Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expand authtkt checksums #24

Closed
wants to merge 5 commits into from
Closed

Expand authtkt checksums #24

wants to merge 5 commits into from

Conversation

lod
Copy link
Contributor

@lod lod commented Apr 26, 2016

This fixes #22, authtkt only supporting MD5 checksums

It is an alternative to pull-request #23 by @frostyfrog
The main differences are:

  • I tried to remain as faithful as possible to the upstream paste/authtkt implementation
  • I did not change the default from MD5, to maintain compatibility
  • I got carried away and took things a bit further

The pull-request is a touch large but broken in to several commits to allow cherrypicking or elements to be carved off as desired.

Work done was:

  1. Pulled in changes from paste/authtkt which expand the supported checksums. I based these off paste HEAD rather than try and apply their patches. All changes to _auth_tkt.py where based on upstream however it is not a synchronised file, changes made to the repoze branch were retained.
  2. Expanded test coverage in test__auth_tkt.py to cover alternate digests.
  3. Tweaked travis and tox files to fix an issue with the latest virtualenv no longer supporting python 3.2. Testing was also expanded to cover python 3.5.
  4. Added alternate hash support to plugins/auth_tkt.py and expanded test coverage.
  5. Modified documentation to cover alternative digests. The boilerplate examples have all been updated to use sha512.

lod added 5 commits April 19, 2016 13:43
@lod
Modified _auth_tkt in line with paste upstream
b39042e 
Refreshed _auth_tkt to bring it in line with upstream paste auth_tkt.py
This brings with it support for non-MD5 digests.

All changes to _auth_tkt.py came from upstream.
It is not however a synchronised file, repoze variations have been
retained.

Changes were made to test__auth_tkt.py to allow tests to pass.
The number of arguments for calculate_digest() has changed requiring the
tests to be updated. This is an internal function and should not impact
users.
@lod
Expand tests to cover alternate digests
4c3b0de
@lod
Fix travis test execution
50ffdb4 
Virtualenv 14.0.0 no longer supports Python 3.2
Work around this by pegging the virtualenv version

Added Python 3.5 (current stable) to the testing matrix
This has issues with calling tox from travis travis-ci/travis-ci#4794
Work around this by making the travis environment use python 3.5 so it
is present when tox is invoked.
@lod
Added alternate hash support to auth_tkt plugin
d01a487
@lod
Document the new digest_algo parameter
fbc4e07
@frostyfrog
Copy link

I know that it's a good idea to maintain the old behavior, but... Is it a good idea to leave the default at something insecure like MD5? Honestly, I like how you've structured the commit. I could learn from it 😄 Thank you! 😃

@tseaver tseaver mentioned this pull request May 31, 2016
Closed
@tseaver
Copy link
Member

tseaver commented May 31, 2016

I've merged this branch, dropping the conflicting commit which tweaked .travis.yml/tox.ini.

@tseaver tseaver closed this May 31, 2016
@tseaver tseaver mentioned this pull request May 31, 2016
Closed
@tseaver
Copy link
Member

tseaver commented May 31, 2016

@lod, @frostyfrog Thank you for your efforts!

tseaver added a commit that referenced this pull request May 31, 2016
@tseaver
Changelog for #22 / #24.
41468fb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

auth_tkt only supports MD5 checksums
3 participants
@lod @frostyfrog @tseaver