mohawk
mohawk copied to clipboard
kumar303
Python library for Hawk HTTP authorization
I'm using v0.3.4 on python 3.6 and I'm seeing the following warning being logged during `Sender.accept_response` calls: `seen_nonce was None; not checking nonce. You may be vulnerable to replay attacks`...
A common server setup is to have a proxy (such as nginx) in front of the web server that accepts http requests over ssl and proxy passes them to a...
I think we need a higher level interface for bewit (signed URLs) and some good docs. I can work on this. The core functions were added in https://github.com/kumar303/mohawk/pull/13
If you do something like this: ```python from mohawk.bewit import check_bewit check_bewit( 'https://site.org/protected-image.png?bewit=just-a-random-string', credential_lookup=... ) ``` ... you'll get something like: ``` Traceback (most recent call last): File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/doctest.py", line...
From [the Hawk spec](https://github.com/hueniverse/hawk#payload-validation): > However, if the payload is not available at authentication time (e.g. too large to fit in memory, streamed elsewhere, or processed at a different stage...
The `accept_untrusted_content=False` keyword in `Receiver()` and `Sender.receive()` is somewhat misleading, and has caused some confusion about its intended usage (see discussion in #24, #40, and #43). I see two possibilities:...
It's hard to get timestamps in sync between clients and servers so the Haw spec officially recommends using an [NTP](http://www.ntp.org/) server. In python there is [ntplib](https://pypi.python.org/pypi/ntplib/) for this. Let's do...
The bewits generated in mohawk.bewit are returned having padding `=` characters in them. These equals padding characters cause the bewit to be not url safe. We should `.rstrip('=')` the bewits...
The receiver (and any compliant Hawk server) might return a www-authenticate header with a MAC'd timestamp in case of an expired message. See: https://github.com/kumar303/mohawk/commit/957c1c93733f3a3133d32a6221165c48154bba24 and https://github.com/kumar303/mohawk/commit/2ced3921977917c2aebed50d1f9da7b4d61a9eaa Let's add support to...
This moves the test suite of this package from the deprecated nose test runner to pytest. Nose has been deprecated for a long time, and per its webpage, projects should...
