Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Don't raise StopIteration from generator, return instead | Miro Hron?ok | 2018-06-08 | 1 | -1/+1 |
| | | | | See https://www.python.org/dev/peps/pep-0479/ | ||||
* | Fix grantip on Python 3 | Victor Stinner | 2015-04-22 | 1 | -1/+1 |
| | |||||
* | Port paste.auth to Python 3 | Victor Stinner | 2015-04-21 | 2 | -11/+35 |
| | | | | | | * md5() and hmac expects bytes: on Python 3, encode text to utf-8 * Don't compare None with int * HTTP body must be bytes | ||||
* | Strip trailing spaces | Victor Stinner | 2015-04-21 | 5 | -15/+15 |
| | |||||
* | Python 3: fix more submodules | Victor Stinner | 2014-03-19 | 1 | -4/+4 |
| | | | | | * print syntax * replace "except Exception, exc:" with "except Exception as exc:" | ||||
* | Python 3: Add b prefix to literal binary strings | Cyril Roelandt | 2014-03-18 | 1 | -1/+1 |
| | |||||
* | Python 3: Replace "dict.has_key(key)" with "key in dict" | Cyril Roelandt | 2014-03-18 | 1 | -1/+1 |
| | |||||
* | Python 3: Replace basestring with six.string_types | Cyril Roelandt | 2014-03-18 | 3 | -5/+7 |
| | |||||
* | Python 3: don't use tuples in function prototype | Cyril Roelandt | 2014-03-18 | 1 | -1/+1 |
| | | | | Unpack explicitly in the body of the function | ||||
* | Python 3: Replace "except Exception, exc" with "except Exception as exc:" | Cyril Roelandt | 2014-03-18 | 1 | -1/+1 |
| | |||||
* | Python 3: use new names of standard library modules | Cyril Roelandt | 2014-03-18 | 3 | -7/+11 |
| | | | | Use "try/except ImportError" to try Python 2 and Python 3 names. | ||||
* | allow strings and lists to be used in cookie tokens | Kristian Kvilekval | 2012-10-12 | 1 | -1/+3 |
| | |||||
* | auth/auth_tkt.py: enable overriding digest algorithms | Jan Pokorn? | 2012-03-05 | 1 | -8/+22 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, mod_auth_tkt supports also SHA256 and SHA 512 [1], not just plain MD5. Quoting: ----v---- The default is MD5, which is faster, but has now been shown to be vulnerable to collision attacks. Such attacks are not directly applicable to mod_auth_tkt, which primarily relies on the security of the shared secret rather than the strength of the hashing scheme. More paranoid users will probably prefer to use one of the SHA digest types, however. The default is likely to change in a future version, so setting the digest type explicitly is encouraged. ----^---- Thus, enable it also in this implementation so one can optionally switch to a stronger secure hash. Backward compatibility should be untouched as ``md5`` is being passed as a default kwarg. The only change affecting external world is a new parameter required at ``calculate_digest`` (specifying the digest to use), but as it has probably no use outside the module, this is a non-issue. Alternatively: another optional kwarg. Update (based Ian's comments): The algorithm can also be specified as a string referring to the algorithm known to hashlib (otherwise AttributeError will be raised). Example session I used to check it works as expected (longish): >>> import sys; sys.path.append('../..') >>> from hashlib import sha256, sha512 >>> execfile('auth_tkt.py') >>> AuthTicket('secret', 'me', '0.0.0.0').cookie_value() '39fecb1395af5285232be390eba0eed34f5518c8me!' >>> AuthTicket('secret', 'me', '0.0.0.0', "md5").cookie_value() 'c3b8eacbbbf76a9c993c7dcb99975d504f5518cfme!m,d,5!' >>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="md5") \ ... .cookie_value() 'db3b04de3c44b5bd0e2b47019e903c064f5518dbme!' >>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="sha1") \ ... .cookie_value() 'dddaadc2be960b6e89263ae7fb8c39591554103d4f5518edme!' >>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha256) \ ... .cookie_value() 'bf5c9a32e49920f2ca517ec19a9d55e10a83849e5d532e8997891b8ccdbf0e634f551902me!' >>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="sha256") \ ... .cookie_value() '9cb12df90fd86b868c98353115df4da3b8f9fa83bebecdf0b7918fea5d06b0744f551908me!' >>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo='foo') \ ... .cookie_value() Traceback (most recent call last): File "<stdin>", line 1, in <module> File "auth_tkt.py", line 107, in __init__ self.digest_algo = getattr(hashlib, digest_algo) AttributeError: 'module' object has no attribute 'foo' >>> >>> parse_ticket('secret', \ ... AuthTicket('secret', 'me', '0.0.0.0').cookie_value(),'0.0.0.0') (1330977060, 'me', [''], '') >>> parse_ticket('secret', \ ... AuthTicket('secret', 'me', '0.0.0.0', digest_algo='md5') \ ... .cookie_value(),'0.0.0.0', digest_algo='md5') (1330977096, 'me', [''], '') >>> parse_ticket('secret', \ ... AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha256) \ ... .cookie_value(),'0.0.0.0', digest_algo=sha256) (1330977115, 'me', [''], '') >>> parse_ticket('secret', \ ... AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha512) \ ... .cookie_value(),'0.0.0.0', digest_algo=sha512) (1330977125, 'me', [''], '') >>> parse_ticket('secret', \ ... AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha512) \ ... .cookie_value(),'0.0.0.0') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "auth_tkt.py", line 179, in parse_ticket expected=(expected, digest)) __main__.BadTicket: Digest signature is not correct [1] http://linux.die.net/man/3/mod_auth_tkt | ||||
* | auth/auth_tkt.py: enable overriding digest algorithms | Jan Pokorn? | 2012-03-01 | 1 | -14/+27 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, mod_auth_tkt supports also SHA256 and SHA 512 [1], not just plain MD5. Quoting: ----v---- The default is MD5, which is faster, but has now been shown to be vulnerable to collision attacks. Such attacks are not directly applicable to mod_auth_tkt, which primarily relies on the security of the shared secret rather than the strength of the hashing scheme. More paranoid users will probably prefer to use one of the SHA digest types, however. The default is likely to change in a future version, so setting the digest type explicitly is encouraged. ----^---- Thus, enable it also in this implementation so one can optionally switch to a stronger secure hash. Backward compatibility should be untouched as ``md`` is being passed as a default kwarg. The only change affecting external world is a new parameter required at ``calculate digest`` (specifying the digest to use), but as it has probably no use outside the module, this is a non-issue. Alternatively: another optional kwarg. [1] http://linux.die.net/man/3/mod_auth_tkt | ||||
* | Fix digest authentication (it was picking up commas inside of the digest ↵ | Toshio Kuratomi | 2011-12-21 | 1 | -4/+29 |
| | | | | auth values) | ||||
* | Add fix to make digest auth with internet explorer 8 (and possibly other ↵ | milinnovations_andreas | 2010-09-29 | 1 | -2/+2 |
| | | | | versions) | ||||
* | Fix #443: url_unquote undefined | Ian Bicking | 2010-09-16 | 1 | -1/+14 |
| | |||||
* | Fix test broken by 27a36b3e1843 (for ↵ | Taavi Burns | 2010-09-09 | 1 | -1/+1 |
| | | | | http://trac.pythonpaste.org/pythonpaste/ticket/328) | ||||
* | A probably incomplete fix for ↵ | Ian Bicking | 2010-09-02 | 1 | -2/+3 |
| | | | | http://trac.pythonpaste.org/pythonpaste/ticket/328 -- quote the path before checking the digest. May not recreate the original quoting, but at least it is more correct than simply appending SCRIPT_NAME and PATH_INFO, which are definitely not quoted. | ||||
* | Quote usernames in auth_tkt tickets ↵ | Ian Bicking | 2010-09-01 | 1 | -16/+19 |
| | | | | (http://trac.pythonpaste.org/pythonpaste/ticket/380) | ||||
* | Fix the auth_tkt middleware so it doesn't give exceptions when the token is bad | ianb | 2009-03-07 | 1 | -9/+9 |
| | |||||
* | Make cookies expire on logout | ianb | 2009-03-05 | 1 | -5/+6 |
| | |||||
* | Apply patch to paste.auth.auth_tkt to make it easier to get the cookies, and ↵ | ianb | 2009-03-03 | 1 | -12/+39 |
| | | | | avoid wildcard cookies, and add httponly support | ||||
* | don't need to strip the trailing newline anymore | ianb | 2009-01-08 | 1 | -1/+1 |
| | |||||
* | Fix #257, newlines in paste.auth.cookie cookies | ianb | 2009-01-08 | 1 | -0/+1 |
| | |||||
* | fix auth cookie generating bad headers | pjenvey | 2008-10-10 | 1 | -1/+2 |
| | | | | thanks Alberto Valverde, jnelson, Jorge Vargas, Graham Dumpleton | ||||
* | prefer hashlib over the md5/sha modules which are deprecated in Python 2.6 | pjenvey | 2008-09-17 | 3 | -13/+26 |
| | |||||
* | Set same cookies with same domains on logout as you do on login, in auth_tkt | ianb | 2008-03-08 | 1 | -1/+8 |
| | |||||
* | Use base64.encode|decodestring, for python 2.3 compatibility | ianb | 2007-12-17 | 1 | -2/+2 |
| | |||||
* | Try to encode values to auth_tkt | ianb | 2007-08-09 | 1 | -0/+8 |
| | |||||
* | remove tabs | ianb | 2007-07-22 | 1 | -2/+2 |
| | |||||
* | Fix for #174; Paste Deploy entry point for paste.auth.form broken | ianb | 2007-05-25 | 1 | -1/+6 |
| | |||||
* | fixed the AuthCookieHandler example | pjenvey | 2007-02-16 | 1 | -1/+1 |
| | | | | (thanks Damjan Georgievski) | ||||
* | path from Robert Almeida, to re-enable the internal redirect to the login ↵ | ianb | 2007-02-01 | 1 | -5/+5 |
| | | | | form. Dunno how it should really work, but eh | ||||
* | oops | cce | 2007-01-10 | 1 | -2/+0 |
| | |||||
* | fixing server side cache /w the nocache header | cce | 2007-01-10 | 1 | -0/+2 |
| | |||||
* | convert old-style classes to new-style classes | pjenvey | 2007-01-05 | 5 | -8/+8 |
| | |||||
* | Fix for error condition in OpenID auth; patch from Christopher Baus | ianb | 2006-11-26 | 1 | -1/+1 |
| | |||||
* | Fixed #133 from cookedm: paste.auth.form doesn't return valid headers | ianb | 2006-11-02 | 1 | -2/+2 |
| | |||||
* | A big commit, primarily aesthetic/whitespace in nature. This is the result ↵ | ianb | 2006-10-20 | 7 | -49/+53 |
| | | | | of running pylint over the codebase. Some minor/hard-to-reach typos were also picked up. | ||||
* | Several name problems, small bugs, extra imports caught by pyflakes | ianb | 2006-10-20 | 4 | -5/+2 |
| | |||||
* | Updated the docstring to specify the correct information for set_user and ↵ | thejimmyg | 2006-09-01 | 1 | -2/+2 |
| | | | | logout_user in the environ dictionary | ||||
* | Make sure timeout isn't passed in as a string | ianb | 2006-08-21 | 1 | -0/+5 |
| | |||||
* | better error message in paste.auth.cookie | ianb | 2006-08-21 | 1 | -0/+5 |
| | |||||
* | Added an entry point for paste.auth.cookie; added/currected a little info to ↵ | ianb | 2006-08-19 | 1 | -10/+91 |
| | | | | the docstrings | ||||
* | Patch from Brad Clements to add Paste Deploy support for paste.auth methods | ianb | 2006-06-30 | 3 | -0/+55 |
| | |||||
* | Added copyright header to a bunch of files | ianb | 2006-06-13 | 3 | -0/+6 |
| | |||||
* | This updates the paste.auth.* modules to include | cce | 2006-02-24 | 4 | -28/+26 |
| | | | | | | | | | | | | | | | | | | | | | | environ in the authentication callback functions. - auth.basic was modified to have a callback of authfunc(environ, username, password) - auth.digest was modified in a similar manner, authfunc(environ, realm, password) - auth.digest's digest_password also had it's arguments reversed to be consistent with the corresponding authfunc(); if you're going to break -- let's fix two things at once! - auth.form has a change similar to auth.basic These changes were suggested via Matthew Scott on the paste mailing list; only that I put the environ first to be consistent with other WSGI functions. | ||||
* | Added to the do-it-yourself doc | ianb | 2006-02-01 | 1 | -1/+1 |
| | |||||
* | remove debugging prints from openid | ianb | 2006-01-30 | 1 | -4/+0 |
| |