def digest_auth_header(self,
realm=None,
nonce=None,
qop=None,
opaque=None,
algorithm=None,
stale=None):
options = {}
if nonce is None:
nonce = hexmd5(to_bytes('%d' % time.time()) + os.urandom(10))
if opaque is None:
opaque = hexmd5(os.urandom(10))
if stale:
options['stale'] = 'TRUE'
if opaque is not None:
options['opaque'] = opaque
if algorithm is not None:
options['algorithm'] = algorithm
if qop is None:
qop = ('auth', )
return self._auth_header('digest',
realm=realm,
nonce=nonce,
qop=', '.join(qop),
**options)
def request_challenge_digest_auth(self, environ, bits):
if len(bits) == 3:
auth = environ.get('HTTP_AUTHORIZATION')
if auth and auth.authenticated(environ, *bits[1:]):
data = jsonbytes({'autheinticated': True,
'username': auth.username})
return self.response(data)
nonce = hexmd5(to_bytes('%d' % time.time()) + os.urandom(10))
digest = WWWAuthenticate.digest("Fake Realm", nonce,
opaque=hexmd5(os.urandom(10)),
qop=bits[:1])
raise HttpException(status=401,
headers=[('WWW-Authenticate', str(digest))])
else:
raise HttpException(status=404)
def hex(self, x):
if self.algorithm == 'MD5':
return hexmd5(x)
elif self.algorithm == 'SHA1':
return hexsha1(x)
else:
raise ValueError('Unknown algorithm %s' % self.algorithm)
def hex(self, x):
if self.algorithm == 'MD5':
return hexmd5(x)
elif self.algorithm == 'SHA1':
return hexsha1(x)
else:
raise ValueError('Unknown algorithm %s' % self.algorithm)
def digest_auth_header(self, realm=None, nonce=None, qop=None, opaque=None,
algorithm=None, stale=None):
options = {}
if nonce is None:
nonce = hexmd5(to_bytes('%d' % time.time()) + os.urandom(10))
if opaque is None:
opaque = hexmd5(os.urandom(10))
if stale:
options['stale'] = 'TRUE'
if opaque is not None:
options['opaque'] = opaque
if algorithm is not None:
options['algorithm'] = algorithm
if qop is None:
qop = ('auth',)
return self._auth_header('digest', realm=realm, nonce=nonce,
qop=', '.join(qop), **options)
def authenticated(self, environ, username=None, password=None, **params):
'''Called by the server to check if client is authenticated.'''
if username != self.username:
return False
o = self.options
qop = o.get('qop')
method = environ['REQUEST_METHOD']
uri = environ.get('PATH_INFO', '')
ha1 = self.ha1(o['realm'], password)
ha2 = self.ha2(qop, method, uri)
if qop is None:
response = hexmd5(":".join((ha1, self.nonce, ha2)))
elif qop == 'auth' or qop == 'auth-int':
response = hexmd5(":".join(
(ha1, o['nonce'], o['nc'], o['cnonce'], qop, ha2)))
else:
raise ValueError("qop value are wrong")
return o['response'] == response
def authenticated(self, environ, username=None, password=None, **params):
'''Called by the server to check if client is authenticated.'''
if username != self.username:
return False
o = self.options
qop = o.get('qop')
method = environ['REQUEST_METHOD']
uri = environ.get('PATH_INFO', '')
ha1 = self.ha1(o['realm'], password)
ha2 = self.ha2(qop, method, uri)
if qop is None:
response = hexmd5(":".join((ha1, self.nonce, ha2)))
elif qop == 'auth' or qop == 'auth-int':
response = hexmd5(":".join((ha1, o['nonce'], o['nc'],
o['cnonce'], qop, ha2)))
else:
raise ValueError("qop value are wrong")
return o['response'] == response