class documentation

Support for RFC2617 HTTP Digest Authentication

Parameters
algorithmCase insensitive string specifying the hash algorithm to use. Must be either 'md5' or 'sha'. 'md5-sess' is not supported.
authenticationRealmcase sensitive string that specifies the realm portion of the challenge
Method __init__ Undocumented
Method decode Decode the given response and attempt to generate a DigestedCredentials from it.
Method getChallenge Generate the challenge for use in the WWW-Authenticate header.
Constant CHALLENGE_LIFETIME_SECS The number of seconds for which an opaque should be valid.
Class Variable scheme Undocumented
Instance Variable algorithm Undocumented
Instance Variable authenticationRealm Undocumented
Instance Variable privateKey A random string used for generating the secure opaque.
Method _generateNonce Create a random value suitable for use as the nonce parameter of a WWW-Authenticate challenge.
Method _generateOpaque Generate an opaque to be returned to the client. This is a unique string that can be returned to us and verified.
Method _getTime Parameterize the time based seed used in _generateOpaque so we can deterministically unittest it's behavior.
Method _verifyOpaque Given the opaque and nonce from the request, as well as the client IP that made the request, verify that the opaque was generated by us. And that it's not too old.
Class Variable _parseparts Undocumented
def __init__(self, algorithm, authenticationRealm): (source)

Undocumented

def decode(self, response, method, host): (source)

Decode the given response and attempt to generate a DigestedCredentials from it.

Parameters
response:bytesA string of comma separated key=value pairs
method:bytesThe action requested to which this response is addressed (GET, POST, INVITE, OPTIONS, etc).
host:bytesThe address the request was sent from.
Returns
DigestedCredentials
Raises
error.LoginFailedIf the response does not contain a username, a nonce, an opaque, or if the opaque is invalid.
def getChallenge(self, address): (source)

Generate the challenge for use in the WWW-Authenticate header.

Parameters
addressThe client address to which this challenge is being sent.
Returns
The dict that can be used to generate a WWW-Authenticate header.
CHALLENGE_LIFETIME_SECS = (source)

The number of seconds for which an opaque should be valid.

Value
15*60

Undocumented

algorithm: bytes = (source)

Undocumented

authenticationRealm: bytes = (source)

Undocumented

privateKey: bytes = (source)

A random string used for generating the secure opaque.

def _generateNonce(self): (source)

Create a random value suitable for use as the nonce parameter of a WWW-Authenticate challenge.

Returns
bytesUndocumented
def _generateOpaque(self, nonce, clientip): (source)

Generate an opaque to be returned to the client. This is a unique string that can be returned to us and verified.

def _getTime(self): (source)

Parameterize the time based seed used in _generateOpaque so we can deterministically unittest it's behavior.

def _verifyOpaque(self, opaque, nonce, clientip): (source)

Given the opaque and nonce from the request, as well as the client IP that made the request, verify that the opaque was generated by us. And that it's not too old.

Parameters
opaqueThe opaque value from the Digest response
nonceThe nonce value from the Digest response
clientipThe remote IP address of the client making the request or None if the request was submitted over a channel where this does not make sense.
Returns
True if the opaque was successfully verified.
Raises
error.LoginFailedif opaque could not be parsed or contained the wrong values.
_parseparts = (source)

Undocumented