Powerfull and useful library to integrate mod_auth_tkt and mod_auth_pubtkt into your projects.
Project description
Welcome to mod_auth’s documentation!
Requirement
Python2.6+
M2Crypto library
Setuptools
pip
Installation
To install mod_auth Library you can run this command from unix shell:
>>> sudo pip install https://github.com/b3c/mod_auth/zipball/master
Mod_Auth
This module implements the session cookie format from mod_auth_tkt and mod_auth_pubtkt. In this documentation show you how to use and integrate mod_auth library into your project.
Contributors:
Before start I want say a BIG TANKS to plone.session team for tkauth.py module. It help us to start with this library:
plone-session: https://github.com/plone/plone.session/blob/master/p lone/session/tktauth.py
And to Andrey Plotnikov for a easy implementation fo mod_auth_pubtkt
auth_pubtkt: https://github.com/AndreyPlotnikov/auth_pubtkt
Simple use
To start with mod_auth Library you can use Simple function to create and validate Ticket. They based on mod_auth_tkt cookie authentication and work with minimum set of attribute , SECRET and USERID. SECRET have to be shared with all server where you intend to use tickets system authetication. Example of use:
>>> from mod_auth import createSimpleTicket >>> from mod_auth import validateSimpleTicket >>> SECRET = 'b8fb7b6df0d64dd98b8ccd00577434d7' >>> userid = 'testUser' #Ticket creation >>> tkt = createSimpleTicket(SECRET,userid) >>> tkt >>> '1cfdad68a9f9b70227da2bbd99ca462e5011c7b7testUser!' #Ticket validation >>> validateSimpleTicket(tkt) >>> (u'testUser', (), u'', 1343342519)
static mod_auth.createSimpleTicket(secret, userid, tokens=(), user_data=())
Simple way to use mod_auth_tkt cookie authentication. To create a ticket it need only of SECRET and userid.
Arguments:
- “secret” (string):
secret key.
- “userid” (string):
Unique user identifier.
Optional arguments:
- “tokens” (tupla):
tokens list.
- “user_data” (tupla):
user data list
Return:
- “ticket” (string):
mod_auth_ticket format.
static mod_auth.validateSimpleTicket(secret, ticket)
Simple way to use mod_auth_tkt cookie authentication. To validate a ticket it need only of SECRET and ticket.
Arguments:
- “secret” (string):
secret key.
- “ticket” (string):
Ticket string value.
Return:
- “fields” (tupla):
ticket’s fields format (userid, tocken, userdata, validuntil)
SignedTicket
class class mod_auth.mod_auth.SignedTicket(pub_key_Path, priv_key_Path=None)
Mod_auth_pubtkt style cookie authentication class.
validateTkt(ticket, now=None, encoding=’utf8’)
Parse and verify auth_pubtkt ticket.
Returns tupla with ticket’s fields format: (userid, tocken, userdata, validuntil)
“TicketParseError” exceptions can be raised in case of invalid ticket format or signature verification failure.
“TicketExpired” exceptions raised if ticket expire.
Arguments:
- “ticket” (string):
Ticket string value.
- “now” (string):
Timestamp of client datetime, if not set , server timestamp is used.
- “encoding”:
encoding of the data into ticket
Return:
- “fields” (tupla):
ticket’s fields format (userid, tocken, userdata, validuntil)
createTkt(userid, tokens=(), user_data=(), cip=’0.0.0.0’, validuntil=None, encoding=’utf8’)
Create mod_auth_pubtkt ticket.
Returns a valid ticket string.
Arguments:
- “userid” (string):
Unique user identifier.
Optional arguments:
- “tokens” (tupla):
tokens list.
- “user_data” (tupla):
user data list
- “cip” (string):
user client ip.
- “validuntil” (string):
timestamp of ticket expiration.
- “encoding” :
encoding of the data into ticket
Return:
- “ticket” (string):
mod_auth_pubtkt signed ticket format.
Ticket
class class mod_auth.mod_auth.Ticket(secret)
Mod_auth_tkt style cookie authentication class.
validateTkt(ticket, cip=’0.0.0.0’, now=None, encoding=’utf8’)
To validate, a new ticket is created from the data extracted from cookie and the shared secret. The two digests are compared and timestamp checked.
Successful validation returns a tupla with ticket’s fields format: (userid, tocken, userdata, validuntil)
“BadTicket” exceptions can be raised in case of invalid ticket format or digest verification failure.
“TicketExpired” exceptions raised if ticket expire.
Arguments:
- “ticket” (string):
Ticket string value.
- “cip” (string):
if createtkt was set client ip, here it need too, because it validate the digest.
- “now” (string):
Timestamp of client datetime, if not set , server timestamp is used.
- “encoding”:
encoding of the data into ticket
Return:
- “fields” (tupla):
ticket’s fields format (userid, tocken, userdata, validuntil)
createTkt(userid, tokens=(), user_data=(), cip=’0.0.0.0’, validuntil=None, encoding=’utf8’)
Create mod_auth_pubtkt ticket.
Returns a valid ticket string.
Arguments:
- “userid” (string):
Unique user identifier.
Optional arguments:
- “tokens” (tupla):
tokens list.
- “user_data” (tupla):
user data list
- “cip” (string):
user client ip.
- “validuntil” (string):
timestamp of ticket expiration.
- “encoding” :
encoding of the data into ticket
Return:
- “ticket” (string):
mod_auth_ticket format.
Exception
exception exception mod_auth.exception.BadSignature(ticket)
Exception raised when a signature verification is failed
exception exception mod_auth.exception.BadTicket(ticket, msg=’’)
Exception raised when a ticket has invalid format
exception exception mod_auth.exception.TicketExpired(ticket)
Exception raised when a signature verification is failed
exception exception mod_auth.exception.TicketParseError(ticket, msg=’’)
Base class for all ticket parsing errors
LICENSE
mod_auth is Copyright 2012 SuperComputer Solutions S.r.l (SCS)
Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Indices and tables
Index
Module Index
Search Page