File: //opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyc
��
|��Wc������������@���s����d��Z��d��d��l��m��Z���d��d��l��Ty��d��d��l��m��Z���Wn!��e��k
�rW����d��d��l��m��Z���n��Xd��d��l��Z��d��d��l��Z��d��d��l �m
�Z���d�����Z��d�����Z
�d ����Z��d
�e��f��d��������YZ��d��e��f��d
�������YZ��e��Z��d��d��g��Z��d�����Z��d��e��k��r��d��d��l��Z��e��j��d��e��j������n��d��S(����s����
Digest HTTP/1.1 Authentication
This module implements ``Digest`` authentication as described by
RFC 2617 [1]_ .
Basically, you just put this module before your application, and it
takes care of requesting and handling authentication requests. This
module has been tested with several common browsers "out-in-the-wild".
>>> from paste.wsgilib import dump_environ
>>> from paste.httpserver import serve
>>> # from paste.auth.digest import digest_password, AuthDigestHandler
>>> realm = 'Test Realm'
>>> def authfunc(environ, realm, username):
... return digest_password(realm, username, username)
>>> serve(AuthDigestHandler(dump_environ, realm, authfunc))
serving on...
This code has not been audited by a security expert, please use with
caution (or better yet, report security holes). At this time, this
implementation does not provide for further challenges, nor does it
support Authentication-Info header. It also uses md5, and an option
to use sha would be a good thing.
.. [1] http://www.faqs.org/rfcs/rfc2617.html
i����(����t����HTTPUnauthorized(����t����*(����t����md5N(����t����quotec������������c���s����d��}��x��|��j��d�����D]x�}��y/�|��j��d�����d��k��rJ�d��|��|��f���}��w��n��Wn/��t��k
�r|����|��d��k��rs�|��}��q��q}�t�����n��X|��j�����V�|��}��q��W|��j�����V�t�����d��S(����s>��� split a digest auth string into individual key=value strings t����,t����"i����s����%s,%sN(����t����Nonet����splitt����countt����AttributeErrort
���StopIterationt����strip(����t����auth_stringt����prevt����item(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyt����_split_auth_string)���s����������������
�
�������
���
���c������������c���s~���xw�t��|�����D]i�}��|��j��d��d�����\��}��}��|��j��d�����rk�t��|�����d��k��rk�|��j��d�����rk�|��d��d��!}��n��|��|��f��V�q
�Wd��S(����s2��� split a digest auth string into key, value pairs t����=i����R����i����N(����R����R����t
���startswitht����lent����endswith(����R����R����t����kt����v(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyt����_auth_to_kv_pairs=���s
���������0���c������������C���s����t��d��|��|��|��f������j�����S(����s;��� construct the appropriate hashcode needed for HTTP digest s����%s:%s:%s(����R����t ���hexdigest(����t����realmt����usernamet����password(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyt����digest_passwordE���s������t����AuthDigestAuthenticatorc������������B���s;���e��Z��d��Z��d�����Z��d��d�����Z��d�����Z��d�����Z��e��Z��RS(����s9��� implementation of RFC 2617 - HTTP Digest Authentication c������������C���s����i��|��_��|��|��_��|��|��_��d��S(����N(����t����noncet����authfuncR����(����t����selfR����R����(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyt����__init__K���s������ � �t����c������������C���s����t��d��t��j�����t��j�����f������j�����}��t��d��t��j�����t��j�����f������j�����}��d��|��j��|��<i��|��j��d��6d��d��6|��d��6|��d��6}��|��r��d��|��d��<n��d �j��g��|��j�����D]��\��}��}��d
�|��|��f���^��q�����}��d��d��|���f��g��}��t �d
�|�����S(����s!��� builds the authentication error s����%s:%sR����t����autht����qopR����t����opaquet����truet����stales����, s����%s="%s"s����WWW-Authenticates ���Digest %st����headersN(
���R����t����timet����randomR����R����R����R����t����joint����itemsR����(����R����R&���R����R$���t����partsR����R����t����head(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyt����build_authenticationP���s��������%���%�
�������
�8���c
���
�������C���s����|��s��|��j�����St��d��|��|��f������j�����}
�| �rQ�d��|��|��|��|��| �|
�f���}��n��d��|��|��|
�f���}��|��t��|�����j�����k��r��|��|��j��k��r��|��j��|��=n��|��j�����S|��j��j��|��d�����}��|��|��k��r��|��|��j��k��r��|��j��|��=n��|��j��d��t�����S|��|��j��|��<|��S(����s;��� computes the authentication, raises error if unsuccessful s����%s:%ss����%s:%s:%s:%s:%s:%ss����%s:%s:%st����00000000R&���(����R.���R����R����R����t����gett����True(
���R����t����ha1R����t����responset����methodt����pathR����t����nct����cnonceR#���t����ha2t����chkt����pnc(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyt����compute_���s"�������
�������������
�
�������
���
�c������������C���s����t��|�����}��t��t��|��������t��t��|���������}��t��|�����}��|��sJ�|��j�����S|��j��d��d�����\��}��}��d��|��j�����k��r~�|��j�����St��t �|��������}��y��|��d���}��|��d���} �|��d���}
�|��d���}��|��d���}��| �j��d �d�����d
��|��k��s��t
����|��|��j��k��s��t
����|��j��d��d�����}
�|��j��d
�d�����}��|��j��d��d�����}��|
�r_�d��|
�k��sJ�t
����|
�rV�|��s_�t
����n��Wn�����|��j�����SX|��j
�|��|��|�����}��|��j��|��|��|��|��| �|
�|��|��|
�� �S(����s���� This function takes a WSGI environment and authenticates
the request returning authenticated user or error.
t���� i����t����digestR����t����uriR����R����R3���t����?i����R#���R!���R7���R6���R/���R"���(����t����REQUEST_METHODt ���url_quotet����SCRIPT_NAMEt ���PATH_INFOt
���AUTHORIZATIONR.���R����t����lowert����dictR����t����AssertionErrorR����R0���R����R;���(����R����t����environR4���t����fullpatht
���authorizationt����authmethR"���t����amapR����t����authpathR����R����R3���R#���R7���R6���R2���(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyt����authenticateu���s8�������"�����
�����
�����
�
�
�
�
�"�����������������������(����t����__name__t
���__module__t����__doc__R ���R.���R;���RN���t����__call__(����(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyR����I���s�������� ��� � !t����AuthDigestHandlerc������������B���s ���e��Z��d��Z��d�����Z��d�����Z��RS(����s����
middleware for HTTP Digest authentication (RFC 2617)
This component follows the procedure below:
0. If the REMOTE_USER environment variable is already populated;
then this middleware is a no-op, and the request is passed
along to the application.
1. If the HTTP_AUTHORIZATION header was not provided or specifies
an algorithem other than ``digest``, then a HTTPUnauthorized
response is generated with the challenge.
2. If the response is malformed or or if the user's credientials
do not pass muster, another HTTPUnauthorized is raised.
3. If all goes well, and the user's credintials pass; then
REMOTE_USER environment variable is filled in and the
AUTH_TYPE is listed as 'digest'.
Parameters:
``application``
The application object is called only upon successful
authentication, and can assume ``environ['REMOTE_USER']``
is set. If the ``REMOTE_USER`` is already set, this
middleware is simply pass-through.
``realm``
This is a identifier for the authority that is requesting
authorization. It is shown to the user and should be unique
within the domain it is being used.
``authfunc``
This is a callback function which performs the actual
authentication; the signature of this callback is:
authfunc(environ, realm, username) -> hashcode
This module provides a 'digest_password' helper function
which can help construct the hashcode; it is recommended
that the hashcode is stored in a database, not the user's
actual password (since you only need the hashcode).
c������������C���s����t��|��|�����|��_��|��|��_��d��S(����N(����R����RN���t����application(����R����RT���R����R����(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyR �������s��������c������������C���sv���t��|�����}��|��sf�|��j��|�����}��t��|��t�����rS�t��j��|��d������t��j��|��|������qf�|��j��|��|�����Sn��|��j��|��|�����S(����NR=���(����t����REMOTE_USERRN���t
���isinstancet����strt ���AUTH_TYPEt����updatet����wsgi_applicationRT���(����R����RH���t����start_responseR����t����result(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyRR�������s��������������������(����RO���RP���RQ���R ���RR���(����(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyRS�������s�����/�� �R����c������������K���sV���d��d��l��m��}���d��d��l��}��|��|�����}��t��|��|��j�����sF�t��d��������t��|��|��|�����S(����s����
Grant access via digest authentication
Config looks like this::
[filter:grant]
use = egg:Paste#auth_digest
realm=myrealm
authfunc=somepackage.somemodule:somefunction
i����(����t����eval_importNs#���authfunc must resolve to a function(����t����paste.util.import_stringR]���t����typesRV���t����FunctionTypeRG���RS���(����t����appt����global_confR����R����t����kwR]���R_���(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyt����make_digest����s
�������������t����__main__t����optionflags(����RQ���t����paste.httpexceptionsR����t����paste.httpheaderst����hashlibR����t����ImportErrorR(���R)���t����urllibR����RA���R����R����R����t����objectR����RS���t
���middlewaret����__all__Rd���RO���t����doctestt����testmodt����ELLIPSIS(����(����(����sB���/opt/alt/python27/lib/python2.7/site-packages/paste/auth/digest.pyt����<module>����s&�������
�����
������� � � ��O�?���� �����