{ "info": { "author": "Philip Martin", "author_email": "phillip.martin@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", "Programming Language :: Python", "Topic :: Security", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "Flask-HmacAuth\n==============\n\n`|Build Status| `_ A\nmodule to simplify HMAC-style authentication for RESTful APIs in Flask,\nwhich also builds in a simple RBAC concept and anti-replay via a\ntimestamp. For GET requests, the path section and all parameters are\nhashed. For POST requests, the request body is added as well. By\ndefault, the module expects authentication via an X-Auth-Signature\nheader and ACCOUNT\\_ID and TIMESTAMP parameters (holding the obvious\nvalues) to be present in the query string or request body. TIMESTAMP can\nbe in any format datetime.fromtimestamp() can parse. ACCOUNT\\_ID will be\nused to lookup a given account's secret and roles via an AccountBroker.\nIf auth fails, the application throws a 403 back to the client. All of\nthat can be changed, however.\n\nThe concept of an AccountBroker is used to separate this module from any\nactual user/role management logic. 2 trivial AccountBroker\nimplementations have been provided.\n\nExample\n=======\n\nServer\n------\n\n::\n\n from flask import Flask\n from flask.ext.hmacauth import hmac_auth, DictAccountBroker, HmacManager\n\n app = Flask(__name__)\n accountmgr = DictAccountBroker(\n accounts={\n \"admin\": {\"secret\": \";hi^897t7utf\", \"rights\": [\"create\", \"edit\", \"delete\", \"view\"]},\n \"editor\": {\"secret\": \"afstr5afewr\", \"rights\": [\"create\", \"edit\", \"view\"]},\n \"guest\": {\"secret\": \"ASDFjoiu%i\", \"rights\": [\"view\"]}\n })\n hmacmgr = HmacManager(accountmgr, app)\n ...\n @app.route('/api/v1/create')\n @hmac_auth(\"create\")\n def create_thing():\n ...\n\nClient\n------\n\n::\n\n import requests\n import time\n import hashlib\n\n path_and_query = \"/api/v1/create?TIMESTAMP=\"+str(int(time.time()))+\"&ACCOUNT_ID=admin&foo=bar\"\n host = \"https://example.com\"\n sig=hmac.new(\";hi^897t7utf\", digestmod=hashlib.sha1, msg=path_and_query).hexdigest()\n req = requests.get(host+path_and_query, headers={'X-Auth-Signature': sig})\n\nAccountBroker\n=============\n\nAn AccountBroker is an object that intermediates between the HMAC\nauthentication and your user/account store. It does this by exposing the\nfollowing methods:\n\n- get\\_secret(account\\_id) - returns a string secret given an account\n ID. If the account does not exist, returns None\n- has\\_rights(account\\_id, rights) - returns True if account\\_id has\n all of the rights in the list rights, otherwise returns False.\n Returns False if the account does not exist.\n- is\\_active(account\\_id) - returns True if account\\_id is active (for\n whatever definition you want to define for active), otherwise returns\n False.\n\nFlask-Hmacauth ships with 2 trivial AccountBroker implementations, a\nDict-based AccountBroker (DictAccountBroker) and a static AccountBroker\n(StaticAccountBroker).\n\nDictAccountBroker\n-----------------\n\nTakes a dict of format:\n\n::\n\n {\n \"accountID\": {\n secret: \"blahblah\",\n rights: [\"right1\", \"right2\", \"right3\", ...]\n }\n ...\n }\n\nit also exposes the add\\_accounts and del\\_accounts methods to modify\naccounts on the fly.\n\nStaticAccountBroker\n-------------------\n\nEssentially disables all of the user and role management, and sets a\nstatic key for use in HMAC. NOTE, if you use this class you need to pass\nStaticAccountBroker.GET\\_ACCOUNT to HmacManager as the account\\_id\nparameter OR supply a dummy value for ACCOUNT\\_ID in the query string\n\nWrite your own\n--------------\n\nA very common case for larger applications will be user management via a\ndatabase. In that case, your AuthenticationBroker class just needs to\nperform the requisite SQL queries to satisfy the the methods above and\nyou're good to go.\n\nHmacManager\n===========\n\nThis is the meat of the module. This object contains the is\\_authorized\nmethod, which actually does the HMAC verification and role checks.\n\nIn the simple case, you just need to pass this object's constructor the\nflask application object and an AccountBroker object. In more complex\ncases, where you want to change defaults, you have the following\noptions:\n\n- app - this is the Flask application container\n- account\\_broker - this is the ApplicationBroker object\n- account\\_id - this is a callable, which when fed a request object\n will return the request's account ID. The default value for this is\n lambda x: x.values.get('ACCOUNT\\_ID')\n- signature - this is a callable, which when fed a request object will\n return the request's signature. The default value for this is\n GET\\_SIGNATURE = lambda x: x.headers.get('X-Auth-Signature').\n- timestamp - this is a callable, which when fed a request object will\n return the request's timestamp. The default value for this is lambda\n x: x.values.get('TIMESTAMP')\n- valid\\_time - number of seconds that a signed request is valid (based\n on the signed timestamp). defaults to 5\n- digest - digest type, defaults to hashlib.sha1\n\n.. |Build\nStatus| image:: https://travis-ci.org/Phillipmartin/flask-hmacauth.svg?branch=master", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://www.github.com/Phillipmartin/flask-hmacauth", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "flask-hmacauth", "package_url": "https://pypi.org/project/flask-hmacauth/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/flask-hmacauth/", "project_urls": { "Homepage": "http://www.github.com/Phillipmartin/flask-hmacauth" }, "release_url": "https://pypi.org/project/flask-hmacauth/0.3.9/", "requires_dist": null, "requires_python": "", "summary": "A module to simplify working with HMAC auth in Flask apps", "version": "0.3.9" }, "last_serial": 1879581, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "0600d54dbe6d4a9ae7b366c7841e603c", "sha256": "3ce5fad621ed3bab193cc571a96b4c077dee020ad97e196f5556d2a64ab116f6" }, "downloads": -1, "filename": "flask_hmacauth-0.1-py2.7.egg", "has_sig": false, "md5_digest": "0600d54dbe6d4a9ae7b366c7841e603c", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 3171, "upload_time": "2014-06-29T01:47:51", "url": "https://files.pythonhosted.org/packages/37/ed/c987ffc1d4e86518a9a02ae4c995e378ea465cca4d37c70060ab57a08b75/flask_hmacauth-0.1-py2.7.egg" }, { "comment_text": "", "digests": { "md5": "cc08ea4ab33430c35e4a972fd330716e", "sha256": "90277dc7f62a516e9e43756e812054402c33e05d8278e4979ac91f1432d81ee9" }, "downloads": -1, "filename": "flask-hmacauth-0.1.tar.gz", "has_sig": false, "md5_digest": "cc08ea4ab33430c35e4a972fd330716e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3555, "upload_time": "2014-06-29T01:47:48", "url": "https://files.pythonhosted.org/packages/a7/ea/d8e9347bdc9ff0a36da93422e64758b2a8ba2b25135e0235d65993599243/flask-hmacauth-0.1.tar.gz" } ], "0.2": [ { "comment_text": "", "digests": { "md5": "d338059f6bb3e9aab9079e5f97aa3183", "sha256": "d9ce0b9b07099a8b3883d7f4752c09bfc25a384a1b753d6cdf658a651042f65b" }, "downloads": -1, "filename": "flask_hmacauth-0.2-py2.7.egg", "has_sig": false, "md5_digest": "d338059f6bb3e9aab9079e5f97aa3183", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 8713, "upload_time": "2014-07-27T21:45:00", "url": "https://files.pythonhosted.org/packages/85/e9/3040811e8c872bc72106d42f5c9828badf68cc8b83e9b9a7ba771244cb1a/flask_hmacauth-0.2-py2.7.egg" }, { "comment_text": "", "digests": { "md5": "1e988313aa91d3325bce7b5ac406338a", "sha256": "5b8d56b6b173a0ea686decd45ef32d751cb54e4e60ebc9a982ec170cdbc75994" }, "downloads": -1, "filename": "flask-hmacauth-0.2.tar.gz", "has_sig": false, "md5_digest": "1e988313aa91d3325bce7b5ac406338a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5874, "upload_time": "2014-07-27T21:44:56", "url": "https://files.pythonhosted.org/packages/72/cc/5f4a022143235a926491e300b98858f4dd7fa3903d09ed520d369037a8b6/flask-hmacauth-0.2.tar.gz" } ], "0.3.9": [ { "comment_text": "", "digests": { "md5": "8efad25d941282263de9d9ef3fc2753d", "sha256": "793309b3ba3424508742baacd08a8cb77edcf5859ec75d53014e450947f668de" }, "downloads": -1, "filename": "flask-hmacauth-0.3.9.tar.gz", "has_sig": false, "md5_digest": "8efad25d941282263de9d9ef3fc2753d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6282, "upload_time": "2015-12-28T09:00:43", "url": "https://files.pythonhosted.org/packages/b1/c0/b273f6ab86360b548e75ba1741f8abcca160d1c52a6b27f5aa38ef7d3b2b/flask-hmacauth-0.3.9.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "8efad25d941282263de9d9ef3fc2753d", "sha256": "793309b3ba3424508742baacd08a8cb77edcf5859ec75d53014e450947f668de" }, "downloads": -1, "filename": "flask-hmacauth-0.3.9.tar.gz", "has_sig": false, "md5_digest": "8efad25d941282263de9d9ef3fc2753d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6282, "upload_time": "2015-12-28T09:00:43", "url": "https://files.pythonhosted.org/packages/b1/c0/b273f6ab86360b548e75ba1741f8abcca160d1c52a6b27f5aa38ef7d3b2b/flask-hmacauth-0.3.9.tar.gz" } ] }