summaryrefslogtreecommitdiff
path: root/paste/auth
Commit message (Collapse)AuthorAgeFilesLines
* Don't raise StopIteration from generator, return insteadMiro Hron?ok2018-06-081-1/+1
| | | | See https://www.python.org/dev/peps/pep-0479/
* Fix grantip on Python 3Victor Stinner2015-04-221-1/+1
|
* Port paste.auth to Python 3Victor Stinner2015-04-212-11/+35
| | | | | | * md5() and hmac expects bytes: on Python 3, encode text to utf-8 * Don't compare None with int * HTTP body must be bytes
* Strip trailing spacesVictor Stinner2015-04-215-15/+15
|
* Python 3: fix more submodulesVictor Stinner2014-03-191-4/+4
| | | | | * print syntax * replace "except Exception, exc:" with "except Exception as exc:"
* Python 3: Add b prefix to literal binary stringsCyril Roelandt2014-03-181-1/+1
|
* Python 3: Replace "dict.has_key(key)" with "key in dict"Cyril Roelandt2014-03-181-1/+1
|
* Python 3: Replace basestring with six.string_typesCyril Roelandt2014-03-183-5/+7
|
* Python 3: don't use tuples in function prototypeCyril Roelandt2014-03-181-1/+1
| | | | Unpack explicitly in the body of the function
* Python 3: Replace "except Exception, exc" with "except Exception as exc:"Cyril Roelandt2014-03-181-1/+1
|
* Python 3: use new names of standard library modulesCyril Roelandt2014-03-183-7/+11
| | | | Use "try/except ImportError" to try Python 2 and Python 3 names.
* allow strings and lists to be used in cookie tokensKristian Kvilekval2012-10-121-1/+3
|
* auth/auth_tkt.py: enable overriding digest algorithmsJan Pokorn?2012-03-051-8/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, mod_auth_tkt supports also SHA256 and SHA 512 [1], not just plain MD5. Quoting: ----v---- The default is MD5, which is faster, but has now been shown to be vulnerable to collision attacks. Such attacks are not directly applicable to mod_auth_tkt, which primarily relies on the security of the shared secret rather than the strength of the hashing scheme. More paranoid users will probably prefer to use one of the SHA digest types, however. The default is likely to change in a future version, so setting the digest type explicitly is encouraged. ----^---- Thus, enable it also in this implementation so one can optionally switch to a stronger secure hash. Backward compatibility should be untouched as ``md5`` is being passed as a default kwarg. The only change affecting external world is a new parameter required at ``calculate_digest`` (specifying the digest to use), but as it has probably no use outside the module, this is a non-issue. Alternatively: another optional kwarg. Update (based Ian's comments): The algorithm can also be specified as a string referring to the algorithm known to hashlib (otherwise AttributeError will be raised). Example session I used to check it works as expected (longish): >>> import sys; sys.path.append('../..') >>> from hashlib import sha256, sha512 >>> execfile('auth_tkt.py') >>> AuthTicket('secret', 'me', '0.0.0.0').cookie_value() '39fecb1395af5285232be390eba0eed34f5518c8me!' >>> AuthTicket('secret', 'me', '0.0.0.0', "md5").cookie_value() 'c3b8eacbbbf76a9c993c7dcb99975d504f5518cfme!m,d,5!' >>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="md5") \ ... .cookie_value() 'db3b04de3c44b5bd0e2b47019e903c064f5518dbme!' >>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="sha1") \ ... .cookie_value() 'dddaadc2be960b6e89263ae7fb8c39591554103d4f5518edme!' >>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha256) \ ... .cookie_value() 'bf5c9a32e49920f2ca517ec19a9d55e10a83849e5d532e8997891b8ccdbf0e634f551902me!' >>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo="sha256") \ ... .cookie_value() '9cb12df90fd86b868c98353115df4da3b8f9fa83bebecdf0b7918fea5d06b0744f551908me!' >>> AuthTicket('secret', 'me', '0.0.0.0', digest_algo='foo') \ ... .cookie_value() Traceback (most recent call last): File "<stdin>", line 1, in <module> File "auth_tkt.py", line 107, in __init__ self.digest_algo = getattr(hashlib, digest_algo) AttributeError: 'module' object has no attribute 'foo' >>> >>> parse_ticket('secret', \ ... AuthTicket('secret', 'me', '0.0.0.0').cookie_value(),'0.0.0.0') (1330977060, 'me', [''], '') >>> parse_ticket('secret', \ ... AuthTicket('secret', 'me', '0.0.0.0', digest_algo='md5') \ ... .cookie_value(),'0.0.0.0', digest_algo='md5') (1330977096, 'me', [''], '') >>> parse_ticket('secret', \ ... AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha256) \ ... .cookie_value(),'0.0.0.0', digest_algo=sha256) (1330977115, 'me', [''], '') >>> parse_ticket('secret', \ ... AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha512) \ ... .cookie_value(),'0.0.0.0', digest_algo=sha512) (1330977125, 'me', [''], '') >>> parse_ticket('secret', \ ... AuthTicket('secret', 'me', '0.0.0.0', digest_algo=sha512) \ ... .cookie_value(),'0.0.0.0') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "auth_tkt.py", line 179, in parse_ticket expected=(expected, digest)) __main__.BadTicket: Digest signature is not correct [1] http://linux.die.net/man/3/mod_auth_tkt
* auth/auth_tkt.py: enable overriding digest algorithmsJan Pokorn?2012-03-011-14/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, mod_auth_tkt supports also SHA256 and SHA 512 [1], not just plain MD5. Quoting: ----v---- The default is MD5, which is faster, but has now been shown to be vulnerable to collision attacks. Such attacks are not directly applicable to mod_auth_tkt, which primarily relies on the security of the shared secret rather than the strength of the hashing scheme. More paranoid users will probably prefer to use one of the SHA digest types, however. The default is likely to change in a future version, so setting the digest type explicitly is encouraged. ----^---- Thus, enable it also in this implementation so one can optionally switch to a stronger secure hash. Backward compatibility should be untouched as ``md`` is being passed as a default kwarg. The only change affecting external world is a new parameter required at ``calculate digest`` (specifying the digest to use), but as it has probably no use outside the module, this is a non-issue. Alternatively: another optional kwarg. [1] http://linux.die.net/man/3/mod_auth_tkt
* Fix digest authentication (it was picking up commas inside of the digest ↵Toshio Kuratomi2011-12-211-4/+29
| | | | auth values)
* Add fix to make digest auth with internet explorer 8 (and possibly other ↵milinnovations_andreas2010-09-291-2/+2
| | | | versions)
* Fix #443: url_unquote undefinedIan Bicking2010-09-161-1/+14
|
* Fix test broken by 27a36b3e1843 (for ↵Taavi Burns2010-09-091-1/+1
| | | | http://trac.pythonpaste.org/pythonpaste/ticket/328)
* A probably incomplete fix for ↵Ian Bicking2010-09-021-2/+3
| | | | http://trac.pythonpaste.org/pythonpaste/ticket/328 -- quote the path before checking the digest. May not recreate the original quoting, but at least it is more correct than simply appending SCRIPT_NAME and PATH_INFO, which are definitely not quoted.
* Quote usernames in auth_tkt tickets ↵Ian Bicking2010-09-011-16/+19
| | | | (http://trac.pythonpaste.org/pythonpaste/ticket/380)
* Fix the auth_tkt middleware so it doesn't give exceptions when the token is badianb2009-03-071-9/+9
|
* Make cookies expire on logoutianb2009-03-051-5/+6
|
* Apply patch to paste.auth.auth_tkt to make it easier to get the cookies, and ↵ianb2009-03-031-12/+39
| | | | avoid wildcard cookies, and add httponly support
* don't need to strip the trailing newline anymoreianb2009-01-081-1/+1
|
* Fix #257, newlines in paste.auth.cookie cookiesianb2009-01-081-0/+1
|
* fix auth cookie generating bad headerspjenvey2008-10-101-1/+2
| | | | thanks Alberto Valverde, jnelson, Jorge Vargas, Graham Dumpleton
* prefer hashlib over the md5/sha modules which are deprecated in Python 2.6pjenvey2008-09-173-13/+26
|
* Set same cookies with same domains on logout as you do on login, in auth_tktianb2008-03-081-1/+8
|
* Use base64.encode|decodestring, for python 2.3 compatibilityianb2007-12-171-2/+2
|
* Try to encode values to auth_tktianb2007-08-091-0/+8
|
* remove tabsianb2007-07-221-2/+2
|
* Fix for #174; Paste Deploy entry point for paste.auth.form brokenianb2007-05-251-1/+6
|
* fixed the AuthCookieHandler examplepjenvey2007-02-161-1/+1
| | | | (thanks Damjan Georgievski)
* path from Robert Almeida, to re-enable the internal redirect to the login ↵ianb2007-02-011-5/+5
| | | | form. Dunno how it should really work, but eh
* oopscce2007-01-101-2/+0
|
* fixing server side cache /w the nocache headercce2007-01-101-0/+2
|
* convert old-style classes to new-style classespjenvey2007-01-055-8/+8
|
* Fix for error condition in OpenID auth; patch from Christopher Bausianb2006-11-261-1/+1
|
* Fixed #133 from cookedm: paste.auth.form doesn't return valid headersianb2006-11-021-2/+2
|
* A big commit, primarily aesthetic/whitespace in nature. This is the result ↵ianb2006-10-207-49/+53
| | | | of running pylint over the codebase. Some minor/hard-to-reach typos were also picked up.
* Several name problems, small bugs, extra imports caught by pyflakesianb2006-10-204-5/+2
|
* Updated the docstring to specify the correct information for set_user and ↵thejimmyg2006-09-011-2/+2
| | | | logout_user in the environ dictionary
* Make sure timeout isn't passed in as a stringianb2006-08-211-0/+5
|
* better error message in paste.auth.cookieianb2006-08-211-0/+5
|
* Added an entry point for paste.auth.cookie; added/currected a little info to ↵ianb2006-08-191-10/+91
| | | | the docstrings
* Patch from Brad Clements to add Paste Deploy support for paste.auth methodsianb2006-06-303-0/+55
|
* Added copyright header to a bunch of filesianb2006-06-133-0/+6
|
* This updates the paste.auth.* modules to includecce2006-02-244-28/+26
| | | | | | | | | | | | | | | | | | | | | | environ in the authentication callback functions. - auth.basic was modified to have a callback of authfunc(environ, username, password) - auth.digest was modified in a similar manner, authfunc(environ, realm, password) - auth.digest's digest_password also had it's arguments reversed to be consistent with the corresponding authfunc(); if you're going to break -- let's fix two things at once! - auth.form has a change similar to auth.basic These changes were suggested via Matthew Scott on the paste mailing list; only that I put the environ first to be consistent with other WSGI functions.
* Added to the do-it-yourself docianb2006-02-011-1/+1
|
* remove debugging prints from openidianb2006-01-301-4/+0
|
View Lorry Controller Status