Document the new digest_algo parameter

David Tulloh

2016-04-20 d7df42ae13a2a9bfb73a76ed96997dad88a794a9

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# Login application for demo SSO: using the repoze.who API.
from repoze.who.api import APIFactory
from repoze.who.config import WhoConfig
from webob import Request
 
LOGIN_FORM_TEMPLATE = """\
<html>
<head>
<title> Demo SSO Login </title>
</head>
<body>
<h1> Demo SSO Login </h1>
<p style="color: Red">%(message)s</p>
<form action="#" method="post">
 <input type="hidden" name="came_from" value="%(came_from)s" />
 <fieldset id="login_name_fs">
  <label for="login_name">Login Name</label>
  <input type="text" id="login_name" name="login_name" value="%(login_name)s" />
 </fieldset>
 <fieldset id="password_fs">
  <label for="password">Login Name</label>
  <input type="password" id="password" name="password" />
 </fieldset>
 <input type="submit" name="form.submitted" value="Log In" />
</form>
</body>
</html>
"""
 
MAX_AGE = '3600' # seconds
 
AUTH = {
    'phred': 'y4bb3d4bb4d00',
    'bharney': 'b3dr0ck',
}
 
# This config would normally be in a separate file:  inlined here for
# didactic purposes.
WHO_CONFIG = """\
[plugin:auth_tkt]
# identification + authorization
use = repoze.who.plugins.auth_tkt:make_plugin
secret = s33kr1t
cookie_name = auth_cookie
secure = True
include_ip = True
digest_algo = sha512
 
[general]
request_classifier = repoze.who.classifiers:default_request_classifier
challenge_decider = repoze.who.classifiers:default_challenge_decider
remote_user_key = REMOTE_USER
 
[identifiers]
plugins =
        auth_tkt
 
[authenticators]
plugins =
        auth_tkt
 
[challengers]
plugins =
 
[mdproviders]
plugins =
"""
 
# oh emacs python-mode, you disappoint me """
 
api_factory = None
 
def _configure_api_factory():
    global api_factory
    if api_factory is None:
        config = WhoConfig(here='/tmp') # XXX config file location
        config.parse(WHO_CONFIG)
        api_factory = APIFactory(identifiers=config.identifiers,
                                 authenticators=config.authenticators,
                                 challengers=config.challengers,
                                 mdproviders=config.mdproviders,
                                 request_classifier=config.request_classifier,
                                 challenge_decider=config.challenge_decider,
                                )
    return api_factory
 
def _validate(login_name, password):
    # Your application's logic goes here
    return AUTH.get(login_name) == password
 
def login(environ, start_response):
    request = Request(environ)
    message = ''
    if 'form.submitted' in request.POST:
        came_from = request.POST['came_from']
        login_name = request.POST['login_name']
        password = request.POST['password']
        remote_addr = environ['REMOTE_ADDR']
        tokens = userdata = ''
        if _validate(login_name, password):
            api = _configure_api_factory()(environ)
            headers = [('Location', came_from)]
            headers.extend(api.remember(login_name))
            start_response('302 Found', headers)
            return []
        message = 'Authentication failed'
    else:
        came_from = request.GET.get('came_from')
        login_name = ''
 
    body = LOGIN_FORM_TEMPLATE % {'message': message,
                                  'came_from': came_from,
                                  'login_name': login_name,
                                 }
    start_response('200 OK', [])
    return [body]
 
def main(global_config, **local_config):
    return login