./security/py-mohawk, Library for Hawk HTTP authorization

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.1.0, Package name: py37-mohawk-1.1.0, Maintainer: pkgsrc-users

Mohawk is an alternate Python implementation of the Hawk HTTP authorization
scheme.

Hawk lets two parties securely communicate with each other using messages
signed by a shared key. It is based on HTTP MAC access authentication (which
was based on parts of OAuth 1.0).

The Mohawk API is a little different from that of the Node library (i.e. the
living Hawk spec). It was redesigned to be more intuitive to developers, less
prone to security problems, and more Pythonic.


Required to run:
[devel/py-setuptools] [lang/py-six] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: c1f40f98a43a9094c481d49ad5af3409da6728a3
RMD160: 9998b8d8617f61805b64ac78aee2a45e5f837d9e
Filesize: 18.073 KB

Version history: (Expand)


CVS history: (Expand)


   2019-11-13 16:06:44 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-mohawk: updated to 1.1.0

1.1.0:
Support passing file-like objects (those implementing .read(n)) as the content \ 
parameter for Resources. See mohawk.Sender for details.
   2019-01-17 14:22:00 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-mohawk: updated to 1.0.0

1.0.0:
Security related: Bewit MACs were not compared in constant time and were thus \ 
possibly circumventable by an attacker.
Breaking change: Escape characters in header values (such as a back slash) are \ 
no longer allowed, potentially breaking clients that depended on this behavior. \ 
See https://github.com/kumar303/mohawk/issues/34
A sender is allowed to omit the content hash as long as their request has no \ 
content. The mohawk.Receiver will skip the content hash check in this situation, \ 
regardless of the value of accept_untrusted_content. See Empty requests for more \ 
details.
Introduced max limit of 4096 characters in the Authorization header
Changed default values of content and content_type arguments to \ 
mohawk.base.EmptyValue in order to differentiate between misconfiguration and \ 
cases where these arguments are explicitly given as None (as with some web \ 
frameworks). See Skipping content checks for more details.
Failing to pass content and content_type arguments to mohawk.Receiver or \ 
mohawk.Sender.accept_response() without specifying accept_untrusted_content=True \ 
will now raise mohawk.exc.MissingContent instead of ValueError.
   2017-07-03 23:03:29 by Adam Ciarcinski | Files touched by this commit (4)
Log message:
Mohawk is an alternate Python implementation of the Hawk HTTP authorization
scheme.

Hawk lets two parties securely communicate with each other using messages
signed by a shared key. It is based on HTTP MAC access authentication (which
was based on parts of OAuth 1.0).

The Mohawk API is a little different from that of the Node library (i.e. the
living Hawk spec). It was redesigned to be more intuitive to developers, less
prone to security problems, and more Pythonic.