I have a question on tests:
Four tests in "pyramid.tests.test_authentication.TestAuthTktCookieHelper"
worry me: They do something like
values = self._parseHeaders(result)
val = self._cookieValue(values[0])
Which fails with
return eval(cookie.value)
{'secure': False, 'remote_addr': '0.0.0.0', 'cookie_name': 'auth_tkt',
'userid': 'dXNlcmlk', 'user_data': 'userid_type:b64str', 'hashalg':
<built-in function openssl_md5>, 'tokens': (), 'secret': 'secret'}
SyntaxError: invalid syntax
Unfortunately, I don't understand the purpose of those tests. Thus, I can't
fix them without risking breaking the test. What do tests like
"test_remember_binary_userid" do? Could I just remove the "hashalg" key
from the dict or should I fix this another way.
Note on progress: I took myself some time and started implementing it. When
I was done, I ran the tests. Where they failed, I looked into the code and
set the hashalg to md5 where appropriate. Thus, I think if all tests pass,
I should have insured the old system is not broken in any way. Next step
then: I will create tests for the new mechanism (for which I need help
then).
On functionality: I decided to add a new parameter called 'hashalg'. It
accepts either a new from the hashlib suite (like 'sha256' in all notations
like 'SHA-256', 'SHA256' or 'sha-256'), a dotted python name (like
'hashlib.sha256') or the function itself (e.g. hashalg=hashlib.sha256).
Requirement for anything passed is that the resulting object can be used
like this: hashalg("string").hexdigest() and it must be able to operate on
an empty string (to determine the length) and of course it must return a
fixed length. HMAC is not supported (it would require more complex methods
to pass a key and a string instead of just a string).
Current progress can be found on
github<https://github.com/Javex/pyramid/tree/feature.auth_multiple_hashalgs>,
but I am not done yet and there may be errors. If you already see some
flaws in the concept please point them out. But you may as well just wait
until I report that I am done ;)
--
You received this message because you are subscribed to the Google Groups
"pylons-devel" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/pylons-devel/-/OUp_z4YLZLAJ.
To post to this group, send email to pylons-devel@googlegroups.com.
To unsubscribe from this group, send email to
pylons-devel+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-devel?hl=en.
