This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

The Signer class is designed for those who are signing data on behalf of a public-private keypair.

In principle, the “client party” has public key (i.e., client_id) and a matching private key (i.e., client_secret) that can be verified by both the signer and the client (but nobody else as we don’t want to make forgeries possible).

The “signing party” has a simple identifier which acts as an additional piece of entropy in the algorithm, and can help differentiate between multiple signing parties if the client party does something like try to use the same public-private keypair independently of a signing party (as is common with GPG signing).

Based on a simplified version of the AWS Signature v4.

This project uses Semantic Versioning for managing backwards-compatibility.

Examples

from __future__ import print_function
from wepay.signer import Signer
import textwrap

client_id = 'your_client_id'
client_secret = 'your_client_secret'

signer = Signer(client_id, client_secret)
signature = signer.sign(
    token=your_token,
    page=wepay_page_to_visit,
    redirect_uri=partner_page_to_return_to
)

print(textwrap.wrap(signature, 64))
#=> dfbffab5b6f7156402da8147886bba3eba67bd5baf2e780ba9d39e8437db7c47
#=> 35e9a0b834aa21ac76f98da8c52a2a0cd1b0192d0f0df5c98e3848b1b2e1a037

querystring = signer.generate_query_string_params(
    token=your_token,
    page=wepay_page_to_visit,
    redirect_uri=partner_page_to_return_to
)

#=> client_id=your_client_id&
#=> page=https://wepay.com/account/12345&
#=> redirect_uri=https://partnersite.com/home&
#=> token=dfbffab5b6f7156402da8147886bba3eba67bd5baf2e780ba9d39e8437db7c47...

Installation

Testing occurs against the following versions:

  • Python 2.7
  • Python 3.3
  • Python 3.4
  • Python 3.5
  • Python 3.6 (dev)
  • Pypy (≈2.7.10)
  • Pypy3 (≈3.2.5)
pip install wepay-signer

And include it in your scripts:

from wepay.signer import Signer

Development

  • You can develop in any supported version of Python.
  • Using pyenv to manage your Pythons is highly-recommended. Testing locally depends on it.
  • Install VirtualEnv for your development environment, and activate the environment.

bash   pip install virtualenv   virtualenv .vendor   source .vendor/bin/activate

  • Install the requirements.txt.

bash   pip install -r requirements.txt

  • When you make changes, make sure that you run the linter and fix anything that’s broken.

bash   make lint

Testing

We use tox to handle local testing across multiple versions of Python. We install multiple versions of Python at a time with pyenv.

  1. Install pyenv on your own before running tests.
  2. You need to install all of the supported versions of Python. (This will take a while.) If you would prefer to install your own copies of the supported Python versions (listed above), feel free to manage them yourself.

bash    make install-python

  1. You can run the tests as follows:

bash    make test

API Reference

Building local docs

make docs
open docs/signer/index.html

Building and pushing docs

make pushdocs

Docs can be viewed at https://wepay.github.io/signer-python/.

Deploying

  1. The Makefile (yes, Makefile) has a series of commands to simplify the development and deployment process.
  2. Also install Chag. This is used for managing the CHANGELOG and annotating the Git release correctly.

Updating the CHANGELOG

Make sure that the CHANGELOG.md is human-friendly. See http://keepachangelog.com if you don’t know how.

make

Running make by itself will show you a list of available sub-commands.

$ make
all
build
clean
docs
install
install-python
lint
push
pushdocs
readme
tag
test
version

make readme

If you make changes to README.md, then this will use Pandoc to output a README.rst file in the reStructuredText format used by distutils, Sphinx and most of the Python community.

You must have Pandoc installed on your local system.

NOTE: Initial install via brew install pandoc takes about 8–10 hours. Updates are much faster. Using the installer is much faster for initial installation, but updates are entirely manual.

make version

Sets the version number that will be used by other make tasks related to packaging and bundling.

make tag

This will make sure that the CHANGELOG.md is properly datestamped, add the CHANGELOG contents to the Git commit message, commit them, then create a Git commit which can be pushed upstream.

make buildpip

This will bundle-up your package in preparation for uploading to Pypi.

make pushpip

This will take your bundled package and upload it securely to Pypi using the twine package.

Drafting a GitHub release

  1. Go to https://github.com/wepay/signer-python/tags
  2. Find the new tag that you just pushed. Click the ellipsis () to see the commit notes. Copy these.
  3. To the right, choose Add release notes. Your Tag version should be pre-filled.
  4. The Release title should match your Tag version.
  5. Inside Describe this release, paste the notes that you copied on the previous page.
  6. Choose Publish release.
  7. Your release should now be the latest. https://github.com/wepay/signer-python/releases/latest

Contributing

Here’s the process for contributing:

  1. Fork Signer to your GitHub account.
  2. Clone your GitHub copy of the repository into your local workspace.
  3. Write code, fix bugs, and add tests with 100% code coverage.
  4. Commit your changes to your local workspace and push them up to your GitHub copy.
  5. You submit a GitHub pull request with a description of what the change is.
  6. The contribution is reviewed. Maybe there will be some banter back-and-forth in the comments.
  7. If all goes well, your pull request will be accepted and your changes are merged in.
Release History

Release History

2.0.0

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.0.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
wepay_signer-2.0.0-py2.py3-none-any.whl (12.2 kB) Copy SHA256 Checksum SHA256 py2.py3 Wheel Aug 14, 2016
wepay-signer-2.0.0.tar.gz (12.9 kB) Copy SHA256 Checksum SHA256 Source Aug 14, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting