def authenticate(self, request): if not 'HTTP_AUTHORIZATION' in request.META: return False if not python_digest.is_digest_credential(request.META['HTTP_AUTHORIZATION']): return False digest_response = python_digest.parse_digest_credentials( request.META['HTTP_AUTHORIZATION']) if not digest_response: _l.debug('authentication failure: supplied digest credentials could not be ' \ 'parsed: "%s".' % request.META['HTTP_AUTHORIZATION']) return False if not digest_response.realm == self.realm: _l.debug('authentication failure: supplied realm "%s" does not match ' \ 'configured realm "%s".' % ( digest_response.realm, self.realm)) return False if not python_digest.validate_nonce(digest_response.nonce, self.secret_key): _l.debug('authentication failure: nonce validation failed.') return False partial_digest = self._account_storage.get_partial_digest(digest_response.username) if not partial_digest: _l.debug('authentication failure: no partial digest available for user "%s".' \ % digest_response.username) return False calculated_request_digest = python_digest.calculate_request_digest( method=request.method, digest_response=digest_response, partial_digest=partial_digest) if not calculated_request_digest == digest_response.response: _l.debug('authentication failure: supplied request digest does not match ' \ 'calculated request digest.') return False if not python_digest.validate_uri(digest_response.uri, request.path): _l.debug('authentication failure: digest authentication uri value "%s" does not ' \ 'match value "%s" from HTTP request line.' % (digest_response.uri, request.path)) return False user = self._account_storage.get_user(digest_response.username) if not self._update_existing_nonce(user, digest_response.nonce, digest_response.nc): if (python_digest.get_nonce_timestamp(digest_response.nonce) + self.timeout < time.time()): _l.debug('authentication failure: attempt to establish a new session with ' \ 'a stale nonce.') return False if not self._store_nonce(user, digest_response.nonce, digest_response.nc): _l.debug('authentication failure: attempt to establish a previously used ' \ 'or nonce count.') return False request.user = user return True
def authenticate(self, request): if not 'HTTP_AUTHORIZATION' in request.META: return False if not python_digest.is_digest_credential(request.META['HTTP_AUTHORIZATION']): return False try: unicode(request.META['HTTP_AUTHORIZATION'], 'utf-8') except UnicodeDecodeError: return False digest_response = python_digest.parse_digest_credentials( request.META['HTTP_AUTHORIZATION']) if not digest_response: _l.debug('authentication failure: supplied digest credentials could not be ' \ 'parsed: "%s".' % request.META['HTTP_AUTHORIZATION']) return False if not digest_response.realm == self.realm: _l.debug('authentication failure: supplied realm "%s" does not match ' \ 'configured realm "%s".' % ( digest_response.realm, self.realm)) return False if not python_digest.validate_nonce(digest_response.nonce, self.secret_key): _l.debug('authentication failure: nonce validation failed.') return False partial_digest = self._account_storage.get_partial_digest(digest_response.username) if not partial_digest: _l.debug('authentication failure: no partial digest available for user "%s".' \ % digest_response.username) return False calculated_request_digest = python_digest.calculate_request_digest( method=request.method, digest_response=digest_response, partial_digest=partial_digest) if not calculated_request_digest == digest_response.response: _l.debug('authentication failure: supplied request digest does not match ' \ 'calculated request digest.') if self.failure_callback: self.failure_callback(request, digest_response.username) return False if not python_digest.validate_uri(digest_response.uri, request.path): _l.debug('authentication failure: digest authentication uri value "%s" does not ' \ 'match value "%s" from HTTP request line.' % (digest_response.uri, request.path)) return False user = self._account_storage.get_user(digest_response.username) if not self._update_existing_nonce(user, digest_response.nonce, digest_response.nc): if (python_digest.get_nonce_timestamp(digest_response.nonce) + self.timeout < time.time()): _l.debug('authentication failure: attempt to establish a new session with ' \ 'a stale nonce.') return False if not self._store_nonce(user, digest_response.nonce, digest_response.nc): _l.debug('authentication failure: attempt to establish a previously used ' \ 'or nonce count.') return False request.user = user return True
def authenticate(self, request): """ Base authentication method, all checks here """ if not request.headers.get('authorization'): return False if not python_digest.is_digest_credential( request.headers.get('authorization')): return False digest_response = python_digest.parse_digest_credentials( request.headers.get('authorization')) if not digest_response: log.debug('authentication failure: supplied digest credentials' ' could not be parsed: "%s".' % request.headers.get('authorization')) return False if not digest_response.username: return False if not digest_response.realm == self.realm: log.debug('authentication failure: supplied realm "%s"' 'does not match configured realm "%s".' % (digest_response.realm, self.realm)) return False if not python_digest.validate_nonce( digest_response.nonce, self.secret_key): log.debug('authentication failure: nonce validation failed.') return False partial_digest = self._account_storage.get_partial_digest( digest_response.username) if not partial_digest: log.debug('authentication failure: no partial digest available' ' for user "%s".' % digest_response.username) return False calculated_request_digest = python_digest.calculate_request_digest( method=request.method, digest_response=digest_response, partial_digest=partial_digest) if not calculated_request_digest == digest_response.response: log.debug('authentication failure: supplied request digest' 'does not match calculated request digest.') return False if not python_digest.validate_uri( digest_response.uri, urllib.parse.unquote(request.path)): log.debug('authentication failure: digest authentication uri value' '"%s" does not match value "%s" from HTTP' 'request line.' % (digest_response.uri, request.path)) return False if not self._account_storage.is_admin(digest_response.username): log.debug('authentication failure: user not in operator admin.') return False if hasattr(request,'session') and request.session.data.nonce != digest_response.nonce: if (int(python_digest.get_nonce_timestamp(digest_response.nonce)) + self.timeout < time.time()): log.debug('authentication failure: attempt to establish' ' a new session with a stale nonce.') return False if not self._store_nonce(digest_response.nonce, request): log.debug('authentication failure: attempt to establish' ' a previously used or nonce count.') return False request.user = self._account_storage.get_by_login( digest_response.username) return True