def validate_timestamp_and_nonce(self, client_key, timestamp, nonce, request):
"""
Verify that the request is not too old (according to the timestamp), and that the nonce value is unique.
Nonce value should not have been used already within the period of time in which the timestamp marks a
request as valid. This method signature is required by the oauthlib library.
:return: True if the OAuth nonce and timestamp are valid, False if they
are not.
"""
msg = "LTI request's {} is not valid."
log.debug('Timestamp validating is started.')
ts = int(timestamp)
ts_key = '{}_ts'.format(client_key)
cache_ts = self.cache.get(ts_key, ts)
if cache_ts > ts:
log.debug(msg.format('timestamp'))
return False
# NOTE(idegtiarov) cache data with timestamp and nonce lives for 10 seconds
self.cache.set(ts_key, ts, 10)
log.debug('Timestamp is valid.')
log.debug('Nonce validating is started.')
if self.cache.get(nonce):
log.debug(msg.format('nonce'))
return False
self.cache.set(nonce, 1, 10)
log.debug('Nonce is valid.')
return True
评论列表
文章目录