swauth.authtypes¶
This module hosts available auth types for encoding and matching user keys. For adding a new auth type, simply write a class that satisfies the following conditions:
- For the class name, capitalize first letter only. This makes sure the user can specify an all-lowercase config option such as “plaintext” or “sha1”. Swauth takes care of capitalizing the first letter before instantiating it.
- Write an encode(key) method that will take a single argument, the user’s key, and returns the encoded string. For plaintext, this would be “plaintext:<key>”
- Write a match(key, creds) method that will take two arguments: the user’s key, and the user’s retrieved credentials. Return a boolean value that indicates whether the match is True or False.
-
swauth.authtypes.
MAX_TOKEN_LENGTH
= 5000 Maximum length any valid token should ever be.
-
class
swauth.authtypes.
Plaintext
[source] Bases:
object
Provides a particular auth type for encoding format for encoding and matching user keys.
This class must be all lowercase except for the first character, which must be capitalized. encode and match methods must be provided and are the only ones that will be used by swauth.
-
encode
(key)[source] Encodes a user key into a particular format. The result of this method will be used by swauth for storing user credentials.
Parameters: key – User’s secret key Returns: A string representing user credentials
-
match
(key, creds, **kwargs)[source] Checks whether the user-provided key matches the user’s credentials
Parameters: - key – User-supplied key
- creds – User’s stored credentials
- kwargs – Extra keyword args for compatibility reason with other auth_type classes
Returns: True if the supplied key is valid, False otherwise
-
validate
(auth_rest)[source] Validate user credentials whether format is right for Plaintext
Parameters: auth_rest – User credentials’ part without auth_type Returns: Dict with a hash part of user credentials Raises: ValueError – If credentials’ part has zero length
-
-
class
swauth.authtypes.
Sha1
[source] Bases:
object
Provides a particular auth type for encoding format for encoding and matching user keys.
This class must be all lowercase except for the first character, which must be capitalized. encode and match methods must be provided and are the only ones that will be used by swauth.
-
encode
(key)[source] Encodes a user key into a particular format. The result of this method will be used by swauth for storing user credentials.
If salt is not manually set in conf file, a random salt will be generated and used.
Parameters: key – User’s secret key Returns: A string representing user credentials
-
encode_w_salt
(salt, key)[source] Encodes a user key with salt into a particular format. The result of this method will be used internally.
Parameters: - salt – Salt for hashing
- key – User’s secret key
Returns: A string representing user credentials
-
match
(key, creds, salt, **kwargs)[source] Checks whether the user-provided key matches the user’s credentials
Parameters: - key – User-supplied key
- creds – User’s stored credentials
- salt – Salt for hashing
- kwargs – Extra keyword args for compatibility reason with other auth_type classes
Returns: True if the supplied key is valid, False otherwise
-
validate
(auth_rest)[source] Validate user credentials whether format is right for Sha1
Parameters: auth_rest – User credentials’ part without auth_type Returns: Dict with a hash and a salt part of user credentials Raises: ValueError – If credentials’ part doesn’t contain delimiter between a salt and a hash.
-
-
class
swauth.authtypes.
Sha512
[source] Bases:
object
Provides a particular auth type for encoding format for encoding and matching user keys.
This class must be all lowercase except for the first character, which must be capitalized. encode and match methods must be provided and are the only ones that will be used by swauth.
-
encode
(key)[source] Encodes a user key into a particular format. The result of this method will be used by swauth for storing user credentials.
If salt is not manually set in conf file, a random salt will be generated and used.
Parameters: key – User’s secret key Returns: A string representing user credentials
-
encode_w_salt
(salt, key)[source] Encodes a user key with salt into a particular format. The result of this method will be used internal.
Parameters: - salt – Salt for hashing
- key – User’s secret key
Returns: A string representing user credentials
-
match
(key, creds, salt, **kwargs)[source] Checks whether the user-provided key matches the user’s credentials
Parameters: - key – User-supplied key
- creds – User’s stored credentials
- salt – Salt for hashing
- kwargs – Extra keyword args for compatibility reason with other auth_type classes
Returns: True if the supplied key is valid, False otherwise
-
validate
(auth_rest)[source] Validate user credentials whether format is right for Sha512
Parameters: auth_rest – User credentials’ part without auth_type Returns: Dict with a hash and a salt part of user credentials Raises: ValueError – If credentials’ part doesn’t contain delimiter between a salt and a hash.
-
-
swauth.authtypes.
validate_creds
(creds)[source] Parse and validate user credentials whether format is right
Parameters: creds – User credentials Returns: Auth_type class instance and parsed user credentials in dict Raises: ValueError – If credential format is wrong (eg: bad auth_type)