(app, qop, algorithm, stale = False)
| 451 | |
| 452 | |
| 453 | def digest_challenge_response(app, qop, algorithm, stale = False): |
| 454 | response = app.make_response('') |
| 455 | response.status_code = 401 |
| 456 | |
| 457 | # RFC2616 Section4.2: HTTP headers are ASCII. That means |
| 458 | # request.remote_addr was originally ASCII, so I should be able to |
| 459 | # encode it back to ascii. Also, RFC2617 says about nonces: "The |
| 460 | # contents of the nonce are implementation dependent" |
| 461 | nonce = H(b''.join([ |
| 462 | getattr(request, 'remote_addr', u'').encode('ascii'), |
| 463 | b':', |
| 464 | str(time.time()).encode('ascii'), |
| 465 | b':', |
| 466 | os.urandom(10) |
| 467 | ]), algorithm) |
| 468 | opaque = H(os.urandom(10), algorithm) |
| 469 | |
| 470 | auth = WWWAuthenticate("digest") |
| 471 | auth.set_digest('me@kennethreitz.com', nonce, opaque=opaque, |
| 472 | qop=('auth', 'auth-int') if qop is None else (qop,), algorithm=algorithm) |
| 473 | auth.stale = stale |
| 474 | response.headers['WWW-Authenticate'] = auth.to_header() |
| 475 | return response |
no test coverage detected
searching dependent graphs…