imacat/flask-digestauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 15 Wiki Activity

Moved the ha1 and ha2 calculation into the calc_response function.

Browse Source
This commit is contained in:
依瑪貓 2022-11-24 07:13:21 +11:00
parent af7af3943a
commit ca22b9731c
1 changed files with 39 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/flask_digest_auth/algo.py
View File

@ -60,34 +60,10 @@ def calc_response(
algorithm, when the body is missing with the auth-int qop, or when the
cnonce or nc is missing with the auth or auth-int qop.
"""
ha1: str = __calc_ha1(password_hash, nonce, algorithm, cnonce)
ha2: str = __calc_ha2(method, uri, qop, body)
if qop is None:
return md5(f"{ha1}:{nonce}:{ha2}".encode("utf8")).hexdigest()
if qop == "auth" or qop == "auth-int":
if cnonce is None:
raise UnauthorizedException(
f"Missing \"cnonce\" with the qop=\"{qop}\"")
if nc is None:
raise UnauthorizedException(
f"Missing \"nc\" with the qop=\"{qop}\"")
return md5(f"{ha1}:{nonce}:{nc}:{cnonce}:{qop}:{ha2}".encode("utf8"))\
.hexdigest()
if cnonce is None:
raise UnauthorizedException(
f"Unsupported qop=\"{qop}\"")
def __calc_ha1(password_hash: str, nonce: str,
algorithm: t.Optional[t.Literal["MD5", "MD5-sess"]] = None,
cnonce: t.Optional[str] = None) -> str:
def calc_ha1() -> str:
"""Calculates and returns the first hash.
:param password_hash: The password hash for the HTTP digest authentication.
:param nonce: The nonce.
:param algorithm: The algorithm, either "MD5", "MD5-sess", or None.
:param cnonce: The client nonce. It must be provided when the algorithm is
"MD5-sess".
:return: The first hash.
:raise UnauthorizedException: When the cnonce is missing with the MD5-sess
algorithm.
@ -103,25 +79,37 @@ def __calc_ha1(password_hash: str, nonce: str,
raise UnauthorizedException(
f"Unsupported algorithm=\"{algorithm}\"")
def __calc_ha2(method: str, uri: str,
qop: t.Optional[t.Literal["auth", "auth-int"]] = None,
body: t.Optional[bytes] = None) -> str:
def calc_ha2() -> str:
"""Calculates the second hash.
:param method: The request method.
:param uri: The request URI.
:param qop: The quality of protection, either "auth", "auth-int" or None.
:param body: The request body. It must be provided when the quality of
protection is "auth-int".
:return: The second hash.
:raise UnauthorizedException: When the body is missing with qop="auth-int".
:raise UnauthorizedException: When the body is missing with
qop="auth-int".
"""
if qop is None or qop == "auth":
return md5(f"{method}:{uri}".encode("utf8")).hexdigest()
if qop == "auth-int":
if body is None:
raise UnauthorizedException(f"Missing \"body\" with qop=\"{qop}\"")
return md5(f"{method}:{uri}:{md5(body).hexdigest()}".encode("utf8"))\
raise UnauthorizedException(
f"Missing \"body\" with qop=\"{qop}\"")
return md5(
f"{method}:{uri}:{md5(body).hexdigest()}".encode("utf8")) \
.hexdigest()
raise UnauthorizedException(f"Unsupported qop=\"{qop}\"")
ha1: str = calc_ha1()
ha2: str = calc_ha2()
if qop is None:
return md5(f"{ha1}:{nonce}:{ha2}".encode("utf8")).hexdigest()
if qop == "auth" or qop == "auth-int":
if cnonce is None:
raise UnauthorizedException(
f"Missing \"cnonce\" with the qop=\"{qop}\"")
if nc is None:
raise UnauthorizedException(
f"Missing \"nc\" with the qop=\"{qop}\"")
return md5(f"{ha1}:{nonce}:{nc}:{cnonce}:{qop}:{ha2}".encode("utf8"))\
.hexdigest()
if cnonce is None:
raise UnauthorizedException(
f"Unsupported qop=\"{qop}\"")