From 2444c54b184a5a9ad89c79d36a456a83e9150d87 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Mon, 22 Sep 2008 18:14:58 +0200
Subject: improve digest.NonceStoreBase.checknonce interface

---
 wsgitools/digest.py | 39 ++++++++++++++++++---------------------
 1 file changed, 18 insertions(+), 21 deletions(-)

(limited to 'wsgitools/digest.py')

diff --git a/wsgitools/digest.py b/wsgitools/digest.py
index 8c5bc0f..c943c92 100755
--- a/wsgitools/digest.py
+++ b/wsgitools/digest.py
@@ -90,13 +90,14 @@ class NonceStoreBase:
         @rtype: bool
         """
         raise NotImplementedError
-    def checknonce(self, nonce, qop, nc):
+    def checknonce(self, nonce, count=1):
         """
         This method is to be overridden and should do a thorough check for
-        whether the given nonce is a valid one taking qop and nc into account.
+        whether the given nonce is a valid as being used count times.
         @type nonce: str
-        @type qop: str or None
-        @type nc: str or None
+        @type count: int
+        @param count: indicates how often the nonce has been used (including
+                this check)
         @rtype: bool
         """
         raise NotImplementedError
@@ -164,15 +165,16 @@ class StatelessNonceStore(NonceStoreBase):
         token = md5(token).hexdigest()
         return nonce_hash == token
 
-    def checknonce(self, nonce, qop, nc):
+    def checknonce(self, nonce, count=1):
         """
         Do a thorough check for whether the provided string is a nonce and
         increase usage count on returning True.
         @type nonce: str
-        @type qop: str or None
-        @type nc: str or None
+        @type count: int
         @rtype: bool
         """
+        if count != 1:
+            return False
         try:
             nonce_time, nonce_value, nonce_hash = nonce.split(':')
         except ValueError:
@@ -243,13 +245,12 @@ class MemoryNonceStore(NonceStoreBase):
         token = md5(token).hexdigest()
         return nonce_hash == token
 
-    def checknonce(self, nonce, qop, nc):
+    def checknonce(self, nonce, count=1):
         """
         Do a thorough check for whether the provided string is a nonce and
         increase usage count on returning True.
         @type nonce: str
-        @type qop: str or None
-        @type nc: str or None
+        @type count: int
         @rtype: bool
         """
         try:
@@ -260,13 +261,6 @@ class MemoryNonceStore(NonceStoreBase):
         token = md5(token).hexdigest()
         if token != nonce_hash:
             return False
-        if qop is None:
-            nc = 1
-        else:
-            try:
-                nc = long(nc, 16)
-            except (KeyError, ValueError):
-                return False
 
         self._cleanup() # avoid stale nonces
 
@@ -282,7 +276,7 @@ class MemoryNonceStore(NonceStoreBase):
         (nt, nv, uses) = self.nonces[lower]
         if nt != nonce_time or nv != nonce_value:
             return False
-        if nc != uses:
+        if count != uses:
             del self.nonces[lower]
             return False
         if uses >= self.maxuses:
@@ -380,9 +374,12 @@ class AuthDigestMiddleware:
             if response is None or response != credentials["response"]:
                 raise AuthenticationRequired
 
-            if not self.noncestore.checknonce(credentials["nonce"],
-                                              credentials.get("qop"),
-                                              credentials.get("nc")):
+            noncecount = 1
+            if credentials.get("qop") is not None:
+                # raises ValueError
+                noncecount = long(credentials["nc"], 16)
+
+            if not self.noncestore.checknonce(credentials["nonce"], noncecount):
                 return self.authorization_required(environ, start_response,
                                                    stale=True) # stale nonce!
 
-- 
cgit v1.2.3