swauth.authtypes

This module hosts available auth types for encoding and matching user keys. For adding a new auth type, simply write a class that satisfies the following conditions:

  • For the class name, capitalize first letter only. This makes sure the user can specify an all-lowercase config option such as “plaintext” or “sha1”. Swauth takes care of capitalizing the first letter before instantiating it.
  • Write an encode(key) method that will take a single argument, the user’s key, and returns the encoded string. For plaintext, this would be “plaintext:<key>”
  • Write a match(key, creds) method that will take two arguments: the user’s key, and the user’s retrieved credentials. Return a boolean value that indicates whether the match is True or False.
swauth.authtypes.MAX_TOKEN_LENGTH = 5000

Maximum length any valid token should ever be.

class swauth.authtypes.Plaintext[source]

Bases: object

Provides a particular auth type for encoding format for encoding and matching user keys.

This class must be all lowercase except for the first character, which must be capitalized. encode and match methods must be provided and are the only ones that will be used by swauth.

encode(key)[source]

Encodes a user key into a particular format. The result of this method will be used by swauth for storing user credentials.

Parameters:key – User’s secret key
Returns:A string representing user credentials
match(key, creds, **kwargs)[source]

Checks whether the user-provided key matches the user’s credentials

Parameters:
  • key – User-supplied key
  • creds – User’s stored credentials
  • kwargs – Extra keyword args for compatibility reason with other auth_type classes
Returns:

True if the supplied key is valid, False otherwise
validate(auth_rest)[source]

Validate user credentials whether format is right for Plaintext

Parameters:auth_rest – User credentials’ part without auth_type
Returns:Dict with a hash part of user credentials
Raises:ValueError – If credentials’ part has zero length
class swauth.authtypes.Sha1[source]

Bases: object

Provides a particular auth type for encoding format for encoding and matching user keys.

This class must be all lowercase except for the first character, which must be capitalized. encode and match methods must be provided and are the only ones that will be used by swauth.

encode(key)[source]

Encodes a user key into a particular format. The result of this method will be used by swauth for storing user credentials.

If salt is not manually set in conf file, a random salt will be generated and used.

Parameters:key – User’s secret key
Returns:A string representing user credentials
encode_w_salt(salt, key)[source]

Encodes a user key with salt into a particular format. The result of this method will be used internally.

Parameters:
  • salt – Salt for hashing
  • key – User’s secret key
Returns:

A string representing user credentials
match(key, creds, salt, **kwargs)[source]

Checks whether the user-provided key matches the user’s credentials

Parameters:
  • key – User-supplied key
  • creds – User’s stored credentials
  • salt – Salt for hashing
  • kwargs – Extra keyword args for compatibility reason with other auth_type classes
Returns:

True if the supplied key is valid, False otherwise
validate(auth_rest)[source]

Validate user credentials whether format is right for Sha1

Parameters:auth_rest – User credentials’ part without auth_type
Returns:Dict with a hash and a salt part of user credentials
Raises:ValueError – If credentials’ part doesn’t contain delimiter between a salt and a hash.
class swauth.authtypes.Sha512[source]

Bases: object

Provides a particular auth type for encoding format for encoding and matching user keys.

This class must be all lowercase except for the first character, which must be capitalized. encode and match methods must be provided and are the only ones that will be used by swauth.

encode(key)[source]

Encodes a user key into a particular format. The result of this method will be used by swauth for storing user credentials.

If salt is not manually set in conf file, a random salt will be generated and used.

Parameters:key – User’s secret key
Returns:A string representing user credentials
encode_w_salt(salt, key)[source]

Encodes a user key with salt into a particular format. The result of this method will be used internal.

Parameters:
  • salt – Salt for hashing
  • key – User’s secret key
Returns:

A string representing user credentials
match(key, creds, salt, **kwargs)[source]

Checks whether the user-provided key matches the user’s credentials

Parameters:
  • key – User-supplied key
  • creds – User’s stored credentials
  • salt – Salt for hashing
  • kwargs – Extra keyword args for compatibility reason with other auth_type classes
Returns:

True if the supplied key is valid, False otherwise
validate(auth_rest)[source]

Validate user credentials whether format is right for Sha512

Parameters:auth_rest – User credentials’ part without auth_type
Returns:Dict with a hash and a salt part of user credentials
Raises:ValueError – If credentials’ part doesn’t contain delimiter between a salt and a hash.
swauth.authtypes.validate_creds(creds)[source]

Parse and validate user credentials whether format is right

Parameters:creds – User credentials
Returns:Auth_type class instance and parsed user credentials in dict
Raises:ValueError – If credential format is wrong (eg: bad auth_type)