%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /opt/alt/python27/lib/python2.7/site-packages/paste/auth/
Upload File :
Create Path :
Current File : //opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyo

�
a�Nc@sdZddlZyddlmZWn!ek
rIddlmZnXddlZddlmZddl	m
Zddl	mZ
defd��YZd	efd
��YZd�Zd�Zd
�Zdd�Zdefd��YZddeedd�ZdS(s'
Implementation of cookie signing as done in `mod_auth_tkt
<http://www.openfusion.com.au/labs/mod_auth_tkt/>`_.

mod_auth_tkt is an Apache module that looks for these signed cookies
and sets ``REMOTE_USER``, ``REMOTE_USER_TOKENS`` (a comma-separated
list of groups) and ``REMOTE_USER_DATA`` (arbitrary string data).

This module is an alternative to the ``paste.auth.cookie`` module;
it's primary benefit is compatibility with mod_auth_tkt, which in turn
makes it possible to use the same authentication process with
non-Python code run under Apache.
i����N(tmd5(trequest(tquote(tunquotet
AuthTicketcBsAeZdZdddded�Zd�Zd�Zd�ZRS(	s�
    This class represents an authentication token.  You must pass in
    the shared secret, the userid, and the IP address.  Optionally you
    can include tokens (a list of strings, representing role names),
    'user_data', which is arbitrary data available for your own use in
    later scripts.  Lastly, you can override the cookie name and
    timestamp.

    Once you provide all the arguments, use .cookie_value() to
    generate the appropriate authentication ticket.  .cookie()
    generates a Cookie object, the str() of which is the complete
    cookie header to be sent.

    CGI usage::

        token = auth_tkt.AuthTick('sharedsecret', 'username',
            os.environ['REMOTE_ADDR'], tokens=['admin'])
        print 'Status: 200 OK'
        print 'Content-type: text/html'
        print token.cookie()
        print
        ... redirect HTML ...

    Webware usage::

        token = auth_tkt.AuthTick('sharedsecret', 'username',
            self.request().environ()['REMOTE_ADDR'], tokens=['admin'])
        self.response().setCookie('auth_tkt', token.cookie_value())

    Be careful not to do an HTTP redirect after login; use meta
    refresh or Javascript -- some browsers have bugs where cookies
    aren't saved when set on a redirect.
    ttauth_tktc		Css||_||_||_dj|�|_||_|dkrTtj�|_n	||_||_	||_
dS(Nt,(tsecrettuseridtiptjointtokenst	user_datatNonettime_modttimetcookie_nametsecure(	tselfRR	R
RR
RRR((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyt__init__Ws						cCs+t|j|j|j|j|j|j�S(N(tcalculate_digestR
RRR	RR
(R((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pytdigestfscCsYd|j�t|j�t|j�f}|jrH||jd7}n||j7}|S(Ns	%s%08x%s!t!(RtintRt	url_quoteR	RR
(Rtv((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pytcookie_valueks
+	
cCsltj�}|j�jd�j�jdd�||j<d||jd<|jrhd||jd<n|S(Ntbase64s
Rt/tpathttrueR(tCookietSimpleCookieRtencodetstriptreplaceRR(Rtc((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pytcookiers.	(N(	t__name__t
__module__t__doc__RtFalseRRRR&(((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyR3s"
		t	BadTicketcBseZdZdd�ZRS(s�
    Exception raised when a ticket can't be parsed.  If we get
    far enough to determine what the expected digest should have
    been, expected is set.  This should not be shown by default,
    but can be useful for debugging.
    cCs||_tj||�dS(N(texpectedt	ExceptionR(RtmsgR,((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyR�s	N(R'R(R)RR(((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyR+{scCs9|jd�}|d }yt|dd!d�}Wn#tk
rX}td|��nXy |djdd�\}}Wntk
r�td��nXt|�}d|kr�|jdd�\}}	nd	}|}	t||||||	�}
|
|krtd
d|
|f��n|jd�}||||	fS(
s�
    Parse the ticket, returning (timestamp, userid, tokens, user_data).

    If the ticket cannot be parsed, ``BadTicket`` will be raised with
    an explanation.
    t"i i(is"Timestamp is not a hex integer: %sRisuserid is not followed by !RsDigest signature is not correctR,R(R#Rt
ValueErrorR+tsplitturl_unquoteR(RtticketR
Rt	timestampteR	tdataRR
R,((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pytparse_ticket�s,
 
	cCs}t|�}t|�}t|�}t|�}tt||�||d|d|�j�}t||�j�}|S(Nt(tmaybe_encodeRtencode_ip_timestampt	hexdigest(R
R4RR	RR
tdigest0R((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyR�s0cCs�djtttt|jd����}t|�}|d@d?|d@d?|d@d?|d	@f}djtt|��}||S(
NRt.I�ii�ii�ii�(RtmaptchrRR1(R
R4tip_charsttttstts_chars((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyR:�s*
tutf8cCs%t|t�r!|j|�}n|S(N(t
isinstancetunicodeR"(tstencoding((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyR9�stAuthTKTMiddlewarec	BsJeZdZdeedeeeed�Zd�Zd�Zd�Z	RS(s�
    Middleware that checks for signed cookies that match what
    `mod_auth_tkt <http://www.openfusion.com.au/labs/mod_auth_tkt/>`_
    looks for (if you have mod_auth_tkt installed, you don't need this
    middleware, since Apache will set the environmental variables for
    you).

    Arguments:

    ``secret``:
        A secret that should be shared by any instances of this application.
        If this app is served from more than one machine, they should all
        have the same secret.

    ``cookie_name``:
        The name of the cookie to read and write from.  Default ``auth_tkt``.

    ``secure``:
        If the cookie should be set as 'secure' (only sent over SSL) and if
        the login must be over SSL. (Defaults to False)

    ``httponly``:
        If the cookie should be marked as HttpOnly, which means that it's
        not accessible to JavaScript. (Defaults to False)

    ``include_ip``:
        If the cookie should include the user's IP address.  If so, then
        if they change IPs their cookie will be invalid.

    ``logout_path``:
        The path under this middleware that should signify a logout.  The
        page will be shown as usual, but the user will also be logged out
        when they visit this page.

    If used with mod_auth_tkt, then these settings (except logout_path) should
    match the analogous Apache configuration settings.

    This also adds two functions to the request:

    ``environ['paste.auth_tkt.set_user'](userid, tokens='', user_data='')``

        This sets a cookie that logs the user in.  ``tokens`` is a
        string (comma-separated groups) or a list of strings.
        ``user_data`` is a string for your own use.

    ``environ['paste.auth_tkt.logout_user']()``

        Logs out the user.
    RcCs^||_||_||_||_||_||_||_||_|	|_|
|_	dS(N(
tappRRRthttponlyt
include_iptlogout_pathtno_domain_cookietcurrent_domain_cookietwildcard_cookie(RRJRRRRLRMRKRNRORP((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyR�s									c
s�tj��}�j|kr1|�jj}nd}|r��jrS�d}nd}y�t�j||�\}}}}	dj|�}|�d<�jd�r��dd|}n|�d<|	�d<d�d	<Wq�t	k
r�q�Xng�dd���fd
�}
���fd�}|
�d<|�d
<�j
re�jd��j
kre|�nd��fd�}�j�|�S(NRtREMOTE_ADDRs0.0.0.0RtREMOTE_USERtREMOTE_USER_TOKENStREMOTE_USER_DATAR&t	AUTH_TYPEcs#�j�j�|||��dS(N(textendtset_user_cookie(R	RR
(tenvironRtset_cookies(sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pytset_user,scs�j�j���dS(N(RVtlogout_user_cookie((RXRRY(sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pytlogout_user0sspaste.auth_tkt.set_userspaste.auth_tkt.logout_usert	PATH_INFOcs|j���|||�S(N(RV(tstatustheaderstexc_info(RYtstart_response(sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pytcookie_setting_start_response8s
(
Rtget_cookiesRtvalueRLR7RRtgetR+RMRRJ(
RRXRatcookiesRtremote_addrR4R	RR
RZR\Rb((RXRRYRasD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyt__call__s:	






!
cCsvt|t�s!dj|�}n|jr7|d}nd}t|j||d|d|d|jd|j�}|jd|jd	��}d
|}d}	|jr�|	d7}	n|j	r�|	d
7}	ng}
|j
r|
jdd|j|j�|	ff�n|j
r:|
jdd|j|j�||	ff�n|jrr|
jdd|j|j�||	ff�n|
S(NRRQs0.0.0.0RR
RRt	HTTP_HOSTtSERVER_NAMER=Rs; secures
; HttpOnlys
Set-Cookies%s=%s; Path=/%ss%s=%s; Path=/; Domain=%s%s(REt
basestringRRLRRRRReRKRNtappendRRORP(RRXR	RR
RgR3t
cur_domaintwild_domaintcookie_optionsRf((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyRW>sB	
	
	
	
	 		cCs}|jd|jd��}d|}d}dd|j|ffdd|j||ffdd|j||ffg}|S(NRiRjR=sSat, 01-Jan-2000 12:00:00 GMTs
Set-Cookies%s=""; Expires="%s"; Path=/s&%s=""; Expires="%s"; Path=/; Domain=%s(ReR(RRXRmRntexpiresRf((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyR[gs
N(
R'R(R)R*tTrueRRRhRWR[(((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyRI�s2		2	)RcCszddlm}||�}||�}|dkrF|jd�}n|s[td��nt||||||pvd�S(s�
    Creates the `AuthTKTMiddleware
    <class-paste.auth.auth_tkt.AuthTKTMiddleware.html>`_.

    ``secret`` is requird, but can be set globally or locally.
    i����(tasboolRs>You must provide a 'secret' (in global or local configuration)N(tpaste.deploy.convertersRrRReR0RI(RJtglobal_confRRRRLRMRr((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pytmake_auth_tkt_middlewareus(R)RRthashlibRtImportErrorR tpasteRturllibRRRR2tobjectRR-R+R7RR:R9RIRR*RqRu(((sD/opt/alt/python27/lib/python2.7/site-packages/paste/auth/auth_tkt.pyt<module>&s*
H	%		�

Zerion Mini Shell 1.0