upstream/ipython Files · IPython/lib/security.py

Backport PR : P3K: fix cookie parsing under Python 3.x (+ duplicate import is removed)...

Backport PR : P3K: fix cookie parsing under Python 3.x (+ duplicate import is removed) This fixes ``` WARNING:root:couldn't parse cookie string: b'__utma=96992031.448119963.1345042395.1345203014.1351851470.3; __utmz=96992031.1345042395.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionid=2456b59cebe2a3c7075c6d3f1d136c36; csrftoken=I9knGxQWHWXSUAeOXihXlzs0IJxbss07' Traceback (most recent call last): File "/Users/kmike/envs/pymorphy-33/lib/python3.3/site-packages/ipython-0.14.dev-py3.3.egg/IPython/frontend/html/notebook/handlers.py", line 441, in _inject_cookie_message self.request._cookies = http.cookies.SimpleCookie(msg) File "/usr/local/Cellar/python3/3.3.0/Frameworks/Python.framework/Versions/3.3/lib/python3.3/http/cookies.py", line 476, in __init__ self.load(input) File "/usr/local/Cellar/python3/3.3.0/Frameworks/Python.framework/Versions/3.3/lib/python3.3/http/cookies.py", line 524, in load for key, value in rawdata.items(): AttributeError: 'bytes' object has no attribute 'items' ``` warning under Python 3.x

Thomas Kluyver - - Load All Authors

File last commit:

r5343:9a89486e


                r9859:0bf51ac4

Download file

             security.py
        
                    118 lines
            
             | 3.4 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / IPython / lib / security.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      """

      Password generation for the IPython notebook.

      """

      #-----------------------------------------------------------------------------

      # Imports

      #-----------------------------------------------------------------------------

      # Stdlib

      import getpass

      import hashlib

      import random

      # Our own

      from IPython.core.error import UsageError

      from IPython.testing.skipdoctest import skip_doctest

      from IPython.utils.py3compat import cast_bytes, str_to_bytes

      #-----------------------------------------------------------------------------

      # Globals

      #-----------------------------------------------------------------------------

      # Length of the salt in nr of hex chars, which implies salt_len * 4

      # bits of randomness.

      salt_len = 12

      #-----------------------------------------------------------------------------

      # Functions

      #-----------------------------------------------------------------------------

      @skip_doctest

      def passwd(passphrase=None, algorithm='sha1'):

          """Generate hashed password and salt for use in notebook configuration.

          In the notebook configuration, set `c.NotebookApp.password` to

          the generated string.

          Parameters

          ----------

          passphrase : str

              Password to hash.  If unspecified, the user is asked to input

              and verify a password.

          algorithm : str

              Hashing algorithm to use (e.g, 'sha1' or any argument supported

              by :func:`hashlib.new`).

          Returns

          -------

          hashed_passphrase : str

              Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.

          Examples

          --------

          In [1]: passwd('mypassword')

          Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'

          """

          if passphrase is None:

              for i in range(3):

                  p0 = getpass.getpass('Enter password: ')

                  p1 = getpass.getpass('Verify password: ')

                  if p0 == p1:

                      passphrase = p0

                      break

                  else:

                      print('Passwords do not match.')

              else:

                  raise UsageError('No matching passwords found. Giving up.')

          h = hashlib.new(algorithm)

          salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)

          h.update(cast_bytes(passphrase, 'utf-8') + str_to_bytes(salt, 'ascii'))

          return ':'.join((algorithm, salt, h.hexdigest()))

      def passwd_check(hashed_passphrase, passphrase):

          """Verify that a given passphrase matches its hashed version.

          Parameters

          ----------

          hashed_passphrase : str

              Hashed password, in the format returned by `passwd`.

          passphrase : str

              Passphrase to validate.

          Returns

          -------

          valid : bool

              True if the passphrase matches the hash.

          Examples

          --------

          In [1]: from IPython.lib.security import passwd_check

          In [2]: passwd_check('sha1:0e112c3ddfce:a68df677475c2b47b6e86d0467eec97ac5f4b85a',

             ...:              'mypassword')

          Out[2]: True

          In [3]: passwd_check('sha1:0e112c3ddfce:a68df677475c2b47b6e86d0467eec97ac5f4b85a',

             ...:              'anotherpassword')

          Out[3]: False

          """

          try:

              algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)

          except (ValueError, TypeError):

              return False

          try:

              h = hashlib.new(algorithm)

          except ValueError:

              return False

          if len(pw_digest) == 0:

              return False

          h.update(cast_bytes(passphrase, 'utf-8') + str_to_bytes(salt, 'ascii'))

          return h.hexdigest() == pw_digest

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				"""
				Password generation for the IPython notebook.
				"""
				#-----------------------------------------------------------------------------
				# Imports
				#-----------------------------------------------------------------------------
				# Stdlib
				import getpass
				import hashlib
				import random

				# Our own
				from IPython.core.error import UsageError
				from IPython.testing.skipdoctest import skip_doctest
				from IPython.utils.py3compat import cast_bytes, str_to_bytes

				#-----------------------------------------------------------------------------
				# Globals
				#-----------------------------------------------------------------------------

				# Length of the salt in nr of hex chars, which implies salt_len * 4
				# bits of randomness.
				salt_len = 12

				#-----------------------------------------------------------------------------
				# Functions
				#-----------------------------------------------------------------------------

				@skip_doctest
				def passwd(passphrase=None, algorithm='sha1'):
				"""Generate hashed password and salt for use in notebook configuration.

				In the notebook configuration, set `c.NotebookApp.password` to
				the generated string.

				Parameters
				----------
				passphrase : str
				Password to hash. If unspecified, the user is asked to input
				and verify a password.
				algorithm : str
				Hashing algorithm to use (e.g, 'sha1' or any argument supported
				by :func:`hashlib.new`).

				Returns
				-------
				hashed_passphrase : str
				Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.

				Examples
				--------
				In [1]: passwd('mypassword')
				Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'

				"""
				if passphrase is None:
				for i in range(3):
				p0 = getpass.getpass('Enter password: ')
				p1 = getpass.getpass('Verify password: ')
				if p0 == p1:
				passphrase = p0
				break
				else:
				print('Passwords do not match.')
				else:
				raise UsageError('No matching passwords found. Giving up.')

				h = hashlib.new(algorithm)
				salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)
				h.update(cast_bytes(passphrase, 'utf-8') + str_to_bytes(salt, 'ascii'))

				return ':'.join((algorithm, salt, h.hexdigest()))


				def passwd_check(hashed_passphrase, passphrase):
				"""Verify that a given passphrase matches its hashed version.

				Parameters
				----------
				hashed_passphrase : str
				Hashed password, in the format returned by `passwd`.
				passphrase : str
				Passphrase to validate.

				Returns
				-------
				valid : bool
				True if the passphrase matches the hash.

				Examples
				--------
				In [1]: from IPython.lib.security import passwd_check

				In [2]: passwd_check('sha1:0e112c3ddfce:a68df677475c2b47b6e86d0467eec97ac5f4b85a',
				...: 'mypassword')
				Out[2]: True

				In [3]: passwd_check('sha1:0e112c3ddfce:a68df677475c2b47b6e86d0467eec97ac5f4b85a',
				...: 'anotherpassword')
				Out[3]: False

				"""
				try:
				algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)
				except (ValueError, TypeError):
				return False

				try:
				h = hashlib.new(algorithm)
				except ValueError:
				return False

				if len(pw_digest) == 0:
				return False

				h.update(cast_bytes(passphrase, 'utf-8') + str_to_bytes(salt, 'ascii'))

				return h.hexdigest() == pw_digest