Package cherrypy :: Package lib :: Module auth_digest :: Class HttpDigestAuthorization
[hide private]
[frames] | no frames]

Class HttpDigestAuthorization

source code

object --+
         |
        HttpDigestAuthorization

Class to parse a Digest Authorization header and perform re-calculation of the digest.

Instance Methods [hide private]
 
errmsg(self, s) source code
 
__init__(self, auth_header, http_method, debug=False)
x.__init__(...) initializes x; see help(type(x)) for signature
source code
 
__str__(self)
str(x)
source code
 
validate_nonce(self, s, key)
Validate the nonce.
source code
 
is_nonce_stale(self, max_age_seconds=600)
Returns True if a validated nonce is stale.
source code
 
HA2(self, entity_body='')
Returns the H(A2) string.
source code
 
request_digest(self, ha1, entity_body='')
Calculates the Request-Digest.
source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __subclasshook__

Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, auth_header, http_method, debug=False)
(Constructor)

source code 

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__
(inherited documentation)

__str__(self)
(Informal representation operator)

source code 

str(x)

Overrides: object.__str__
(inherited documentation)

validate_nonce(self, s, key)

source code 
Validate the nonce.
Returns True if nonce was generated by synthesize_nonce() and the
timestamp is not spoofed, else returns False.

s
    A string related to the resource, such as the hostname of
    the server.

key
    A secret string known only to the server.

Both s and key must be the same values which were used to synthesize
the nonce we are trying to validate.

is_nonce_stale(self, max_age_seconds=600)

source code 

Returns True if a validated nonce is stale. The nonce contains a timestamp in plaintext and also a secure hash of the timestamp. You should first validate the nonce to ensure the plaintext timestamp is not spoofed.

HA2(self, entity_body='')

source code 

Returns the H(A2) string. See :rfc:`2617` section 3.2.2.3.

request_digest(self, ha1, entity_body='')

source code 
Calculates the Request-Digest. See :rfc:`2617` section 3.2.2.1.

ha1
    The HA1 string obtained from the credentials store.

entity_body
    If 'qop' is set to 'auth-int', then A2 includes a hash
    of the "entity body".  The entity body is the part of the
    message which follows the HTTP headers. See :rfc:`2617` section
    4.3.  This refers to the entity the user agent sent in the
    request which has the Authorization header. Typically GET
    requests don't have an entity, and POST requests do.