Authors: Rushy Panchal, Naphat Sanguansin, Adam Libresco, Jérémie Lumbroso.
pywsse is an all-encompassing package to meet various needs for WSSE usage - both as an authentication backend (for various frameworks) and as a plug-and-play authentication mechanism for clients.
The motivation for this package came after dealing with various ambiguities in the WSSE protocol - some servers require specific digest algorithms and base64-encode different parts of the token. By utilizing a single library, you can be assured that there the token is generated and verified in the same way by both client and server.
Python versions 2.7, 3.4, 3.5, and 3.6 are supported.
The following backend frameworks are currently supported:
- Django REST Framework (versions 3.5 onwards with Django 1.11 onwards)
In addition, the following client packages are supported:
To utilize the Django REST Framework plugin, install the Django plugin to
settings.INSTALLED_APPS:
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.staticfiles',
'django.contrib.admin',
'rest_framework',
'wsse.server.django.wsse',
)In addition, add the authentication backend
(wsse.server.drf.authentication.WSSEAuthentication)
to settings.REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES']:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'wsse.server.drf.authentication.WSSEAuthentication'
),
}Alternatively, you can set it for a subset of your views.
Please refer to the Django REST Framework: Authentication Documentation for more information.
Finally, set the NONCE_STORE and NONCE_STORE_ARGS settings
for the pywsse package:
import wsse
wsse.settings.NONCE_STORE = 'wsse.server.django.wsse.store.DjangoNonceStore'
wsse.settings.NONCE_STORE_ARGS = []| note: | Make sure to run the migrations after setting the nonce store.
Particularly, you must run the migrations for the $ python manage.py migrate wsse |
|---|
The requests plugin is an authentication class that will automatically attach the appropriate header to the request.
To do so, import the wsse.client.requests.auth.WSSEAuth class and
attach it to the request:
import requests
from wsse.client.requests.auth import WSSEAuth
response = requests.get('http://localhost:8000/api/',
auth = WSSEAuth('username', 'password'))The WSSEAuth class can be reused as it will generate a new token for
each request:
import requests
from wsse.client.requests.auth import WSSEAuth
auth = WSSEAuth('username', 'password')
response = requests.get('http://localhost:8000/api/1/', auth = auth)
next_response = requests.get('http://localhost:8000/api/2/', auth = auth)The coreapi plugin is just a pluggable transport that automatically attaches the appropriate header before sending the request.
To make use of this transport, import the
wsse.client.coreapi.transport.WSSEAuthenticatedHTTPTransport class
and add it to your list of transports to coreapi.Client:
import coreapi
from wsse.client.coreapi.transport import WSSEAuthenticatedHTTPTransport
wsse_transport = WSSEAuthenticatedHTTPTransport('username', 'password')
client = coreapi.Client(transports = [wsse_transport])
schema = client.get('http://api.example.com')You can also pass in any of the arguments or keyword arguments to
coreapi.transports.HTTPTransport after the username and password.
To run the development version of wsse, clone the repository and install the
testing requirements in requirements.txt. Then, run the test suite
using either tox or detox:
$ git clone [email protected]:PrincetonUniversity/pywsse.git
$ cd pywsse
$ virtualenv env
$ source env/bin/activate
$ pip install -r requirements.txt
$ detox| note: | detox is a parallel version of tox. It only runs with Python
2.6-2.7 (but it can and will run tests for Python 3.x versions). |
|---|