summaryrefslogtreecommitdiff
path: root/wsgitools
diff options
context:
space:
mode:
authorHelmut Grohne <helmut@subdivi.de>2008-03-10 15:51:53 +0100
committerHelmut Grohne <helmut@subdivi.de>2008-03-10 15:51:53 +0100
commitc44530be1a4028ecf62b13dc24b847442114b2ec (patch)
tree1d6cb3b92ff683ebbd9496ecbe95eda843c114ed /wsgitools
parent6a50ebb9bfbfc81472c0ce4e3542122789378cb5 (diff)
downloadwsgitools-c44530be1a4028ecf62b13dc24b847442114b2ec.tar.gz
use hashlib.md5 instead of md5.md5 where possible
Diffstat (limited to 'wsgitools')
-rwxr-xr-xwsgitools/digest.py18
1 files changed, 13 insertions, 5 deletions
diff --git a/wsgitools/digest.py b/wsgitools/digest.py
index 7284c1c..19fb975 100755
--- a/wsgitools/digest.py
+++ b/wsgitools/digest.py
@@ -3,7 +3,11 @@
__all__ = []
import random
-import md5
+try:
+ from hashlib import md5
+except ImportError:
+ from md5 import md5
+
import time
sysrand = random.SystemRandom()
@@ -52,12 +56,12 @@ class AuthTokenGenerator:
if password is None:
return None
a1 = "%s:%s:%s" % (username, self.realm, password)
- return md5.new(a1).hexdigest()
+ return md5(a1).hexdigest()
__all__.append("AuthDigestMiddleware")
class AuthDigestMiddleware:
"""Middleware partly implementing RFC2617. (md5-sess was omited)"""
- algorithms = {"md5": lambda data: md5.new(data).hexdigest()}
+ algorithms = {"md5": lambda data: md5(data).hexdigest()}
def __init__(self, app, gentoken, maxage=300, maxuses=5):
"""
@param app: is the wsgi application to be served with authentification.
@@ -192,7 +196,7 @@ class AuthDigestMiddleware:
# raises ValueError
nonce_time, nonce_value, nonce_hash = nonce.split(':')
token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
- token = md5.new(token).hexdigest()
+ token = md5(token).hexdigest()
return nonce_hash == token
def check_nonce(self, credentials):
@@ -200,6 +204,10 @@ class AuthDigestMiddleware:
nonce = credentials["nonce"]
# raises ValueError
nonce_time, nonce_value, nonce_hash = nonce.split(':')
+ token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
+ token = md5(token).hexdigest()
+ if token != nonce_hash:
+ return False
qop = credentials.get("qop", None)
if qop is None:
nc = 1
@@ -234,7 +242,7 @@ class AuthDigestMiddleware:
nonce_value = ("%066X" % randval).decode("hex").encode("base64").strip()
self.nonces.append((nonce_time, nonce_value, 1))
token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
- token = md5.new(token).hexdigest()
+ token = md5(token).hexdigest()
return "%s:%s:%s" % (nonce_time, nonce_value, token)
def authorization_required(self, environ, start_response, stale=False):