def gen_session(self, username): token = Token() self.user = username hA1 = hash_all(self.user) hA2 = hash_all(token.ip, token.uri) session = digest(hA1, hA2, self.qop, self.realm) self.sessions[hA1] = session return session
def authenticate(self): auth = request.authorization if auth is None: raise Challenge(self) self.check_header(auth) self.check_nonce(auth) hA1 = self.get_key(auth.username) hA2 = hash_all(request.method, auth.uri) if hA1 is None: raise Unauthorized() if auth.response != digest(hA1, hA2): raise Unauthorized()
def add_headers(self, response): response = make_response(response) auth = request.authorization hA1 = self.get_key(auth.username) hA2 = hash_all('', auth.uri) rspauth = digest(hA1, hA2) response.headers['Authentication-Info'] = dump_header({ 'rspauth': rspauth, 'qop': auth.qop, 'cnonce': auth.cnonce, 'nc': auth.nc }) return response