Package pyxmpp :: Package sasl :: Module core :: Class PasswordManager
[hide private]

Class PasswordManager

source code

Known Subclasses:

Base class for password managers.

Password manager is an object responsible for providing or verification of authentication credentials.

All the methods of PasswordManager class may be overriden in derived classes for specific authentication and authorization policy.

Instance Methods [hide private]
 
__init__(self)
Initialize a PasswordManager object.
source code
unicode,`str` tuple.
get_password(self, username, realm=None, acceptable_formats=('plain'))
Get the password for user authentication.
source code
bool
check_password(self, username, password, realm=None)
Check the password validity.
source code
list of unicode
get_realms(self)
Get available realms list.
source code
unicode
choose_realm(self, realm_list)
Choose an authentication realm from the list provided by the server.
source code
bool
check_authzid(self, authzid, extra_info=None)
Check if the authenticated entity is allowed to use given authorization id.
source code
 
get_serv_type(self)
Return the service type for DIGEST-MD5 'digest-uri' field.
source code
 
get_serv_host(self)
Return the host name for DIGEST-MD5 'digest-uri' field.
source code
 
get_serv_name(self)
Return the service name for DIGEST-MD5 'digest-uri' field.
source code
str
generate_nonce(self)
Generate a random string for digest authentication challenges.
source code
Method Details [hide private]

get_password(self, username, realm=None, acceptable_formats=('plain'))

source code 

Get the password for user authentication.

[both client or server]

By default returns (None, None) providing no password. Should be overriden in derived classes.

Parameters:
  • username (: unicode) - : the username for which the password is requested.
  • realm (: unicode) - : the authentication realm for which the password is requested.
  • acceptable_formats (: sequence of str) - : a sequence of acceptable formats of the password data. Could be "plain", "md5:user:realm:password" or any other mechanism-specific encoding. This allows non-plain-text storage of passwords. But only "plain" format will work with all password authentication mechanisms.
Returns: unicode,`str` tuple.
the password and its encoding (format).

check_password(self, username, password, realm=None)

source code 

Check the password validity.

[server only]

Used by plain-text authentication mechanisms.

Retrieve a "plain" password for the username and realm using self.get_password and compare it with the password provided.

May be overrided e.g. to check the password against some external authentication mechanism (PAM, LDAP, etc.).

Parameters:
  • username (: unicode) - : the username for which the password verification is requested.
  • password (: unicode) - : the password to verify.
  • realm (: unicode) - : the authentication realm for which the password verification is requested.
Returns: bool
True if the password is valid.

get_realms(self)

source code 

Get available realms list.

[server only]

Returns: list of unicode
a list of realms available for authentication. May be empty -- the client may choose its own realm then or use no realm at all.

choose_realm(self, realm_list)

source code 

Choose an authentication realm from the list provided by the server.

[client only]

By default return the first realm from the list or None if the list is empty.

Parameters:
  • realm_list (: sequence of unicode) - : the list of realms provided by a server.
Returns: unicode
the realm chosen.

check_authzid(self, authzid, extra_info=None)

source code 

Check if the authenticated entity is allowed to use given authorization id.

[server only]

By default return True if the authzid is None or empty or it is equal to extra_info["username"] (if the latter is present).

Parameters:
  • authzid (: unicode) - : an authorization id.
  • extra_info (: mapping) - : information about an entity got during the authentication process. This is a mapping with arbitrary, mechanism-dependent items. Common keys are 'username' or 'realm'.
Returns: bool
True if the authenticated entity is authorized to use the provided authorization id.

get_serv_type(self)

source code 

Return the service type for DIGEST-MD5 'digest-uri' field.

Should be overriden in derived classes.

Returns:
the service type ("unknown" by default)

get_serv_host(self)

source code 

Return the host name for DIGEST-MD5 'digest-uri' field.

Should be overriden in derived classes.

Returns:
the host name ("unknown" by default)

get_serv_name(self)

source code 

Return the service name for DIGEST-MD5 'digest-uri' field.

Should be overriden in derived classes.

Returns:
the service name or None (which is the default).

generate_nonce(self)

source code 

Generate a random string for digest authentication challenges.

The string should be cryptographicaly secure random pattern.

Returns: str
the string generated.