def get_signature(key_for_secret, method, path, timestamp, signed_headers_value=[], body=''): secret = settings.FOST_AUTHN_GET_SECRET(key_for_secret,'secret') document, signature = fost_hmac_request_signature_with_headers( secret,method,path,timestamp,signed_headers_value,body) return document, signature
def _request_signature(backend, request, key, hmac): if not request.META.has_key('HTTP_X_FOST_TIMESTAMP'): return _forbid("No HTTP_X_FOST_TIMESTAMP was found") secret = getattr(settings, 'FOST_AUTHN_GET_SECRET', _default_authn_get_secret)(request, key) logging.info("Found secret %s for key %s", secret, key) logging.info("About to parse time stamp from %s", request.META['HTTP_X_FOST_TIMESTAMP'][:19]) signed_time = datetime.strptime( request.META['HTTP_X_FOST_TIMESTAMP'][:19].replace('T', ' '), '%Y-%m-%d %H:%M:%S') utc_now = datetime.utcnow() delta = timedelta(0, getattr(settings, 'FOST_AUTHN_MAXIMUM_CLOCK_SKEW', 300)) skew = max(signed_time - utc_now, utc_now - signed_time) logging.info( "Clock skew is %s based on signed time %s and current time %s " "(maximum skew is %s) %s", skew, signed_time, utc_now, delta, "skew is too high" if skew > delta else "skew is ok") if skew < delta: signed_headers, signed = [], {} logging.debug("Signed headers: %s", request.META['HTTP_X_FOST_HEADERS']) for header in request.META['HTTP_X_FOST_HEADERS'].split(): logging.info("Header %s included in signed set", header) name = 'HTTP_%s' % header.upper().replace('-', '_') value = request.META[name] signed[header] = value signed_headers.append(value) if _django_1_0_hack(request): # pragma: no cover logging.warning("Django 1.0 with content length so we assume " "that the signature is correct") signature = hmac else: if hasattr(request, 'body'): # Django 1.6 compatibility body = request.body else: body = request.raw_post_data document, signature = fost_hmac_request_signature_with_headers( secret, request.method, request.path, request.META['HTTP_X_FOST_TIMESTAMP'], signed_headers, body or request.META.get('QUERY_STRING', '')) if signature == hmac: request.SIGNED = signed if request.SIGNED.has_key('X-FOST-User'): return backend.get_user( request.SIGNED['X-FOST-User'].decode('utf-7')) else: return backend.get_user(unquote(key)) else: return _forbid("Signature didn't match provided hmac") else: return _forbid("Clock skew too high")
def _request_signature(backend, request, key, hmac): if not request.META.has_key("HTTP_X_FOST_TIMESTAMP"): return _forbid("No HTTP_X_FOST_TIMESTAMP was found") secret = getattr(settings, "FOST_AUTHN_GET_SECRET", _default_authn_get_secret)(request, key) logging.info("Found secret %s for key %s", secret, key) logging.info("About to parse time stamp from %s", request.META["HTTP_X_FOST_TIMESTAMP"][:19]) signed_time = datetime.strptime(request.META["HTTP_X_FOST_TIMESTAMP"][:19].replace("T", " "), "%Y-%m-%d %H:%M:%S") utc_now = datetime.utcnow() delta = timedelta(0, getattr(settings, "FOST_AUTHN_MAXIMUM_CLOCK_SKEW", 300)) skew = max(signed_time - utc_now, utc_now - signed_time) logging.info( "Clock skew is %s based on signed time %s and current time %s " "(maximum skew is %s) %s", skew, signed_time, utc_now, delta, "skew is too high" if skew > delta else "skew is ok", ) if skew < delta: signed_headers, signed = [], {} logging.debug("Signed headers: %s", request.META["HTTP_X_FOST_HEADERS"]) for header in request.META["HTTP_X_FOST_HEADERS"].split(): logging.info("Header %s included in signed set", header) name = "HTTP_%s" % header.upper().replace("-", "_") value = request.META[name] signed[header] = value signed_headers.append(value) if _django_1_0_hack(request): # pragma: no cover logging.warning("Django 1.0 with content length so we assume " "that the signature is correct") signature = hmac else: if hasattr(request, "body"): # Django 1.6 compatibility body = request.body else: body = request.raw_post_data document, signature = fost_hmac_request_signature_with_headers( secret, request.method, request.path, request.META["HTTP_X_FOST_TIMESTAMP"], signed_headers, body or request.META.get("QUERY_STRING", ""), ) if signature == hmac: request.SIGNED = signed if request.SIGNED.has_key("X-FOST-User"): return backend.get_user(request.SIGNED["X-FOST-User"].decode("utf-7")) else: return backend.get_user(unquote(key)) else: return _forbid("Signature didn't match provided hmac") else: return _forbid("Clock skew too high")
def __call__(self, request): """ modify and return the request """ secret = settings.FOST_AUTHN_GET_SECRET(request, "secret") timestamp = datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S") path = unicode(request.path_url.split("?")[0]) body = urllib.urlencode(request.data) document, signature = fost_hmac_request_signature_with_headers( secret, request.method, path, timestamp, [self.username], body ) request.headers["X-FOST-User"] = self.username request.headers["X-FOST-Headers"] = "X-FOST-User" request.headers["X-FOST-Timestamp"] = timestamp request.headers["Authorization"] = "FOST %s:%s" % (self.username, signature) return request