summaryrefslogtreecommitdiff
path: root/wsgitools/digest.py
diff options
context:
space:
mode:
Diffstat (limited to 'wsgitools/digest.py')
-rwxr-xr-xwsgitools/digest.py80
1 files changed, 13 insertions, 67 deletions
diff --git a/wsgitools/digest.py b/wsgitools/digest.py
index cbd374b..aa1dc83 100755
--- a/wsgitools/digest.py
+++ b/wsgitools/digest.py
@@ -98,22 +98,10 @@ class NonceStoreBase:
@rtype: str
"""
raise NotImplementedError
- def isnonce(self, nonce, ident=None):
- """
- This method is to be overridden and should do a quick check for whether
- the given nonce has a chance to be a valid one. This function must not
- return false for a stale nonce.
- @type nonce: str
- @type ident: str
- @param ident: it is also checked that the nonce was associated to this
- identifier when given
- @rtype: bool
- """
- raise NotImplementedError
def checknonce(self, nonce, count=1, ident=None):
"""
- This method is to be overridden and should do a thorough check for
- whether the given nonce is a valid as being used count times.
+ This method is to be overridden and should do a check for whether the
+ given nonce is valid as being used count times.
@type nonce: str
@type count: int
@param count: indicates how often the nonce has been used (including
@@ -147,8 +135,6 @@ class StatelessNonceStore(NonceStoreBase):
>>> n = s.newnonce()
>>> s.checknonce("spam")
False
- >>> s.isnonce(n)
- True
>>> s.checknonce(n)
True
>>> s.checknonce(n)
@@ -184,27 +170,10 @@ class StatelessNonceStore(NonceStoreBase):
token = md5(token).hexdigest()
return "%s:%s:%s" % (nonce_time, nonce_value, token)
- def isnonce(self, nonce, ident=None):
- """
- Do a quick a stateless check for whether the provides string might
- be a nonce.
- @type nonce: str
- @rtype: bool
- """
- try:
- nonce_time, nonce_value, nonce_hash = nonce.split(':')
- except ValueError:
- return False
- token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
- if ident is not None:
- token = "%s:%s" % (token, ident)
- token = md5(token).hexdigest()
- return nonce_hash == token
-
def checknonce(self, nonce, count=1, ident=None):
"""
- Do a thorough check for whether the provided string is a nonce and
- increase usage count on returning True.
+ Do a check for whether the provided string is a nonce and increase usage
+ count on returning True.
@type nonce: str
@type count: int
@rtype: bool
@@ -235,8 +204,6 @@ class MemoryNonceStore(NonceStoreBase):
>>> n = s.newnonce()
>>> s.checknonce("spam")
False
- >>> s.isnonce(n)
- True
>>> s.checknonce(n)
True
>>> s.checknonce(n)
@@ -281,27 +248,10 @@ class MemoryNonceStore(NonceStoreBase):
token = md5(token).hexdigest()
return "%s:%s:%s" % (nonce_time, nonce_value, token)
- def isnonce(self, nonce, ident=None):
- """
- Do a quick a stateless check for whether the provides string might
- be a nonce.
- @type nonce: str
- @rtype: bool
- """
- try:
- nonce_time, nonce_value, nonce_hash = nonce.split(':')
- except ValueError:
- return False
- token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
- if ident is not None:
- token = "%s:%s" % (nonce, ident)
- token = md5(token).hexdigest()
- return nonce_hash == token
-
def checknonce(self, nonce, count=1, ident=None):
"""
- Do a thorough check for whether the provided string is a nonce and
- increase usage count on returning True.
+ Do a check for whether the provided string is a nonce and increase usage
+ count on returning True.
@type nonce: str
@type count: int
@rtype: bool
@@ -367,7 +317,6 @@ class AuthDigestMiddleware:
self.noncestore = MemoryNonceStore(maxage, maxuses)
else:
assert hasattr(store, "newnonce")
- assert hasattr(store, "isnonce")
assert hasattr(store, "checknonce")
self.noncestore = store
@@ -419,16 +368,6 @@ class AuthDigestMiddleware:
"cnonce" not in credentials)):
raise AuthenticationRequired
- if not self.noncestore.isnonce(credentials["nonce"]):
- raise AuthenticationRequired
-
- # raises KeyError, ValueError
- response = self.auth_response(credentials,
- environ["REQUEST_METHOD"])
-
- if response is None or response != credentials["response"]:
- raise AuthenticationRequired
-
noncecount = 1
if credentials.get("qop") is not None:
# raises ValueError
@@ -438,6 +377,13 @@ class AuthDigestMiddleware:
return self.authorization_required(environ, start_response,
stale=True) # stale nonce!
+ # raises KeyError, ValueError
+ response = self.auth_response(credentials,
+ environ["REQUEST_METHOD"])
+
+ if response != credentials["response"]:
+ raise AuthenticationRequired
+
except (KeyError, ValueError, AuthenticationRequired):
return self.authorization_required(environ, start_response)
else: