drakken.security module

Session security module.

drakken.security.create_session_cookie(token, path='/')

Create session cookie from token string.

To close session when browser closes, set SESSION_COOKIE_AGE = 0.

Parameters:

• token (str) – unique session ID.

• path (str) – requested URL must have this path to send the cookie.

Returns:

For Response.set_cookie().

Return type:

dict

drakken.security.create_session_token()

Create session token aka session ID.

Returns:

Session token.

Return type:

str

drakken.security.gensalt()

Create salt.

Returns:

Password salt.

Return type:

str

drakken.security.hash(s, salt)

Hash string s with salt.

Use on passwords and password reset tokens before storing in the database. It’s slow so don’t use on session IDs.

Note

Uses scrypt to thwart password cracking hardware. n,r,p values suggested by OWASP.

Parameters:

• s (str) – string to be hashed.

• salt (str) – random string added to input string.

Returns:

Hashed input string.

Return type:

bytes

drakken.security.verify(s, salt, h)

Return True if string hashed with salt matches hash.

Parameters:

• s (str) – string to be tested.

• salt (str) – random string added to input string.

• h (bytes) – hash bytes.

Returns:

True if string + salt matches hash.

Return type:

bool