We start with a simple example. Before we proceed let’s setup a virtualenv environment:
$ virtualenv env
$ env/bin/easy_install wheezy.security[pycrypto]
Let’s assume we would like to protect some sensitive information, e.g. user id. We can encrypt it, add a hash to prove validity and finally say that this value is valid for 20 minutes only:
from wheezy.security.crypto import Ticket
ticket = Ticket(max_age=1200, salt='p5sArbHFZvxgeEJFrM9h')
Once you have ticket you can encode any string:
protected_value = ticket.encode('hello')
Decode protected_value this way:
value = ticket.decode(protected_value)
Ticket can be used to protect user principal over network (e.g. in http cookie):
from wheezy.security import Principal
principal = Principal(
id='125134788',
roles=['user'],
alias='John Smith')
secure_value = ticket.encode(principal.dump())
Server side now restores this information:
from wheezy.security import ANONYMOUS
from wheezy.security import Principal
principal_dump = ticket.decode(secure_value)
if principal_dump:
principal = Principal.load(principal_dump)
else:
principal = ANONYMOUS