access permissions: generate signed form data

2017-12-19 13:51:39 +01:00 · 2017-12-19 13:51:39 +01:00 · a1c3caaad3
commit a1c3caaad3
parent 3d3466ec31
3 changed files with 26 additions and 0 deletions
--- a/src/c3nav/control/forms.py
+++ b/src/c3nav/control/forms.py
@ -1,3 +1,8 @@
+import binascii
+import hashlib
+import hmac
+import json
+import time
 from datetime import timedelta
 from itertools import chain

@ -118,6 +123,23 @@ class AccessPermissionForm(Form):
                                     can_grant=self.cleaned_data.get('can_grant', '0') == '1',
                                     restrictions=tuple(restrictions))

+    def get_signed_data(self, key=None):
+        if not self.author.permissions.api_secret:
+            raise ValueError('Author has no api secret.')
+        data = {
+            'id': self.data['access_restrictions'],
+            'time': int(time.time()),
+            'valid_until': int(self.cleaned_data['expires'].strftime('%s')),
+            'author': self.author.pk,
+        }
+        if key is not None:
+            data['key'] = key
+        data = json.dumps(data, separators=(',', ':'))
+        signature = hmac.new(self.author.permissions.api_secret.encode(),
+                             msg=data.encode(),
+                             digestmod=hashlib.sha256).digest()
+        return '%s:%s' % (data, binascii.b2a_base64(signature).strip().decode())
+

 class AnnouncementForm(I18nModelFormMixin, ModelForm):
    class Meta: