def identify(self, environ):
"""Extract the authentication info from the request.
We parse the Authorization header to get the MAC auth parameters.
If they seem sensible, we cache them in the identity to speed up
signature checking in the authenticate() method.
Note that this method does *not* validate the MAC signature.
"""
request = Request(environ)
# Parse the Authorization header, to be cached for future use.
params = macauthlib.utils.parse_authz_header(request, None)
if params is None:
return None
# Extract the MAC id.
id = macauthlib.get_id(request, params=params)
if id is None:
return None
# Parse the MAC id into its data and MAC key.
try:
key, data = self.decode_mac_id(request, id)
except ValueError:
msg = "invalid MAC id: %s" % (id,)
return self._respond_unauthorized(request, msg)
# Return all that data so we can using it during authentication.
return {
"macauth.id": id,
"macauth.key": key,
"macauth.data": data,
"macauth.params": params,
}
def _get_credentials(self, request):
"""Extract the MACAuth userid and secret key from the request.
This method extracts and returns the claimed userid from the MACAuth
data in the request, along with the corresonding request signing
key. It does *not* check the signature on the request.
If there are no MACAuth credentials in the request then (None, None)
is returned. If the MACAuth token id is invalid then HTTPUnauthorized
will be raised.
"""
params = self._get_params(request)
if params is None:
return None, None
# Extract the claimed MAC id token.
tokenid = macauthlib.get_id(request, params=params)
if tokenid is None:
return None, None
# Parse the MAC id into its userid and MAC key.
try:
userid, key = self.decode_mac_id(request, tokenid)
except ValueError:
msg = "invalid MAC id: %s" % (tokenid,)
raise self.challenge(request, msg)
return userid, key
def _get_credentials(self, request):
"""Extract the MACAuth userid and secret key from the request.
This method extracts and returns the claimed userid from the MACAuth
data in the request, along with the corresonding request signing
key. It does *not* check the signature on the request.
If there are no MACAuth credentials in the request then (None, None)
is returned. If the MACAuth token id is invalid then HTTPUnauthorized
will be raised.
"""
params = self._get_params(request)
if params is None:
return None, None
# Extract the claimed MAC id token.
tokenid = macauthlib.get_id(request, params=params)
if tokenid is None:
return None, None
# Parse the MAC id into its userid and MAC key.
try:
userid, key = self.decode_mac_id(request, tokenid)
except ValueError:
msg = "invalid MAC id: %s" % (tokenid,)
raise self.challenge(request, msg)
return userid, key
def test_get_id_returns_none_if_the_id_is_missing(self):
req = b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
req = Request.from_bytes(req)
req.authorization = ("MAC", {"ts": "1", "nonce": "2"})
self.assertEquals(get_id(req), None)
def test_get_id_returns_none_for_other_auth_schemes(self):
req = b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
req = Request.from_bytes(req)
req.authorization = ("OAuth", {"id": "user1", "ts": "1", "nonce": "2"})
self.assertEquals(get_id(req), None)
def test_get_id_works_on_valid_header(self):
req = b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
req = Request.from_bytes(req)
req.authorization = ("MAC", {"id": "user1", "ts": "1", "nonce": "2"})
self.assertEquals(get_id(req), "user1")
def test_get_id_returns_none_if_the_id_is_missing(self):
req = b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
req = Request.from_bytes(req)
req.authorization = ("MAC", {"ts": "1", "nonce": "2"})
self.assertEquals(get_id(req), None)
def test_get_id_returns_none_for_other_auth_schemes(self):
req = b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
req = Request.from_bytes(req)
req.authorization = ("OAuth", {"id": "user1", "ts": "1", "nonce": "2"})
self.assertEquals(get_id(req), None)
def test_get_id_works_on_valid_header(self):
req = b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"
req = Request.from_bytes(req)
req.authorization = ("MAC", {"id": "user1", "ts": "1", "nonce": "2"})
self.assertEquals(get_id(req), "user1")
