sqrl package

sqrl.admin module

sqrl.backends module

sqrl.crypto module

class sqrl.crypto.Ed25519(public_key, private_key, msg)[source]

Bases: object

Utility class for signing and verifying ed25519 signatures.

More information about ed25519 can be found at http://ed25519.cr.yp.to/.

  • public_key (bytes) – Key used for verifying signature.
  • private_key (bytes) – Key used for signing data.
  • msg (bytes) – Binary data for which to generate the signature.

Check if other_signature is a valid signature for the provided message.

Returns:Boolean indicating whether validation has succeeded.
Return type:bool

Generate ed25519 signature for the provided data.

Returns:ed25519 signature
Return type:bytes
class sqrl.crypto.HMAC(nut, data)[source]

Bases: object

Utility class for generating and verifying HMAC signatures.

This class relies on Django’s built in salted_hmac() to compute actual HMAC values by using SECRET_KEY as key.

  • nut (SQRLNut) – Nut from which necessary data is extracted to add a salt value to the HMAC input data. Currently only models.SQRLNut.session_key is used.
  • data (OrderedDict) – Dict for which to either compute or validate HMAC signature.

Check if the other_signature is a valid signature for the provided data and the nut.

Returns:Boolean indicating whether validation has succeeded.
Return type:bool

Generate HMAC signature for the provided data.


max key is ignored in the input data if that key is present.

Returns:Binary signature of the data
Return type:bytes

Generate random sample of specified size bytes.

Parameters:bytes (int, optional) – Number of bytes to generate random sample
Returns:Base64.encode() encoded random sample
Return type:str

sqrl.exceptions module

class sqrl.exceptions.TIF[source]

Bases: int

SQRL TIF int subclass which can represent SQRL TIF flags.


>>> tif.is_ip_match
>>> tif.is_id_match
>>> tif.is_transient_failure
>>> tif
>>> tif.as_hex_string()
>>> tif.breakdown() == {
...     'id_match': False,
...     'previous_id_match': False,
...     'ip_match': True,
...     'sqrl_disabled': False,
...     'not_supported': False,
...     'transient_failure': True,
...     'command_failed': True,
...     'client_failure': False,
... }

SQRL Identity is already a ssociated with a different account


SQRL command failed because SQRL client sent invalid data


SQRL command failed for any reason


SQRL ID was found in DB


SQRL client is used from same IP as where transaction started


SQRL client requested SQRl operation which is not supported


Previous SQRL ID was found in DB


SQRL auth is disabled for the found SQRL identity as per users request


SQRL command failed transiently. Most likely restarting SQRL transaction should fix this


Return TIF value as hex string


Returns a full breakdown of the TIF value.

Returns:Keys are the SQRL TIF property and values are booleans.
Return type:dict

Property which returns boolean whether 0x100 or 0b100000000 bit is present in the TIF value.


Property which returns boolean whether 0x80 or 0b10000000 bit is present in the TIF value.


Property which returns boolean whether 0x40 or 0b1000000 bit is present in the TIF value.


Property which returns boolean whether 0x1 or 0b1 bit is present in the TIF value.


Property which returns boolean whether 0x4 or 0b100 bit is present in the TIF value.


Property which returns boolean whether 0x10 or 0b10000 bit is present in the TIF value.


Property which returns boolean whether 0x2 or 0b10 bit is present in the TIF value.


Property which returns boolean whether 0x8 or 0b1000 bit is present in the TIF value.


Property which returns boolean whether 0x20 or 0b100000 bit is present in the TIF value.


Return updated TIF which will contain both bits already set in the self value as well as the ``other value.

Parameters:other (int) – Other TIF value which be merged with self bits
Returns:New TIF value which has merged bits.
Return type:TIF
exception sqrl.exceptions.TIFException(tif)[source]

Bases: Exception

Custom Exception which can be used in the views to raise specific TIF bits and immediately return appropriate response to the user.


Helper function for generating property methods for TIF which will boolean whether a particular SQRL TIF bit is True in the TIF value.

Parameters:val (int) – Value with particular True bit which will be tested within the generated property.
Returns:Function which can be made into a property
Return type:function

sqrl.fields module

class sqrl.fields.Base64CharField(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]

Bases: sqrl.fields.Base64Field

Similar to Base64Field however this field normalizes to str (unicode) data.

default_error_messages = {'base64_ascii': 'Invalid value. Must be ascii base64url encoded string.'}

Returns base64 decoded data as string.

Uses Base64Field.to_python() to decode base64 value which returns binary data and then this method further decodes ascii data to return str (unicode) data.

class sqrl.fields.Base64ConditionalPairsField(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]

Bases: sqrl.fields.Base64PairsField

Similar to Base64PairsField but this field does not force the value to be keypairs.

always_pairs = False
class sqrl.fields.Base64Field(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]

Bases: django.forms.fields.CharField

Field which decodes base64 values using utils.Base64.decode().

default_error_messages = {'base64': 'Invalid value. Must be base64url encoded string.'}

Decodes base64 value and returns binary data.

class sqrl.fields.Base64PairsField(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]

Bases: sqrl.fields.Base64CharField

Field which normalizes base64 encoded multistring key-value pairs to OrderedDict.


bool – Boolean which enforces that the value must always be keypairs. When False and the value is not a keypair, the value itself is returned.

always_pairs = True
default_error_messages = {'pairs': 'Invalid value. Must be multi-line string of pair of values.', 'crlf': 'Invalid value. Must be multi-line string separated by CRLF.'}

Normalizes multiline base64 keypairs string to OrderedDict.

class sqrl.fields.ExtractedNextUrlField(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]

Bases: sqrl.fields.NextUrlField

Similar to NextUrlField however this extracts next url from full encoded URL.

default_error_messages = {'missing_next': 'Missing next query parameter.'}

Extract next url from full URL string and then use NextUrlField to validate that value is valid URL.

class sqrl.fields.NextUrlField(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]

Bases: django.forms.fields.CharField

Custom CharField which validates that a value is a valid next URL.

It validates that by checking that the value can be resolved to a view hence guaranteeing that when redirected URL will not fail.

default_error_messages = {'invalid_url': 'Invalid next url.'}

Validate that value is a valid URL for this project.

class sqrl.fields.SQRLURLField(*args, **kwargs)[source]

Bases: django.forms.fields.URLField

SQRL URL field which uses SQRLURLValidator for validation.

default_validators = [<sqrl.fields.SQRLURLValidator object>]
class sqrl.fields.SQRLURLValidator(schemes=None, **kwargs)[source]

Bases: django.core.validators.URLValidator

Custom URL validator which validates that a URL is a valid SQRL url.

These are the differences with regular HTTP URLs:

  • scheme is either sqrl (secure) and qrl (non-secure)
  • : is a valid path separator which can be used to indicate which section of the SQRL should be used to generate public/provate keypair for the domain.
schemes = ['sqrl', 'qrl']
class sqrl.fields.TildeMultipleValuesField(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]

Bases: django.forms.fields.CharField

Field which returns tilde-separated list.


Normalizes to a Python list by splitting string by tilde (~) delimiter.

class sqrl.fields.TildeMultipleValuesFieldChoiceField(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]

Bases: sqrl.fields.TildeMultipleValuesField, django.forms.fields.ChoiceField

Similar to TildeMultipleValuesField however this field also validates each value to be a valid choice.


sqrl.forms module

sqrl.managers module

class sqrl.managers.SQRLNutManager[source]

Bases: django.db.models.manager.Manager

Customer models.SQRLNut model manager.

replace_or_create(session_key, **kwargs)[source]

This method creates new models.SQRLNut with given parameters.

If nut already exists, it removes it before creating new nut.

  • session_key (str) – Key of the session. All nuts with matching session will be removed.
  • **kwargs – Kwargs which will be used to create new models.SQRLNut

sqrl.models module

sqrl.response module

class sqrl.response.SQRLHttpResponse(nut, data, *args, **kwargs)[source]

Bases: django.http.response.HttpResponse

Custom HTTPResponse class used to return SQRL-formatted response.

The response is automatically signed, normalized and encoded as per SQRL specification.

This view also adds a couple of DEBUG logs for easier SQRL debugging and also returns all SQRL data back as X-SQRL-* headers.

  • nut (SQRLNut) – Nut which will be used to sign the response data.
  • data (OrderedDict) – Data to be returned back to the user.
sign_response(nut, data)[source]

When nut is present, this method signs the data by adding mac key.

For signing crypto.HMAC.sign_data() is used.

sqrl.sqrl module

sqrl.urls module

sqrl.utils module

class sqrl.utils.Base64[source]

Bases: object

Helper class for base64 encoding/decoding

classmethod decode(s)[source]

Decode unicode string from base64 where remaining “=” characters were stripped.

Parameters:s (str) – Unicode string to be decoded from base64
classmethod encode(s)[source]

Encode binary string as base64. Remaining “=” characters are removed.

Parameters:s (bytes) – Bytes string to be encoded as base64
class sqrl.utils.Encoder[source]

Bases: object

Helper class for encoding/decoding SQRL response data.

classmethod base64_dumps(data)[source]

Dumps given data into a single Base64 string.

Practically this is the same as dumps() except dumps() can return multiline string for dict. This method normalizes that further by converting that multiline string to a single base64 encoded value.

Returns:Base64 encoded binary data of input data
Return type:binary
classmethod dumps(data)[source]

Recursively dumps given data to SQRL response format.

Before data is dumped out, it is normalized by using normalize().

This dumps each data type as follows:

Dict:returns an \r\n multiline string. Each line is for a single key-pair of format <key>=<dumped value>.
List:tilde (~) joined dumped list of values
Other:no operation
classmethod normalize(data)[source]

Recursively normalize data for encoding.

This encodes each data type as follows:

Dict:returns an OrderedDict where all values are recursively normalized. Empty dict is normalized to empty string
List:each value is recursively normalized
Binary:Base64 encode data
Str:no operation
Other:data is casted to string using __str__ (or __unicode__)
class sqrl.utils.QRGenerator(url)[source]

Bases: object

Helper class for generating a QR image for the given SQRL url.

Parameters:url (str) – URL for which to generate QR image

Generate QR image and get its binary data.

Returns:Binary data of the png image file which can directly be returned to the user
Return type:bytes

Utility function for getting user’s IP from request address.

This either returns the IP address from the request.REMOTE_ADDR or request.META'HTTP_X_REAL_IP'] when request might of been reverse proxied.

sqrl.views module