--- a/pvl/login/pubtkt.py Mon Jan 13 03:23:33 2014 +0200
+++ b/pvl/login/pubtkt.py Mon Jan 13 17:11:09 2014 +0200
@@ -18,21 +18,49 @@
return datetime.datetime.utcfromtimestamp(unix)
class Error (Exception) :
- pass
+ def __init__ (self, error) :
+ self.error = error
class ParseError (Error) :
- pass
+ """
+ Unable to load PubTkt from cookie.
+ """
+
+ def __unicode__ (self) :
+ return u"Invalid login token: {self.error}".format(self=self)
class VerifyError (Error) :
+ """
+ Unable to verify PubTkt.
+ """
+
def __init__ (self, pubtkt, error) :
self.pubtkt = pubtkt
self.error = error
+ def __unicode__ (self) :
+ return u"Invalid login token signature: {self.error}".format(self=self)
+
class ExpiredError (VerifyError) :
+ """
+ Verified PubTkt, but expired.
+ """
+
def __init__ (self, pubtkt, now) :
self.pubtkt = pubtkt
self.now = now
+ def __unicode__ (self) :
+ return u"Login token has expired"
+
+class ServerError (Error) :
+ """
+ Invalid server request.
+ """
+
+ def __unicode__ (self) :
+ return u"Login request is not valid: {self.error}".format(self=self)
+
class ServerKeys (object) :
@classmethod
def config (cls, public_key, private_key) :
@@ -90,7 +118,11 @@
else :
raise ParseError("Missing signature")
- sig = base64.b64decode(sig)
+ try :
+ sig = base64.b64decode(sig)
+ except (ValueError, TypeError) as ex :
+ raise ParseError("Invalid signature")
+
hash = hashlib.sha1(data).digest()
try :
@@ -98,9 +130,14 @@
except ValueError as ex :
raise ParseError(str(ex))
+ if 'uid' not in attrs or 'validuntil' not in attrs :
+ raise ParseError("Missing parameters in cookie (uid, validuntil)")
+
try :
return cls.build(**attrs), hash, sig
- except (TypeError, ValueError) as ex :
+ except TypeError as ex :
+ raise ParseError("Invalid or missing parameters in cookie")
+ except ValueError as ex :
raise ParseError(str(ex))
@classmethod
@@ -121,10 +158,13 @@
)
@classmethod
- def new (cls, uid, expiry, **opts) :
+ def new (cls, uid, valid, grace=None, **opts) :
now = cls.now()
- return cls(uid, now + expiry, **opts)
+ return cls(uid, now + valid,
+ graceperiod = now + grace if grace else None,
+ **opts
+ )
def __init__ (self, uid, validuntil, cip=None, tokens=(), udata=None, graceperiod=None, bauth=None) :
self.uid = uid
@@ -195,9 +235,13 @@
else :
return False
- def renew (self, expiry) :
+ def renew (self, valid, grace=None) :
if not self.valid() :
raise ExpiredError(self, "Unable to renew expired pubtkt")
- self.validuntil = self.now() + expiry
+ now = self.now()
+ self.validuntil = now + valid
+ self.graceperiod = now + grace if grace else None
+
+