summaryrefslogtreecommitdiff
path: root/wsgitools
AgeCommit message (Collapse)Author
2013-06-06Merge tag 'wsgitools-0.2.4' into py3kHelmut Grohne
The intent is to port the changes from 0.2.4 to py3k. Conflicts: README test.py wsgitools/scgi/forkpool.py All conflicts were resolved in a minimal way. The test suite now fails for all python versions.
2013-03-10forkpool: add a per-request timelimitHelmut Grohne
2012-11-01scgi.forkpool: implement RLIMIT_CPUHelmut Grohne
The limit is only set on workers does not apply to the master. Upon reaching the soft limit the worker terminates after finished the current request.
2012-11-01scgi.forkpool: fixed wrong assertionHelmut Grohne
The forkpool server was incompatible with dumb generators. They only call start_response when being asked for the first output element, but the forkpool server was wrongly requiring start_response to be called before returning the iterator.
2012-11-01scgi.forkpool: similarly drop the error attributeHelmut Grohne
It can be stored inside the config attribute.
2012-11-01scgi.forkpool: reduce instance attributesHelmut Grohne
The interface and port attributes are always used together. Combine them in order to reduce complexity.
2012-07-01make HtdigestTokenGenerator work with py3kHelmut Grohne
Define a textopen function that returns "native strings" (in the sense of pep3333). Therefore textopen needs to decode using iso-8859-1 iff running on py3k. Additionally use a with construct to close the file being read in all circumstances.
2012-07-01make StaticFile work with py3kHelmut Grohne
There is no file builtin, and binary mode gives bytes instead of str.
2012-06-29fix more bytes related issues not covered by test.pyHelmut Grohne
* applications returned errors as str instead of bytes * filters documentation updated with bytes * various filters expecting str where bytes are passed * escape_string also needs to use bytes.isalnum instead of str.isalnum * middlewares injecting str where bytes are expected
2012-06-29fix hashlib, base64 and other bytes issuesHelmut Grohne
* hashlib.md5 wants bytes now. * string.decode("base64") is now base64.b64decode and works on bytes * binascii.unhexlify is now base64.b16decode and also works on bytes * str.isalnum accepts umlauts, use bytes.isalnum instead
2012-06-29make scgi.forkpool work with py3kHelmut Grohne
Note that the construction of the header moved from our internal sendheaders function to the start_response function. This way users supplying unicode characters no representable in iso-8859-1 will get a UnicodeEncodeError back from start_response, which is more useful than failing later while yielding bytes.
2012-06-29scgi.asynchronous: move {en,de}coding to internal moduleHelmut Grohne
2012-06-28make scgi.asynchronous work with py3Helmut Grohne
2012-06-28first part of bytes conversionHelmut Grohne
Convert the request body data from str to bytes. This replaces all StringIOs with BytesIOs (removing backwards one more backwards compatibility). Also all character sequences involved in request bodies get a b"" prefix. The StaticContent application takes bytes instead of str (no difference for py2x). The GzipWSGIFilter needs a fixed as a truncate of a BytesIO does not rewind the stream position.
2012-06-28provide py3 style __next__ methodsHelmut Grohne
2012-06-28remove workarounds for missing next() and hashlibHelmut Grohne
2012-06-28drop support for python2.5, use except ... as ...Helmut Grohne
2012-06-24fix comment in wsgitools.digestHelmut Grohne
2012-03-17sendfile supportHelmut Grohne
When a sendfile library is available, expose it via wsgi.file_wrapper. This support spans both asynchronous and forkpool.
2012-03-17set __all__ in scgi.forkpoolHelmut Grohne
2012-03-17deduplicate scgi.{asynchronous,forkpool}Helmut Grohne
2012-03-15raise exc_info stuff properlyHelmut Grohne
2012-03-15middlewares: support multiple start_response callsHelmut Grohne
Previously middlewares mostly gave up and acted as pass through when a second start_response call occurred. Now they try to handle this situation.
2012-03-15fix failing NoWriteCallableMiddleware testHelmut Grohne
This was basically a rewrite of the NoWriteCallableMiddleware, because the wrong assumption of start_response not being called twice was used in too many places.
2011-12-06drop useless tail recursion param from parse_digest_responseHelmut Grohne
2011-12-01respect RFC2617 in terms of what is quotedHelmut Grohne
Said RFC is quite precise on which values of a challenge are to be quoted. I didn't honour those parts and many applications do not enforce these requirements, so I didn't notice. Now I explain which values are to be quoted in the hopes that it works with "Wget/1.10.2 (Red Hat modified)".
2011-11-30documentation updateHelmut Grohne
* added a number of internal links (L{...}) * some fixes * some additions
2011-11-30Merge branch 'authrefactor'Helmut Grohne
Conflicts: wsgitools/digest.py
2011-11-30shrink AuthenticationMiddleware.authenticate interfaceHelmut Grohne
The method no longer receives a start_response and is no longer responsible for calling self.app. Instead it returns a dictionary with the result of the authentication.
2011-11-28added format_digestHelmut Grohne
This is the inverse of parse_digest_response and also supports escaping of backslashes and quotes.
2011-11-28rewrite parse_digest_response for escapesHelmut Grohne
The previous version did not handle escapes at all. Now I added two test cases for escaping and rewrote the function to meet all test cases.
2011-11-28digest: generate Authentication-Info before invoking appHelmut Grohne
This shrinks the possibility of raising something from start_response and maybe enables to factor out this start_response modification later.
2011-11-27added new base class AuthenticationMiddlewareHelmut Grohne
The BasicAuthMiddleware and AuthDigestMiddleware now derive from AuthenticationMiddleware which provides common functionality.
2011-11-26broaden AuthDigestMiddleware.authorization_requiredHelmut Grohne
The interface of this internal function has changed in a backwards incompatible way. The last parameter is no longer the bool stale, but an exception now, which encodes more information than the previous bool. This was made possible by the previous commit. This exception can then be used by the new method www_authenticate to generate a suitable WWW-Authenticate header. The idea behind this change is that at some point it should be possible to override authorization_required (still internal now) to evaluate what condition lead to the failure and to generate custom error pages.
2011-11-02improved extensibility of error handling in digest.pyHelmut Grohne
Instead of randomly raising KeyErrors or ValueErrors we can now see more meaningful ProtocolViolations and StaleNonces. Note that this change should be invisible to users who do not mess with internals.
2011-11-01digest: support gentoken without algoHelmut Grohne
2011-08-19scgi: support reusing a listen socketHelmut Grohne
This is useful when used in combination with e.g. systemd.
2011-07-25fixed epydoc markup errors in digest moduleHelmut Grohne
2011-07-25added more nonce store test cases to digest moduleHelmut Grohne
2011-07-24add more assertions for types of passed parametersHelmut Grohne
2011-07-24filters.escape_string: do not consider \ printableHelmut Grohne
Otherwise escape_string is not reversible.
2011-07-24removed execute bit from wsgitools/digest.pyHelmut Grohne
It probably gained this bit later than shown in history due to darcs not tracking execute bits. The bit was probably added for doc tests which moved to a designated file later.
2011-07-22BasicAuthMiddleware docstring: mention REMOTE_USERHelmut Grohne
2011-07-18adapt exc_info handling for python 3Helmut Grohne
2011-06-01reworked digest.AuthTokenGeneratorHelmut Grohne
AuthTokenGenerator gained a base class AbstractTokenGenerator. This class provides an additional method check_password implementing the interface required by BasicAuthMiddleware. In addition AbstractTokenGenerator gained two subclasses HtdigestTokenGenerator and UpdatingHtdigestTokenGenerator. They both read authentication information from a apache htdigest file. The latter also checks the file for updates.
2011-06-01improved doc string for middlewares.ContentLengthMiddlewareHelmut Grohne
2011-01-12DictAuthChecker.__call__ should take an environwsgitools-0.2.2Helmut Grohne
as this is tried by BasicAuthMiddleware first.
2011-01-12improved AuthDigestMiddleware doc stringHelmut Grohne
2011-01-12scgi.asynchronous catches more errors nowHelmut Grohne
This addresses a disputed denial of service condition described in http://bugs.python.org/issue6706. Note that wsgitools is not hit as hard as pyftplib.
2011-01-12bug fix for StaticContent and CachingMiddlewareHelmut Grohne
PEP333 says that the headers list passed to start_response may be modified by servers or middlewares. In fact this happens in DigestAuthMiddleware. The StaticContent and CachingMiddleware classes did not take this into account and returned the same headers list multiple times which is wrong and can lead to denial of service.