Cryptographically signed query parameters for pyramid
Project description
Description
This package provides a method for pyramid applications to sign parameters which are passed in query strings (or POST bodies).
The initial motivation for this was to be able to pass a return_url to a views without turning the app into open redirector.
Other use cases include being able to generate URLs (e.g. to be included in emails) which can be used to bypass the normal authentication/authorization mechanisms.
Basic Usage Example
Construct a URL which could be e-mailed out to allow changing the password of a given user:
# Construct a URL with some signed parameters
params = {'userid': 'fred', 'action': 'change-pw'}
signed_params = request.sign_query(params, max_age=3600)
url = request.route_url('change-pw', _query=signed_params)
Then, in the change-pw view:
if request.signed_params['action'] != 'change-pw':
raise HTTPForbidden()
userid = request.signed_params['userid']
# Do whatever needs to be done to change the given users password
Note that because we passed max_age=3600 to sign_query, the URL will only work for an hour.
Changes
Release 0.1a2 (2016-11-02)
Initial release.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for pyramid-signed-params-0.1a3.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e6dfbf4874e363c0ad1043200376414cfa5a8d62573f8c256606bff832f2a942 |
|
| MD5 | 16b0d2cd3ca31860ffb0650eb6105276 |
|
| BLAKE2b-256 | 6f79690d9492820d8477979bb09881a6e8416683c48d778deddab34dd77ab06f |
Hashes for pyramid_signed_params-0.1a3-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 02b35085b4e75864b4df63e628b87c1469dc6b9b5798b74b9c1c4571fad6ddbf |
|
| MD5 | 9c114895f0d03b561a63b194ad593624 |
|
| BLAKE2b-256 | 40d224e0f5ae43dcc973e4428aecfffe489ef18d1d4289173ee72bca254b805e |
