drakken.security module¶
Session security module.
- drakken.security.create_CSRF_token()¶
Create CSRF token.
- Returns:
CSRF token.
- Return type:
str
- drakken.security.create_session_cookie(token, path='/')¶
Create session cookie from token string.
To close session when browser closes, set SESSION_COOKIE_AGE = 0.
- Parameters:
token (str) – unique session ID.
path (str) – requested URL must have this path to send the cookie.
- Returns:
For Response.set_cookie().
- Return type:
dict
- drakken.security.create_session_token()¶
Create session token aka session ID.
- Returns:
Session token.
- Return type:
str
- drakken.security.fast_hash(s)¶
Hash string s using SHA256.
Use on session IDs etc where speed is essential.
- Parameters:
s (str) – string to be hashed.
- Returns:
Hashed input string.
- Return type:
str
- drakken.security.gensalt()¶
Create salt.
- Returns:
Password salt.
- Return type:
str
- drakken.security.slow_hash(s, salt)¶
Hash string s with salt.
Use on passwords and password reset tokens before storing in the database. It’s slow so don’t use on session IDs.
Note
Uses scrypt to thwart password cracking hardware. n,r,p values suggested by OWASP.
- Parameters:
s (str) – string to be hashed.
salt (str) – random string added to input string.
- Returns:
Hashed input string.
- Return type:
bytes
- drakken.security.verify(s, salt, h)¶
Return True if string slow-hashed with salt matches hash.
- Parameters:
s (str) – string to be tested.
salt (str) – random string added to input string.
h (bytes) – hash bytes.
- Returns:
True if string + salt matches hash.
- Return type:
bool