pusing 2.2 RI changes

renisac · May 20, 2019 · a6e7339 · a6e7339
1 parent 0d78723
commit a6e7339
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 10 deletions.
diff --git a/auth_tkt/__init__.py b/auth_tkt/__init__.py
@@ -1,2 +1,2 @@
 __doc__ = 'Python implementation of mod_auth_tkt cookies'
-__version__ = '0.2.1'
+__version__ = '0.2.2'
diff --git a/auth_tkt/helpers.py b/auth_tkt/helpers.py
@@ -3,11 +3,11 @@
 
 
 def get_ticket_data(ticket, authtkt_secret, crypted_cookie_secret=None,
-                    timeout=7200, encoding='utf-8'):
+                    timeout=7200, encoding='utf-8', algo='MD5'):
     """We store user information in our session hashes. You can retreive that
     data with this function."""
     ticket = validate(
-        ticket, authtkt_secret, timeout=timeout, encoding=encoding)
+        ticket, authtkt_secret, timeout=timeout, encoding=encoding, algo=algo)
 
     if not ticket:
         return None

diff --git a/auth_tkt/ticket.py b/auth_tkt/ticket.py
@@ -19,7 +19,7 @@
 from auth_tkt.compat import base64decode, base64encode, to_bytes
 
 
-def validate(ticket, secret, ip='0.0.0.0', timeout=7200, encoding='utf-8'):
+def validate(ticket, secret, ip='0.0.0.0', timeout=7200, encoding='utf-8', algo='MD5'):
     """Validate a given authtkt ticket for the secret and ip provided"""
     if len(ticket) < 40:
         return False
@@ -29,19 +29,27 @@ def validate(ticket, secret, ip='0.0.0.0', timeout=7200, encoding='utf-8'):
 
     if '!' not in ticket:
         try:
-            raw = base64decode(ticket, encoding)
+            raw = base64decode(ticket, encoding=encoding)
             base64 = True
         except binascii.Error:
             return False
 
     if '!' not in raw:
         return False
 
-    raw = raw[32:]
+    if algo == 'SHA512':
+        raw = raw[128:]
+    elif algo == 'SHA256':
+        raw = raw[64:]
+    else:
+        raw = raw[32:]
+
     ts, raw = raw[:8], raw[8:]
     uid, extra = raw.split('!', 1)
     tokens = data = ''
 
+
+
     try:
         ts = int(ts, 16)
     except ValueError:
@@ -58,7 +66,7 @@ def validate(ticket, secret, ip='0.0.0.0', timeout=7200, encoding='utf-8'):
 
     auth_ticket = AuthTkt(
         secret, uid, data, ip, tokens.split(','), base64, ts,
-        encoding=encoding)
+        encoding=encoding, algo=algo)
     if auth_ticket.ticket() == ticket:
         return auth_ticket
 
@@ -67,7 +75,7 @@ def validate(ticket, secret, ip='0.0.0.0', timeout=7200, encoding='utf-8'):
 
 class AuthTkt(object):
     def __init__(self, secret, uid, data='', ip='0.0.0.0', tokens=(),
-                 base64=True, ts=None, encoding='utf-8'):
+                 base64=True, ts=None, encoding='utf-8', algo='MD5'):
         self.secret = str(secret)
         self.uid = str(uid)
         self.data = data
@@ -77,6 +85,13 @@ def __init__(self, secret, uid, data='', ip='0.0.0.0', tokens=(),
         self.base64 = base64
         self.ts = int(time() if ts is None else ts)
 
+        self.hash_algo = hashlib.md5
+
+        if algo == 'SHA256':
+            self.hash_algo = hashlib.sha256
+        if algo == 'SHA512':
+            self.hash_algo = hashlib.sha512
+
     def ticket(self):
         v = self.cookie_value()
         if self.base64:
@@ -103,14 +118,14 @@ def cookie_value(self):
     def _digest(self):
         parts = [self._digest0(), self.secret]
         parts = b''.join([to_bytes(part) for part in parts])
-        return hashlib.md5(parts).hexdigest()
+        return self.hash_algo(parts).hexdigest()
 
     def _digest0(self):
         parts = (
             self._encode_ip(self.ip), self._encode_ts(self.ts),
             to_bytes(self.secret), to_bytes(self.uid), b'\0',
             to_bytes(self.tokens), b'\0', to_bytes(self.data))
-        return hashlib.md5(b''.join(parts)).hexdigest()
+        return self.hash_algo(b''.join(parts)).hexdigest()
 
     def _encode_ip(self, ip):
         return socket.inet_aton(ip)