Cryptographically signed query parameters for pyramid
Project description
Description
This package provides a method for pyramid applications to sign parameters which are passed in query strings (or POST bodies).
The initial motivation for this was to be able to pass a return_url to a views without turning the app into open redirector.
Other use cases include being able to generate URLs (e.g. to be included in emails) which can be used to bypass the normal authentication/authorization mechanisms.
Basic Usage Example
Construct a URL which could be e-mailed out to allow changing the password of a given user:
# Construct a URL with some signed parameters params = {'userid': 'fred', 'action': 'change-pw'} signed_params = request.sign_query(params, max_age=3600) url = request.route_url('change-pw', _query=signed_params)
Then, in the change-pw view:
if request.signed_params['action'] != 'change-pw': raise HTTPForbidden() userid = request.signed_params['userid'] # Do whatever needs to be done to change the given users password
Note that because we passed max_age=3600 to sign_query, the URL will only work for an hour.
Changes
Release 0.1a4 (2016-11-02)
The setting for configuring the JWT signing secret(s) has been renamed to pyramid_signed_param.secret from pyramid_signed_param.secrets. Basic usage involve only a single secret. (Two allow for rotation of secrets, any configured secrets are accepted when verifying signatures, but only the first is used for creating new signatures.)
Pyramid_signed_params.include now issues a warning if the ISignedParamsService is not configured.
JWTSecretProviderFactory now raises a ConfigurationError if no secrets are found in the app settings.
Release 0.1a3 (2016-11-02)
Initial release.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for pyramid-signed-params-0.1a4.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | dbb3425be5b0ff295ff666079e99107179cd4cd2b77e09c8ca9464e7ac751bf1 |
|
MD5 | 7123caa42858e0b0350df240736270c5 |
|
BLAKE2b-256 | 6152671be243e9403f8450f026886da2966514bdab05745a6cc6bcffbee1cb79 |
Hashes for pyramid_signed_params-0.1a4-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 28cb776e1fa30c1163790e94dde8f18ee737d0e8066697468cbafc2f9ae8d96c |
|
MD5 | be4c307bdba9e4108d8bc7298629a1f1 |
|
BLAKE2b-256 | 6d3cb4e99a7f4f0ca4cf86017c1c485b934f88b894c70f3bd5d0bd8a0e6d4c8a |