summaryrefslogtreecommitdiff
path: root/paste/auth/cookie.py
diff options
context:
space:
mode:
Diffstat (limited to 'paste/auth/cookie.py')
-rw-r--r--paste/auth/cookie.py49
1 files changed, 25 insertions, 24 deletions
diff --git a/paste/auth/cookie.py b/paste/auth/cookie.py
index df63329..a650436 100644
--- a/paste/auth/cookie.py
+++ b/paste/auth/cookie.py
@@ -41,22 +41,23 @@ corresponding to a database session id) is stored in the cookie.
"""
-import sha, hmac, base64, random, time, string, warnings
+import sha, hmac, base64, random, time, warnings
from paste.request import get_cookies
def make_time(value):
- return time.strftime("%Y%m%d%H%M",time.gmtime(value))
-_signature_size = len(hmac.new('x','x',sha).digest())
+ return time.strftime("%Y%m%d%H%M", time.gmtime(value))
+_signature_size = len(hmac.new('x', 'x', sha).digest())
_header_size = _signature_size + len(make_time(time.time()))
# @@: Should this be using urllib.quote?
# build encode/decode functions to safely pack away values
-_encode = [('\\','\\x5c'),('"','\\x22'),('=','\\x3d'),(';','\\x3b')]
-_decode = [(v,k) for (k,v) in _encode]
+_encode = [('\\', '\\x5c'), ('"', '\\x22'),
+ ('=', '\\x3d'), (';', '\\x3b')]
+_decode = [(v, k) for (k, v) in _encode]
_decode.reverse()
def encode(s, sublist = _encode):
- return reduce((lambda a,(b,c): string.replace(a,b,c)), sublist, str(s))
-decode = lambda s: encode(s,_decode)
+ return reduce((lambda a, (b, c): a.replace(b, c)), sublist, str(s))
+decode = lambda s: encode(s, _decode)
class CookieTooLarge(RuntimeError):
def __init__(self, content, cookie):
@@ -64,10 +65,10 @@ class CookieTooLarge(RuntimeError):
self.content = content
self.cookie = cookie
-_all_chars = ''.join([chr(x) for x in range(0,255)])
+_all_chars = ''.join([chr(x) for x in range(0, 255)])
def new_secret():
""" returns a 64 byte secret """
- return ''.join(random.sample(_all_chars,64))
+ return ''.join(random.sample(_all_chars, 64))
class AuthCookieSigner:
"""
@@ -131,24 +132,24 @@ class AuthCookieSigner:
cookie is handled server-side in the auth() function.
"""
cookie = base64.b64encode(
- hmac.new(self.secret,content,sha).digest() +
- make_time(time.time()+60*self.timeout) +
- content).replace("/","_").replace("=","~")
+ hmac.new(self.secret, content, sha).digest() +
+ make_time(time.time() + 60*self.timeout) +
+ content).replace("/", "_").replace("=", "~")
if len(cookie) > self.maxlen:
- raise CookieTooLarge(content,cookie)
+ raise CookieTooLarge(content, cookie)
return cookie
- def auth(self,cookie):
+ def auth(self, cookie):
"""
Authenticate the cooke using the signature, verify that it
has not expired; and return the cookie's content
"""
decode = base64.b64decode(
- cookie.replace("_","/").replace("~","="))
+ cookie.replace("_", "/").replace("~", "="))
signature = decode[:_signature_size]
expires = decode[_signature_size:_header_size]
content = decode[_header_size:]
- if signature == hmac.new(self.secret,content,sha).digest():
+ if signature == hmac.new(self.secret, content, sha).digest():
if int(expires) > int(make_time(time.time())):
return content
else:
@@ -177,7 +178,7 @@ class AuthCookieEnviron(list):
def append(self, value):
if value in self:
return
- list.append(self,str(value))
+ list.append(self, str(value))
class AuthCookieHandler:
"""
@@ -238,7 +239,7 @@ class AuthCookieHandler:
def __init__(self, application, cookie_name=None, scanlist=None,
signer=None, secret=None, timeout=None, maxlen=None):
if not signer:
- signer = self.signer_class(secret,timeout,maxlen)
+ signer = self.signer_class(secret, timeout, maxlen)
self.signer = signer
self.scanlist = scanlist or ('REMOTE_USER','REMOTE_SESSION')
self.application = application
@@ -247,13 +248,13 @@ class AuthCookieHandler:
def __call__(self, environ, start_response):
if self.environ_name in environ:
raise AssertionError("AuthCookie already installed!")
- scanlist = self.environ_class(self,self.scanlist)
+ scanlist = self.environ_class(self, self.scanlist)
jar = get_cookies(environ)
if jar.has_key(self.cookie_name):
content = self.signer.auth(jar[self.cookie_name].value)
if content:
for pair in content.split(";"):
- (k,v) = pair.split("=")
+ (k, v) = pair.split("=")
k = decode(k)
if k not in scanlist:
scanlist.append(k)
@@ -275,24 +276,24 @@ class AuthCookieHandler:
pack up their values, signs the content and issues a cookie.
"""
scanlist = environ.get(self.environ_name)
- assert scanlist and isinstance(scanlist,self.environ_class)
+ assert scanlist and isinstance(scanlist, self.environ_class)
content = []
for k in scanlist:
- v = environ.get(k,None)
+ v = environ.get(k)
if v is not None:
if type(v) is not str:
raise ValueError(
"The value of the environmental variable %r "
"is not a str (only str is allowed; got %r)"
% (k, v))
- content.append("%s=%s" % (encode(k),encode(v)))
+ content.append("%s=%s" % (encode(k), encode(v)))
if content:
content = ";".join(content)
content = self.signer.sign(content)
cookie = '%s=%s; Path=/;' % (self.cookie_name, content)
if 'https' == environ['wsgi.url_scheme']:
cookie += ' secure;'
- response_headers.append(('Set-Cookie',cookie))
+ response_headers.append(('Set-Cookie', cookie))
return start_response(status, response_headers, exc_info)
return self.application(environ, response_hook)
View Lorry Controller Status