{ "info": { "author": "Nicholas Devenish", "author_email": "n.devenish@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 2 - Pre-Alpha", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "MAC Authorisation Module for Django\n===================================\n\n:Description: A basic implementation of the RFC draft oauth-v2-http-mac-01__ for Django\n:Author: Nicholas Devenish\n\n.. __: http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01\n\nOverview\n--------\n\nThis package implements the current draft of the OAuth-2-related `MAC authorisation protocol`__. This is designed to allow cryptographically reliable requests to be made over a connection that is susceptible to interception. It is based on a shared \"secret\" which is used to calculate a cryptographic signature at both client and resource server to verify that the request was authentic.\n\n.. __: http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01\n\nThis implementation very simply allows a django view to require that this authentication method be used, or to optionally use the authentication information to determine the user of the request.\n\nFeatures\n--------\nThese are the features and features of the protocol that this package provides:\n\n* Unique nonce/timestamp/client ID checking; this prevents the possibility of replay attacks (though, see `Limitations`_)\n* Uses the hmac-sha-1 algorithm\n* partial `ext` header support\n* Uses existing Django User framework\n* Allows optional usage of credentials\n* Authentication errors are communicated back in the WWW-Authentication error parameter\n* Tested on Django 1.3 and 1.4\n\nUsage\n-----\n\nAfter adding ``auth_mac`` to your project's settings, and syncing your db, you can create a new set of Credentials through the admin interface, or by instantiating the ``Credentials`` object with an associated user::\n\n from auth_mac import Credentials\n new_auth = Credentials(user=some_user)\n new_auth.save()\n\nThe credentials object will by default be instantiated with a random identifier and secret key, and will have an expiry date set to a day in the future. All of these can be overridden by setting the ``identifier``, ``key`` and ``expiry`` model fields.\n\nWhen a request is made, you can ensure that the client has authenticated properly by using one of two decorators. The first decorator, **require_credentials**, returns a 401 Unauthorized response if the authentication fails::\n\n from django.http import HttpResponse\n from auth_mac.decorators import require_credentials\n\n @require_credentials\n def some_protected_view(request):\n return HttpResponse(\"This view only runs when authorised!\")\n\nAnd the second decorator, **read_credentials**, allows access even without credentials, but passing credentials will override the ``HttpRequest``'s user property to the authorised user::\n\n from django.http import HttpResponse\n from auth_mac.decorators import read_credentials\n\n @read_credentials\n def some_optionally_protected_view(request):\n return HttpResponse(\"This view can accept Anonymous Users!\")\n\nIn this second case, if the user is accessing through some other authorisation method i.e. signed in via a session cookie, the credential information (if passed) will overwrite the previous login information.\n\nLimitations\n-----------\n\nThis is only a very basic implementation of the protocol. Specifically, it does not provide:\n\n* Any way to distribute the secret information. You could do this via an OAuth2 implementation, or manual distribution of the keys. This is because the current design intent is only to provide REST access to a couple of authorised personal clients.\n* nonce expiry. At this point in time, nonce values have to be kept indefinitely. Some of the timestamp infrastructure is in place, but until it is completed it is unsafe to remove nonces.\n* `hmac-sha-256` is not yet supported\n* No rate limitation for protection against flooded requests\n* The `ext` parameter is used in calculating the base string, but is not currently handled or tested properly.\n* Timestamp verification (including saving of the client offset) is not currently limited. This will be configurable in the future.", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/ndevenish/auth_mac", "keywords": "django,authorization,MAC", "license": "Copyright (c) 2012 Nicholas Devenish \n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.", "maintainer": null, "maintainer_email": null, "name": "django-auth_mac", "package_url": "https://pypi.org/project/django-auth_mac/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/django-auth_mac/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/ndevenish/auth_mac" }, "release_url": "https://pypi.org/project/django-auth_mac/0.1.2/", "requires_dist": null, "requires_python": null, "summary": "Basic Django implementation of the draft RFC ietf-oauth-v2-http-mac-01", "version": "0.1.2" }, "last_serial": 789140, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "81984d54c5dff3982d3aca8bd8aa7f48", "sha256": "a7a5fe4f3cf856b2efbf826dbc51efe97a7936fb6f4f1b5257ca1d1cefa9c608" }, "downloads": -1, "filename": "django-auth_mac-0.1.tar.gz", "has_sig": false, "md5_digest": "81984d54c5dff3982d3aca8bd8aa7f48", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10160, "upload_time": "2012-02-14T18:10:40", "url": "https://files.pythonhosted.org/packages/20/bc/acad4cd5e0d634e85a922cb92d34d44823654955541f2dad064d1770239e/django-auth_mac-0.1.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "3993515621a4a2e3e9eef866348522c2", "sha256": "a17df35b92fda264f5a5491e09da3f6ffda706b8bed0ec68b3196cb5fe55d54c" }, "downloads": -1, "filename": "django-auth_mac-0.1.1.tar.gz", "has_sig": false, "md5_digest": "3993515621a4a2e3e9eef866348522c2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10261, "upload_time": "2012-02-15T03:09:46", "url": "https://files.pythonhosted.org/packages/bf/15/4909e1683ccb731b4ec2796e95d643e2b2f2b7f013de1e4d47f9f39f7676/django-auth_mac-0.1.1.tar.gz" } ], "0.1.2": [ { "comment_text": "", "digests": { "md5": "2bb2e4c553f604706540609b7c793ba1", "sha256": "54343169d256772c7adfbef732e9ca1a24fc594a4610c605b5254f69841eb2b3" }, "downloads": -1, "filename": "django-auth_mac-0.1.2.tar.gz", "has_sig": false, "md5_digest": "2bb2e4c553f604706540609b7c793ba1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10563, "upload_time": "2012-02-16T02:46:01", "url": "https://files.pythonhosted.org/packages/63/17/9443a3701ddb1adf66eea32916fd7a22b8611aff04a874615fd58c4d0735/django-auth_mac-0.1.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "2bb2e4c553f604706540609b7c793ba1", "sha256": "54343169d256772c7adfbef732e9ca1a24fc594a4610c605b5254f69841eb2b3" }, "downloads": -1, "filename": "django-auth_mac-0.1.2.tar.gz", "has_sig": false, "md5_digest": "2bb2e4c553f604706540609b7c793ba1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10563, "upload_time": "2012-02-16T02:46:01", "url": "https://files.pythonhosted.org/packages/63/17/9443a3701ddb1adf66eea32916fd7a22b8611aff04a874615fd58c4d0735/django-auth_mac-0.1.2.tar.gz" } ] }