[CalendarServer-changes] [10629] CalendarServer/branches/users/glyph/digest-auth-redux
source_changes at macosforge.org
source_changes at macosforge.org
Fri Feb 1 15:53:22 PST 2013
Revision: 10629
http://trac.calendarserver.org//changeset/10629
Author: glyph at apple.com
Date: 2013-02-01 15:53:22 -0800 (Fri, 01 Feb 2013)
Log Message:
-----------
Trailing whitespace.
Modified Paths:
--------------
CalendarServer/branches/users/glyph/digest-auth-redux/twistedcaldav/directory/digest.py
Property Changed:
----------------
CalendarServer/branches/users/glyph/digest-auth-redux/
Modified: CalendarServer/branches/users/glyph/digest-auth-redux/twistedcaldav/directory/digest.py
===================================================================
--- CalendarServer/branches/users/glyph/digest-auth-redux/twistedcaldav/directory/digest.py 2013-02-01 23:53:21 UTC (rev 10628)
+++ CalendarServer/branches/users/glyph/digest-auth-redux/twistedcaldav/directory/digest.py 2013-02-01 23:53:22 UTC (rev 10629)
@@ -45,14 +45,14 @@
An interface to a digest credentials database that is used to hold per-client digest credentials so that fast
re-authentication can be done with replay attacks etc prevented.
"""
-
+
def has_key(self, key):
"""
See whether the matching key exists.
@param key: the key to check.
@type key: C{str}.
-
+
@return: C{True} if the key exists, C{False} otherwise.
"""
pass
@@ -67,7 +67,7 @@
@type value: any.
"""
pass
-
+
def get(self, key):
"""
Validate client supplied credentials by comparing with the cached values. If valid, store the new
@@ -79,7 +79,7 @@
@return: the value for the corresponding key, or C{None} if the key is not found.
"""
pass
-
+
def delete(self, key):
"""
Remove the record associated with the supplied key.
@@ -100,7 +100,7 @@
namespace=namespace,
pickle=True,
)
-
+
def has_key(self, key):
"""
See IDigestCredentialsDatabase.
@@ -158,7 +158,7 @@
"""
c = self.generateNonce()
-
+
# Make sure it is not a duplicate
result = (yield self.db.has_key(c))
if result:
@@ -178,7 +178,7 @@
challenge['qop'] = self.qop
else:
del challenge['qop']
-
+
# If stale was marked when decoding this request's Authorization header, add that to the challenge
if hasattr(peer, 'stale') and peer.stale:
challenge['stale'] = 'true'
@@ -209,17 +209,17 @@
"""
response = ' '.join(response.splitlines())
-
+
try:
parts = split(tokenize((response,), foldCase=False), Token(","))
-
+
auth = {}
-
+
for (k, v) in [parseKeyValue(p) for p in parts]:
auth[k.strip()] = v.strip()
except ValueError:
raise error.LoginFailed('Invalid response.')
-
+
username = auth.get('username')
if not username:
raise error.LoginFailed('Invalid response, no username given.')
@@ -258,7 +258,7 @@
@type auth: C{dict}
@param request: the request being processed.
@type request: L{twext.web2.server.Request}
-
+
@return: C{True} if validated.
@raise LoginFailed: if validation fails.
"""
@@ -280,13 +280,13 @@
if nonce_count is None:
yield self._invalidate(nonce)
raise error.LoginFailed('nonce-count is required when qop is specified')
-
+
# Next check the nonce-count is one greater than the previous one and update it in the DB
try:
nonce_count = int(nonce_count, 16)
except ValueError:
yield self._invalidate(nonce)
- raise error.LoginFailed('nonce-count is not a valid hex string: %s' % (auth.get('nonce-count'),))
+ raise error.LoginFailed('nonce-count is not a valid hex string: %s' % (auth.get('nonce-count'),))
if nonce_count != db_nonce_count + 1:
yield self._invalidate(nonce)
raise error.LoginFailed('nonce-count value out of sequence: %s should be one more than %s' % (nonce_count, db_nonce_count,))
@@ -296,8 +296,8 @@
# i.e. we can't allow a qop auth then a non-qop auth with the same nonce
if db_nonce_count != 0:
yield self._invalidate(nonce)
- raise error.LoginFailed('nonce-count was sent with this nonce: %s' % (nonce,))
-
+ raise error.LoginFailed('nonce-count was sent with this nonce: %s' % (nonce,))
+
# Now check timestamp
if db_timestamp + DigestCredentialFactory.CHALLENGE_LIFETIME_SECS <= time.time():
yield self._invalidate(nonce)
@@ -306,7 +306,7 @@
raise error.LoginFailed('Digest credentials expired')
returnValue(True)
-
+
def _invalidate(self, nonce):
"""
Invalidate cached credentials for the specified nonce value.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20130201/0e35c3fe/attachment.html>
More information about the calendarserver-changes
mailing list