diff options
author | pjenvey <devnull@localhost> | 2008-09-17 22:18:35 +0000 |
---|---|---|
committer | pjenvey <devnull@localhost> | 2008-09-17 22:18:35 +0000 |
commit | 53e7d3ce846eaf9546b0a413c2921627138ecc45 (patch) | |
tree | 793b0ba4f7bafcbf7444b5eec976bc72bf0a9739 /paste/auth | |
parent | 12512c9ad73e4352351f84be7ee0259f023597ef (diff) | |
download | paste-53e7d3ce846eaf9546b0a413c2921627138ecc45.tar.gz |
prefer hashlib over the md5/sha modules which are deprecated in Python 2.6
Diffstat (limited to 'paste/auth')
-rw-r--r-- | paste/auth/auth_tkt.py | 9 | ||||
-rw-r--r-- | paste/auth/cookie.py | 14 | ||||
-rw-r--r-- | paste/auth/digest.py | 16 |
3 files changed, 26 insertions, 13 deletions
diff --git a/paste/auth/auth_tkt.py b/paste/auth/auth_tkt.py index b1531f2..e1c5833 100644 --- a/paste/auth/auth_tkt.py +++ b/paste/auth/auth_tkt.py @@ -38,7 +38,10 @@ non-Python code run under Apache. """ import time as time_mod -import md5 +try: + from hashlib import md5 +except ImportError: + from md5 import md5 import Cookie from paste import request @@ -164,10 +167,10 @@ def calculate_digest(ip, timestamp, secret, userid, tokens, user_data): userid = maybe_encode(userid) tokens = maybe_encode(tokens) user_data = maybe_encode(user_data) - digest0 = md5.new( + digest0 = md5( encode_ip_timestamp(ip, timestamp) + secret + userid + '\0' + tokens + '\0' + user_data).hexdigest() - digest = md5.new(digest0 + secret).hexdigest() + digest = md5(digest0 + secret).hexdigest() return digest def encode_ip_timestamp(ip, timestamp): diff --git a/paste/auth/cookie.py b/paste/auth/cookie.py index 5c2ab27..5bc48cc 100644 --- a/paste/auth/cookie.py +++ b/paste/auth/cookie.py @@ -41,12 +41,18 @@ corresponding to a database session id) is stored in the cookie. """ -import sha, hmac, base64, random, time, warnings +import hmac, base64, random, time, warnings +try: + from hashlib import sha1 +except ImportError: + # NOTE: We have to use the callable with hashlib (hashlib.sha1), + # otherwise hmac only accepts the sha module object itself + import sha as sha1 from paste.request import get_cookies def make_time(value): return time.strftime("%Y%m%d%H%M", time.gmtime(value)) -_signature_size = len(hmac.new('x', 'x', sha).digest()) +_signature_size = len(hmac.new('x', 'x', sha1).digest()) _header_size = _signature_size + len(make_time(time.time())) # @@: Should this be using urllib.quote? @@ -132,7 +138,7 @@ class AuthCookieSigner(object): cookie is handled server-side in the auth() function. """ cookie = base64.encodestring( - hmac.new(self.secret, content, sha).digest() + + hmac.new(self.secret, content, sha1).digest() + make_time(time.time() + 60*self.timeout) + content).replace("/", "_").replace("=", "~") if len(cookie) > self.maxlen: @@ -149,7 +155,7 @@ class AuthCookieSigner(object): signature = decode[:_signature_size] expires = decode[_signature_size:_header_size] content = decode[_header_size:] - if signature == hmac.new(self.secret, content, sha).digest(): + if signature == hmac.new(self.secret, content, sha1).digest(): if int(expires) > int(make_time(time.time())): return content else: diff --git a/paste/auth/digest.py b/paste/auth/digest.py index 229a03d..cc2ccfa 100644 --- a/paste/auth/digest.py +++ b/paste/auth/digest.py @@ -31,11 +31,15 @@ to use sha would be a good thing. """ from paste.httpexceptions import HTTPUnauthorized from paste.httpheaders import * -import md5, time, random +try: + from hashlib import md5 +except ImportError: + from md5 import md5 +import time, random def digest_password(realm, username, password): """ construct the appropriate hashcode needed for HTTP digest """ - return md5.md5("%s:%s:%s" % (username, realm, password)).hexdigest() + return md5("%s:%s:%s" % (username, realm, password)).hexdigest() class AuthDigestAuthenticator(object): """ implementation of RFC 2617 - HTTP Digest Authentication """ @@ -46,9 +50,9 @@ class AuthDigestAuthenticator(object): def build_authentication(self, stale = ''): """ builds the authentication error """ - nonce = md5.md5( + nonce = md5( "%s:%s" % (time.time(), random.random())).hexdigest() - opaque = md5.md5( + opaque = md5( "%s:%s" % (time.time(), random.random())).hexdigest() self.nonce[nonce] = None parts = {'realm': self.realm, 'qop': 'auth', @@ -64,12 +68,12 @@ class AuthDigestAuthenticator(object): """ computes the authentication, raises error if unsuccessful """ if not ha1: return self.build_authentication() - ha2 = md5.md5('%s:%s' % (method, path)).hexdigest() + ha2 = md5('%s:%s' % (method, path)).hexdigest() if qop: chk = "%s:%s:%s:%s:%s:%s" % (ha1, nonce, nc, cnonce, qop, ha2) else: chk = "%s:%s:%s" % (ha1, nonce, ha2) - if response != md5.md5(chk).hexdigest(): + if response != md5(chk).hexdigest(): if nonce in self.nonce: del self.nonce[nonce] return self.build_authentication() |