Package wsgitools :: Module digest

Module digest

This module contains an AuthDigestMiddleware for authenticating HTTP requests using the method described in RFC2617. The credentials are to be provided using an AuthTokenGenerator or a compatible instance. Furthermore digest authentication has to preserve some state across requests, more specifically nonces. There are three different NonceStoreBase implementations for different needs. While the StatelessNonceStore has minimal requirements it only prevents replay attacks in a limited way. If the WSGI server uses threading or a single process the MemoryNonceStore can be used. If that is not possible the nonces can be stored in a DBAPI2 compatible database using DBAPI2NonceStore.

Classes

[hide private]

StaleNonce

AbstractTokenGenerator
Interface class for generating authentication tokens for AuthDigestMiddleware.

AuthTokenGenerator
Generates authentication tokens for AuthDigestMiddleware.

HtdigestTokenGenerator
Reads authentication tokens for AuthDigestMiddleware from an apache htdigest file.

UpdatingHtdigestTokenGenerator
Behaves like HtdigestTokenGenerator, checks the htdigest file for changes on each invocation.

NonceStoreBase
Nonce storage interface.

StatelessNonceStore
This is a stateless nonce storage that cannot check the usage count for a nonce and thus cannot protect against replay attacks.

MemoryNonceStore
Simple in-memory mechanism to store nonces.

LazyDBAPI2Opener
Connects to database on first request.

DBAPI2NonceStore
A dbapi2-backed nonce store implementation suitable for usage with forking wsgi servers such as scgi.forkpool.

AuthDigestMiddleware
Middleware partly implementing RFC2617.

Functions

[hide private]

compare_digest(a, b)

source code

str

md5hex(data)

source code

str

>>> gen_rand_str() != gen_rand_str()
True

gen_rand_str(bytesentropy=33)
Generates a string of random base64 characters.

source code

parse_digest_response(data)
internal

source code

str

format_digest(mapping)
internal

source code

str

format_time(seconds)
internal method formatting a unix time to a fixed-length string

source code

check_uri(credentials, environ)
internal method for verifying the uri credential

source code

Variables

[hide private]

sysrand = <random.SystemRandom object>

__package__ = 'wsgitools'

Function Details

[hide private]

md5hex(data)

source code

Parameters:

data (str)

Returns: str

gen_rand_str(bytesentropy=33)

source code

Generates a string of random base64 characters.

Parameters:

bytesentropy - is the number of random 8bit values to be used

Returns: str >>> gen_rand_str() != gen_rand_str() True

parse_digest_response(data)

source code

internal

Raises:

ValueError -

>>> parse_digest_response('foo=bar')
{'foo': 'bar'}
>>> parse_digest_response('foo="bar"')
{'foo': 'bar'}
>>> sorted(parse_digest_response('foo="bar=qux",spam=egg').items())
[('foo', 'bar=qux'), ('spam', 'egg')]
>>> try:
...     parse_digest_response('spam')
... except ValueError:
...     print("ValueError")
ValueError
>>> try:
...     parse_digest_response('spam="egg"error')
... except ValueError:
...     print("ValueError")
ValueError
>>> # backslashes: doc string, eval => two backslashes
>>> parse_digest_response('backslash="\\\\"')
{'backslash': '\\'}
>>> parse_digest_response('foo="quo\\"te"')
{'foo': 'quo"te'}

format_digest(mapping)

source code

internal

Parameters:

mapping ({str: (str, bool)}) - a mapping of keys to values and a boolean that determines whether the value needs quoting.

Returns: str

Note: the RFC specifies which values must be quoted and which must not be quoted.

format_time(seconds)

source code

internal method formatting a unix time to a fixed-length string

Parameters:

seconds (float)

Returns: str

check_uri(credentials, environ)

source code

internal method for verifying the uri credential

Raises:

AuthenticationRequired