From 7483ece150564b242ba0ac5c091319ee570dd9e1 Mon Sep 17 00:00:00 2001
From: David Tulloh <git-david@tulloh.id.au>
Date: Tue, 31 May 2016 18:24:04 +0200
Subject: [PATCH] Added alternate hash support to auth_tkt plugin

---
 repoze/who/plugins/auth_tkt.py |   25 +++++++++++++++++++++----
 1 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/repoze/who/plugins/auth_tkt.py b/repoze/who/plugins/auth_tkt.py
index 1c551b1..db74da5 100644
--- a/repoze/who/plugins/auth_tkt.py
+++ b/repoze/who/plugins/auth_tkt.py
@@ -5,6 +5,10 @@
 from codecs import utf_8_encode
 import os
 import time
+try:
+    import hashlib
+except ImportError:
+    import md5 as hashlib # Will only support md5 algorithm
 from wsgiref.handlers import _monthname     # Locale-independent, RFC-2616
 from wsgiref.handlers import _weekdayname   # Locale-independent, RFC-2616
 try:
@@ -28,6 +32,7 @@
         return _UTCNOW
     return datetime.datetime.utcnow()
 
+DEFAULT_DIGEST = hashlib.md5
 
 @implementer(IIdentifier, IAuthenticator)
 class AuthTktCookiePlugin(object):
@@ -51,7 +56,8 @@
  
     def __init__(self, secret, cookie_name='auth_tkt',
                  secure=False, include_ip=False,
-                 timeout=None, reissue_time=None, userid_checker=None):
+                 timeout=None, reissue_time=None, userid_checker=None,
+                 digest_algo=DEFAULT_DIGEST):
         self.secret = secret
         self.cookie_name = cookie_name
         self.include_ip = include_ip
@@ -62,6 +68,7 @@
         self.timeout = timeout
         self.reissue_time = reissue_time
         self.userid_checker = userid_checker
+        self.digest_algo = digest_algo
 
     # IIdentifier
     def identify(self, environ):
@@ -78,7 +85,7 @@
         
         try:
             timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
-                self.secret, cookie.value, remote_addr)
+                self.secret, cookie.value, remote_addr, self.digest_algo)
         except auth_tkt.BadTicket:
             return None
 
@@ -126,7 +133,8 @@
         if old_cookie_value:
             try:
                 timestamp,userid,tokens,userdata = auth_tkt.parse_ticket(
-                    self.secret, old_cookie_value, remote_addr)
+                    self.secret, old_cookie_value, remote_addr,
+                    self.digest_algo)
             except auth_tkt.BadTicket:
                 pass
         tokens = tuple(tokens)
@@ -155,7 +163,8 @@
                 tokens=who_tokens,
                 user_data=who_userdata,
                 cookie_name=self.cookie_name,
-                secure=self.secure)
+                secure=self.secure,
+                digest_algo=self.digest_algo)
             new_cookie_value = ticket.cookie_value()
             
             if old_cookie_value != new_cookie_value:
@@ -226,6 +235,7 @@
                 timeout=None,
                 reissue_time=None,
                 userid_checker=None,
+                digest_algo=DEFAULT_DIGEST,
                ):
     from repoze.who.utils import resolveDotted
     if (secret is None and secretfile is None):
@@ -244,6 +254,12 @@
         reissue_time = int(reissue_time)
     if userid_checker is not None:
         userid_checker = resolveDotted(userid_checker)
+    if isinstance(digest_algo, str):
+        try:
+            digest_algo = getattr(hashlib, digest_algo)
+        except AttributeError:
+            raise ValueError("No such 'digest_algo': %s" % digest_algo)
+
     plugin = AuthTktCookiePlugin(secret,
                                  cookie_name,
                                  _bool(secure),
@@ -251,6 +267,7 @@
                                  timeout,
                                  reissue_time,
                                  userid_checker,
+                                 digest_algo,
                                  )
     return plugin
 

--
Gitblit v1.9.3