authorization module., roles=None)[source]

Demand the user accessing protected resource is authenticated and optionally in one of allowed roles.

Requires wrapped object to provide attribute principal.

roles - a list of authorized roles.

Here is an example:

from import Principal

class Context(object):
    principal = None

    def op_a(self):
        return True

    def op_b(self):
        return True

errors module.


Raised when a security error occurs. It is subclass of RuntimeError.

principal module.

class'', roles=(), alias='', extra='')[source]

Container of user specific security information


Dump principal object.

classmethod load(s)[source]

Load principal object from string.

crypto package.

crypto module.

class, salt='', digestmod=None, cypher=<function aes128 at 0x911f924>, options=None)[source]

Protects sensitive information (e.g. user id).

Default policy applies verification and encryption. Verification is provided by hmac initialized with sha1 digestmod. Encryption is provided if available, by default it attempts to use AES cypher.

decode(value, encoding='UTF-8')[source]

Decode value according to ticket policy.

encode(value, encoding='UTF-8')[source]

Encode value according to ticket policy.


Compute hmac digest., digestmod)[source]

Translates a given key to a computed strong key of length 3 * digestmode.digest_size suitable for encryption, e.g. with digestmod set to sha1 returns 480 bit (60 bytes) key.

padding module.

see, block_size)[source]

Pad with zeros except make the last byte equal to the number of padding bytes.

The convention with this method is usually always to add a padding string, even if the original plaintext was already an exact multiple of block_size bytes.

s - byte string., block_size)[source]

Strip right by the last byte number.

s - byte string.