./security/py-mohawk, Library for Hawk HTTP authorization

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.1.0nb2, Package name: py312-mohawk-1.1.0nb2, Maintainer: pkgsrc-users

Mohawk is an alternate Python implementation of the Hawk HTTP authorization
scheme.

Hawk lets two parties securely communicate with each other using messages
signed by a shared key. It is based on HTTP MAC access authentication (which
was based on parts of OAuth 1.0).

The Mohawk API is a little different from that of the Node library (i.e. the
living Hawk spec). It was redesigned to be more intuitive to developers, less
prone to security problems, and more Pythonic.


Required to run:
[devel/py-setuptools] [lang/py-six] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 18.073 KB

Version history: (Expand)


CVS history: (Expand)


   2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595)
Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2019-11-13 16:06:44 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-mohawk: updated to 1.1.0

1.1.0:
Support passing file-like objects (those implementing .read(n)) as the content \ 
parameter for Resources. See mohawk.Sender for details.
   2019-01-17 14:22:00 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-mohawk: updated to 1.0.0

1.0.0:
Security related: Bewit MACs were not compared in constant time and were thus \ 
possibly circumventable by an attacker.
Breaking change: Escape characters in header values (such as a back slash) are \ 
no longer allowed, potentially breaking clients that depended on this behavior. \ 
See https://github.com/kumar303/mohawk/issues/34
A sender is allowed to omit the content hash as long as their request has no \ 
content. The mohawk.Receiver will skip the content hash check in this situation, \ 
regardless of the value of accept_untrusted_content. See Empty requests for more \ 
details.
Introduced max limit of 4096 characters in the Authorization header
Changed default values of content and content_type arguments to \ 
mohawk.base.EmptyValue in order to differentiate between misconfiguration and \ 
cases where these arguments are explicitly given as None (as with some web \ 
frameworks). See Skipping content checks for more details.
Failing to pass content and content_type arguments to mohawk.Receiver or \ 
mohawk.Sender.accept_response() without specifying accept_untrusted_content=True \ 
will now raise mohawk.exc.MissingContent instead of ValueError.
   2017-07-03 23:03:29 by Adam Ciarcinski | Files touched by this commit (4)
Log message:
Mohawk is an alternate Python implementation of the Hawk HTTP authorization
scheme.

Hawk lets two parties securely communicate with each other using messages
signed by a shared key. It is based on HTTP MAC access authentication (which
was based on parts of OAuth 1.0).

The Mohawk API is a little different from that of the Node library (i.e. the
living Hawk spec). It was redesigned to be more intuitive to developers, less
prone to security problems, and more Pythonic.