-
Notifications
You must be signed in to change notification settings - Fork 70
/
uwwwauth.py
108 lines (81 loc) · 2.97 KB
/
uwwwauth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# RFC2617, WWW-Authenticate: Basic/Digest module
# (c) 2018 Paul Sokolovsky, MIT license
import uhashlib
import ubinascii
# Private functions - do not use, will change
def md5_concat(arg1, arg2, arg3):
h = uhashlib.md5(arg1)
h.update(b":")
h.update(arg2)
if arg3 is not None:
h.update(b":")
h.update(arg3)
return ubinascii.hexlify(h.digest()).decode()
def make_digest_ha1(a1, method, uri, nonce):
a2 = md5_concat(method, uri, None)
digest = md5_concat(a1, nonce, a2)
return digest
def make_digest(realm, username, passwd, method, uri, nonce):
a1 = md5_concat(username, realm, passwd)
return make_digest_ha1(a1, method, uri, nonce)
def parse_auth_req(line):
typ, line = line.split(None, 1)
d = {"type": typ}
for kv in line.split(","):
k, v = kv.split("=", 1)
assert v[0] == '"' and v[-1] == '"'
d[k.strip()] = v[1:-1]
return d
def format_resp(resp_d):
fields = []
for k, v in resp_d.items():
if k in ("type", "passwd"):
continue
fields.append('%s="%s"' % (k, v))
resp_auth = ", ".join(fields)
resp_auth = "Digest " + resp_auth
return resp_auth
def _digest_resp(auth_d, username, passwd, method, URL):
#print(auth_d)
resp_d = {}
resp_d["username"] = username
resp_d["uri"] = URL
resp_d["realm"] = auth_d["realm"]
resp_d["nonce"] = auth_d["nonce"]
digest = make_digest(auth_d["realm"], username, passwd, method, URL, auth_d["nonce"])
resp_d["response"] = digest
#print(resp_d)
return format_resp(resp_d)
# Helper functions - may change
def basic_resp(username, passwd):
return "Basic " + ubinascii.b2a_base64("%s:%s" % (username, passwd))[:-1].decode()
def auth_resp(auth_line, username, passwd, method=None, URL=None):
auth_d = parse_auth_req(auth_line)
if auth_d["type"] == "Basic":
return basic_resp(username, passwd)
elif auth_d["type"] == "Digest":
assert method and URL
return _digest_resp(auth_d, username, passwd, method, URL)
else:
raise ValueError(auth_d["type"])
# Public interface
class WWWAuth:
def __init__(self, username, passwd):
self.username = username
self.passwd = passwd
self.cached_auth_line = None
def resp(self, auth_line, method, URL):
if auth_line.startswith("Basic"):
return basic_resp(self.username, self.passwd)
elif auth_line.startswith("Digest"):
auth_d = parse_auth_req(auth_line)
if auth_line != self.cached_auth_line:
self.ha1 = md5_concat(self.username, auth_d["realm"], self.passwd)
self.cached_auth_line = auth_line
digest = make_digest_ha1(self.ha1, method, URL, auth_d["nonce"])
auth_d["username"] = self.username
auth_d["uri"] = URL
auth_d["response"] = digest
return format_resp(auth_d)
else:
raise ValueError("Unsupported auth: " + auth_line)