| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2011-11-26 | broaden AuthDigestMiddleware.authorization_required | Helmut Grohne | |
| The interface of this internal function has changed in a backwards incompatible way. The last parameter is no longer the bool stale, but an exception now, which encodes more information than the previous bool. This was made possible by the previous commit. This exception can then be used by the new method www_authenticate to generate a suitable WWW-Authenticate header. The idea behind this change is that at some point it should be possible to override authorization_required (still internal now) to evaluate what condition lead to the failure and to generate custom error pages. | |||
| 2011-11-02 | improved extensibility of error handling in digest.py | Helmut Grohne | |
| Instead of randomly raising KeyErrors or ValueErrors we can now see more meaningful ProtocolViolations and StaleNonces. Note that this change should be invisible to users who do not mess with internals. | |||
| 2011-11-01 | digest: support gentoken without algo | Helmut Grohne | |
| 2011-07-25 | fixed epydoc markup errors in digest module | Helmut Grohne | |
| 2011-07-25 | added more nonce store test cases to digest module | Helmut Grohne | |
| 2011-07-24 | add more assertions for types of passed parameters | Helmut Grohne | |
| 2011-07-24 | removed execute bit from wsgitools/digest.py | Helmut Grohne | |
| It probably gained this bit later than shown in history due to darcs not tracking execute bits. The bit was probably added for doc tests which moved to a designated file later. | |||
| 2011-06-01 | reworked digest.AuthTokenGenerator | Helmut Grohne | |
| AuthTokenGenerator gained a base class AbstractTokenGenerator. This class provides an additional method check_password implementing the interface required by BasicAuthMiddleware. In addition AbstractTokenGenerator gained two subclasses HtdigestTokenGenerator and UpdatingHtdigestTokenGenerator. They both read authentication information from a apache htdigest file. The latter also checks the file for updates. | |||
| 2011-01-12 | improved AuthDigestMiddleware doc string | Helmut Grohne | |
| 2010-09-02 | improved digest documentation | Helmut Grohne | |
| 2010-01-31 | fix shared default argument to parse_digest_response | Helmut Grohne | |
| 2009-07-04 | two new digest doctests | Helmut Grohne | |
| 2009-07-04 | more docstring/epydoc improvements | Helmut Grohne | |
| 2009-06-24 | fixed an epydoc comment in digest | Helmut Grohne | |
| 2009-06-24 | added doctest for DBAPI2NonceStore | Helmut Grohne | |
| 2009-06-24 | added dbapi2 (sql) backed noncestore! yeah :-) | Helmut Grohne | |
| 2009-06-24 | documented potential overflow in digest | Helmut Grohne | |
| 2009-06-24 | auth_response should not return ValueError in digest | Helmut Grohne | |
| 2009-03-29 | improve digest module (killed isnonce method) | Helmut Grohne | |
| Prior to this change the digest module would check whether a nonce looks like a nonce, verify the response and then verify the nonce. This left a bit more room for brute forcing passwords, as the same nonce could be used in arbitrary many tries and a stale response would indicate an authentication success. Now authentication is only tried for valid nonces. This also makes the NonceStoreBase.isnonce method superfluous. | |||
| 2009-03-29 | get rid of old builtin long | Helmut Grohne | |
| Even Py2.4 can handle large parameters to int, so long is not needed. | |||
| 2009-03-29 | quite some changes for py3 | Helmut Grohne | |
| These changes introduce some compatibility code. They don't make wsgitools usable with Python 3.0, but they also don't break compatibility with Python 2.5. | |||
| 2009-03-29 | make digest.gen_rand_str forward compatible (py3) | Helmut Grohne | |
| 2009-02-27 | extract common code to gen_rand_str in digest | Helmut Grohne | |
| 2009-02-27 | added more doctests for digest module | Helmut Grohne | |
| 2009-02-27 | fixed bug in digest.MemoryNonceStore.checknonce | Helmut Grohne | |
| 2008-10-14 | update docstring: DigestAuth now partly works with forkpool | Helmut Grohne | |
| 2008-10-14 | small digest cleanup | Helmut Grohne | |
| 2008-10-14 | extended digest.NonceStoreBase interface | Helmut Grohne | |
| The methods now take an optional last parameter called ident. It can be used to bind nonces to specific uses within one NonceStore. | |||
| 2008-10-14 | added epydoc markup to doc strings | Helmut Grohne | |
| 2008-09-22 | improve comments | Helmut Grohne | |
| 2008-09-22 | improve digest.NonceStoreBase.checknonce interface | Helmut Grohne | |
| 2008-09-21 | digest: create a generic nonce storage interface | Helmut Grohne | |
| 2008-09-20 | added some examples/doctests for digest.parse_digest_response | Helmut Grohne | |
| 2008-07-12 | fix some comments and epydocify them | Helmut Grohne | |
| 2008-03-27 | epydoc update | Helmut Grohne | |
| 2008-03-10 | use hashlib.md5 instead of md5.md5 where possible | Helmut Grohne | |
| 2008-02-28 | refactored docstrings for epydoc | Helmut Grohne | |
| 2007-05-08 | rearrange nonce checking to comply with RFC2617 in wsgitools.digest | Helmut Grohne | |
| 2007-05-08 | replaced nonce handling in wsgitools.digest | Helmut Grohne | |
| 2007-05-08 | added support for digest auth (RFC2617) | Helmut Grohne | |
 |
index : ~helmut/wsgitools.git | |
| See http://subdivi.de/~helmut/wsgitools/ | Helmut Grohne |
| summaryrefslogtreecommitdiff |