summaryrefslogtreecommitdiff
path: root/wsgitools/digest.py
AgeCommit message (Collapse)Author
2023-06-19digest: TokenGenerator.realm should be read-onlydevelHelmut Grohne
2023-06-18add type hints to all of the codeHelmut Grohne
In order to use type hint syntax, we need to bump the minimum Python version to 3.7 and some of the features such as Literal and Protocol are opted in when a sufficiently recent Python is available. This does not make all of the code pass type checking with mypy. A number of typing issues remain, but the output of mypy becomes something one can read through. In adding type hints, a lot of epydoc @type annotations are removed as redundant. This update also adopts black-style line breaking.
2023-06-18drop support for Python 2.xHelmut Grohne
2022-12-06wsgitools.digest: relax checking of PATH_INFOHelmut Grohne
Apache mod_proxy_scgi seems to insert an additional slash at the start of PATH_INFO deal with this rather than rejecting authentication.
2020-04-01don't call secrets.compare_digest with a None valueHelmut Grohne
The __call__ method may return None to indicate failure. Using compare_digest with a None value results in a TypeError. Fixes: ab06a888e216 ("use secrets.compare_digest when available")
2017-03-26use secrets.compare_digest when availableHelmut Grohne
2017-03-26port wsgitools.digest to use the new secrets moduleHelmut Grohne
2015-04-18Merge branch py3kHelmut Grohne
2014-01-06switch to new-style classes entirelyHelmut Grohne
There is no reason to use old-style classes beyond laziness.
2012-07-01make HtdigestTokenGenerator work with py3kHelmut Grohne
Define a textopen function that returns "native strings" (in the sense of pep3333). Therefore textopen needs to decode using iso-8859-1 iff running on py3k. Additionally use a with construct to close the file being read in all circumstances.
2012-06-29fix hashlib, base64 and other bytes issuesHelmut Grohne
* hashlib.md5 wants bytes now. * string.decode("base64") is now base64.b64decode and works on bytes * binascii.unhexlify is now base64.b16decode and also works on bytes * str.isalnum accepts umlauts, use bytes.isalnum instead
2012-06-28drop support for python2.5, use except ... as ...Helmut Grohne
2012-06-24fix comment in wsgitools.digestHelmut Grohne
2011-12-06drop useless tail recursion param from parse_digest_responseHelmut Grohne
2011-12-01respect RFC2617 in terms of what is quotedHelmut Grohne
Said RFC is quite precise on which values of a challenge are to be quoted. I didn't honour those parts and many applications do not enforce these requirements, so I didn't notice. Now I explain which values are to be quoted in the hopes that it works with "Wget/1.10.2 (Red Hat modified)".
2011-11-30documentation updateHelmut Grohne
* added a number of internal links (L{...}) * some fixes * some additions
2011-11-30Merge branch 'authrefactor'Helmut Grohne
Conflicts: wsgitools/digest.py
2011-11-30shrink AuthenticationMiddleware.authenticate interfaceHelmut Grohne
The method no longer receives a start_response and is no longer responsible for calling self.app. Instead it returns a dictionary with the result of the authentication.
2011-11-28added format_digestHelmut Grohne
This is the inverse of parse_digest_response and also supports escaping of backslashes and quotes.
2011-11-28rewrite parse_digest_response for escapesHelmut Grohne
The previous version did not handle escapes at all. Now I added two test cases for escaping and rewrote the function to meet all test cases.
2011-11-28digest: generate Authentication-Info before invoking appHelmut Grohne
This shrinks the possibility of raising something from start_response and maybe enables to factor out this start_response modification later.
2011-11-27added new base class AuthenticationMiddlewareHelmut Grohne
The BasicAuthMiddleware and AuthDigestMiddleware now derive from AuthenticationMiddleware which provides common functionality.
2011-11-26broaden AuthDigestMiddleware.authorization_requiredHelmut Grohne
The interface of this internal function has changed in a backwards incompatible way. The last parameter is no longer the bool stale, but an exception now, which encodes more information than the previous bool. This was made possible by the previous commit. This exception can then be used by the new method www_authenticate to generate a suitable WWW-Authenticate header. The idea behind this change is that at some point it should be possible to override authorization_required (still internal now) to evaluate what condition lead to the failure and to generate custom error pages.
2011-11-02improved extensibility of error handling in digest.pyHelmut Grohne
Instead of randomly raising KeyErrors or ValueErrors we can now see more meaningful ProtocolViolations and StaleNonces. Note that this change should be invisible to users who do not mess with internals.
2011-11-01digest: support gentoken without algoHelmut Grohne
2011-07-25fixed epydoc markup errors in digest moduleHelmut Grohne
2011-07-25added more nonce store test cases to digest moduleHelmut Grohne
2011-07-24add more assertions for types of passed parametersHelmut Grohne
2011-07-24removed execute bit from wsgitools/digest.pyHelmut Grohne
It probably gained this bit later than shown in history due to darcs not tracking execute bits. The bit was probably added for doc tests which moved to a designated file later.
2011-06-01reworked digest.AuthTokenGeneratorHelmut Grohne
AuthTokenGenerator gained a base class AbstractTokenGenerator. This class provides an additional method check_password implementing the interface required by BasicAuthMiddleware. In addition AbstractTokenGenerator gained two subclasses HtdigestTokenGenerator and UpdatingHtdigestTokenGenerator. They both read authentication information from a apache htdigest file. The latter also checks the file for updates.
2011-01-12improved AuthDigestMiddleware doc stringHelmut Grohne
2010-09-02improved digest documentationHelmut Grohne
2010-01-31fix shared default argument to parse_digest_responseHelmut Grohne
2009-07-04two new digest doctestsHelmut Grohne
2009-07-04more docstring/epydoc improvementsHelmut Grohne
2009-06-24fixed an epydoc comment in digestHelmut Grohne
2009-06-24added doctest for DBAPI2NonceStoreHelmut Grohne
2009-06-24added dbapi2 (sql) backed noncestore! yeah :-)Helmut Grohne
2009-06-24documented potential overflow in digestHelmut Grohne
2009-06-24auth_response should not return ValueError in digestHelmut Grohne
2009-03-29improve digest module (killed isnonce method)Helmut Grohne
Prior to this change the digest module would check whether a nonce looks like a nonce, verify the response and then verify the nonce. This left a bit more room for brute forcing passwords, as the same nonce could be used in arbitrary many tries and a stale response would indicate an authentication success. Now authentication is only tried for valid nonces. This also makes the NonceStoreBase.isnonce method superfluous.
2009-03-29get rid of old builtin longHelmut Grohne
Even Py2.4 can handle large parameters to int, so long is not needed.
2009-03-29quite some changes for py3Helmut Grohne
These changes introduce some compatibility code. They don't make wsgitools usable with Python 3.0, but they also don't break compatibility with Python 2.5.
2009-03-29make digest.gen_rand_str forward compatible (py3)Helmut Grohne
2009-02-27extract common code to gen_rand_str in digestHelmut Grohne
2009-02-27added more doctests for digest moduleHelmut Grohne
2009-02-27fixed bug in digest.MemoryNonceStore.checknonceHelmut Grohne
2008-10-14update docstring: DigestAuth now partly works with forkpoolHelmut Grohne
2008-10-14small digest cleanupHelmut Grohne
2008-10-14extended digest.NonceStoreBase interfaceHelmut Grohne
The methods now take an optional last parameter called ident. It can be used to bind nonces to specific uses within one NonceStore.