diff options
Diffstat (limited to 'wsgitools/digest.py')
-rwxr-xr-x | wsgitools/digest.py | 39 |
1 files changed, 18 insertions, 21 deletions
diff --git a/wsgitools/digest.py b/wsgitools/digest.py index 8c5bc0f..c943c92 100755 --- a/wsgitools/digest.py +++ b/wsgitools/digest.py @@ -90,13 +90,14 @@ class NonceStoreBase: @rtype: bool """ raise NotImplementedError - def checknonce(self, nonce, qop, nc): + def checknonce(self, nonce, count=1): """ This method is to be overridden and should do a thorough check for - whether the given nonce is a valid one taking qop and nc into account. + whether the given nonce is a valid as being used count times. @type nonce: str - @type qop: str or None - @type nc: str or None + @type count: int + @param count: indicates how often the nonce has been used (including + this check) @rtype: bool """ raise NotImplementedError @@ -164,15 +165,16 @@ class StatelessNonceStore(NonceStoreBase): token = md5(token).hexdigest() return nonce_hash == token - def checknonce(self, nonce, qop, nc): + def checknonce(self, nonce, count=1): """ Do a thorough check for whether the provided string is a nonce and increase usage count on returning True. @type nonce: str - @type qop: str or None - @type nc: str or None + @type count: int @rtype: bool """ + if count != 1: + return False try: nonce_time, nonce_value, nonce_hash = nonce.split(':') except ValueError: @@ -243,13 +245,12 @@ class MemoryNonceStore(NonceStoreBase): token = md5(token).hexdigest() return nonce_hash == token - def checknonce(self, nonce, qop, nc): + def checknonce(self, nonce, count=1): """ Do a thorough check for whether the provided string is a nonce and increase usage count on returning True. @type nonce: str - @type qop: str or None - @type nc: str or None + @type count: int @rtype: bool """ try: @@ -260,13 +261,6 @@ class MemoryNonceStore(NonceStoreBase): token = md5(token).hexdigest() if token != nonce_hash: return False - if qop is None: - nc = 1 - else: - try: - nc = long(nc, 16) - except (KeyError, ValueError): - return False self._cleanup() # avoid stale nonces @@ -282,7 +276,7 @@ class MemoryNonceStore(NonceStoreBase): (nt, nv, uses) = self.nonces[lower] if nt != nonce_time or nv != nonce_value: return False - if nc != uses: + if count != uses: del self.nonces[lower] return False if uses >= self.maxuses: @@ -380,9 +374,12 @@ class AuthDigestMiddleware: if response is None or response != credentials["response"]: raise AuthenticationRequired - if not self.noncestore.checknonce(credentials["nonce"], - credentials.get("qop"), - credentials.get("nc")): + noncecount = 1 + if credentials.get("qop") is not None: + # raises ValueError + noncecount = long(credentials["nc"], 16) + + if not self.noncestore.checknonce(credentials["nonce"], noncecount): return self.authorization_required(environ, start_response, stale=True) # stale nonce! |