Navigation

Modules

wheezy.security

wheezy.security.authorization

authorization module.

wheezy.security.authorization.authorized(wrapped=None, roles=None)[source]

Demand the user accessing protected resource is authenticated and optionally in one of allowed roles.

Requires wrapped object to provide attribute principal.

roles - a list of authorized roles.

Here is an example:

from wheezy.security.principal import Principal

class Context(object):
    principal = None

    @authorized
    def op_a(self):
        return True

    @authorized(roles=('operator',))
    def op_b(self):
        return True

wheezy.security.errors

errors module.

exception wheezy.security.errors.SecurityError(message)[source]

Raised when a security error occurs. It is subclass of RuntimeError.

wheezy.security.principal

principal module.

class wheezy.security.principal.Principal(id='', roles=(), alias='', extra='')[source]

Container of user specific security information

dump()[source]

Dump principal object.

classmethod load(s)[source]

Load principal object from string.

wheezy.security.crypto

crypto package.

wheezy.security.crypto.ticket

crypto module.

class wheezy.security.crypto.ticket.Ticket(max_age=900, salt='', digestmod=None, cypher=<function aes128 at 0x911f924>, options=None)[source]

Protects sensitive information (e.g. user id).

Default policy applies verification and encryption. Verification is provided by hmac initialized with sha1 digestmod. Encryption is provided if available, by default it attempts to use AES cypher.

decode(value, encoding='UTF-8')[source]

Decode value according to ticket policy.

encode(value, encoding='UTF-8')[source]

Encode value according to ticket policy.

sign(value)[source]

Compute hmac digest.

wheezy.security.crypto.ticket.ensure_strong_key(key, digestmod)[source]

Translates a given key to a computed strong key of length 3 * digestmode.digest_size suitable for encryption, e.g. with digestmod set to sha1 returns 480 bit (60 bytes) key.

wheezy.security.crypto.padding

padding module.

see http://www.di-mgt.com.au/cryptopad.html

wheezy.security.crypto.padding.pad(s, block_size)[source]

Pad with zeros except make the last byte equal to the number of padding bytes.

The convention with this method is usually always to add a padding string, even if the original plaintext was already an exact multiple of block_size bytes.

s - byte string.

wheezy.security.crypto.padding.unpad(s, block_size)[source]

Strip right by the last byte number.

s - byte string.

Table Of Contents

Previous topic

User Guide

This Page

Navigation