{ "info": { "author": "Stephan Richter and the Zope Community", "author_email": "zope3-dev@zope.org", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Web Environment", "Framework :: Zope3", "Intended Audience :: Developers", "License :: OSI Approved :: Zope Public License", "Natural Language :: English", "Operating System :: OS Independent", "Programming Language :: Python", "Topic :: Internet :: WWW/HTTP" ], "description": "A package that uses the HTTP referer header to provide credentials.\n\n\nDetailed Documentation\n**********************\n\n========================\nHTTP-Referer Credentials\n========================\n\nIt is sometimes necessary to restrict access to a site by looking at the the\nsite the user is coming from. For example, a user can only enter the site when\nhe comes from within the corporate network. If the two sites cannot share any\nspecific information, such as an authentication token, the only useful piece\nof information is the ``HTTP-Referer`` request header.\n\n__Note__: Yes I know this is not fully secure and someone could spoof the\nheader. But this is acceptable in this particular application. I guess it\nkeeps away the honest. And yes, this is a real world scenario -- would I\nimplement this package otherwise? :-)\n\nSo let's have a look at the credentials plugin:\n\n >>> from z3c.referercredentials import credentials\n >>> creds = credentials.HTTPRefererCredentials()\n\nLet's look at the positive case first. The referer credentials plugin has an\nattribute that specifies all allowed hosts:\n\n >>> creds.allowedHosts\n ('localhost',)\n\nIn this example, we only want to allow peopl eto the site coming from\n``www.zope.org``.\n\n >>> creds.allowedHosts = ('www.zope.org',)\n\nNow, a user coming from that site will have a request containing this referer:\n\n >>> from zope.publisher.browser import TestRequest\n >>> request = TestRequest(HTTP_REFERER='http://www.zope.org/index.html')\n\nThe credentials can now be extracted as follows:\n\n >>> creds.extractCredentials(request)\n\nNothing is returned. This is because we have not defined any credentials that\nrepresent the \"referer user\". With setting the credentials, it should work:\n\n >>> creds.credentials = {'login': 'mgr', 'password': 'mgrpw'}\n >>> creds.extractCredentials(request)\n {'login': 'mgr', 'password': 'mgrpw'}\n\nOnce an acceptable referer has been passed in, the credentials are always\nreturned:\n\n >>> del request._environ['HTTP_REFERER']\n >>> creds.extractCredentials(request)\n {'login': 'mgr', 'password': 'mgrpw'}\n\nWe have to log out in order to loose the credentials:\n\n >>> creds.logout(request)\n True\n\nNow, no credentials are returned when not sending in a correct referer:\n\n >>> creds.extractCredentials(request)\n\nWhen the user could not be authenticated, the plugin is asked to pose a\nchallenge:\n\n >>> creds.challenge(request)\n True\n >>> request.response.getHeader('Redirect')\n\nBy default we are getting the \"unauthorized.html\" view on the site. But you\ncan change the view name:\n\n >>> creds.challengeView = 'challenge.html'\n >>> creds.challenge(request)\n True\n >>> request.response.getHeader('Redirect')\n\nFinal Note: Of course, this credentials plugin only works with HTTP-based\nrequests:\n\n >>> request = object()\n\n >>> creds.extractCredentials(request)\n\n >>> creds.challenge(request)\n False\n\n >>> creds.logout(request)\n False\n\n\n=======\nCHANGES\n=======\n\nVersion 0.1.0 (6/??/2007)\n-------------------------\n\n- Initial Release\n\n * Implementation of HTTP-Referer credentials plugin", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://svn.zope.org/z3c.referercredentials", "keywords": "zope3 referer credentials pau", "license": "ZPL 2.1", "maintainer": null, "maintainer_email": null, "name": "z3c.referercredentials", "package_url": "https://pypi.org/project/z3c.referercredentials/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/z3c.referercredentials/", "project_urls": { "Download": "UNKNOWN", "Homepage": "http://svn.zope.org/z3c.referercredentials" }, "release_url": "https://pypi.org/project/z3c.referercredentials/0.1.0/", "requires_dist": null, "requires_python": null, "summary": "An HTTP referer credentials plugin.", "version": "0.1.0" }, "last_serial": 802091, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "bc7f7ecf99b27725ae5dd048f6165e48", "sha256": "64ff1c24e1ff3bb5232a42b6a3da2c38055020c59e005627d879a391cb39c87c" }, "downloads": -1, "filename": "z3c.referercredentials-0.1.0-py2.4.egg", "has_sig": false, "md5_digest": "bc7f7ecf99b27725ae5dd048f6165e48", "packagetype": "bdist_egg", "python_version": "2.4", "requires_python": null, "size": 11627, "upload_time": "2007-09-12T21:26:34", "url": "https://files.pythonhosted.org/packages/3c/e6/de22fe1971625d8ccdc79902432c9b40dead98d2bd3c8a754523ea193aa0/z3c.referercredentials-0.1.0-py2.4.egg" }, { "comment_text": "", "digests": { "md5": "509db8c0d335f52f7fdcbbc7d89ea124", "sha256": "f92a9708c1947abcf2f67538a7ab23a64483530b2df8317315b3b61e2f2a4267" }, "downloads": -1, "filename": "z3c.referercredentials-0.1.0.tar.gz", "has_sig": false, "md5_digest": "509db8c0d335f52f7fdcbbc7d89ea124", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7631, "upload_time": "2007-09-12T21:26:25", "url": "https://files.pythonhosted.org/packages/36/37/fc3e10731b274a54c7836e887c48d0b6b66aa89e797272e21b036140aa66/z3c.referercredentials-0.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "bc7f7ecf99b27725ae5dd048f6165e48", "sha256": "64ff1c24e1ff3bb5232a42b6a3da2c38055020c59e005627d879a391cb39c87c" }, "downloads": -1, "filename": "z3c.referercredentials-0.1.0-py2.4.egg", "has_sig": false, "md5_digest": "bc7f7ecf99b27725ae5dd048f6165e48", "packagetype": "bdist_egg", "python_version": "2.4", "requires_python": null, "size": 11627, "upload_time": "2007-09-12T21:26:34", "url": "https://files.pythonhosted.org/packages/3c/e6/de22fe1971625d8ccdc79902432c9b40dead98d2bd3c8a754523ea193aa0/z3c.referercredentials-0.1.0-py2.4.egg" }, { "comment_text": "", "digests": { "md5": "509db8c0d335f52f7fdcbbc7d89ea124", "sha256": "f92a9708c1947abcf2f67538a7ab23a64483530b2df8317315b3b61e2f2a4267" }, "downloads": -1, "filename": "z3c.referercredentials-0.1.0.tar.gz", "has_sig": false, "md5_digest": "509db8c0d335f52f7fdcbbc7d89ea124", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7631, "upload_time": "2007-09-12T21:26:25", "url": "https://files.pythonhosted.org/packages/36/37/fc3e10731b274a54c7836e887c48d0b6b66aa89e797272e21b036140aa66/z3c.referercredentials-0.1.0.tar.gz" } ] }