Skip to content

Instantly share code, notes, and snippets.

@ejucovy

ejucovy/bitballoon_multipass.py

Created December 5, 2013 17:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save ejucovy/7809209 to your computer and use it in GitHub Desktop.
Save ejucovy/7809209 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bitballoon_multipass.py
### pip install pycrypto
import base64
from Crypto.Cipher import AES
from Crypto import Random
import datetime
import hashlib
import hmac
import json
import os
import urllib
MULTIPASS_SECRET = os.environ['BITBALLOON_MULTIPASS_SECRET']
def generate_multipass_token(user_data):
key = hashlib.sha256(MULTIPASS_SECRET).digest()
encryption_key = key[:16]
signature_key = key[16:]
user_data['created_at'] = datetime.datetime.now().isoformat()
user_data = json.dumps(user_data)
BS = 16
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
raw = pad(user_data)
iv = Random.new().read(AES.block_size)
cipher = AES.new(encryption_key, AES.MODE_CBC, iv)
cipher = iv + cipher.encrypt(raw)
sig = hmac.new(signature_key, cipher, hashlib.sha256).digest()
token = base64.b64encode(cipher + sig)
return urllib.quote_plus(token)
if __name__ == '__main__':
import time, sys
user_email = sys.argv[-1]
user_data = {"email": user_email, "expires": time.mktime((datetime.datetime.now() + datetime.timedelta(1)).timetuple())}
print "?multipass_token=%s" % generate_multipass_token(user_data)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment