In [1]:
# Copy The Stubbed Database File To A Location 
# Accessible to the Notebook
! cp ./database.db /home/database.db

cp: ./database.db: No such file or directory


In [2]:
# Init the engine
import os
from sqlalchemy import create_engine, Column, String, Integer

database_filename = "playground.db"
project_dir = os.path.dirname(os.path.abspath(''))
database_path = "sqlite:///{}".format(os.path.join(project_dir, database_filename))

engine = create_engine(database_path)

In [3]:
# Define a model class
from sqlalchemy.ext.declarative import declarative_base

Base = declarative_base()

class User(Base):
    __tablename__ = 'users'
    # Autoincrementing, unique primary key
    id = Column(Integer().with_variant(Integer, "sqlite"), primary_key=True)
    # String Title
    username = Column(String(80), unique=True)
    # the ingredients blob - this stores a lazy json blob
    # the required datatype is [{'color': string, 'name':string, 'parts':number}]
    password =  Column(String(180), nullable=False)
    
    def __repr__(self):
         return self.username +": "+self.password

User.metadata.create_all(engine)

User.__table__


Table('users', MetaData(bind=None), Column('id', Variant(), table=<users>, primary_key=True, nullable=False), Column('username', String(length=80), table=<users>), Column('password', String(length=180), table=<users>, nullable=False), schema=None)

In [4]:
# Init a session
from sqlalchemy.orm import sessionmaker
Session = sessionmaker(bind=engine)
Session.configure(bind=engine)
session = Session()


In [5]:
# Add a new user
session.rollback()

new_user = User(username='James', password='superstrongpassword')
session.add(new_user)
session.commit()

In [6]:
# Fetch a user from the database
db_user = session.query(User).filter_by(username='James').first()
print(db_user)

James: superstrongpassword


In [7]:
# > TIP: If you get stuck with errors, try executing this block:
session.rollback()

# JWTs

In [34]:
# Import Python Package
import jwt
import base64

In [39]:
# Init our Data
# payload = {'park':'madison square'}
payload = {'school':'udacity'}
algo = 'HS256' #HMAC-SHA 256
secret = 'learning'

In [41]:
# Encode a JWT
encoded_jwt = jwt.encode(payload, secret, algorithm=algo)
print(encoded_jwt)

b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY2hvb2wiOiJ1ZGFjaXR5In0.XaG5sipUVdvczvLGW4hkQCAACLJ80xxTkg5OTo-pMy8'


In [42]:
print(encoded_jwt)

b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY2hvb2wiOiJ1ZGFjaXR5In0.XaG5sipUVdvczvLGW4hkQCAACLJ80xxTkg5OTo-pMy8'


In [44]:
# Decode with Simple Base64 Encoding
# encoded_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXJrIjoidW5pb24gc3F1YXJlIn0.N3EaAHsrJ9-ls82LT8JoFTNpDK3wcm5a79vYkSn8AFY'
decoded_base64 = base64.b64decode(str(encoded_jwt).split(".")[1]+"==")
print(decoded_base64)

b'{"school":"udacity"}'


# More

In [46]:
# Install a pip package in the current Jupyter kernel
import sys
!{sys.executable} -m pip install python-jose

Collecting python-jose
  Downloading python_jose-3.2.0-py2.py3-none-any.whl (26 kB)
Collecting ecdsa<0.15
  Downloading ecdsa-0.14.1-py2.py3-none-any.whl (79 kB)
[K     |████████████████████████████████| 79 kB 4.2 MB/s eta 0:00:01
Collecting rsa
  Downloading rsa-4.6-py3-none-any.whl (47 kB)
[K     |████████████████████████████████| 47 kB 5.0 MB/s eta 0:00:011
Installing collected packages: ecdsa, rsa, python-jose
Successfully installed ecdsa-0.14.1 python-jose-3.2.0 rsa-4.6


In [47]:
import json
from jose import jwt
from urllib.request import urlopen

In [53]:
# Configuration
# UPDATE THIS TO REFLECT YOUR AUTH0 ACCOUNT
AUTH0_DOMAIN = 'fsndh.us.auth0.com'
ALGORITHMS = ['RS256']
API_AUDIENCE = 'image'

In [49]:
'''
AuthError Exception
A standardized way to communicate auth failure modes
'''
class AuthError(Exception):
    def __init__(self, error, status_code):
        self.error = error
        self.status_code = status_code

In [56]:
# PASTE YOUR OWN TOKEN HERE
# MAKE SURE THIS IS A VALID AUTH0 TOKEN FROM THE LOGIN FLOW
token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkdtcnlabUtocUI1eF9zS2NBanBzWCJ9.eyJpc3MiOiJodHRwczovL2ZzbmRoLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1ZmMxZDNiZGE3Njc0YTAwNmU5MWUxNTgiLCJhdWQiOiJpbWFnZSIsImlhdCI6MTYwNjU5MDI2NCwiZXhwIjoxNjA2NTk3NDY0LCJhenAiOiI3N3R6dFlUNmFVcEFLSWZjUmlJdEM4dlpHQThiMloybiIsInNjb3BlIjoiIn0.TTaC0qKK-4KPLpo-rfxTbtEeipWTUBW9pjvKa-X7bLUzHHzQW9uf9STRZeXlzQAoDUEst7WWXYW6wWqm9Jz0tHySo2Y1_EVplEhYe5Ub6zjFNbSrPMSkAb494My3IsOTJJAv9JWjmA9BA6-nDpkF3-GNghU8hCjBiLKa8AvJfcESoAOvvXIudSFGbyCf4DTLte2Id4yPLclsGHAP_Ec1g0Zqk3RbNRgyRsRI07T1F16SiuR4KvqOZviSwpQa-8eDf-MF03dN01ousmEq2pkACkSw0tuYoFsOdVzIMRp5xMN_EqB8YFFizsypr692LRbj19ntmszmscrOdYjo1tNhLw"

In [57]:
## Auth Header
def verify_decode_jwt(token):
    # GET THE PUBLIC KEY FROM AUTH0
    jsonurl = urlopen(f'https://{AUTH0_DOMAIN}/.well-known/jwks.json')
    jwks = json.loads(jsonurl.read())
    
    # GET THE DATA IN THE HEADER
    unverified_header = jwt.get_unverified_header(token)
    
    # CHOOSE OUR KEY
    rsa_key = {}
    if 'kid' not in unverified_header:
        raise AuthError({
            'code': 'invalid_header',
            'description': 'Authorization malformed.'
        }, 401)

    for key in jwks['keys']:
        if key['kid'] == unverified_header['kid']:
            rsa_key = {
                'kty': key['kty'],
                'kid': key['kid'],
                'use': key['use'],
                'n': key['n'],
                'e': key['e']
            }
    
    # Finally, verify!!!
    if rsa_key:
        try:
            # USE THE KEY TO VALIDATE THE JWT
            payload = jwt.decode(
                token,
                rsa_key,
                algorithms=ALGORITHMS,
                audience=API_AUDIENCE,
                issuer='https://' + AUTH0_DOMAIN + '/'
            )

            return payload

        except jwt.ExpiredSignatureError:
            raise AuthError({
                'code': 'token_expired',
                'description': 'Token expired.'
            }, 401)

        except jwt.JWTClaimsError:
            raise AuthError({
                'code': 'invalid_claims',
                'description': 'Incorrect claims. Please, check the audience and issuer.'
            }, 401)
        except Exception:
            raise AuthError({
                'code': 'invalid_header',
                'description': 'Unable to parse authentication token.'
            }, 400)
    raise AuthError({
                'code': 'invalid_header',
                'description': 'Unable to find the appropriate key.'
            }, 400)

In [58]:
verify_decode_jwt(token)

{'iss': 'https://fsndh.us.auth0.com/',
 'sub': 'auth0|5fc1d3bda7674a006e91e158',
 'aud': 'image',
 'iat': 1606590264,
 'exp': 1606597464,
 'azp': '77tztYT6aUpAKIfcRiItC8vZGA8b2Z2n',
 'scope': ''}

# Encryption

In [59]:
# Import Package
from cryptography.fernet import Fernet

In [73]:
# Generate a Key and Instantiate a Fernet Instance
# key = Fernet.generate_key()
key=b'8cozhW9kSi5poZ6TWFuMCV123zg-9NORTs3gJq_J5Do='
f = Fernet(key)
print(key)

b'8cozhW9kSi5poZ6TWFuMCV123zg-9NORTs3gJq_J5Do='


In [66]:
# Define our message
# plaintext = b"encryption is very useful"
message = b'gAAAAABc8Wf3rxaime-363wbhCaIe1FoZUdnFeIXX_Nh9qKSDkpBFPqK8L2HbkM8NCQAxY8yOWbjxzMC4b5uCaeEpqDYCRNIhnqTK8jfzFYfPdozf7NPvGzNBwuuvIxK5NZYJbxQwfK72BNrZCKpfp6frL8m8pdgYbLNFcy6jCJBXATR3gHBb0Y='

In [74]:
# Encrypt
message = b'encrypting is just as useful'
ciphertext = f.encrypt(message)
print(ciphertext)

b'gAAAAABfwsWEHUt6R29LmoVre3webHTvTTU_lamURe8fxyrlZfgP1VzMfxM07gmDGfjmJyy5q2T3KUeE0grlc0owHisQkFNTu7Bu39VlTAW5njPsqeoKwc4='


In [68]:
# Decrypt
decryptedtext = f.decrypt(message)
print(decryptedtext)

b'great job! remember, encryption is only as good as your key secrecy!'


# Salts

In [75]:
# Import the Python Library
import sys
!{sys.executable} -m pip install bcrypt
import bcrypt

Collecting bcrypt
  Downloading bcrypt-3.2.0-cp36-abi3-macosx_10_9_x86_64.whl (31 kB)
Installing collected packages: bcrypt
Successfully installed bcrypt-3.2.0


In [76]:
password = b"studyhard"

In [77]:
# Hash a password for the first time, with a certain number of rounds
salt = bcrypt.gensalt(14)
hashed = bcrypt.hashpw(password, salt)
print(salt)
print(hashed)

b'$2b$14$lKyW7aPcNarbqimBz.sV2.'
b'$2b$14$lKyW7aPcNarbqimBz.sV2.7FV1MpzG19qbXbEhJZj14oc9nVFD2yW'


In [78]:
# Check a plain text string against the salted, hashed digest
bcrypt.checkpw(password, hashed)

True

In [None]:
salt = b'$2b$14$EFOxm3q8UWH8ZzK1h.'
hashed = b'$2b$14$EFOxm3q8UWH8ZzK1h.WTZeRcPyr8/X0vRfuL3/e9z7AKIMnocurBG'

for pw in [b'securepassword', b'udacity', b'learningisfun']:
    print(bcrypt.checkpw(pw, hashed))

False
