add Hugh validation library

AUTHORS

@@ -0,0 +1,31 @@
+Hugh is written and maintained by the Hugh Team and various contributors:
+
+- Matt Good <matt@matt-good.net>
+
+
+Hugh is based on the forms library from Zine:
+http://dev.pocoo.org/projects/zine/
+
+Original credit goes to the Zine Team:
+
+Project Leader:
+
+- Armin Ronacher <armin.ronacher@active-4.com>
+
+Developers:
+
+- Georg Brandl
+- Lukas Meuser
+- Christopher Grebs
+- Christopher Denter
+
+Contributors:
+
+- Pedro Algarvio
+- Jason Kirtland
+- Ali Afshar
+- Christopher Lenz
+- Tim Hatch
+- Rafael Weber
+- Ronny Pfannschmidt
+- Brynjar Magnusson

LICENSE

@@ -0,0 +1,31 @@
+Copyright (c) 2009 by the Zine Team, see AUTHORS for more details.
+
+Some rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+    * The names of the contributors may not be used to endorse or
+      promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

hugh/__init__.py

@@ -0,0 +1 @@
+

hugh/crypto.py

@@ -0,0 +1,166 @@
+# -*- coding: utf-8 -*-
+"""
+    hugh.crypto
+    ~~~~~~~~~~~~~~~~~
+
+    This module implements various cryptographic functions.
+
+    :copyright: (c) 2009 by the Zine Team, see AUTHORS for more details.
+    :license: BSD, see LICENSE for more details.
+"""
+import string
+from random import choice, randrange
+try:
+    from hashlib import sha1, md5
+except ImportError:
+    from sha import new as sha1
+    from md5 import new as md5
+
+
+KEY_CHARS = string.ascii_letters + string.digits
+IDENTIFIER_START = string.ascii_letters + '_'
+IDENTIFIER_CHAR = IDENTIFIER_START + string.digits
+SALT_CHARS = string.ascii_lowercase + string.digits
+SECRET_KEY_CHARS = string.ascii_letters + string.digits + string.punctuation
+
+
+def gen_salt(length=6):
+    """Generate a random string of SALT_CHARS with specified ``length``."""
+    if length <= 0:
+        raise ValueError('requested salt of length <= 0')
+    return ''.join(choice(SALT_CHARS) for _ in xrange(length))
+
+
+def new_iid():
+    """Called by the websetup to get a unique uuid for the application iid."""
+    try:
+        import uuid
+    except ImportError:
+        # if there is no uuid support, we create a pseudo-unique id based
+        # on the current time.  This should be good enough to keep local
+        # installations apart.
+        import time
+        return '%x%x' % tuple(map(int, str(time.time()).split('.')))
+    return uuid.uuid4().hex
+
+
+def gen_activation_key(length=8):
+    """Generate a ``length`` long string of KEY_CHARS, suitable as
+    password or activation key.
+    """
+    if length <= 0:
+        raise ValueError('requested key of length <= 0')
+    return ''.join(choice(KEY_CHARS) for _ in xrange(length))
+
+
+def gen_random_identifier(length=8):
+    """Generate a random identifier."""
+    if length <= 0:
+        raise ValueError('requested key of length <= 0')
+    return choice(IDENTIFIER_START) + \
+           ''.join(choice(IDENTIFIER_CHAR) for _ in xrange(length - 1))
+
+
+def gen_secret_key():
+    """Generate a new secret key."""
+    return ''.join(choice(SECRET_KEY_CHARS) for _ in xrange(64))
+
+
+def gen_password(length=8, add_numbers=True, mix_case=True,
+                 add_special_char=True):
+    """Generate a pronounceable password."""
+    if length <= 0:
+        raise ValueError('requested password of length <= 0')
+    consonants = 'bcdfghjklmnprstvwz'
+    vowels = 'aeiou'
+    if mix_case:
+        consonants = consonants * 2 + consonants.upper()
+        vowels = vowels * 2 + vowels.upper()
+    pw =  ''.join([choice(consonants) +
+                   choice(vowels) +
+                   choice(consonants + vowels) for _
+                   in xrange(length // 3 + 1)])[:length]
+    if add_numbers:
+        n = length // 3
+        if n > 0:
+            pw = pw[:-n]
+            for _ in xrange(n):
+                pw += choice('0123456789')
+    if add_special_char:
+        tmp = randrange(0, len(pw))
+        l1 = pw[:tmp]
+        l2 = pw[tmp:]
+        if max(len(l1), len(l2)) == len(l1):
+            l1 = l1[:-1]
+        else:
+            l2 = l2[:-1]
+        return l1 + choice('#$&%?!') + l2
+    return pw
+
+
+def gen_pwhash(password):
+    """Return a the password encrypted in sha format with a random salt."""
+    if isinstance(password, unicode):
+        password = password.encode('utf-8')
+    salt = gen_salt(6)
+    h = sha1()
+    h.update(salt)
+    h.update(password)
+    return 'sha$%s$%s' % (salt, h.hexdigest())
+
+
+def check_pwhash(pwhash, password):
+    """Check a password against a given hash value. Since
+    many forums save md5 passwords with no salt and it's
+    technically impossible to convert this to an sha hash
+    with a salt we use this to be able to check for
+    plain passwords::
+
+        plain$$default
+
+    md5 passwords without salt::
+
+        md5$$c21f969b5f03d33d43e04f8f136e7682
+
+    md5 passwords with salt::
+
+        md5$123456$7faa731e3365037d264ae6c2e3c7697e
+
+    sha passwords::
+
+        sha$123456$118083bd04c79ab51944a9ef863efcd9c048dd9a
+
+    Note that the integral passwd column in the table is
+    only 60 chars long. If you have a very large salt
+    or the plaintext password is too long it will be
+    truncated.
+
+    >>> check_pwhash('plain$$default', 'default')
+    True
+    >>> check_pwhash('sha$$5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 'password')
+    True
+    >>> check_pwhash('sha$$5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 'wrong')
+    False
+    >>> check_pwhash('md5$xyz$bcc27016b4fdceb2bd1b369d5dc46c3f', u'example')
+    True
+    >>> check_pwhash('sha$5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 'password')
+    False
+    >>> check_pwhash('md42$xyz$bcc27016b4fdceb2bd1b369d5dc46c3f', 'example')
+    False
+    """
+    if isinstance(password, unicode):
+        password = password.encode('utf-8')
+    if pwhash.count('$') < 2:
+        return False
+    method, salt, hashval = pwhash.split('$', 2)
+    if method == 'plain':
+        return hashval == password
+    elif method == 'md5':
+        h = md5()
+    elif method == 'sha':
+        h = sha1()
+    else:
+        return False
+    h.update(salt)
+    h.update(password)
+    return h.hexdigest() == hashval