def authenticate(self, request): if not 'HTTP_AUTHORIZATION' in request.META: return False if not python_digest.is_digest_credential(request.META['HTTP_AUTHORIZATION']): return False digest_response = python_digest.parse_digest_credentials( request.META['HTTP_AUTHORIZATION']) if not digest_response: _l.debug('authentication failure: supplied digest credentials could not be ' \ 'parsed: "%s".' % request.META['HTTP_AUTHORIZATION']) return False if not digest_response.realm == self.realm: _l.debug('authentication failure: supplied realm "%s" does not match ' \ 'configured realm "%s".' % ( digest_response.realm, self.realm)) return False if not python_digest.validate_nonce(digest_response.nonce, self.secret_key): _l.debug('authentication failure: nonce validation failed.') return False partial_digest = self._account_storage.get_partial_digest(digest_response.username) if not partial_digest: _l.debug('authentication failure: no partial digest available for user "%s".' \ % digest_response.username) return False calculated_request_digest = python_digest.calculate_request_digest( method=request.method, digest_response=digest_response, partial_digest=partial_digest) if not calculated_request_digest == digest_response.response: _l.debug('authentication failure: supplied request digest does not match ' \ 'calculated request digest.') return False if not python_digest.validate_uri(digest_response.uri, request.path): _l.debug('authentication failure: digest authentication uri value "%s" does not ' \ 'match value "%s" from HTTP request line.' % (digest_response.uri, request.path)) return False user = self._account_storage.get_user(digest_response.username) if not self._update_existing_nonce(user, digest_response.nonce, digest_response.nc): if (python_digest.get_nonce_timestamp(digest_response.nonce) + self.timeout < time.time()): _l.debug('authentication failure: attempt to establish a new session with ' \ 'a stale nonce.') return False if not self._store_nonce(user, digest_response.nonce, digest_response.nc): _l.debug('authentication failure: attempt to establish a previously used ' \ 'or nonce count.') return False request.user = user return True
def hello_with_digest_auth(request): auth = request.META.get('HTTP_AUTHORIZATION', None) if auth is None: return _digest_unauthenticated(request) try: method, data = auth.split(' ', 1) if 'digest' != method.lower(): return _digest_unauthenticated(request) except: raise return _digest_unauthenticated(request) digest_response = python_digest.parse_digest_credentials(auth) expected = python_digest.calculate_request_digest( request.method, python_digest.calculate_partial_digest(digest_response.username, 'DEV', '12345'), digest_response) if digest_response.response != expected: return _digest_unauthenticated(request) return HttpResponse('Hello World')
def is_authenticated(self, request, **kwargs): """ Finds the user and checks their API key. Should return either ``True`` if allowed, ``False`` if not or an ``HttpResponse`` if you need something custom. """ if not request.META.get('HTTP_AUTHORIZATION'): return self._unauthorized() try: (auth_type, data) = request.META['HTTP_AUTHORIZATION'].split(' ', 1) if auth_type.lower() != 'digest': return self._unauthorized() except: return self._unauthorized() digest_response = python_digest.parse_digest_credentials( request.META['HTTP_AUTHORIZATION']) # FIXME: Should the nonce be per-user? if not python_digest.validate_nonce( digest_response.nonce, getattr(settings, 'SECRET_KEY', '')): return self._unauthorized() user = self.get_user(digest_response.username) api_key = self.get_key(user) if user is False or api_key is False: return self._unauthorized() expected = python_digest.calculate_request_digest( request.method, python_digest.calculate_partial_digest(digest_response.username, self.realm, api_key), digest_response) if not digest_response.response == expected: return self._unauthorized() if not self.check_active(user): return False request.user = user return True
def is_authenticated(self, request, **kwargs): """ Finds the user and checks their API key. Should return either ``True`` if allowed, ``False`` if not or an ``HttpResponse`` if you need something custom. """ if not request.META.get('HTTP_AUTHORIZATION'): return self._unauthorized() try: (auth_type, data) = request.META['HTTP_AUTHORIZATION'].split( ' ', 1) if auth_type.lower() != 'digest': return self._unauthorized() except: return self._unauthorized() digest_response = python_digest.parse_digest_credentials( request.META['HTTP_AUTHORIZATION']) # FIXME: Should the nonce be per-user? if not python_digest.validate_nonce( digest_response.nonce, getattr(settings, 'SECRET_KEY', '')): return self._unauthorized() user = self.get_user(digest_response.username) api_key = self.get_key(user) if user is False or api_key is False: return self._unauthorized() expected = python_digest.calculate_request_digest( request.method, python_digest.calculate_partial_digest(digest_response.username, self.realm, api_key), digest_response) if not digest_response.response == expected: return self._unauthorized() if not self.check_active(user): return False request.user = user return True
def is_authenticated(self, request, **kwargs): """ Finds the user and checks their API key. Should return either ``True`` if allowed, ``False`` if not or an ``HttpResponse`` if you need something custom. """ try: self.get_authorization_data(request) except ValueError: return self._unauthorized() digest_response = python_digest.parse_digest_credentials(request.META["HTTP_AUTHORIZATION"]) # FIXME: Should the nonce be per-user? if not python_digest.validate_nonce(digest_response.nonce, settings.SECRET_KEY): return self._unauthorized() user = self.get_user(digest_response.username) api_key = self.get_key(user) if user is False or api_key is False: return self._unauthorized() expected = python_digest.calculate_request_digest( request.method, python_digest.calculate_partial_digest(digest_response.username, self.realm, api_key), digest_response, ) if not digest_response.response == expected: return self._unauthorized() if not self.check_active(user): return False request.user = user return True
def authenticate(self, request): if not 'HTTP_AUTHORIZATION' in request.META: return False if not python_digest.is_digest_credential(request.META['HTTP_AUTHORIZATION']): return False try: unicode(request.META['HTTP_AUTHORIZATION'], 'utf-8') except UnicodeDecodeError: return False digest_response = python_digest.parse_digest_credentials( request.META['HTTP_AUTHORIZATION']) if not digest_response: _l.debug('authentication failure: supplied digest credentials could not be ' \ 'parsed: "%s".' % request.META['HTTP_AUTHORIZATION']) return False if not digest_response.realm == self.realm: _l.debug('authentication failure: supplied realm "%s" does not match ' \ 'configured realm "%s".' % ( digest_response.realm, self.realm)) return False if not python_digest.validate_nonce(digest_response.nonce, self.secret_key): _l.debug('authentication failure: nonce validation failed.') return False partial_digest = self._account_storage.get_partial_digest(digest_response.username) if not partial_digest: _l.debug('authentication failure: no partial digest available for user "%s".' \ % digest_response.username) return False calculated_request_digest = python_digest.calculate_request_digest( method=request.method, digest_response=digest_response, partial_digest=partial_digest) if not calculated_request_digest == digest_response.response: _l.debug('authentication failure: supplied request digest does not match ' \ 'calculated request digest.') if self.failure_callback: self.failure_callback(request, digest_response.username) return False if not python_digest.validate_uri(digest_response.uri, request.path): _l.debug('authentication failure: digest authentication uri value "%s" does not ' \ 'match value "%s" from HTTP request line.' % (digest_response.uri, request.path)) return False user = self._account_storage.get_user(digest_response.username) if not self._update_existing_nonce(user, digest_response.nonce, digest_response.nc): if (python_digest.get_nonce_timestamp(digest_response.nonce) + self.timeout < time.time()): _l.debug('authentication failure: attempt to establish a new session with ' \ 'a stale nonce.') return False if not self._store_nonce(user, digest_response.nonce, digest_response.nc): _l.debug('authentication failure: attempt to establish a previously used ' \ 'or nonce count.') return False request.user = user return True
def authenticate(self, request): """ Base authentication method, all checks here """ if not request.headers.get('authorization'): return False if not python_digest.is_digest_credential( request.headers.get('authorization')): return False digest_response = python_digest.parse_digest_credentials( request.headers.get('authorization')) if not digest_response: log.debug('authentication failure: supplied digest credentials' ' could not be parsed: "%s".' % request.headers.get('authorization')) return False if not digest_response.username: return False if not digest_response.realm == self.realm: log.debug('authentication failure: supplied realm "%s"' 'does not match configured realm "%s".' % (digest_response.realm, self.realm)) return False if not python_digest.validate_nonce( digest_response.nonce, self.secret_key): log.debug('authentication failure: nonce validation failed.') return False partial_digest = self._account_storage.get_partial_digest( digest_response.username) if not partial_digest: log.debug('authentication failure: no partial digest available' ' for user "%s".' % digest_response.username) return False calculated_request_digest = python_digest.calculate_request_digest( method=request.method, digest_response=digest_response, partial_digest=partial_digest) if not calculated_request_digest == digest_response.response: log.debug('authentication failure: supplied request digest' 'does not match calculated request digest.') return False if not python_digest.validate_uri( digest_response.uri, urllib.parse.unquote(request.path)): log.debug('authentication failure: digest authentication uri value' '"%s" does not match value "%s" from HTTP' 'request line.' % (digest_response.uri, request.path)) return False if not self._account_storage.is_admin(digest_response.username): log.debug('authentication failure: user not in operator admin.') return False if hasattr(request,'session') and request.session.data.nonce != digest_response.nonce: if (int(python_digest.get_nonce_timestamp(digest_response.nonce)) + self.timeout < time.time()): log.debug('authentication failure: attempt to establish' ' a new session with a stale nonce.') return False if not self._store_nonce(digest_response.nonce, request): log.debug('authentication failure: attempt to establish' ' a previously used or nonce count.') return False request.user = self._account_storage.get_by_login( digest_response.username) return True
def calculate_request_digest(self, request, digest_response, username, api_key): return python_digest.calculate_request_digest( request.method, python_digest.calculate_partial_digest(username, self.realm, api_key), digest_response)