def authenticate(self, request, auth, stored_password_or_ha1):
if (
not auth
or not auth.username
or not auth.realm
or not auth.uri
or not auth.nonce
or not auth.response
or not stored_password_or_ha1
):
return False
if not (self.verify_nonce_callback(request, auth.nonce)) or not (
self.verify_opaque_callback(request, auth.opaque)
):
return False
if self.use_ha1_pw:
ha1 = stored_password_or_ha1
else:
a1 = auth.username + ":" + auth.realm + ":" + stored_password_or_ha1
ha1 = md5(a1.encode("utf-8")).hexdigest()
a2 = request.method + ":" + auth.uri
ha2 = md5(a2.encode("utf-8")).hexdigest()
a3 = ha1 + ":" + auth.nonce + ":" + ha2
response = md5(a3.encode("utf-8")).hexdigest()
return safe_str_cmp(response, auth.response)
def authenticate(self, request, auth, stored_password_or_ha1):
if (not auth or not auth.username or not auth.realm or not auth.uri
or not auth.nonce or not auth.response
or not stored_password_or_ha1):
return False
if not (self.verify_nonce_callback(request, auth.nonce)) or not (
self.verify_opaque_callback(request, auth.opaque)):
return False
if self.use_ha1_pw:
ha1 = stored_password_or_ha1
else:
a1 = ":".join([auth.username, auth.realm, stored_password_or_ha1])
ha1 = md5(a1.encode("utf-8")).hexdigest()
if self.qop == "auth" or self.qop is None:
a2 = ":".join([request.method, auth.uri])
ha2 = md5(a2.encode("utf-8")).hexdigest()
elif self.qop == "auth-int":
raise NotImplementedError(
"Not Implemented digest auth with qop auth-int")
if self.qop == "auth" or self.qop == "auth-int":
a3 = ":".join(
[ha1, auth.nonce, auth.nc, auth.cnonce, self.qop, ha2])
response = md5(a3.encode("utf-8")).hexdigest()
else:
a3 = ":".join([ha1, auth.nonce, ha2])
response = md5(a3.encode("utf-8")).hexdigest()
return safe_str_cmp(response, auth.response)
def default_verify_nonce(request, nonce):
if use_session:
session_nonce = request.ctx.session.get("auth_nonce")
else:
session_nonce = self.nonce
if nonce is None or session_nonce is None:
return False
return safe_str_cmp(nonce, session_nonce)
def default_verify_opaque(request, opaque):
if not self.use_opaque:
return True
if use_session:
session_opaque = request.ctx.session.get("auth_opaque")
else:
session_opaque = self.opaque
if opaque is None or session_opaque is None:
return False
return safe_str_cmp(opaque, session_opaque)
def authenticate(self, request, auth, stored_password_or_ha1):
if (not auth or not auth.username or not auth.realm or not auth.uri
or not auth.nonce or not auth.response
or not stored_password_or_ha1):
return False
if not (self.verify_nonce_callback(request, auth.nonce)) or not (
self.verify_opaque_callback(request, auth.opaque)):
return False
if self.use_ha1_pw:
ha1 = stored_password_or_ha1
else:
a1 = ":".join([auth.username, auth.realm, stored_password_or_ha1])
ha1 = md5(a1.encode("utf-8")).hexdigest()
a2 = ":".join([request.method, auth.uri])
ha2 = md5(a2.encode("utf-8")).hexdigest()
a3 = ":".join([ha1, auth.nonce, ha2])
response = md5(a3.encode("utf-8")).hexdigest()
return safe_str_cmp(response, auth.response)
def authenticate(self, request, auth, stored_password):
if auth:
username = auth.username
client_password = auth.password
else:
username = ""
client_password = ""
if self.verify_password_callback:
return self.verify_password_callback(username, client_password)
if not auth:
return False
if self.hash_password_callback:
try:
client_password = self.hash_password_callback(client_password)
except TypeError:
client_password = self.hash_password_callback(
username, client_password)
return (client_password is not None and stored_password is not None
and safe_str_cmp(client_password, stored_password))
def default_verify_opaque(request, opaque):
session_opaque = request["session"].get("auth_opaque")
if opaque is None or session_opaque is None:
return False
return safe_str_cmp(opaque, session_opaque)
def default_verify_nonce(request, nonce):
session_nonce = request["session"].get("auth_nonce")
if nonce is None or session_nonce is None:
return False
return safe_str_cmp(nonce, session_nonce)
