def hello_with_digest_auth(request): auth = request.META.get('HTTP_AUTHORIZATION', None) if auth is None: return _digest_unauthenticated(request) try: method, data = auth.split(' ', 1) if 'digest' != method.lower(): return _digest_unauthenticated(request) except: raise return _digest_unauthenticated(request) digest_response = python_digest.parse_digest_credentials(auth) expected = python_digest.calculate_request_digest( request.method, python_digest.calculate_partial_digest(digest_response.username, 'DEV', '12345'), digest_response) if digest_response.response != expected: return _digest_unauthenticated(request) return HttpResponse('Hello World')
def _prepare_partial_digests(user, raw_password): realm = get_setting('DIGEST_REALM', DEFAULT_REALM) partial_digests = [] for (confirmed, factory_method) in ((True, _confirmed_logins), (False, _unconfirmed_logins)): partial_digests += [(login, calculate_partial_digest(login, realm, raw_password), confirmed) for login in factory_method(user)] password_hash = user.password _postponed_partial_digests[password_hash] = partial_digests
def _prepare_partial_digests(user, raw_password): if raw_password is None: return realm = get_setting('DIGEST_REALM', DEFAULT_REALM) partial_digests = [] for (confirmed, factory_method) in ((True, _confirmed_logins), (False, _unconfirmed_logins)): partial_digests += [(login, calculate_partial_digest(login, realm, raw_password), confirmed) for login in factory_method(user)] password_hash = user.password _postponed_partial_digests[password_hash] = partial_digests
def is_authenticated(self, request, **kwargs): """ Finds the user and checks their API key. Should return either ``True`` if allowed, ``False`` if not or an ``HttpResponse`` if you need something custom. """ if not request.META.get('HTTP_AUTHORIZATION'): return self._unauthorized() try: (auth_type, data) = request.META['HTTP_AUTHORIZATION'].split(' ', 1) if auth_type.lower() != 'digest': return self._unauthorized() except: return self._unauthorized() digest_response = python_digest.parse_digest_credentials( request.META['HTTP_AUTHORIZATION']) # FIXME: Should the nonce be per-user? if not python_digest.validate_nonce( digest_response.nonce, getattr(settings, 'SECRET_KEY', '')): return self._unauthorized() user = self.get_user(digest_response.username) api_key = self.get_key(user) if user is False or api_key is False: return self._unauthorized() expected = python_digest.calculate_request_digest( request.method, python_digest.calculate_partial_digest(digest_response.username, self.realm, api_key), digest_response) if not digest_response.response == expected: return self._unauthorized() if not self.check_active(user): return False request.user = user return True
def is_authenticated(self, request, **kwargs): """ Finds the user and checks their API key. Should return either ``True`` if allowed, ``False`` if not or an ``HttpResponse`` if you need something custom. """ if not request.META.get('HTTP_AUTHORIZATION'): return self._unauthorized() try: (auth_type, data) = request.META['HTTP_AUTHORIZATION'].split( ' ', 1) if auth_type.lower() != 'digest': return self._unauthorized() except: return self._unauthorized() digest_response = python_digest.parse_digest_credentials( request.META['HTTP_AUTHORIZATION']) # FIXME: Should the nonce be per-user? if not python_digest.validate_nonce( digest_response.nonce, getattr(settings, 'SECRET_KEY', '')): return self._unauthorized() user = self.get_user(digest_response.username) api_key = self.get_key(user) if user is False or api_key is False: return self._unauthorized() expected = python_digest.calculate_request_digest( request.method, python_digest.calculate_partial_digest(digest_response.username, self.realm, api_key), digest_response) if not digest_response.response == expected: return self._unauthorized() if not self.check_active(user): return False request.user = user return True
def is_authenticated(self, request, **kwargs): """ Finds the user and checks their API key. Should return either ``True`` if allowed, ``False`` if not or an ``HttpResponse`` if you need something custom. """ try: self.get_authorization_data(request) except ValueError: return self._unauthorized() digest_response = python_digest.parse_digest_credentials(request.META["HTTP_AUTHORIZATION"]) # FIXME: Should the nonce be per-user? if not python_digest.validate_nonce(digest_response.nonce, settings.SECRET_KEY): return self._unauthorized() user = self.get_user(digest_response.username) api_key = self.get_key(user) if user is False or api_key is False: return self._unauthorized() expected = python_digest.calculate_request_digest( request.method, python_digest.calculate_partial_digest(digest_response.username, self.realm, api_key), digest_response, ) if not digest_response.response == expected: return self._unauthorized() if not self.check_active(user): return False request.user = user return True
def setDigest(self, password): self.digest = python_digest.calculate_partial_digest( self.login.lower(), self.realm, password)
def calculate_request_digest(self, request, digest_response, username, api_key): return python_digest.calculate_request_digest( request.method, python_digest.calculate_partial_digest(username, self.realm, api_key), digest_response)