work with salted WAMP-CRA too

autobahn/twisted/wamp.py

@@ -923,8 +923,17 @@ class AuthWampCra(object):
             self._secret = self._secret.decode('utf8')
 
     def on_challenge(self, session, challenge):
+        key = self._secret.encode('utf8')
+        if u'salt' in challenge.extra:
+            key = auth.derive_key(
+                key,
+                challenge.extra['salt'],
+                challenge.extra['iterations'],
+                challenge.extra['keylen']
+            )
+
         signature = auth.compute_wcs(
-            self._secret.encode('utf8'),
+            key,
             challenge.extra['challenge'].encode('utf8')
         )
         return signature.decode('ascii')

examples/router/.crossbar/config.json

@@ -110,6 +110,13 @@
                                         "username": {
                                             "secret": "p4ssw0rd",
                                             "role": "authenticated"
+                                        },
+                                        "salted": {
+                                            "secret": "zFXAAAqW5nlonWfP6JLMq4KGLRYZAd8OSXWknEbckCQ=",
+                                            "role": "authenticated",
+                                            "salt": "salt123",
+                                            "iterations": 100,
+                                            "keylen": 32
                                         }
                                     }
                                 },

examples/twisted/wamp/auth/backend_salted.py

@@ -0,0 +1,67 @@
+###############################################################################
+#
+# The MIT License (MIT)
+#
+# Copyright (c) Crossbar.io Technologies GmbH
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
+###############################################################################
+
+from os import environ
+from twisted.internet import reactor
+from twisted.internet.defer import inlineCallbacks
+
+from autobahn.twisted.wamp import Session, ApplicationRunner
+from autobahn.wamp import auth
+
+if False:
+    # this is (one way) to get the encoded/salted secret to put in
+    # config.json (see examples/router/.crossbar/config.json)
+    print("encoded secret:", auth.derive_key(
+        secret=u's33kr1t',
+        salt=u'salt123',
+        iterations=100,
+        keylen=32,
+    ).decode('ascii'))
+
+
+class Component(Session):
+    """
+    An application component calling the different backend procedures.
+    """
+
+    def onJoin(self, details):
+        print("session attached {}".format(details))
+        return self.leave()
+
+
+if __name__ == '__main__':
+    runner = ApplicationRunner(
+        environ.get("AUTOBAHN_DEMO_ROUTER", u"ws://127.0.0.1:8080/auth_ws"),
+        u"crossbardemo",
+    )
+
+    def make(config):
+        session = Component(config)
+        session.add_authenticator(
+            u"wampcra", authid=u'salted', secret=u's33kr1t'
+        )
+        return session
+    runner.run(make)