Document the new digest_algo parameter
| | |
| | | return password == hashed |
| | | htpasswd = HTPasswdPlugin(io, cleartext_check) |
| | | basicauth = BasicAuthPlugin('repoze.who') |
| | | auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt') |
| | | auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt', digest_algo="sha512") |
| | | redirector = RedirectorPlugin('/login.html') |
| | | redirector.classifications = {IChallenger:['browser'],} # only for browser |
| | | identifiers = [('auth_tkt', auth_tkt), |
| | |
| | | cookie_name = oatmeal |
| | | secure = False |
| | | include_ip = False |
| | | digest_algo = sha512 |
| | | |
| | | [plugin:basicauth] |
| | | # identification and challenge |
| | |
| | | |
| | | ## other plugins |
| | | basicauth = BasicAuthPlugin('repoze.who') |
| | | auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt') |
| | | auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt', digest_algo="sha512") |
| | | redirector = RedirectorPlugin(login_url='/login.html') |
| | | redirector.classifications = {IChallenger:['browser'] } # only for browser |
| | | |
| | |
| | | cookie_name = auth_cookie |
| | | secure = True |
| | | include_ip = True |
| | | digest_algo = sha512 |
| | | |
| | | [general] |
| | | request_classifier = repoze.who.classifiers:default_request_classifier |
| | |
| | | if _validate(login_name, password): |
| | | headers = [('Location', came_from)] |
| | | ticket = auth_tkt.AuthTicket(SECRET, login_name, remote_addr, |
| | | cookie_name=COOKIE_NAME, secure=True) |
| | | cookie_name=COOKIE_NAME, secure=True, |
| | | digest_algo="sha512") |
| | | headers = _get_cookies(environ, ticket.cookie_value()) |
| | | headers.append(('Location', came_from)) |
| | | start_response('302 Found', headers) |
| | |
| | | |
| | | An :class:`AuthTktCookiePlugin` is an ``IIdentifier`` and ``IAuthenticator`` |
| | | plugin which remembers its identity state in a client-side cookie. |
| | | This plugin uses the ``paste.auth.auth_tkt``"auth ticket" protocol. |
| | | This plugin uses the ``paste.auth.auth_tkt``"auth ticket" protocol and |
| | | is compatible with Apache's mod_auth_tkt. |
| | | It should be instantiated passing a *secret*, which is used to encrypt the |
| | | cookie on the client side and decrypt the cookie on the server side. |
| | | The cookie name used to store the cookie value can be specified |
| | |
| | | ``urllib.urlencode`` function (``urllib.urlparse.urlencode`` in python 3). |
| | | Saving keys/values with unicode characters is supported only under python 3. |
| | | |
| | | .. note:: |
| | | Plugin supports multiple digest algorithms. It defaults to md5 to match |
| | | the default for mod_auth_tkt and paste.auth.auth_tkt. However md5 is not |
| | | recommended as there are viable attacks against the hash. Any algorithm |
| | | from the hashlib library can be specified, currently only sha256 and sha512 |
| | | are supported by mod_auth_tkt. |
| | | |
| | | .. module:: repoze.who.plugins.basicauth |
| | | |
| | | .. class:: BasicAuthPlugin(realm) |