Implemented auth widget object and auth data validator.

2025-12-11 01:54:53 +00:00 · 2018-02-22 01:56:44 +02:00 · 2018-02-22 01:56:44 +02:00 · 4f2cb40aea
commit 4f2cb40aea
parent 6ee38bcad9
4 changed files with 75 additions and 0 deletions
--- a/aiogram/bot/base.py
+++ b/aiogram/bot/base.py
@ -7,6 +7,7 @@ import aiohttp
 from . import api
 from ..types import ParseMode, base
 from ..utils import json
+from ..utils.auth_widget import check_token


 class BaseBot:
@ -248,3 +249,6 @@ class BaseBot:
    @parse_mode.deleter
    def parse_mode(self):
        self.parse_mode = None
+
+    def check_auth_widget(self, data):
+        return check_token(data, self.__token)
--- a/aiogram/types/init.py
+++ b/aiogram/types/init.py
@ -2,6 +2,7 @@ from . import base
 from . import fields
 from .animation import Animation
 from .audio import Audio
+from .auth_widget_data import AuthWidgetData
 from .callback_game import CallbackGame
 from .callback_query import CallbackQuery
 from .chat import Chat, ChatActions, ChatType
@ -56,6 +57,7 @@ __all__ = (
    'AllowedUpdates',
    'Animation',
    'Audio',
+    'AuthWidgetData',
    'CallbackGame',
    'CallbackQuery',
    'Chat',
--- a/aiogram/types/auth_widget_data.py
+++ b/aiogram/types/auth_widget_data.py
@ -0,0 +1,44 @@
+from aiohttp import web
+
+from . import base
+from . import fields
+
+
+class AuthWidgetData(base.TelegramObject):
+    id: base.Integer = fields.Field()
+    first_name: base.String = fields.Field()
+    last_name: base.String = fields.Field()
+    username: base.String = fields.Field()
+    photo_url: base.String = fields.Field()
+    auth_date: base.String = fields.DateTimeField()
+    hash: base.String = fields.Field()
+
+    @classmethod
+    def parse(cls, request: web.Request) -> 'AuthWidgetData':
+        """
+        Parse request as Telegram auth widget data.
+
+        :param request:
+        :return: :obj:`AuthWidgetData`
+        :raise :obj:`aiohttp.web.HTTPBadRequest`
+        """
+        try:
+            query = dict(request.query)
+            query['id'] = int(query['id'])
+            query['auth_date'] = int(query['auth_date'])
+            widget = AuthWidgetData(**query)
+        except (ValueError, KeyError):
+            raise web.HTTPBadRequest(text='Invalid auth data')
+        else:
+            return widget
+
+    def validate(self):
+        return self.bot.check_auth_widget(self.to_python())
+
+    @property
+    def full_name(self):
+        result = self.first_name
+        if self.last_name:
+            result += ' '
+            result += self.last_name
+        return result
--- a/aiogram/utils/auth_widget.py
+++ b/aiogram/utils/auth_widget.py
@ -0,0 +1,25 @@
+import collections
+import hashlib
+import hmac
+
+
+def check_token(data, token):
+    """
+    Validate auth token
+    https://core.telegram.org/widgets/login#checking-authorization
+
+    Source: https://gist.github.com/xen/e4bea72487d34caa28c762776cf655a3
+
+    :param data:
+    :param token:
+    :return:
+    """
+    secret = hashlib.sha256()
+    secret.update(token.encode('utf-8'))
+    sorted_params = collections.OrderedDict(sorted(data.items()))
+    param_hash = sorted_params.pop('hash', '') or ''
+    msg = "\n".join(["{}={}".format(k, v) for k, v in sorted_params.items()])
+
+    if param_hash == hmac.new(secret.digest(), msg.encode('utf-8'), digestmod=hashlib.sha256).hexdigest():
+        return True
+    return False