Source code for noggin.utility.token

from datetime import datetime, timedelta
from enum import Enum

import jwt
from flask import current_app



[docs]
class Audience(Enum):
    """
    In JWT the audience is a constant that must remain the same between the token creator and the
    token reader, as a way to prevent token re-use.

    The longer the string, the longer the token, so we try to keep it short because some tokens end
    up in URLs and that's limited.
    """

    password_reset = "pr"
    email_validation = "ev"
    spam_check = "sc"




[docs]
def make_token(data, audience, ttl=None):
    data["aud"] = audience.value
    if ttl is not None:
        data["exp"] = datetime.utcnow() + timedelta(minutes=ttl)
    token = jwt.encode(data, current_app.config["SECRET_KEY"], algorithm="HS256")
    return token




[docs]
def read_token(token, audience=None):
    return jwt.decode(
        token,
        current_app.config["SECRET_KEY"],
        algorithms=["HS256"],
        audience=audience.value,
    )




[docs]
def make_password_change_token(user):
    lpc = user.last_password_change
    if lpc is not None:
        lpc = lpc.isoformat()
    return make_token(
        {"sub": user.username, "lpc": lpc},
        audience=Audience.password_reset,
    )
Source code for noggin.utility.token

Noggin

Navigation

Related Topics
