pkgsrc

kpriv/pkgsrc

Fork 0

Commit graph

Author	SHA1	Message	Date
adam	fbf99eeac8	py-mohawk: updated to 1.1.0 1.1.0: Support passing file-like objects (those implementing .read(n)) as the content parameter for Resources. See mohawk.Sender for details.	2019-11-13 15:06:44 +00:00
adam	0bf4be5a6f	py-mohawk: updated to 1.0.0 1.0.0: Security related: Bewit MACs were not compared in constant time and were thus possibly circumventable by an attacker. Breaking change: Escape characters in header values (such as a back slash) are no longer allowed, potentially breaking clients that depended on this behavior. See https://github.com/kumar303/mohawk/issues/34 A sender is allowed to omit the content hash as long as their request has no content. The mohawk.Receiver will skip the content hash check in this situation, regardless of the value of accept_untrusted_content. See Empty requests for more details. Introduced max limit of 4096 characters in the Authorization header Changed default values of content and content_type arguments to mohawk.base.EmptyValue in order to differentiate between misconfiguration and cases where these arguments are explicitly given as None (as with some web frameworks). See Skipping content checks for more details. Failing to pass content and content_type arguments to mohawk.Receiver or mohawk.Sender.accept_response() without specifying accept_untrusted_content=True will now raise mohawk.exc.MissingContent instead of ValueError.	2019-01-17 13:22:00 +00:00
adam	c50fc3f4a2	Mohawk is an alternate Python implementation of the Hawk HTTP authorization scheme. Hawk lets two parties securely communicate with each other using messages signed by a shared key. It is based on HTTP MAC access authentication (which was based on parts of OAuth 1.0). The Mohawk API is a little different from that of the Node library (i.e. the living Hawk spec). It was redesigned to be more intuitive to developers, less prone to security problems, and more Pythonic.	2017-07-03 21:03:29 +00:00

Author

SHA1

Message

Date

adam

fbf99eeac8

py-mohawk: updated to 1.1.0

1.1.0:
Support passing file-like objects (those implementing .read(n)) as the content parameter for Resources. See mohawk.Sender for details.

2019-11-13 15:06:44 +00:00

adam

0bf4be5a6f

py-mohawk: updated to 1.0.0

1.0.0:
Security related: Bewit MACs were not compared in constant time and were thus possibly circumventable by an attacker.
Breaking change: Escape characters in header values (such as a back slash) are no longer allowed, potentially breaking clients that depended on this behavior. See https://github.com/kumar303/mohawk/issues/34
A sender is allowed to omit the content hash as long as their request has no content. The mohawk.Receiver will skip the content hash check in this situation, regardless of the value of accept_untrusted_content. See Empty requests for more details.
Introduced max limit of 4096 characters in the Authorization header
Changed default values of content and content_type arguments to mohawk.base.EmptyValue in order to differentiate between misconfiguration and cases where these arguments are explicitly given as None (as with some web frameworks). See Skipping content checks for more details.
Failing to pass content and content_type arguments to mohawk.Receiver or mohawk.Sender.accept_response() without specifying accept_untrusted_content=True will now raise mohawk.exc.MissingContent instead of ValueError.

2019-01-17 13:22:00 +00:00

adam

c50fc3f4a2

Mohawk is an alternate Python implementation of the Hawk HTTP authorization

scheme.

Hawk lets two parties securely communicate with each other using messages
signed by a shared key. It is based on HTTP MAC access authentication (which
was based on parts of OAuth 1.0).

The Mohawk API is a little different from that of the Node library (i.e. the
living Hawk spec). It was redesigned to be more intuitive to developers, less
prone to security problems, and more Pythonic.

2017-07-03 21:03:29 +00:00

3 commits