Hi Domen, I would agree with you if it would really complicate things much, but I can't see why it would. All those cases are really simple to implement and I don't see any security risks either as the configuration of the hash algorithm is under full control of the application developer using it. However, if Chris disagrees, I can remove all those features and really restrict it to basic algorithms (in this case I would prefer to offer all those currently supported by hashlib.
Now on to the work: I have finished the code and also implemented some new tests to assure it works. But here is where I will now need help from more experienced developers: How can I make sure I have full coverage of all situations? This seems to be the most tricky part. In fact, I think I should have covered all parts but this is because I assume that there is no interaction between the hashalg and the parameters I put in (e.g. should I test with and without tokens explicitly? I chose not to). Before I submit a patch for pyramid on github, I would kindly ask for some code review by experienced developers. Under https://github.com/Javex/pyramid/tree/feature.auth_multiple_hashalgs you will find my cloned repository's feature branch. Please have a look at it, maybe clone it and tell me what I possibly missed. If feedback is positive, I will submit a pull request to pyramid. Please note: *I consider this finished, so I now await feedback. *Regards, Florian -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-devel/-/QJfM_vSmF-cJ. To post to this group, send email to pylons-devel@googlegroups.com. To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en.
