{ "info": { "author": "Jeff Dairiki", "author_email": "dairiki@dairiki.org", "bugtrack_url": null, "classifiers": [ "Framework :: Pyramid", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Internet :: WWW/HTTP :: Dynamic Content :: CGI Tools/Libraries" ], "description": "#####################################################\nCryptographically Signed Query Parameters for Pyramid\n#####################################################\n\n|version| |py_versions| |license| |build status|\n\n***********\nDescription\n***********\n\nThis package provides a method for pyramid_ applications to sign parameters\nwhich are passed in query strings (or POST bodies).\n\nThe initial motivation for this was to be able to pass a ``return_url``\nto a views without turning the app into open redirector.\n\nOther use cases include being able to generate URLs (e.g. to be included in\nemails) which can be used to bypass the normal authentication/authorization\nmechanisms.\n\n.. _pyramid: https://trypyramid.com/\n\n************\nInstallation\n************\n\n``Pyramid-signed-params`` can be installed from PyPI_ using ``pip`` or\n``easy_install`` (or ``buildout``.) You should probably be installing it in a virtual\nenvironment.\n\n.. _PyPI: https://pypi.python.org/pypi/pyramid-signed-params\n\n*************\nConfiguration\n*************\n\nYou must configure at least one signing secret in your app settings.\nThe secret should be a random, unguessable string. E.g. in your app\u2019s\n``.ini`` file::\n\n pyramid_signed_params.secret = RGWO7nZ6W6AiPIUcXQN2iahJIThwH9BbpyZ7Lc1XfaOkPGt1GY\n\n.. hint::\n\n You can specify multiple signing keys (one per line.) If\n you do, the first key will be used for signing, while all keys will\n be tried when verifying signatures. This can be useful when rolling\n out a new signing key.\n\nActivate the package by including it in your pyramid application.\n\n.. code-block:: python\n\n config.include('pyramid-signed-params')\n\nThis will add two new attributes to pyramid\u2019s ``request``.\n\n- ``request.sign_query(query, max_age=None, kid=None)``\n\n Used to sign query arguments, e.g.\n\n .. code-block:: python\n\n # Pass the current URL as a signed *return_url* parameter to another view\n query = {'return_url': request.url}\n other_url = request.route_url('other', _query=request.sign_query(query))\n\n The ``max_age`` parameter can be used to generate signatures which expire after a certain\n amount of time.\n\n Passing ``kid=\"csrf\"`` will create signatures which will be\n invalidated whenever the session\u2019s CSRF token is changed.\n\n- ``request.signed_params``\n\n This *reified* property will contain a multidict populated with all\n parameters passed to the request which were signed with a valid\n signature.\n\n*******************\nBasic Usage Example\n*******************\n\nConstruct a URL which could be e-mailed out to allow changing the\npassword of a given user::\n\n # Construct a URL with some signed parameters\n params = {'userid': 'fred', 'action': 'change-pw'}\n signed_params = request.sign_query(params, max_age=3600)\n url = request.route_url('change-pw', _query=signed_params)\n\nThen, in the change-pw view::\n\n if request.signed_params['action'] != 'change-pw':\n raise HTTPForbidden()\n userid = request.signed_params['userid']\n\n # Do whatever needs to be done to change the given users password\n\nNote that because we passed ``max_age=3600`` to ``sign_query``, the\nURL will only work for an hour.\n\n*******\nCaution\n*******\n\nThis package provides no inherent protection against replay attacks.\nIf an attacker has access to a set of signed parameters, he may pass\nthose signed parameters, unmodified, to any URL within the app (or\nother apps sharing the same signing secret.)\n\n*******\nAuthors\n*******\n\n`Jeff Dairiki`_\n\n.. _Jeff Dairiki: mailto:dairiki@dairiki.org\n\n\n.. ==== Badges ====\n\n.. |build status| image::\n https://travis-ci.org/dairiki/pyramid_signed_params.svg?branch=master\n :target: https://travis-ci.org/dairiki/pyramid_signed_params\n\n.. |downloads| image::\n https://img.shields.io/pypi/dm/pyramid_signed_params.svg\n :target: https://pypi.python.org/pypi/pyramid_signed_params/\n :alt: Downloads\n.. |version| image::\n https://img.shields.io/pypi/v/pyramid_signed_params.svg\n :target: https://pypi.python.org/pypi/pyramid_signed_params/\n :alt: Latest Version\n.. |py_versions| image::\n https://img.shields.io/pypi/pyversions/pyramid_signed_params.svg\n :target: https://pypi.python.org/pypi/pyramid_signed_params/\n :alt: Supported Python versions\n.. |py_implementation| image::\n https://img.shields.io/pypi/implementation/pyramid_signed_params.svg\n :target: https://pypi.python.org/pypi/pyramid_signed_params/\n :alt: Supported Python versions\n.. |license| image::\n https://img.shields.io/pypi/l/pyramid_signed_params.svg\n :target: https://github.com/dairiki/pyramid_signed_params/blob/master/LICENSE.txt\n :alt: License\n.. |dev_status| image::\n https://img.shields.io/pypi/status/pyramid_signed_params.svg\n :target: https://pypi.python.org/pypi/pyramid_signed_params/\n :alt: Development Status\n\n\n*******\nChanges\n*******\n\nNext Release 0.1b5 (2018-03-08)\n===============================\n\n- Use the new in ``PyJWT`` 1.6 more specific ``InvalidSignatureError``\n in favor of the generic ``DecodeError`` to detect invalid signatures\n (when available.)\n\nTests\n-----\n\n- Test under both ``PyJWT`` 1.6 and 1.5.3.\n\n- Fix for changes in default log level in ``pytest`` 3.4.\n\n- As of ``pytest`` 3.3, ``pytest-catchlog`` has been rolled into the pytest core.\n\n\nRelease 0.1b4 (2017-12-18)\n==========================\n\nPackaging\n---------\n\n- Drop CPython 3.3 classifier\n\nRelease 0.1b3 (2017-12-18)\n==========================\n\nCompatibility\n-------------\n\n- Drop support for python 3.3.\n\nPackaging\n---------\n\n- Include LICENSE.txt and pytest.ini in sdist.\n\nRelease 0.1b2 (2017-11-16)\n==========================\n\n- Change the ``signed_params`` reified request method so that it\n catches ``UnicodeDecodeError``\\s when accessing ``request.params``,\n and returns an empty dict. (If the parameters are not properly\n encoded, there are no valid signed parameters.)\n\nRelease 0.1b1 (2017-11-16)\n==========================\n\n- Drop support for python 2.6. Test under python 3.6.\n\nSecurity\n--------\n\n- Explicitly specify allowed algorithms when decoding JWTs.\n\nRelease 0.1a5 (2016-11-13)\n==========================\n\n- Remove the (broken) config-time warning issued if no service is\n registered for ``ISignedParamsService``. (When ``autocommit`` was\n off, this warning was always being issued.)\n\nRelease 0.1a4 (2016-11-02)\n==========================\n\n- The setting for configuring the JWT signing secret(s) has been\n renamed to ``pyramid_signed_param.secret`` from\n ``pyramid_signed_param.secrets``. Basic usage involve only a single\n secret. (Two allow for rotation of secrets, any configured secrets are\n accepted when verifying signatures, but only the first is used for\n creating new signatures.)\n\n- ``Pyramid_signed_params.include`` now issues a warning if the\n ``ISignedParamsService`` is not configured.\n\n- ``JWTSecretProviderFactory`` now raises a ``ConfigurationError``\n if no secrets are found in the app ``settings``.\n\n\nRelease 0.1a3 (2016-11-02)\n==========================\n\nInitial release.\n\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/dairiki/pyramid_signed_params", "keywords": "web pyramid cryptography query_string", "license": "BSD", "maintainer": "", "maintainer_email": "", "name": "pyramid-signed-params", "package_url": "https://pypi.org/project/pyramid-signed-params/", "platform": "", "project_url": "https://pypi.org/project/pyramid-signed-params/", "project_urls": { "Homepage": "https://github.com/dairiki/pyramid_signed_params" }, "release_url": "https://pypi.org/project/pyramid-signed-params/0.1b5/", "requires_dist": [ "pyjwt (>=1.3)", "pyramid", "pyramid-services", "pytest (>=3.3); extra == 'test'" ], "requires_python": "", "summary": "Cryptographically signed query parameters for pyramid", "version": "0.1b5" }, "last_serial": 3653163, "releases": { "0.1a3": [ { "comment_text": "", "digests": { "md5": "9c114895f0d03b561a63b194ad593624", "sha256": "02b35085b4e75864b4df63e628b87c1469dc6b9b5798b74b9c1c4571fad6ddbf" }, "downloads": -1, "filename": "pyramid_signed_params-0.1a3-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "9c114895f0d03b561a63b194ad593624", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 12334, "upload_time": "2016-11-02T21:03:31", "url": "https://files.pythonhosted.org/packages/40/d2/24e0f5ae43dcc973e4428aecfffe489ef18d1d4289173ee72bca254b805e/pyramid_signed_params-0.1a3-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "16b0d2cd3ca31860ffb0650eb6105276", "sha256": "e6dfbf4874e363c0ad1043200376414cfa5a8d62573f8c256606bff832f2a942" }, "downloads": -1, "filename": "pyramid-signed-params-0.1a3.tar.gz", "has_sig": true, "md5_digest": "16b0d2cd3ca31860ffb0650eb6105276", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8622, "upload_time": "2016-11-02T21:03:34", "url": "https://files.pythonhosted.org/packages/6f/79/690d9492820d8477979bb09881a6e8416683c48d778deddab34dd77ab06f/pyramid-signed-params-0.1a3.tar.gz" } ], "0.1a4": [ { "comment_text": "", "digests": { "md5": "be4c307bdba9e4108d8bc7298629a1f1", "sha256": "28cb776e1fa30c1163790e94dde8f18ee737d0e8066697468cbafc2f9ae8d96c" }, "downloads": -1, "filename": "pyramid_signed_params-0.1a4-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "be4c307bdba9e4108d8bc7298629a1f1", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 13133, "upload_time": "2016-11-03T00:29:33", "url": "https://files.pythonhosted.org/packages/6d/3c/b4e99a7f4f0ca4cf86017c1c485b934f88b894c70f3bd5d0bd8a0e6d4c8a/pyramid_signed_params-0.1a4-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7123caa42858e0b0350df240736270c5", "sha256": "dbb3425be5b0ff295ff666079e99107179cd4cd2b77e09c8ca9464e7ac751bf1" }, "downloads": -1, "filename": "pyramid-signed-params-0.1a4.tar.gz", "has_sig": true, "md5_digest": "7123caa42858e0b0350df240736270c5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9104, "upload_time": "2016-11-03T00:29:36", "url": "https://files.pythonhosted.org/packages/61/52/671be243e9403f8450f026886da2966514bdab05745a6cc6bcffbee1cb79/pyramid-signed-params-0.1a4.tar.gz" } ], "0.1a5": [ { "comment_text": "", "digests": { "md5": "37dc9f0be796b3581ad819109a460878", "sha256": "ddee0014f4147ccb1b41bf7d1cfc9d0b52f7bab3eafd2384193f0d76e92ed760" }, "downloads": -1, "filename": "pyramid_signed_params-0.1a5-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "37dc9f0be796b3581ad819109a460878", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 14748, "upload_time": "2016-11-09T22:02:00", "url": "https://files.pythonhosted.org/packages/10/3d/1342296e605e24c13ebbe69e674421a500d9563d9e38466137363993d0c1/pyramid_signed_params-0.1a5-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "9c6b32f4c67113cb9e2600beb2d47739", "sha256": "bb0e658620e9f6fb92e5f9d160bf494d913ec0fa05f0942f0e98425d8273bcb0" }, "downloads": -1, "filename": "pyramid-signed-params-0.1a5.tar.gz", "has_sig": true, "md5_digest": "9c6b32f4c67113cb9e2600beb2d47739", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10060, "upload_time": "2016-11-09T22:01:57", "url": "https://files.pythonhosted.org/packages/7a/ad/3b8b1560830e1945277191bd25d47bdbcb65bda513e55d0b18263b79d848/pyramid-signed-params-0.1a5.tar.gz" } ], "0.1b1": [ { "comment_text": "", "digests": { "md5": "b9c585e255455729a8d8a117c1be7b76", "sha256": "42b0dd44117ae4194cf5e723ada55436339e27dbef7d18e41aa881611b3804b3" }, "downloads": -1, "filename": "pyramid_signed_params-0.1b1-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "b9c585e255455729a8d8a117c1be7b76", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 15050, "upload_time": "2017-11-16T15:47:37", "url": "https://files.pythonhosted.org/packages/c3/35/b3ec8f8ad57258dd79830aabc315a67a5a22f64d7651d68027049e39cf2c/pyramid_signed_params-0.1b1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ead470c97b9184b1178c8010a7503ce8", "sha256": "45d1ca4270612803f750d2c29808bdef0c23715fe4f446a411b7cde8c9c7cc53" }, "downloads": -1, "filename": "pyramid-signed-params-0.1b1.tar.gz", "has_sig": true, "md5_digest": "ead470c97b9184b1178c8010a7503ce8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10128, "upload_time": "2017-11-16T15:47:38", "url": "https://files.pythonhosted.org/packages/9e/2b/eb1a436fb1c49c3398d4666ebcb8d5b0d327a32eddcf4cc85957257cd05e/pyramid-signed-params-0.1b1.tar.gz" } ], "0.1b2": [ { "comment_text": "", "digests": { "md5": "4056285a52d279ef4ad0a661ae69e10c", "sha256": "6bd3291ba7d2153b6bf1b49390a76a001d7c2de98429321c581abe80dab8ba4a" }, "downloads": -1, "filename": "pyramid_signed_params-0.1b2-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "4056285a52d279ef4ad0a661ae69e10c", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 15506, "upload_time": "2017-11-17T00:52:42", "url": "https://files.pythonhosted.org/packages/2b/d0/8ec88ceea9e7475853ab83d26290302a730869c4988dccc520d7d77825de/pyramid_signed_params-0.1b2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "29219969261bcf83dbfaa3e8f7e0c88c", "sha256": "bbea3c6a557f017a31783dc26103fdc084ba55dc0fb999407f40643caf5a63ca" }, "downloads": -1, "filename": "pyramid-signed-params-0.1b2.tar.gz", "has_sig": true, "md5_digest": "29219969261bcf83dbfaa3e8f7e0c88c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10418, "upload_time": "2017-11-17T00:52:44", "url": "https://files.pythonhosted.org/packages/ec/64/d28b408adf9cb239f0e4cf6615034c93f3535d28bf276ca2ced066321b9a/pyramid-signed-params-0.1b2.tar.gz" } ], "0.1b3": [ { "comment_text": "", "digests": { "md5": "c868f3e9e680bd5295617fe12b83fd46", "sha256": "f03c44913ef59789f1a9ac2b0e956bdfe3137b5e326b3a53640500a4ac45e6e9" }, "downloads": -1, "filename": "pyramid_signed_params-0.1b3-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "c868f3e9e680bd5295617fe12b83fd46", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 15588, "upload_time": "2017-12-18T22:54:36", "url": "https://files.pythonhosted.org/packages/a9/d8/716243ada57489692e879493897e455d2b07baafaa67f6d00ca0eb7ddd6a/pyramid_signed_params-0.1b3-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f307565c879a78178ba039a7355e186f", "sha256": "a98f57ee32e541145d43f7b17ceefef04193df9d44c09e86788114cafae232de" }, "downloads": -1, "filename": "pyramid-signed-params-0.1b3.tar.gz", "has_sig": true, "md5_digest": "f307565c879a78178ba039a7355e186f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11484, "upload_time": "2017-12-18T22:54:38", "url": "https://files.pythonhosted.org/packages/4a/ff/1e81cc57de6b66231229b8bb8047a032c760525b2c670e27f065e90c665d/pyramid-signed-params-0.1b3.tar.gz" } ], "0.1b4": [ { "comment_text": "", "digests": { "md5": "52d8c4306c60c546f312de865f68d473", "sha256": "fa6d686eb1db05c5b03cc0fc019f486b7430f2171bff34365c47fdec35aa8c87" }, "downloads": -1, "filename": "pyramid_signed_params-0.1b4-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "52d8c4306c60c546f312de865f68d473", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 15620, "upload_time": "2017-12-18T22:58:36", "url": "https://files.pythonhosted.org/packages/10/4a/43bd2dfdb554fbb8074a3bbff92c0808d5db33820f2118f94ac8a9868e70/pyramid_signed_params-0.1b4-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "74f89b9b3a2b1d5aaf0a168d5f3ac838", "sha256": "6ae2f7653799d17df0f07dc70f5301fc0ba7f4afc2e82999085296ad90b6a68d" }, "downloads": -1, "filename": "pyramid-signed-params-0.1b4.tar.gz", "has_sig": true, "md5_digest": "74f89b9b3a2b1d5aaf0a168d5f3ac838", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11527, "upload_time": "2017-12-18T22:58:37", "url": "https://files.pythonhosted.org/packages/b7/c1/d9d6603d584d7ae5699a7c62b34f034f3e72cac3bdcd3c93efa5ddfa2ff8/pyramid-signed-params-0.1b4.tar.gz" } ], "0.1b5": [ { "comment_text": "", "digests": { "md5": "24a06952babd0199ce7bb7a2a4105215", "sha256": "e958a74eaa4015ed78398602b16ddaf85252a528316e59760ff3ef453e12386f" }, "downloads": -1, "filename": "pyramid_signed_params-0.1b5-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "24a06952babd0199ce7bb7a2a4105215", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 16050, "upload_time": "2018-03-09T03:25:06", "url": "https://files.pythonhosted.org/packages/38/e2/1f78f8b17f82f8dfe4851846a68c67f2a933d8965343358a725510293ed5/pyramid_signed_params-0.1b5-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "0c466e84f93fae9b69f05e60f1fcbe81", "sha256": "df612330d6e724be8731b82e147d2bb47b82f1b4ffe4f54e820c46df4afdb348" }, "downloads": -1, "filename": "pyramid-signed-params-0.1b5.tar.gz", "has_sig": true, "md5_digest": "0c466e84f93fae9b69f05e60f1fcbe81", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11850, "upload_time": "2018-03-09T03:25:08", "url": "https://files.pythonhosted.org/packages/55/5d/f85c4e3b31adc85d161c3fd883648b894db237094bb49850712d6195edeb/pyramid-signed-params-0.1b5.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "24a06952babd0199ce7bb7a2a4105215", "sha256": "e958a74eaa4015ed78398602b16ddaf85252a528316e59760ff3ef453e12386f" }, "downloads": -1, "filename": "pyramid_signed_params-0.1b5-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "24a06952babd0199ce7bb7a2a4105215", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 16050, "upload_time": "2018-03-09T03:25:06", "url": "https://files.pythonhosted.org/packages/38/e2/1f78f8b17f82f8dfe4851846a68c67f2a933d8965343358a725510293ed5/pyramid_signed_params-0.1b5-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "0c466e84f93fae9b69f05e60f1fcbe81", "sha256": "df612330d6e724be8731b82e147d2bb47b82f1b4ffe4f54e820c46df4afdb348" }, "downloads": -1, "filename": "pyramid-signed-params-0.1b5.tar.gz", "has_sig": true, "md5_digest": "0c466e84f93fae9b69f05e60f1fcbe81", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11850, "upload_time": "2018-03-09T03:25:08", "url": "https://files.pythonhosted.org/packages/55/5d/f85c4e3b31adc85d161c3fd883648b894db237094bb49850712d6195edeb/pyramid-signed-params-0.1b5.tar.gz" } ] }