incubator-heraldry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ket...@apache.org
Subject svn commit: r493302 - in /incubator/heraldry/libraries/python/openid/trunk/openid: store/dumbstore.py test/storetest.py
Date Sat, 06 Jan 2007 05:16:52 GMT
Author: keturn
Date: Fri Jan  5 21:16:52 2007
New Revision: 493302

URL: http://svn.apache.org/viewvc?view=rev&rev=493302
Log:
[python-to-heraldry @ #1366: remove auth key code from dumb store]

Original author: Josh Hoyt <josh@janrain.com>
Date: 2006-11-17 00:19:11+00:00

Modified:
    incubator/heraldry/libraries/python/openid/trunk/openid/store/dumbstore.py
    incubator/heraldry/libraries/python/openid/trunk/openid/test/storetest.py

Modified: incubator/heraldry/libraries/python/openid/trunk/openid/store/dumbstore.py
URL: http://svn.apache.org/viewvc/incubator/heraldry/libraries/python/openid/trunk/openid/store/dumbstore.py?view=diff&rev=493302&r1=493301&r2=493302
==============================================================================
--- incubator/heraldry/libraries/python/openid/trunk/openid/store/dumbstore.py (original)
+++ incubator/heraldry/libraries/python/openid/trunk/openid/store/dumbstore.py Fri Jan  5
21:16:52 2007
@@ -3,44 +3,20 @@
 persistent backing, for use only by limited consumers.
 """
 
-from openid import cryptutil
 from openid.store.interface import OpenIDStore
 
 class DumbStore(OpenIDStore):
     """
     This is a store for use in the worst case, when you have no way of
-    saving state on the consumer site.  Using this store makes the
-    consumer vulnerable to replay attacks (though only within the
-    lifespan of the tokens), as it's unable to use nonces.  Avoid
-    using this store if it is at all possible.
+    saving state on the consumer site. Using this store with protocol
+    version 1 makes the consumer vulnerable to replay attacks, as it's
+    unable to use nonces. In protocol version 2, the server will
+    prevent replay attacks in stateless mode.
 
     Most of the methods of this class are implementation details.
     Users of this class need to worry only about the C{L{__init__}}
     method.
-
-    @sort: __init__
     """
-    def __init__(self, secret_phrase):
-        """
-        Creates a new DumbStore instance.  For the security of the
-        tokens generated by the library, this class attempts to at
-        least have a secure implementation of C{L{getAuthKey}}.
-
-        When you create an instance of this class, pass in a secret
-        phrase.  The phrase is hashed with sha1 to make it the correct
-        length and form for an auth key.  That allows you to use a
-        long string as the secret phrase, which means you can make it
-        very difficult to guess.
-
-        Each C{L{DumbStore}} instance that is created for use by your
-        consumer site needs to use the same C{secret_phrase}.
-
-        @param secret_phrase: The phrase used to create the auth key
-            returned by C{L{getAuthKey}}
-
-        @type secret_phrase: C{str}
-        """
-        self.auth_key = cryptutil.sha1(secret_phrase)
 
     def storeAssociation(self, server_url, association):
         """
@@ -82,17 +58,6 @@
         @rtype: C{bool}
         """
         return True
-
-    def getAuthKey(self):
-        """
-        This method returns the auth key generated by the constructor.
-
-
-        @return: The auth key generated by the constructor.
-
-        @rtype: C{str}
-        """
-        return self.auth_key
 
     def isDumb(self):
         """

Modified: incubator/heraldry/libraries/python/openid/trunk/openid/test/storetest.py
URL: http://svn.apache.org/viewvc/incubator/heraldry/libraries/python/openid/trunk/openid/test/storetest.py?view=diff&rev=493302&r1=493301&r2=493302
==============================================================================
--- incubator/heraldry/libraries/python/openid/trunk/openid/test/storetest.py (original)
+++ incubator/heraldry/libraries/python/openid/trunk/openid/test/storetest.py Fri Jan  5 21:16:52
2007
@@ -322,7 +322,7 @@
 
 def test_dumbstore():
     from openid.store import dumbstore
-    store = dumbstore.DumbStore('bad secret; do not use')
+    store = dumbstore.DumbStore()
     testStore(store)
 
 def test_memstore():



Mime
View raw message