work with salted WAMP-CRA too
This commit is contained in:
parent
2874d7d3bc
commit
dd7b0f698c
|
@ -923,8 +923,17 @@ class AuthWampCra(object):
|
|||
self._secret = self._secret.decode('utf8')
|
||||
|
||||
def on_challenge(self, session, challenge):
|
||||
key = self._secret.encode('utf8')
|
||||
if u'salt' in challenge.extra:
|
||||
key = auth.derive_key(
|
||||
key,
|
||||
challenge.extra['salt'],
|
||||
challenge.extra['iterations'],
|
||||
challenge.extra['keylen']
|
||||
)
|
||||
|
||||
signature = auth.compute_wcs(
|
||||
self._secret.encode('utf8'),
|
||||
key,
|
||||
challenge.extra['challenge'].encode('utf8')
|
||||
)
|
||||
return signature.decode('ascii')
|
||||
|
|
|
@ -110,6 +110,13 @@
|
|||
"username": {
|
||||
"secret": "p4ssw0rd",
|
||||
"role": "authenticated"
|
||||
},
|
||||
"salted": {
|
||||
"secret": "zFXAAAqW5nlonWfP6JLMq4KGLRYZAd8OSXWknEbckCQ=",
|
||||
"role": "authenticated",
|
||||
"salt": "salt123",
|
||||
"iterations": 100,
|
||||
"keylen": 32
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
###############################################################################
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright (c) Crossbar.io Technologies GmbH
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
#
|
||||
###############################################################################
|
||||
|
||||
from os import environ
|
||||
from twisted.internet import reactor
|
||||
from twisted.internet.defer import inlineCallbacks
|
||||
|
||||
from autobahn.twisted.wamp import Session, ApplicationRunner
|
||||
from autobahn.wamp import auth
|
||||
|
||||
if False:
|
||||
# this is (one way) to get the encoded/salted secret to put in
|
||||
# config.json (see examples/router/.crossbar/config.json)
|
||||
print("encoded secret:", auth.derive_key(
|
||||
secret=u's33kr1t',
|
||||
salt=u'salt123',
|
||||
iterations=100,
|
||||
keylen=32,
|
||||
).decode('ascii'))
|
||||
|
||||
|
||||
class Component(Session):
|
||||
"""
|
||||
An application component calling the different backend procedures.
|
||||
"""
|
||||
|
||||
def onJoin(self, details):
|
||||
print("session attached {}".format(details))
|
||||
return self.leave()
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
runner = ApplicationRunner(
|
||||
environ.get("AUTOBAHN_DEMO_ROUTER", u"ws://127.0.0.1:8080/auth_ws"),
|
||||
u"crossbardemo",
|
||||
)
|
||||
|
||||
def make(config):
|
||||
session = Component(config)
|
||||
session.add_authenticator(
|
||||
u"wampcra", authid=u'salted', secret=u's33kr1t'
|
||||
)
|
||||
return session
|
||||
runner.run(make)
|
Loading…
Reference in New Issue