Reuse 'DEFAULT_DIGEST' declared in 'repoze.who._auth_tkt'.

Tres Seaver

2016-05-31 275d134e3e157dda6af5661089469c7e8a8b915f

 repoze/who/plugins/auth_tkt.py

@@ -1,10 +1,18 @@
import datetime
from codecs import utf_8_decode
from codecs import utf_8_encode
import hashlib
import os
import time
from wsgiref.handlers import _monthname     # Locale-independent, RFC-2616
from wsgiref.handlers import _weekdayname   # Locale-independent, RFC-2616
try:
    from urllib.parse import urlencode, parse_qsl
except ImportError:
    from urllib import urlencode
    from urlparse import parse_qsl

from zope.interface import implements
from zope.interface import implementer

from repoze.who.interfaces import IIdentifier
from repoze.who.interfaces import IAuthenticator
@@ -12,24 +20,22 @@
import repoze.who._auth_tkt as auth_tkt
from repoze.who._compat import STRING_TYPES

_NOW_TESTING = None  # unit tests can replace
def _now():  #pragma NO COVERAGE
    if _NOW_TESTING is not None:
        return _NOW_TESTING
    return datetime.datetime.now()
_UTCNOW = None  # unit tests can replace
def _utcnow():  #pragma NO COVERAGE
    if _UTCNOW is not None:
        return _UTCNOW
    return datetime.datetime.utcnow()

@implementer(IIdentifier, IAuthenticator)
class AuthTktCookiePlugin(object):
    implements(IIdentifier, IAuthenticator)

    userid_typename = 'userid_type'
    userid_type_decoders = {'int': int,
                            'unicode': lambda x: utf_8_decode(x)[0],
                           }

    userid_type_decoders = {'int':int}
    try:
        userid_type_decoders[unicode] = ('unicode',
                                         lambda x: utf_8_decode(x)[0])
    except NameError: #pragma NO COVER Python >= 3.0
        pass

    userid_type_encoders = {int: ('int', str)}
    userid_type_encoders = {int: ('int', str),
                           }
    try:
        userid_type_encoders[long] = ('int', str)
    except NameError: #pragma NO COVER Python >= 3.0
@@ -42,7 +48,8 @@
 
    def __init__(self, secret, cookie_name='auth_tkt',
                 secure=False, include_ip=False,
                 timeout=None, reissue_time=None, userid_checker=None):
                 timeout=None, reissue_time=None, userid_checker=None,
                 digest_algo=auth_tkt.DEFAULT_DIGEST):
        self.secret = secret
        self.cookie_name = cookie_name
        self.include_ip = include_ip
@@ -53,6 +60,7 @@
        self.timeout = timeout
        self.reissue_time = reissue_time
        self.userid_checker = userid_checker
        self.digest_algo = digest_algo

    # IIdentifier
    def identify(self, environ):
@@ -69,21 +77,19 @@
        
        try:
            timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
                self.secret, cookie.value, remote_addr)
                self.secret, cookie.value, remote_addr, self.digest_algo)
        except auth_tkt.BadTicket:
            return None

        if self.timeout and ( (timestamp + self.timeout) < time.time() ):
            return None

        userid_typename = 'userid_type:'
        user_data_info = user_data.split('|')
        for datum in filter(None, user_data_info):
            if datum.startswith(userid_typename):
                userid_type = datum[len(userid_typename):]
                decoder = self.userid_type_decoders.get(userid_type)
                if decoder:
                    userid = decoder(userid)
        user_data_dict = dict(parse_qsl(user_data))
        userid_type = user_data_dict.get(self.userid_typename)
        if userid_type:
            decoder = self.userid_type_decoders.get(userid_type)
            if decoder:
                userid = decoder(userid)
            
        environ['REMOTE_USER_TOKENS'] = tokens
        environ['REMOTE_USER_DATA'] = user_data
@@ -93,7 +99,7 @@
        identity['timestamp'] = timestamp
        identity['repoze.who.plugins.auth_tkt.userid'] = userid
        identity['tokens'] = tokens
        identity['userdata'] = user_data
        identity['userdata'] = user_data_dict
        return identity

    # IIdentifier
@@ -119,21 +125,24 @@
        if old_cookie_value:
            try:
                timestamp,userid,tokens,userdata = auth_tkt.parse_ticket(
                    self.secret, old_cookie_value, remote_addr)
                    self.secret, old_cookie_value, remote_addr,
                    self.digest_algo)
            except auth_tkt.BadTicket:
                pass
        tokens = tuple(tokens)

        who_userid = identity['repoze.who.userid']
        who_tokens = tuple(identity.get('tokens', ()))
        who_userdata = identity.get('userdata', '')
        who_userdata_dict = identity.get('userdata', {})

        encoding_data = self.userid_type_encoders.get(type(who_userid))
        if encoding_data:
            encoding, encoder = encoding_data
            who_userid = encoder(who_userid)
            who_userdata = 'userid_type:%s' % encoding
        
            who_userdata_dict[self.userid_typename] = encoding

        who_userdata = urlencode(who_userdata_dict)

        old_data = (userid, tokens, userdata)
        new_data = (who_userid, who_tokens, who_userdata)

@@ -146,7 +155,8 @@
                tokens=who_tokens,
                user_data=who_userdata,
                cookie_name=self.cookie_name,
                secure=self.secure)
                secure=self.secure,
                digest_algo=self.digest_algo)
            new_cookie_value = ticket.cookie_value()
            
            if old_cookie_value != new_cookie_value:
@@ -166,9 +176,17 @@
    def _get_cookies(self, environ, value, max_age=None):
        if max_age is not None:
            max_age = int(max_age)
            later = _now() + datetime.timedelta(seconds=max_age)
            later = _utcnow() + datetime.timedelta(seconds=max_age)
            # Wdy, DD-Mon-YY HH:MM:SS GMT
            expires = later.strftime('%a, %d %b %Y %H:%M:%S')
            expires = "%s, %02d %3s %4d %02d:%02d:%02d GMT" % (
                _weekdayname[later.weekday()],
                later.day,
                _monthname[later.month],
                later.year,
                later.hour,
                later.minute,
                later.second,
            )
            # the Expires header is *required* at least for IE7 (IE7 does
            # not respect Max-Age)
            max_age = "; Max-Age=%s; Expires=%s" % (max_age, expires)
@@ -209,6 +227,7 @@
                timeout=None,
                reissue_time=None,
                userid_checker=None,
                digest_algo=auth_tkt.DEFAULT_DIGEST,
               ):
    from repoze.who.utils import resolveDotted
    if (secret is None and secretfile is None):
@@ -219,13 +238,20 @@
        secretfile = os.path.abspath(os.path.expanduser(secretfile))
        if not os.path.exists(secretfile):
            raise ValueError("No such 'secretfile': %s" % secretfile)
        secret = open(secretfile).read().strip()
        with open(secretfile) as f:
            secret = f.read().strip()
    if timeout:
        timeout = int(timeout)
    if reissue_time:
        reissue_time = int(reissue_time)
    if userid_checker is not None:
        userid_checker = resolveDotted(userid_checker)
    if isinstance(digest_algo, str):
        try:
            digest_algo = getattr(hashlib, digest_algo)
        except AttributeError:
            raise ValueError("No such 'digest_algo': %s" % digest_algo)

    plugin = AuthTktCookiePlugin(secret,
                                 cookie_name,
                                 _bool(secure),
@@ -233,6 +259,7 @@
                                 timeout,
                                 reissue_time,
                                 userid_checker,
                                 digest_algo,
                                 )
    return plugin