Modules¶

wheezy.security¶

wheezy.security.authorized(wrapped=None, roles=None)[source]¶

Demand the user accessing protected resource is authenticated and optionally in one of allowed roles.

Requires wrapped object to provide attribute principal.

roles - a list of authorized roles.

Here is an example:

from wheezy.security.principal import Principal

class Context(object):
    principal = None

    @authorized
    def op_a(self):
        return True

    @authorized(roles=('operator',))
    def op_b(self):
        return True

exception wheezy.security.SecurityError(message)[source]¶: Raised when a security error occurs. It is subclass of RuntimeError.

class wheezy.security.Principal(id='', roles=(), alias='', extra='')[source]¶

Container of user specific security information

dump()[source]¶: Dump principal object.

classmethod load(s)[source]¶: Load principal object from string.

wheezy.security.authorization¶

authorization module.

wheezy.security.authorization.authorized(wrapped=None, roles=None)[source]¶

Demand the user accessing protected resource is authenticated and optionally in one of allowed roles.

Requires wrapped object to provide attribute principal.

roles - a list of authorized roles.

Here is an example:

from wheezy.security.principal import Principal

class Context(object):
    principal = None

    @authorized
    def op_a(self):
        return True

    @authorized(roles=('operator',))
    def op_b(self):
        return True

wheezy.security.errors¶

errors module.

exception wheezy.security.errors.SecurityError(message)[source]¶: Raised when a security error occurs. It is subclass of RuntimeError.

wheezy.security.principal¶

principal module.

class wheezy.security.principal.Principal(id='', roles=(), alias='', extra='')[source]¶

Container of user specific security information

dump()[source]¶: Dump principal object.

classmethod load(s)[source]¶: Load principal object from string.

wheezy.security.crypto¶

crypto package.

class wheezy.security.crypto.Ticket(max_age=900, salt='', digestmod=None, cypher=None, options=None)[source]¶

Protects sensitive information (e.g. user id).

Default policy applies verification and encryption. Verification is provided by hmac initialized with sha1 digestmod. Encryption is provided if available, by default it attempts to use AES cypher.

decode(value, encoding='UTF-8')[source]¶: Decode value according to ticket policy.

encode(value, encoding='UTF-8')[source]¶: Encode value according to ticket policy.

sign(value)[source]¶: Compute hmac digest.

wheezy.security.crypto.ticket¶

crypto module.

class wheezy.security.crypto.ticket.Ticket(max_age=900, salt='', digestmod=None, cypher=None, options=None)[source]¶

Protects sensitive information (e.g. user id).

Default policy applies verification and encryption. Verification is provided by hmac initialized with sha1 digestmod. Encryption is provided if available, by default it attempts to use AES cypher.

decode(value, encoding='UTF-8')[source]¶: Decode value according to ticket policy.

encode(value, encoding='UTF-8')[source]¶: Encode value according to ticket policy.

sign(value)[source]¶: Compute hmac digest.

wheezy.security.crypto.ticket.ensure_strong_key(key, digestmod)[source]¶: Translates a given key to a computed strong key of length 3 * digestmode.digest_size suitable for encryption, e.g. with digestmod set to sha1 returns 480 bit (60 bytes) key.

wheezy.security.crypto.padding¶

padding module.

see http://www.di-mgt.com.au/cryptopad.html

wheezy.security.crypto.padding.pad(s, block_size)[source]¶

Pad with zeros except make the last byte equal to the number of padding bytes.

The convention with this method is usually always to add a padding string, even if the original plaintext was already an exact multiple of block_size bytes.

s - byte string.

wheezy.security.crypto.padding.unpad(s, block_size)[source]¶

Strip right by the last byte number.

s - byte string.