3"
cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
<td colspan="2" class="table-header">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr valign="top">
<td align="left"><span class="table-header">Functions</span></td>
<td align="right" valign="top"
><span class="options">[<a href="#section-Functions"
class="privatelink" onclick="toggle_private();"
>hide private</a>]</span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="15%" align="right" valign="top" class="summary">
<span class="summary-type">&nbsp;</span>
</td><td class="summary">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td><span class="summary-sig"><a href="oauth2client.xsrfutil-module.html#generate_token" class="summary-sig-name">generate_token</a>(<span class="summary-sig-arg">key</span>,
<span class="summary-sig-arg">user_id</span>,
<span class="summary-sig-arg">action_id</span>=<span class="summary-sig-default">&quot;&quot;</span>,
<span class="summary-sig-arg">when</span>=<span class="summary-sig-default">None</span>)</span><br />
Generates a URL-safe token for the given user, action, time tuple.</td>
<td align="right" valign="top">
<span class="codelink"><a href="oauth2client.xsrfutil-pysrc.html#generate_token">source&nbsp;code</a></span>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="15%" align="right" valign="top" class="summary">
<span class="summary-type">&nbsp;</span>
</td><td class="summary">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td><span class="summary-sig"><a href="oauth2client.xsrfutil-module.html#validate_token" class="summary-sig-name">validate_token</a>(<span class="summary-sig-arg">key</span>,
<span class="summary-sig-arg">token</span>,
<span class="summary-sig-arg">user_id</span>,
<span class="summary-sig-arg">action_id</span>=<span class="summary-sig-default">&quot;&quot;</span>,
<span class="summary-sig-arg">current_time</span>=<span class="summary-sig-default">None</span>)</span><br />
Validates that the given token authorizes the user for the action.</td>
<td align="right" valign="top">
<span class="codelink"><a href="oauth2client.xsrfutil-pysrc.html#validate_token">source&nbsp;code</a></span>
</td>
</tr>
</table>
</td>
</tr>
</table>
<!-- ==================== VARIABLES ==================== -->
<a name="section-Variables"></a>
<table class="summary" border="1" cellpadding="3"
cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
<td colspan="2" class="table-header">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr valign="top">
<td align="left"><span class="table-header">Variables</span></td>
<td align="right" valign="top"
><span class="options">[<a href="#section-Variables"
class="privatelink" onclick="toggle_private();"
>hide private</a>]</span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="15%" align="right" valign="top" class="summary">
<span class="summary-type">&nbsp;</span>
</td><td class="summary">
<a name="DELIMITER"></a><span class="summary-name">DELIMITER</span> = <code title="':'">':'</code>
</td>
</tr>
<tr>
<td width="15%" align="right" valign="top" class="summary">
<span class="summary-type">&nbsp;</span>
</td><td class="summary">
<a name="DEFAULT_TIMEOUT_SECS"></a><span class="summary-name">DEFAULT_TIMEOUT_SECS</span> = <code title="1* 60* 60">1* 60* 60</code>
</td>
</tr>
</table>
<!-- ==================== FUNCTION DETAILS ==================== -->
<a name="section-FunctionDetails"></a>
<table class="details" border="1" cellpadding="3"
cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
<td colspan="2" class="table-header">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr valign="top">
<td align="left"><span class="table-header">Function Details</span></td>
<td align="right" valign="top"
><span class="options">[<a href="#section-FunctionDetails"
class="privatelink" onclick="toggle_private();"
>hide private</a>]</span></td>
</tr>
</table>
</td>
</tr>
</table>
<a name="generate_token"></a>
<div>
<table class="details" border="1" cellpadding="3"
cellspacing="0" width="100%" bgcolor="white">
<tr><td>
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr valign="top"><td>
<h3 class="epydoc"><span class="sig"><span class="sig-name">generate_token</span>(<span class="sig-arg">key</span>,
<span class="sig-arg">user_id</span>,
<span class="sig-arg">action_id</span>=<span class="sig-default">&quot;&quot;</span>,
<span class="sig-arg">when</span>=<span class="sig-default">None</span>)</span>
</h3>
</td><td align="right" valign="top"
><span class="codelink"><a href="oauth2client.xsrfutil-pysrc.html#generate_token">source&nbsp;code</a></span>&nbsp;
</td>
</tr></table>
<pre class="literalblock">
Generates a URL-safe token for the given user, action, time tuple.
Args:
key: secret key to use.
user_id: the user ID of the authenticated user.
action_id: a string identifier of the action they requested
authorization for.
when: the time in seconds since the epoch at which the user was
authorized for this action. If not set the current time is used.
Returns:
A string XSRF protection token.
</pre>
<dl class="fields">
<dt>Decorators:</dt>
<dd><ul class="nomargin-top">
<li><code>@util.positional(2)</code></li>
</ul></dd>
</dl>
</td></tr></table>
</div>
<a name="validate_token"></a>
<div>
<table class="details" border="1" cellpadding="3"
cellspacing="0" width="100%" bgcolor="white">
<tr><td>
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr valign="top"><td>
<h3 class="epydoc"><span class="sig"><span class="sig-name">validate_token</span>(<span class="sig-arg">key</span>,
<span class="sig-arg">token</span>,
<span class="sig-arg">user_id</span>,
<span class="sig-arg">action_id</span>=<span class="sig-default">&quot;&quot;</span>,
<span class="sig-arg">current_time</span>=<span class="sig-default">None</span>)</span>
</h3>
</td><td align="right" valign="top"
><span class="codelink"><a href="oauth2client.xsrfutil-pysrc.html#validate_token">source&nbsp;code</a></span>&nbsp;
</td>
</tr></table>
<pre class="literalblock">
Validates that the given token authorizes the user for the action.
Tokens are invalid if the time of issue is too old or if the token
does not match what generateToken outputs (i.e. the token was forged).
Args:
key: secret key to use.
token: a string of the token generated by generateToken.
user_id: the user ID of the authenticated user.
action_id: a string identifier of the action they requested
authorization for.
Returns:
A boolean - True if the user is authorized for the action, False
otherwise.
</pre>
<dl class="fields">
<dt>Decorators:</dt>
<dd><ul class="nomargin-top">
<li><code>@util.positional(3)</code></li>
</ul></dd>
</dl>
</td></tr></table>
</div>
<br />
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
bgcolor="#a0c0ff" cellspacing="0">
<tr valign="middle">
<!-- Tree link -->
<th>&nbsp;&nbsp;&nbsp;<a
href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>
<!-- Index link -->
<th>&nbsp;&nbsp;&nbsp;<a
href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>
<!-- Help link -->
<th>&nbsp;&nbsp;&nbsp;<a
href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>
<th class="navbar" width="100%"></th>
</tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%%">
<tr>
<td align="left" class="footer">
Generated by Epydoc 3.0.1 on Thu Jan 24 16:14:32 2013
</td>
<td align="right" class="footer">
<a target="mainFrame" href="http://epydoc.sourceforge.net"
>http://epydoc.sourceforge.net</a>
</td>
</tr>
</table>
<script type="text/javascript">
<!--
// Private objects are initially displayed (because if
// javascript is turned off then we want them to be
// visible); but by default, we want to hide them. So hide
// them unless we have a cookie that says to show them.
checkCookie();
// -->
</script>
</body>
</html>