flask的token验证显示“can not import TimedJSONWebSignatureSerializer from itsdangerous,取巧解决

已于 2022-03-08 18:42:24 修改
阅读量3k 收藏 4
点赞数 1
分类专栏: flask框架 文章标签: flask python 后端
于 2022-03-08 18:40:45 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_44536215/article/details/123360142
版权
  1. 首先itsdangerous包是已经安装的,在models已导入from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
  2. 点入itsdangerous发现是从jws.py导入TimedJSONWebSignatureSerializer,from .jws import TimedJSONWebSignatureSerializer
  3. 以下为jws.py文件
import hashlib
import time
import warnings
from datetime import datetime
from datetime import timezone
from decimal import Decimal
from numbers import Real

from ._json import _CompactJSON
from .encoding import base64_decode
from .encoding import base64_encode
from .encoding import want_bytes
from .exc import BadData
from .exc import BadHeader
from .exc import BadPayload
from .exc import BadSignature
from .exc import SignatureExpired
from .serializer import Serializer
from .signer import HMACAlgorithm
from .signer import NoneAlgorithm


class JSONWebSignatureSerializer(Serializer):
    """This serializer implements JSON Web Signature (JWS) support. Only
    supports the JWS Compact Serialization.

    .. deprecated:: 2.0
        Will be removed in ItsDangerous 2.1. Use a dedicated library
        such as authlib.
    """

    jws_algorithms = {
        "HS256": HMACAlgorithm(hashlib.sha256),
        "HS384": HMACAlgorithm(hashlib.sha384),
        "HS512": HMACAlgorithm(hashlib.sha512),
        "none": NoneAlgorithm(),
    }

    #: The default algorithm to use for signature generation
    default_algorithm = "HS512"

    default_serializer = _CompactJSON

    def __init__(
        self,
        secret_key,
        salt=None,
        serializer=None,
        serializer_kwargs=None,
        signer=None,
        signer_kwargs=None,
        algorithm_name=None,
    ):
        warnings.warn(
            "JWS support is deprecated and will be removed in"
            " ItsDangerous 2.1. Use a dedicated JWS/JWT library such as"
            " authlib.",
            DeprecationWarning,
            stacklevel=2,
        )
        super().__init__(
            secret_key,
            salt=salt,
            serializer=serializer,
            serializer_kwargs=serializer_kwargs,
            signer=signer,
            signer_kwargs=signer_kwargs,
        )

        if algorithm_name is None:
            algorithm_name = self.default_algorithm

        self.algorithm_name = algorithm_name
        self.algorithm = self.make_algorithm(algorithm_name)

    def load_payload(self, payload, serializer=None, return_header=False):
        payload = want_bytes(payload)

        if b"." not in payload:
            raise BadPayload('No "." found in value')

        base64d_header, base64d_payload = payload.split(b".", 1)

        try:
            json_header = base64_decode(base64d_header)
        except Exception as e:
            raise BadHeader(
                "Could not base64 decode the header because of an exception",
                original_error=e,
            )

        try:
            json_payload = base64_decode(base64d_payload)
        except Exception as e:
            raise BadPayload(
                "Could not base64 decode the payload because of an exception",
                original_error=e,
            )

        try:
            header = super().load_payload(json_header, serializer=_CompactJSON)
        except BadData as e:
            raise BadHeader(
                "Could not unserialize header because it was malformed",
                original_error=e,
            )

        if not isinstance(header, dict):
            raise BadHeader("Header payload is not a JSON object", header=header)

        payload = super().load_payload(json_payload, serializer=serializer)

        if return_header:
            return payload, header

        return payload

    def dump_payload(self, header, obj):
        base64d_header = base64_encode(
            self.serializer.dumps(header, **self.serializer_kwargs)
        )
        base64d_payload = base64_encode(
            self.serializer.dumps(obj, **self.serializer_kwargs)
        )
        return base64d_header + b"." + base64d_payload

    def make_algorithm(self, algorithm_name):
        try:
            return self.jws_algorithms[algorithm_name]
        except KeyError:
            raise NotImplementedError("Algorithm not supported")

    def make_signer(self, salt=None, algorithm=None):
        if salt is None:
            salt = self.salt

        key_derivation = "none" if salt is None else None

        if algorithm is None:
            algorithm = self.algorithm

        return self.signer(
            self.secret_keys,
            salt=salt,
            sep=".",
            key_derivation=key_derivation,
            algorithm=algorithm,
        )

    def make_header(self, header_fields):
        header = header_fields.copy() if header_fields else {}
        header["alg"] = self.algorithm_name
        return header

    def dumps(self, obj, salt=None, header_fields=None):
        """Like :meth:`.Serializer.dumps` but creates a JSON Web
        Signature. It also allows for specifying additional fields to be
        included in the JWS header.
        """
        header = self.make_header(header_fields)
        signer = self.make_signer(salt, self.algorithm)
        return signer.sign(self.dump_payload(header, obj))

    def loads(self, s, salt=None, return_header=False):
        """Reverse of :meth:`dumps`. If requested via ``return_header``
        it will return a tuple of payload and header.
        """
        payload, header = self.load_payload(
            self.make_signer(salt, self.algorithm).unsign(want_bytes(s)),
            return_header=True,
        )

        if header.get("alg") != self.algorithm_name:
            raise BadHeader("Algorithm mismatch", header=header, payload=payload)

        if return_header:
            return payload, header

        return payload

    def loads_unsafe(self, s, salt=None, return_header=False):
        kwargs = {"return_header": return_header}
        return self._loads_unsafe_impl(s, salt, kwargs, kwargs)


class TimedJSONWebSignatureSerializer(JSONWebSignatureSerializer):
    """Works like the regular :class:`JSONWebSignatureSerializer` but
    also records the time of the signing and can be used to expire
    signatures.

    JWS currently does not specify this behavior but it mentions a
    possible extension like this in the spec. Expiry date is encoded
    into the header similar to what's specified in `draft-ietf-oauth
    -json-web-token <http://self-issued.info/docs/draft-ietf-oauth-json
    -web-token.html#expDef>`_.
    """

    DEFAULT_EXPIRES_IN = 3600

    def __init__(self, secret_key, expires_in=None, **kwargs):
        super().__init__(secret_key, **kwargs)

        if expires_in is None:
            expires_in = self.DEFAULT_EXPIRES_IN

        self.expires_in = expires_in

    def make_header(self, header_fields):
        header = super().make_header(header_fields)
        iat = self.now()
        exp = iat + self.expires_in
        header["iat"] = iat
        header["exp"] = exp
        return header

    def loads(self, s, salt=None, return_header=False):
        payload, header = super().loads(s, salt, return_header=True)

        if "exp" not in header:
            raise BadSignature("Missing expiry date", payload=payload)

        int_date_error = BadHeader("Expiry date is not an IntDate", payload=payload)

        try:
            header["exp"] = int(header["exp"])
        except ValueError:
            raise int_date_error

        if header["exp"] < 0:
            raise int_date_error

        if header["exp"] < self.now():
            raise SignatureExpired(
                "Signature expired",
                payload=payload,
                date_signed=self.get_issue_date(header),
            )

        if return_header:
            return payload, header

        return payload

    def get_issue_date(self, header):
        """If the header contains the ``iat`` field, return the date the
        signature was issued, as a timezone-aware
        :class:`datetime.datetime` in UTC.

        .. versionchanged:: 2.0
            The timestamp is returned as a timezone-aware ``datetime``
            in UTC rather than a naive ``datetime`` assumed to be UTC.
        """
        rv = header.get("iat")

        if isinstance(rv, (Real, Decimal)):
            return datetime.fromtimestamp(int(rv), tz=timezone.utc)

    def now(self):
        return int(time.time())
  1. 解决办法:只能在项目下新建一个itsdangerous的python包文件,在 init.py 中将以上内容复制粘贴,在models中重新导入再次运行,问题完美解决。
年中初界
关注
  • 1
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
cannot import name ‘TimedJSONWebSignatureSerializer‘ from ‘itsdangerous‘问题解决
m0_67393342的博客
06-02 2624
Flask中生成用于验证token时,从itsdangerous(2.1.2)中调用TimedJSONWebSignatureSerializer时发现报错: 跳转到代码中确实没有找到类。查看itsdangerous文档,发现该库在2.0.0版本之后就将类弃用了,引导用户使用直接支持JWS/JWT的库,如 。 所以,现在要么使用2.0.0版本之前的itsdangerous库,继续使用该类,要么换用authlib库来生成token。使用低版本的itsdangerous库(不推荐): 使用authlib
微信 -flask token iis 部署
09-30
基于flask 开发的微信公共平台的代码,可以部署在iis上
can't import name “TimedJSONWebSignatureSerializer
feiyanm的博客
03-09 4462
在虚拟环境中安装了itsdangerous包,写代码from itsdangerous import TimedJSONWebSignatureSerializer时那个很长的字串是自己敲进去的,运行程序时报错无法导入名称“TimedJSONWebSignatureSerializer” 后来进入虚拟环境下安装的itsdangerous包里面,看到下面的py文件打开竟然是空的。卸载之后重新安装问题...
flask token ImportError: cannot import name ‘TimedJSONWebSignatureSerializer‘ from ‘itsdangerous‘问题
最新发布
zlk_416的博客
04-12 45
跳转到代码中确实没有找到TimedJSONWebSignatureSerializer类。
cannot import name ‘TimedJSONWebSignatureSerializer‘ from ‘itsdangerous
weixin_45440865的博客
01-15 627
这已经出现问提了,新的版本已经舍弃了,解决方法:引入新的包。
Python flask框架实现查询数据库并显示数据
09-16
主要介绍了Python flask框架实现查询数据库并显示数据,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
学习狗书flask开发:用户账号确认,点击跳转链接报错:TypeError: unsupported operand type(s) for +: ‘int‘ and ‘bytes‘
weixin_43573931的博客
04-18 647
Unsupported operand type(s) when using URLSafeTimedSerializer.dumps from itsdangerous
Python-从itsdangerous包导入TimedJSONWebSignatureSerializer时报错的情况
qq_45846022的博客
07-17 784
itsdangerous库中导入TimedJSONWebSignatureSerializer报错的情况
使用itsdangerous生成确认令牌
sinat_34927324的博客
10-28 4234
首先我们来看生成令牌和解码令牌的代码: from itsdangerous import TimedJSONWebSignatureSerializer as Serializer     s = Serializer(app.config['SECRET_KEY'], expires_in=3600)     token = s.dumps({'confirm': 23})
flask 实现token机制的示例代码
01-20
token 的生成 用token校验身份,是前后端交互的常用...from itsdangerous import TimedJSONWebSignatureSerializer as Serializer def create_token(api_user): ''' 生成token :param api_user:用户id :return: t
Python flask框架如何显示图像到web页面
09-16
主要介绍了Python flask框架如何显示图像到web页面,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
Flask使用itsdangerous生成令牌
也无风雨也无晴
10-27 726
Flask使用itsdangerous生成令牌 itsdangerous示例 (venv)$python manage.py shell >>> from manage import app >>> from itsdangerous import TimedJSONWebSignatureSerializer as Serializer >>> s = Serializer(app.config['SECRET_KEY'], expires_in =
ImportError: cannot import name ‘current_app‘ from ‘celery‘】celery导入错误的解决办法
henry_rhy的博客
11-15 2159
celery执行报错
python执行appium程序时遇到如下报错,ImportError: cannot import name 'InvalidArgumentException'
Chenftli的博客
03-05 2513
报错:ImportError: cannot import name 'InvalidArgumentException' from 'selenium.common.exceptions' (/usr/local/lib/python3.7/site-packages/selenium/common/exceptions.py) 原因:selenium.common.exceptions.py...
django ---TimedJSONWebSignatureSerializer加密解密的分析使用
一夜奈何梁山
10-02 1296
通过测试发现,对于TimedJSONWebSignatureSerializer的加密算法会将字典类型加密,加密后的格式是字节类型。但是对于他的解密算法确实,能够将字符串或者字节类型的加密数据,都解密成字典类型。 from itsdangerous import TimedJSONWebSignatureSerializer as Serializer from django.conf import settings # 生成一个序列化对象(加密秘钥,加密时间5秒) serializer = Seria
Python:itsdangerous 导入加密模块
weixin_45365220的博客
11-27 536
安装加密模块 pip install itsdangerous 使用加密模块 from itsdangerous import TimedJSONWebSignatureSerializer as Serializer from itsdangerous import SignatureExpired # 创建对象 ‘secertkey’为密钥,3600为加密的过期时间(秒数) serializer = Serializer('secretkey', 3600) # 通过dumps()方法对要加密的数
python flask 令牌token原理及代码实现
w1054230914的博客
02-03 1401
python flask 令牌token原理及代码实现
flask token登录验证
03-04
2. 在 Flask 应用中导入扩展:`from flask_httpauth import HTTPTokenAuth` 3. 创建 token 验证对象:`auth = HTTPTokenAuth()` 4. 定义验证函数:`@auth.verify_token def verify_token(token): # 验证 token 的...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

年中初界

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值