Django HMAC Documentation - Read the Docs
Transcript of Django HMAC Documentation - Read the Docs
![Page 1: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/1.jpg)
Django HMAC DocumentationRelease 1.3.2
SOON_
January 26, 2016
![Page 2: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/2.jpg)
![Page 3: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/3.jpg)
Contents
1 Key features: 3
2 Small example 5
3 Contents: 73.1 Instalation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73.2 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83.3 Django Hmac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4 Indices and tables 13
Python Module Index 15
i
![Page 4: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/4.jpg)
ii
![Page 5: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/5.jpg)
Django HMAC Documentation, Release 1.3.2
This module provides a middleware for HMAC signature Django views. It’s simply designed to check that a client isentitled to access routes, based on the fact that it must possess a copy of the secret key.
Contents 1
![Page 6: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/6.jpg)
Django HMAC Documentation, Release 1.3.2
2 Contents
![Page 7: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/7.jpg)
CHAPTER 1
Key features:
• HMAC Middleware
• HMAC View decorators
• Multiple keys for more services
• Service restricted access
3
![Page 8: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/8.jpg)
Django HMAC Documentation, Release 1.3.2
4 Chapter 1. Key features:
![Page 9: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/9.jpg)
CHAPTER 2
Small example
class SignedView(View):
@decorators.authdef get(self, request):
return HttpResponse("for all services")
@decorators.auth(only=['userservice'])def post(self, request):
return HttpResponse("Only for user service")
5
![Page 10: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/10.jpg)
Django HMAC Documentation, Release 1.3.2
6 Chapter 2. Small example
![Page 11: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/11.jpg)
CHAPTER 3
Contents:
3.1 Instalation
Install package:
pip install djangohmac
3.1.1 Middleware
To secure all your app with HMAC you can use a middleware.
MIDDLEWARE_CLASSES = (# ...'djangohmac.middleware.HmacMiddleware',
)
Note: Middleware is applied on all views except the admin!
3.1.2 Decorators
You can specify views which are protected by HMAC by using decorators. You can also pass list of services whichhave access to the view. If the list is not given all services defined in settings have access.
class SignedView(View):
@decorators.auth()def get(self, request):
return HttpResponse("For all services")
@decorators.auth(only=['serviceA'])def post(self, request):
return HttpResponse("Only for service A")
7
![Page 12: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/12.jpg)
Django HMAC Documentation, Release 1.3.2
3.1.3 Settings
Single key:
HMAC_SECRET = 'HMAC_SECRET'
Multiple keys:
HMAC_SECRETS = {'serviceA': 'HMAC_SERVICE_A_SECRET','serviceB': 'HMAC_SERVICE_B_SECRET'
}
Other settings:
• HMAC_HEADER: HTTP header where signature is stored (Default: Signature)
• HMAC_DIGESTMOD: Digest mod (Default: hashlib.sha256)
• HMAC_DISABLE: Disable or enable HMAC True/False (Default: Enabled)
3.2 Examples
The signature is build from a secret key and a request body if exists.
3.2.1 Python
To send valid HMAC signature to a view you can use shmac.make_hmac()
from djangohmac.sign import shmac
sig = shmac.make_hmac() # generate signatureresponse = requests.get(
'/hmac_auth_view',headers={hmac.header: sig}
)
To generate signature for particular service:
sig = shmac.make_hmac_for('service', 'request body')response = requests.get(
'/hmac_auth_view','request body',headers={hmac.header: sig}
)
3.2.2 HTTP
Valid signature is send:
Example request:
8 Chapter 3. Contents:
![Page 13: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/13.jpg)
Django HMAC Documentation, Release 1.3.2
GET /api/v1/users HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateConnection: keep-aliveHost: localdocker:8000Signature: dXNlcnNlcnZpY2U6RDVyRm5TcnJUUTQyZUttcDIreWhXayttYzZPK0hjRHZjWWFwbW9MeFdjQT0=User-Agent: HTTPie/0.9.2
Response response:
HTTP/1.0 200 OKContent-Type: text/html; charset=utf-8Date: Thu, 15 Oct 2015 09:53:10 GMTServer: WSGIServer/0.1 Python/2.7.10Vary: CookieX-Frame-Options: SAMEORIGIN
Invalid signature is send:
Response request:
GET /api/v1/users HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateConnection: keep-aliveHost: localdocker:8000Signature: blablaUser-Agent: HTTPie/0.9.2
Response response:
HTTP/1.0 403 FORBIDDENContent-Type: text/html; charset=utf-8Date: Thu, 15 Oct 2015 09:53:35 GMTServer: WSGIServer/0.1 Python/2.7.10Vary: CookieX-Frame-Options: SAMEORIGIN
3.3 Django Hmac
3.3.1 djangohmac package
Submodules
djangohmac.decorators module
djangohmac.decorators.auth(func=None, only=None)Route decorator. Validates an incoming request can access the route function.
Keyword Args: only (list): Optional list of clients that can access the view
class SignedView(View):
@decorators.auth
3.3. Django Hmac 9
![Page 14: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/14.jpg)
Django HMAC Documentation, Release 1.3.2
def get(self, request):return HttpResponse("For all services")
@decorators.auth(only=['serviceA'])def post(self, request):
return HttpResponse("Only for service A")
djangohmac.middleware module
class djangohmac.middleware.HmacMiddlewareBases: object
Uses global signature HMAC_SECRET defined in settings
process_request(request)
djangohmac.sign module
class djangohmac.sign.HmacBases: object
abort()Called when validation failed.
Raises: PermissionDenied()
get_signature(request)Get signature from djagno requests
Arguments: request: Django request
Returns: string: HMAC signature
Raises: SecretKeyIsNotSet
hmac_disarm
hmac_key
make_hmac(data=’‘, key=None)Generates HMAC key
Arguments: data (str): HMAC message key (str): secret key of another app
make_hmac_for(name, data=’‘)Generates HMAC key for named key
Arguments: name (str): key name from HMAC_SECRETS dict data (str): HMAC message
Raises: UnknownKeyName
validate_multiple_signatures(key_name, signature, request)Validate signature from djagno request. But it takes key from HMAC_SECRETS list
Arguments: request (request): Django request class only (list): Restricted only for this list of service
Returns: boolen
Raises: InvalidSignature
validate_signature(request, only=None)Validate signate in given request.
10 Chapter 3. Contents:
![Page 15: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/15.jpg)
Django HMAC Documentation, Release 1.3.2
Arguments: request: Django request only: list of keys from HMAC_SECRETS to restrict signatures
Returns: boolean: True when signature is valid otherwice False
Raises: InvalidSignature SecretKeyIsNotSet
validate_single_signature(request)Validate signature from djagno request
Arguments: request (request): Django request class
Returns: boolen
Raises: InvalidSignature
exception djangohmac.sign.HmacExceptionBases: exceptions.Exception
exception djangohmac.sign.InvalidSignatureBases: djangohmac.sign.HmacException
exception djangohmac.sign.SecretKeyIsNotSetBases: djangohmac.sign.HmacException
exception djangohmac.sign.UnknownKeyNameBases: djangohmac.sign.HmacException
djangohmac.sign.decode_string(value)
djangohmac.sign.encode_string(value)
Module contents
3.3. Django Hmac 11
![Page 16: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/16.jpg)
Django HMAC Documentation, Release 1.3.2
12 Chapter 3. Contents:
![Page 17: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/17.jpg)
CHAPTER 4
Indices and tables
• genindex
• modindex
• search
13
![Page 18: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/18.jpg)
Django HMAC Documentation, Release 1.3.2
14 Chapter 4. Indices and tables
![Page 19: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/19.jpg)
Python Module Index
ddjangohmac, 11djangohmac.decorators, 9djangohmac.middleware, 10djangohmac.sign, 10
15
![Page 20: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/20.jpg)
Django HMAC Documentation, Release 1.3.2
16 Python Module Index
![Page 21: Django HMAC Documentation - Read the Docs](https://reader031.fdocuments.in/reader031/viewer/2022021010/62042a7b5bed4405a857b9d6/html5/thumbnails/21.jpg)
Index
Aabort() (djangohmac.sign.Hmac method), 10auth() (in module djangohmac.decorators), 9
Ddecode_string() (in module djangohmac.sign), 11djangohmac (module), 11djangohmac.decorators (module), 9djangohmac.middleware (module), 10djangohmac.sign (module), 10
Eencode_string() (in module djangohmac.sign), 11
Gget_signature() (djangohmac.sign.Hmac method), 10
HHmac (class in djangohmac.sign), 10hmac_disarm (djangohmac.sign.Hmac attribute), 10hmac_key (djangohmac.sign.Hmac attribute), 10HmacException, 11HmacMiddleware (class in djangohmac.middleware), 10
IInvalidSignature, 11
Mmake_hmac() (djangohmac.sign.Hmac method), 10make_hmac_for() (djangohmac.sign.Hmac method), 10
Pprocess_request() (djan-
gohmac.middleware.HmacMiddlewaremethod), 10
SSecretKeyIsNotSet, 11
UUnknownKeyName, 11
Vvalidate_multiple_signatures() (djangohmac.sign.Hmac
method), 10validate_signature() (djangohmac.sign.Hmac method), 10validate_single_signature() (djangohmac.sign.Hmac
method), 11
17