Permalink
Browse files

Renamed django-urlauth to django-sesame.

django-urlauth is another project that implements a similar feature:
https://bitbucket.org/lorien/django-urlauth
  • Loading branch information...
1 parent cc25249 commit 3234265bf175536c436e9577a82e5d081ffc39b2 @aaugustin committed May 3, 2012
View
@@ -1,2 +1,2 @@
-django-urlauth was written by:
+django-sesame was written by:
Aymeric Augustin <aymeric.augustin@m4x.org>
View
@@ -9,7 +9,7 @@ modification, are permitted provided that the following conditions are met:
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
- * Neither the name of django-urlauth nor the names of its contributors may
+ * Neither the name of django-sesame nor the names of its contributors may
be used to endorse or promote products derived from this software without
specific prior written permission.
View
@@ -1,11 +1,11 @@
test:
- DJANGO_SETTINGS_MODULE=urlauth.tests.settings \
- django-admin.py test urlauth
+ DJANGO_SETTINGS_MODULE=sesame.tests.settings \
+ django-admin.py test sesame
coverage:
coverage erase
- DJANGO_SETTINGS_MODULE=urlauth.tests.settings \
- coverage run --branch --source=urlauth `which django-admin.py` test urlauth
+ DJANGO_SETTINGS_MODULE=sesame.tests.settings \
+ coverage run --branch --source=sesame `which django-admin.py` test sesame
coverage html
clean:
View
@@ -4,66 +4,66 @@ README
Introduction
============
-`django-urlauth`_ provides one-click login for your Django project. It uses
+`django-sesame`_ provides one-click login for your Django project. It uses
specially crafted URLs containing an authentication token, for example:
http://example.com/?url_auth_token=AAAAARchl18CIQUlImmbV9q7PZk%3A89AEU34b0JLSrkT8Ty2RPISio5
It's useful if you want to share private content without requiring your visitors
to remember a username and a password.
-django-urlauth requires Django >= 1.4 and ``django.contrib.auth``.
+django-sesame requires Django >= 1.4 and ``django.contrib.auth``.
It uses ``django.contrib.session`` when it's available, but it also supports
stateless authenticated navigation, provided all links in the page include the
authentication token.
-django-urlauth is released under the BSD license, like Django itself.
+django-sesame is released under the BSD license, like Django itself.
-.. _django-urlauth: https://github.com/aaugustin/django-urlauth
+.. _django-sesame: https://github.com/aaugustin/django-sesame
A few words about security
==========================
-**Before using django-urlauth in your project, you should review the following
+**Before using django-sesame in your project, you should review the following
advice carefully.**
-The major security weakness in django-urlauth is a direct consequence of the
+The major security weakness in django-sesame is a direct consequence of the
feature it implements: **whoever obtains an authentication token will be able to
log in to your website.** URLs end up in countless insecure places: browser
-history, proxy logs, etc. You can't avoid that. So use django-urlauth only for
+history, proxy logs, etc. You can't avoid that. So use django-sesame only for
mundane things, like photos from your holidays. If a data leak would seriously
affect you, don't use this software. You have been warned.
Otherwise, a reasonable attempt has been made to provide a secure solution.
-django-urlauth uses Django's signing framework to create signed tokens.
+django-sesame uses Django's signing framework to create signed tokens.
Tokens are linked to the primary key of the ``User`` object and they never
expire. However changing the user's password invalidates his token. Provided
your authentication backend uses salted passwords — I hope it does — the token
is invalidated even if the new password is identical to the old one.
If you want a more advanced logic, like timed expiration, you should subclass
-``urlauth.backends.ModelBackend``.
+``sesame.backends.ModelBackend``.
How to
======
-1. Add ``urlauth.backends.ModelBackend`` to ``AUTHENTICATION_BACKENDS``::
+1. Add ``sesame.backends.ModelBackend`` to ``AUTHENTICATION_BACKENDS``::
- AUTHENTICATION_BACKENDS += 'urlauth.backends.ModelBackend',
+ AUTHENTICATION_BACKENDS += 'sesame.backends.ModelBackend',
-2. Add ``urlauth.middleware.AuthenticationMiddleware`` to ``MIDDLEWARE_CLASSES``::
+2. Add ``sesame.middleware.AuthenticationMiddleware`` to ``MIDDLEWARE_CLASSES``::
- MIDDLEWARE_CLASSES += 'urlauth.middleware.AuthenticationMiddleware',
+ MIDDLEWARE_CLASSES += 'sesame.middleware.AuthenticationMiddleware',
-3. Generate authentication tokens with ``urlauth.utils.get_query_string(user)``.
+3. Generate authentication tokens with ``sesame.utils.get_query_string(user)``.
That's all!
Utilities
=========
-``urlauth.utils`` provides two simple functions to generate authentication
+``sesame.utils`` provides two simple functions to generate authentication
tokens. ``get_query_string(user)`` returns a complete query string that you can
append to any URL to enable one-click login. If you already have a query string,
``get_parameters(user)`` returns a dictionary of additional GET parameters to
File renamed without changes.
@@ -7,7 +7,7 @@
from django.utils import crypto
-logger = logging.getLogger('urlauth')
+logger = logging.getLogger('sesame')
class UrlAuthBackendMixin(object):
@@ -17,7 +17,7 @@ class UrlAuthBackendMixin(object):
and call `parse_token(token)` from its `authenticate(**credentials)`.
"""
- signer = signing.Signer(salt='urlauth')
+ signer = signing.Signer(salt='sesame')
def sign(self, data):
"""Create an URL-safe, signed token from `data`."""
@@ -34,7 +34,7 @@ def create_token(self, user):
# already, but we hash it again in case it isn't. We use MD5
# to minimize the length of the token. (Remember, if an attacker
# obtains the URL, he can already log in. This isn't high security.)
- h = crypto.pbkdf2(user.password, 'urlauth', 10000, digest=hashlib.md5)
+ h = crypto.pbkdf2(user.password, 'sesame', 10000, digest=hashlib.md5)
return self.sign(struct.pack('!i', user.pk) + h)
def parse_token(self, token):
@@ -48,7 +48,7 @@ def parse_token(self, token):
if user is None:
logger.debug(u"Unknown token: %s", token)
return
- h = crypto.pbkdf2(user.password, 'urlauth', 10000, digest=hashlib.md5)
+ h = crypto.pbkdf2(user.password, 'sesame', 10000, digest=hashlib.md5)
if not crypto.constant_time_compare(data[4:], h):
logger.debug(u"Expired token: %s", token)
return
File renamed without changes.
File renamed without changes.
File renamed without changes.
@@ -4,7 +4,7 @@
from django.contrib.auth.models import User
from django.test import TestCase
-from urlauth.backends import ModelBackend
+from sesame.backends import ModelBackend
class TestModelBackend(TestCase):
@@ -15,7 +15,7 @@ def setUp(self):
self.log = StringIO()
self.handler = logging.StreamHandler(self.log)
- self.logger = logging.getLogger('urlauth')
+ self.logger = logging.getLogger('sesame')
self.logger.addHandler(self.handler)
self.logger.setLevel(logging.DEBUG)
@@ -5,13 +5,13 @@
from django.test import TestCase
from django.test.utils import override_settings
-from urlauth.backends import ModelBackend
+from sesame.backends import ModelBackend
@override_settings(
AUTHENTICATION_BACKENDS=(
'django.contrib.auth.backends.ModelBackend',
- 'urlauth.backends.ModelBackend',
+ 'sesame.backends.ModelBackend',
),
TEMPLATE_CONTEXT_PROCESSORS=(
'django.contrib.auth.context_processors.auth',
@@ -26,7 +26,7 @@ def setUp(self):
self.log = StringIO()
self.handler = logging.StreamHandler(self.log)
- self.logger = logging.getLogger('urlauth')
+ self.logger = logging.getLogger('sesame')
self.logger.addHandler(self.handler)
def tearDown(self):
@@ -49,7 +49,7 @@ def test_no_token(self):
MIDDLEWARE_CLASSES=(
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
- 'urlauth.middleware.AuthenticationMiddleware',
+ 'sesame.middleware.AuthenticationMiddleware',
),
)
class TestAfterAuthMiddleware(AuthMiddlewareTestCase):
@@ -59,7 +59,7 @@ class TestAfterAuthMiddleware(AuthMiddlewareTestCase):
@override_settings(
MIDDLEWARE_CLASSES=(
'django.contrib.sessions.middleware.SessionMiddleware',
- 'urlauth.middleware.AuthenticationMiddleware',
+ 'sesame.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
),
)
@@ -70,7 +70,7 @@ class TestBeforeAuthMiddleware(AuthMiddlewareTestCase):
@override_settings(
MIDDLEWARE_CLASSES=(
'django.contrib.sessions.middleware.SessionMiddleware',
- 'urlauth.middleware.AuthenticationMiddleware',
+ 'sesame.middleware.AuthenticationMiddleware',
),
)
class TestWithoutAuthMiddleware(AuthMiddlewareTestCase):
@@ -79,7 +79,7 @@ class TestWithoutAuthMiddleware(AuthMiddlewareTestCase):
@override_settings(
MIDDLEWARE_CLASSES=(
- 'urlauth.middleware.AuthenticationMiddleware',
+ 'sesame.middleware.AuthenticationMiddleware',
),
)
class TestWithoutSessionMiddleware(AuthMiddlewareTestCase):
@@ -9,12 +9,12 @@
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
- 'urlauth',
+ 'sesame',
)
LOGGING_CONFIG = None
-ROOT_URLCONF = 'urlauth.tests.urls'
+ROOT_URLCONF = 'sesame.tests.urls'
SECRET_KEY = 'Anyone who finds an URL will be able to log in. Seriously.'
File renamed without changes.
@@ -1,7 +1,7 @@
from django.contrib.auth.models import User
from django.test import TestCase
-from urlauth.utils import get_parameters, get_query_string
+from sesame.utils import get_parameters, get_query_string
class TestUtils(TestCase):
File renamed without changes.
View
@@ -11,17 +11,17 @@
long_description = '\n\n'.join(f.read().split('\n\n')[2:8])
distutils.core.setup(
- name='django-urlauth',
+ name='django-sesame',
version='0.1',
author='Aymeric Augustin',
author_email='aymeric.augustin@m4x.org',
- url='https://github.com/aaugustin/django-urlauth',
+ url='https://github.com/aaugustin/django-sesame',
description=description,
long_description=long_description,
- download_url='http://pypi.python.org/pypi/django-urlauth',
+ download_url='http://pypi.python.org/pypi/django-sesame',
packages=[
- 'urlauth',
- 'urlauth.tests',
+ 'sesame',
+ 'sesame.tests',
],
classifiers=[
"Development Status :: 3 - Alpha",

0 comments on commit 3234265

Please sign in to comment.