{
    "info": {
        "author": "Alfredo Saglimbeni",
        "author_email": "a.saglimbeni@scsitaly.com, repirro@gmail.com",
        "bugtrack_url": null,
        "classifiers": [
            "Environment :: Web Environment",
            "Intended Audience :: Developers",
            "Operating System :: OS Independent",
            "Topic :: Internet",
            "Topic :: Software Development"
        ],
        "description": "Welcome to mod_auth's documentation!\n************************************\n\n\nRequirement\n===========\n\n   * Python2.6+\n\n   * M2Crypto library\n\n   * Setuptools\n\n   * pip\n\n\nInstallation\n============\n\nTo install mod_auth Library you can run this command from unix shell:\n\n>>> sudo pip install https://github.com/b3c/mod_auth/zipball/master\n\n\nMod_Auth\n********\n\nThis module implements the session cookie format from mod_auth_tkt and\nmod_auth_pubtkt. In this documentation show you how to use and\nintegrate mod_auth library into your project.\n\nContributors:\n\nBefore start I want say a BIG TANKS to plone.session team for\ntkauth.py module. It help us to start with this library:\n\n   plone-session: https://github.com/plone/plone.session/blob/master/p\n   lone/session/tktauth.py\n\nAnd to Andrey Plotnikov for a easy implementation fo mod_auth_pubtkt\n\n   auth_pubtkt: https://github.com/AndreyPlotnikov/auth_pubtkt\n\n\nmod_auth_tkt style cookie authentication\n========================================\n\nMod_auth library implements the session cookie format from\nmod_auth_tkt, the class used is Ticket. Now \"createTicket\" and\n\"validateTicket\" functions use the MD5 based double hashing scheme in\nthe original mod_auth_tkt.\n\n\nConfiguration\n-------------\n\nIn mod_auth_tkt the protocol depends on a secret string shared between\nservers. From time to time this string should be changed, so store it\nin a configuration file.\n\n>>> SECRET = 'b8fb7b6df0d64dd98b8ccd00577434d7'\n\nThe tickets are only valid for a limited time. Here we will use 24\nhours\n\n>>> DEFAULT_TIMEOUT = 24*60*60\n\n\nTicket creation\n---------------\n\nThe minimal set of attributes to create a ticket are composed only\nfrom a userid:\n\n>>> userid = 'testUser'\n\nFirst stemp is to init Ticket object:\n\n>>> from mod_auth import Ticket\n>>> mod_auth_Ticket = Ticket(SECRET)\n\nSo, set the validuntil that the user will log out.\n\n>>> validuntil = int(time.time())+ (24*60*60)\n\nWe will create a mod_auth_tkt compatible ticket. In the simplest case\nno extra data is supplied.\n\n>>> ticket = mod_auth_Ticket.createTkt(userid,validuntil=validuntil)\n>>>'b054eeab313d4b75e10f4fd4ddb36ecf50115dcctestUser!'\n\nThe cookie itself should be base64 encoded. We will use the built-in\nCookie module here, your web framework may supply it's own mechanism.\n\n>>> import Cookie, binascii\n>>> cookie = Cookie.SimpleCookie()\n>>> cookie['auth_tkt'] = binascii.b2a_base64(ticket).strip()\n>>> print cookie\nSet-Cookie: auth_tkt=YjA1NGVlYWIzMTNkNGI3NWUxMGY0ZmQ0ZGRiMzZlY2Y1MDExNWRjY3Rlc3RVc2VyIQ==\n\n\nTicket validation\n-----------------\n\nFirst the ticket has to be read from the cookie and unencoded:\n\n>>> ticket = binascii.a2b_base64(cookie['auth_tkt'].value)\n>>> ticket\n'b054eeab313d4b75e10f4fd4ddb36ecf50115dcctestUser!'\n\nThe server that invoke validateTkt and open a session cookie need of\nthe SECRET to validate the digest into ticket.\n\nInit the Ticket object:\n\n>>> from mod_auth import Ticket\n>>> mod_auth_Ticket = Ticket(SECRET)\n\nnext step is to validate:\n\n>>> mod_auth_Ticket.validateTkt(ticket)\n>>> (u'testUser', (), u'', 1343315404)\n\nIf the ticket is valid and not expired , validateTkt return all\ninformation about logged user else raise an Exception (see function\ndocumentation for detail)\n\n\nTokens and user data\n--------------------\n\nThe format allows for optional user data and tokens. For detail you\ncan see the test.py into mod_auh module, where there are some use test\nof this class. Here an example:\n\n>>> Secret = str(uuid.uuid4().hex)\n>>> # Init SignedTicket object\n>>> simpleTicket = Ticket(Secret)\n\n>>> #USER DATA\n\n>>> userid = 'TestUser'\n>>> tokens = ('role1', 'role2')\n>>> userdata = ('testuser@mail.com','Italy','Bologna')\n>>> cip = '127.0.0.1'\n>>> # ticket is valdi until 24 from now\n>>> validuntil = int(time.time())+ (24*60*60)\n\n>>> #END USERDATA\n\n>>> ticket = simpleTicket.createTkt(userid,tokens,userdata,cip,validuntil)\n\n\nMod_auth_pubtkt style cookie authentication\n===========================================\n\nmod_auth_pubtkt is a module that authenticates a user based on a\ncookie with a ticket that has been issued by a central login server\nand digitally signed using either RSA or DSA. This means that only the\ntrusted login server has the private key required to generate tickets,\nwhile web servers only need the corresponding public key to verify\nthem.\n\nIn mod_auth module is implemented  by SignedTicket class.\n\n\nConfiguration\n-------------\n\nBE CAREFUL!For your safety, please, if you use this module in your\nproject, generate new keys (DSA or RSA) , to do that see the section\nbelow:\n\nFrom your unix shell. DSA:\n\n   openssl dsaparam -out dsaparam.pem 2048\n\n   openssl gendsa -out privDSAkey.pem dsaparam.pem\n\n   openssl dsa -in privDSAkey.pem -out pubDSAkey.pem -pubout\n\n   The dsaparam.pem file is not needed anymore after key generation\n   and can safely be deleted.\n\nRSA:\n\n   openssl genDSArsa -out privkey.pem 2048\n\n   openssl rsa -in privDSAkey.pem -out pubkey.pem -pubout\n\n\nTicket creation\n---------------\n\nLike into Ticket class , the minimal set of attributes to create a\nticket are composed only by a userid:\n\n>>> userid = 'testUser'\n\nFirst stemp is to init SignedTicket object with your keys:\n\n>>> from mod_auth import SignedTicket\n>>> mod_auth_pubTicket = Ticket(path_pub_key,path_priv_key)\n\nyou can use RSA or DSA keys in pem or der format.\n\nSo, set the validuntil that the user will log out.\n\n>>> validuntil = int(time.time())+ (24*60*60)\n\nWe will create a mod_auth_pubtkt compatible ticket. In the simplest\ncase no extra data is supplied.\n\n>>> ticket = mod_auth_pubTicket.createTkt(userid,validuntil=validuntil)\n>>>'uid=testUser;validuntil=1343379094;cip=0.0.0.0;sig=MC0CFQCJexq0701MPIcUYHoacJCKCbor1gIUI+oPZElmsNY8/rmk069+ef/u47o='\n\nThe cookie itself should be base64 encoded. We will use the built-in\nCookie module here, your web framework may supply it's own mechanism.\n\n>>> import Cookie, binascii\n>>> cookie = Cookie.SimpleCookie()\n>>> cookie['auth_tkt'] = binascii.b2a_base64(ticket).strip()\n>>> print cookie\nSet-Cookie: auth_tkt=dWlkPXRlc3RVc2VyO3ZhbGlkdW50aWw9MTM0MzM3OTA5NDtjaXA9MC4wLjAuMDtzaWc9TUMwQ0ZEK1RibmpjMi91OEdjZVBGMm1MK24xTXk5bjRBaFVBalBFYTRDZ1RORHhMV2dlWjZTVjhjSGN3S3pRPQ==\n\n\nTicket validation\n-----------------\n\nFirst the ticket has to be read from the cookie and unencoded:\n\n>>> ticket = binascii.a2b_base64(cookie['auth_tkt'].value)\n>>> ticket\n'uid=testUser;validuntil=1343379094;cip=0.0.0.0;sig=MC0CFQCJexq0701MPIcUYHoacJCKCbor1gIUI+oPZElmsNY8/rmk069+ef/u47o='\n\nThe server that invoke validateTkt and open a session cookie need at\nleast public Key. Init the Ticket object:\n\n>>> from mod_auth import SignedTicket\n>>> mod_auth_pubTicket = SignedTicket(path_pub_key)\n## if you init with public key , SignedTicket can only validate and not create\n\nnext step is to validate:\n\n>>> mod_auth_pubTicket.validateTkt(ticket)\n>>> (u'testUser', [], [], 1343380332)\n\nIf the ticket is valid with valid sign and not expired , validateTkt\nreturn all information about logged user else raise an Exception (see\nfunction documentation for detail)\n\n\nTokens and user data\n--------------------\n\nThe format allows for optional user data and tokens. For detail you\ncan see the test.py into mod_auh module, where there are some use test\nof this class. Here an example:\n\n>>> # Init SignedTicket object\n>>> signTicket = SignedTicket('./DSApubkey.pem','./DSAprivkey.pem')\n\n>>> #USER DATA\n>>> userid = 'TestUser'\n>>> tokens = ('role1', 'role2')\n>>> userdata = ('testuser@mail.com','Italy','Bologna')\n>>> cip = '127.0.0.1'\n>>> # ticket is valdi until 24h from now\n>>> validuntil = int(time.time())+ (24*60*60)\n>>> #END USERDATA\n\n>>> ticket = signTicket.createTkt(userid,tokens,userdata,cip,validuntil)\n\n\nSimple use\n**********\n\nTo start with mod_auth Library you can use Simple function to create\nand validate Ticket. They based on mod_auth_tkt cookie authentication\nand work with minimum set of attribute , SECRET and USERID. SECRET\nhave to be shared with all server where you intend to use tickets\nsystem authetication. Example of use:\n\n>>> from mod_auth import createSimpleTicket\n>>> from mod_auth import validateSimpleTicket\n>>> SECRET = 'b8fb7b6df0d64dd98b8ccd00577434d7'\n>>> userid = 'testUser'\n#Ticket creation\n>>> tkt = createSimpleTicket(SECRET,userid)\n>>> tkt\n>>> '1cfdad68a9f9b70227da2bbd99ca462e5011c7b7testUser!'\n#Ticket validation\n>>> validateSimpleTicket(tkt)\n>>> (u'testUser', (), u'', 1343342519)\n\nstatic mod_auth.createSimpleTicket(secret, userid, tokens=(), user_data=())\n\n   Simple way to use mod_auth_tkt cookie authentication. To create a\n   ticket it need only of SECRET and userid.\n\n   Arguments:\n\n      \"secret\" (string):\n         secret key.\n\n      \"userid\" (string):\n         Unique user identifier.\n\n   Optional arguments:\n\n      \"tokens\" (tupla):\n         tokens list.\n\n      \"user_data\" (tupla):\n         user data list\n\n   Return:\n\n      \"ticket\" (string):\n         mod_auth_ticket format.\n\nstatic mod_auth.validateSimpleTicket(secret, ticket)\n\n   Simple way to use mod_auth_tkt cookie authentication. To validate a\n   ticket it need only of SECRET and ticket.\n\n   Arguments:\n\n      \"secret\" (string):\n         secret key.\n\n      \"ticket\" (string):\n         Ticket string value.\n\n   Return:\n\n      \"fields\" (tupla):\n         ticket's fields format (userid, tocken, userdata, validuntil)\n\n\nSignedTicket\n************\n\nclass class mod_auth.mod_auth.SignedTicket(pub_key_Path, priv_key_Path=None)\n\n   Mod_auth_pubtkt style cookie authentication class.\n\n   validateTkt(ticket, now=None, encoding='utf8')\n\n      Parse and verify auth_pubtkt ticket.\n\n      Returns tupla with ticket's fields format: (userid, tocken,\n      userdata, validuntil)\n\n      \"TicketParseError\" exceptions can be raised in case of invalid\n      ticket format or signature verification failure.\n\n      \"TicketExpired\" exceptions raised if ticket expire.\n\n      Arguments:\n\n         \"ticket\" (string):\n            Ticket string value.\n\n         \"now\" (string):\n            Timestamp of client datetime, if not set , server\n            timestamp is used.\n\n         \"encoding\":\n            encoding of the data into ticket\n\n      Return:\n\n         \"fields\" (tupla):\n            ticket's fields format (userid, tocken, userdata,\n            validuntil)\n\n   createTkt(userid, tokens=(), user_data=(), cip='0.0.0.0', validuntil=None, encoding='utf8')\n\n      Create mod_auth_pubtkt ticket.\n\n      Returns a valid ticket string.\n\n      Arguments:\n\n         \"userid\" (string):\n            Unique user identifier.\n\n      Optional arguments:\n\n         \"tokens\" (tupla):\n            tokens list.\n\n         \"user_data\" (tupla):\n            user data list\n\n         \"cip\" (string):\n            user client ip.\n\n         \"validuntil\" (string):\n            timestamp of ticket expiration.\n\n         \"encoding\" :\n            encoding of the data into ticket\n\n      Return:\n\n         \"ticket\" (string):\n            mod_auth_pubtkt signed ticket format.\n\n\nTicket\n******\n\nclass class mod_auth.mod_auth.Ticket(secret)\n\n   Mod_auth_tkt style cookie authentication class.\n\n   validateTkt(ticket, cip='0.0.0.0', now=None, encoding='utf8')\n\n      To validate, a new ticket is created from the data extracted\n      from cookie and the shared secret. The two digests are compared\n      and timestamp checked.\n\n      Successful validation returns a tupla with ticket's fields\n      format: (userid, tocken, userdata, validuntil)\n\n      \"BadTicket\" exceptions can be raised in case of invalid ticket\n      format or digest verification failure.\n\n      \"TicketExpired\" exceptions raised if ticket expire.\n\n      Arguments:\n\n         \"ticket\" (string):\n            Ticket string value.\n\n         \"cip\" (string):\n            if createtkt was set client ip, here it need too, because\n            it validate the digest.\n\n         \"now\" (string):\n            Timestamp of client datetime, if not set , server\n            timestamp is used.\n\n         \"encoding\":\n            encoding of the data into ticket\n\n      Return:\n\n         \"fields\" (tupla):\n            ticket's fields format (userid, tocken, userdata,\n            validuntil)\n\n   createTkt(userid, tokens=(), user_data=(), cip='0.0.0.0', validuntil=None, encoding='utf8')\n\n      Create mod_auth_pubtkt ticket.\n\n      Returns a valid ticket string.\n\n      Arguments:\n\n         \"userid\" (string):\n            Unique user identifier.\n\n      Optional arguments:\n\n         \"tokens\" (tupla):\n            tokens list.\n\n         \"user_data\" (tupla):\n            user data list\n\n         \"cip\" (string):\n            user client ip.\n\n         \"validuntil\" (string):\n            timestamp of ticket expiration.\n\n         \"encoding\" :\n            encoding of the data into ticket\n\n      Return:\n\n         \"ticket\" (string):\n            mod_auth_ticket format.\n\n\nException\n*********\n\nexception exception mod_auth.exception.BadSignature(ticket)\n\n   Exception raised when a signature verification is failed\n\nexception exception mod_auth.exception.BadTicket(ticket, msg='')\n\n   Exception raised when a ticket has invalid format\n\nexception exception mod_auth.exception.TicketExpired(ticket)\n\n   Exception raised when a signature verification is failed\n\nexception exception mod_auth.exception.TicketParseError(ticket, msg='')\n\n   Base class for all ticket parsing errors\n\n\nLICENSE\n*******\n\nmod_auth is Copyright 2012 SuperComputer Solutions S.r.l (SCS)\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n\n\nIndices and tables\n******************\n\n* *Index*\n\n* *Module Index*\n\n* *Search Page*",
        "description_content_type": null,
        "docs_url": "https://pythonhosted.org/mod_auth_library/",
        "download_url": "UNKNOWN",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/b3c/mod_auth/zipball/master",
        "keywords": "mod_auth mod_auth_pubtkt mod_auth_tkt authentication single sign on ticket",
        "license": "BSD",
        "maintainer": null,
        "maintainer_email": null,
        "name": "mod_auth_library",
        "package_url": "https://pypi.org/project/mod_auth_library/",
        "platform": "UNKNOWN",
        "project_url": "https://pypi.org/project/mod_auth_library/",
        "project_urls": {
            "Download": "UNKNOWN",
            "Homepage": "https://github.com/b3c/mod_auth/zipball/master"
        },
        "release_url": "https://pypi.org/project/mod_auth_library/1.0/",
        "requires_dist": null,
        "requires_python": null,
        "summary": "Powerfull and useful library to integrate mod_auth_tkt and mod_auth_pubtkt into your projects.",
        "version": "1.0"
    },
    "last_serial": 454343,
    "releases": {
        "1.0": []
    },
    "urls": []
}