sqrl package¶
Subpackages¶
Submodules¶
sqrl.admin module¶
sqrl.backends module¶
sqrl.crypto module¶
-
class
sqrl.crypto.
Ed25519
(public_key, private_key, msg)[source]¶ Bases:
object
Utility class for signing and verifying ed25519 signatures.
More information about ed25519 can be found at http://ed25519.cr.yp.to/.
Parameters: - public_key (bytes) – Key used for verifying signature.
- private_key (bytes) – Key used for signing data.
- msg (bytes) – Binary data for which to generate the signature.
-
class
sqrl.crypto.
HMAC
(nut, data)[source]¶ Bases:
object
Utility class for generating and verifying HMAC signatures.
This class relies on Django’s built in
salted_hmac()
to compute actual HMAC values by usingSECRET_KEY
as key.Parameters: - nut (SQRLNut) – Nut from which necessary data is extracted to add a salt value
to the HMAC input data.
Currently only
models.SQRLNut.session_key
is used. - data (OrderedDict) – Dict for which to either compute or validate HMAC signature.
- nut (SQRLNut) – Nut from which necessary data is extracted to add a salt value
to the HMAC input data.
Currently only
-
sqrl.crypto.
generate_randomness
(bytes=32)[source]¶ Generate random sample of specified size
bytes
.Parameters: bytes (int, optional) – Number of bytes to generate random sample Returns: Base64.encode()
encoded random sampleReturn type: str
sqrl.exceptions module¶
-
class
sqrl.exceptions.
TIF
[source]¶ Bases:
int
SQRL
TIF
int
subclass which can represent SQRLTIF
flags.Example
>>> tif = TIF(TIF.IP_MATCH | TIF.TRANSIENT_FAILURE | TIF.COMMAND_FAILED) >>> tif.is_ip_match True >>> tif.is_id_match False >>> tif.is_transient_failure True >>> tif 100 >>> tif.as_hex_string() '64' >>> tif.breakdown() == { ... 'id_match': False, ... 'previous_id_match': False, ... 'ip_match': True, ... 'sqrl_disabled': False, ... 'not_supported': False, ... 'transient_failure': True, ... 'command_failed': True, ... 'client_failure': False, ... } True
-
BAD_ID_ASSOCIATION
= 256¶ SQRL Identity is already a ssociated with a different account
-
CLIENT_FAILURE
= 128¶ SQRL command failed because SQRL client sent invalid data
-
COMMAND_FAILED
= 64¶ SQRL command failed for any reason
-
ID_MATCH
= 1¶ SQRL ID was found in DB
-
IP_MATCH
= 4¶ SQRL client is used from same IP as where transaction started
-
NOT_SUPPORTED
= 16¶ SQRL client requested SQRl operation which is not supported
-
PREVIOUS_ID_MATCH
= 2¶ Previous SQRL ID was found in DB
-
SQRL_DISABLED
= 8¶ SQRL auth is disabled for the found SQRL identity as per users request
-
TRANSIENT_FAILURE
= 32¶ SQRL command failed transiently. Most likely restarting SQRL transaction should fix this
-
breakdown
()[source]¶ Returns a full breakdown of the TIF value.
Returns: Keys are the SQRL TIF property and values are booleans. Return type: dict
-
is_bad_id_association
¶ Property which returns boolean whether
0x100
or0b100000000
bit is present in the TIF value.
-
is_client_failure
¶ Property which returns boolean whether
0x80
or0b10000000
bit is present in the TIF value.
-
is_command_failed
¶ Property which returns boolean whether
0x40
or0b1000000
bit is present in the TIF value.
-
is_id_match
¶ Property which returns boolean whether
0x1
or0b1
bit is present in the TIF value.
-
is_ip_match
¶ Property which returns boolean whether
0x4
or0b100
bit is present in the TIF value.
-
is_not_supported
¶ Property which returns boolean whether
0x10
or0b10000
bit is present in the TIF value.
-
is_previous_id_match
¶ Property which returns boolean whether
0x2
or0b10
bit is present in the TIF value.
-
is_sqrl_disabled
¶ Property which returns boolean whether
0x8
or0b1000
bit is present in the TIF value.
-
is_transient_failure
¶ Property which returns boolean whether
0x20
or0b100000
bit is present in the TIF value.
-
-
exception
sqrl.exceptions.
TIFException
(tif)[source]¶ Bases:
Exception
Custom Exception which can be used in the views to raise specific
TIF
bits and immediately return appropriate response to the user.
-
sqrl.exceptions.
_make_tif_property
(val)[source]¶ Helper function for generating property methods for
TIF
which will boolean whether a particular SQRLTIF
bit isTrue
in theTIF
value.Parameters: val (int) – Value with particular True
bit which will be tested within the generated property.Returns: Function which can be made into a property Return type: function
sqrl.fields module¶
-
class
sqrl.fields.
Base64CharField
(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]¶ Bases:
sqrl.fields.Base64Field
Similar to
Base64Field
however this field normalizes tostr
(unicode
) data.-
default_error_messages
= {'base64_ascii': 'Invalid value. Must be ascii base64url encoded string.'}¶
-
to_python
(value)[source]¶ Returns base64 decoded data as string.
Uses
Base64Field.to_python()
to decode base64 value which returns binary data and then this method further decodes ascii data to returnstr
(unicode
) data.
-
-
class
sqrl.fields.
Base64ConditionalPairsField
(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]¶ Bases:
sqrl.fields.Base64PairsField
Similar to
Base64PairsField
but this field does not force the value to be keypairs.-
always_pairs
= False¶
-
-
class
sqrl.fields.
Base64Field
(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]¶ Bases:
django.forms.fields.CharField
Field which decodes base64 values using
utils.Base64.decode()
.-
default_error_messages
= {'base64': 'Invalid value. Must be base64url encoded string.'}¶
-
-
class
sqrl.fields.
Base64PairsField
(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]¶ Bases:
sqrl.fields.Base64CharField
Field which normalizes base64 encoded multistring key-value pairs to
OrderedDict
.-
always_pairs
¶ bool – Boolean which enforces that the value must always be keypairs. When
False
and the value is not a keypair, the value itself is returned.
-
always_pairs
= True
-
default_error_messages
= {'pairs': 'Invalid value. Must be multi-line string of pair of values.', 'crlf': 'Invalid value. Must be multi-line string separated by CRLF.'}¶
-
-
class
sqrl.fields.
ExtractedNextUrlField
(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]¶ Bases:
sqrl.fields.NextUrlField
Similar to
NextUrlField
however this extracts next url from full encoded URL.-
default_error_messages
= {'missing_next': 'Missing next query parameter.'}¶
-
to_python
(value)[source]¶ Extract next url from full URL string and then use
NextUrlField
to validate that value is valid URL.
-
-
class
sqrl.fields.
NextUrlField
(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]¶ Bases:
django.forms.fields.CharField
Custom
CharField
which validates that a value is a valid next URL.It validates that by checking that the value can be resolved to a view hence guaranteeing that when redirected URL will not fail.
-
default_error_messages
= {'invalid_url': 'Invalid next url.'}¶
-
-
class
sqrl.fields.
SQRLURLField
(*args, **kwargs)[source]¶ Bases:
django.forms.fields.URLField
SQRL URL field which uses
SQRLURLValidator
for validation.-
default_validators
= [<sqrl.fields.SQRLURLValidator object>]¶
-
-
class
sqrl.fields.
SQRLURLValidator
(schemes=None, **kwargs)[source]¶ Bases:
django.core.validators.URLValidator
Custom URL validator which validates that a URL is a valid SQRL url.
These are the differences with regular HTTP URLs:
- scheme is either sqrl (secure) and qrl (non-secure)
:
is a valid path separator which can be used to indicate which section of the SQRL should be used to generate public/provate keypair for the domain.
-
schemes
= ['sqrl', 'qrl']¶
-
class
sqrl.fields.
TildeMultipleValuesField
(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]¶ Bases:
django.forms.fields.CharField
Field which returns tilde-separated list.
-
class
sqrl.fields.
TildeMultipleValuesFieldChoiceField
(max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs)[source]¶ Bases:
sqrl.fields.TildeMultipleValuesField
,django.forms.fields.ChoiceField
Similar to
TildeMultipleValuesField
however this field also validates each value to be a valid choice.
sqrl.forms module¶
sqrl.managers module¶
-
class
sqrl.managers.
SQRLNutManager
[source]¶ Bases:
django.db.models.manager.Manager
Customer
models.SQRLNut
model manager.-
replace_or_create
(session_key, **kwargs)[source]¶ This method creates new
models.SQRLNut
with given parameters.If nut already exists, it removes it before creating new nut.
Parameters: - session_key (str) – Key of the session. All nuts with matching session will be removed.
- **kwargs – Kwargs which will be used to create new
models.SQRLNut
-
sqrl.models module¶
sqrl.response module¶
-
class
sqrl.response.
SQRLHttpResponse
(nut, data, *args, **kwargs)[source]¶ Bases:
django.http.response.HttpResponse
Custom
HTTPResponse
class used to return SQRL-formatted response.The response is automatically signed, normalized and encoded as per SQRL specification.
This view also adds a couple of DEBUG logs for easier SQRL debugging and also returns all SQRL data back as
X-SQRL-*
headers.Parameters: - nut (SQRLNut) – Nut which will be used to sign the response data.
- data (OrderedDict) – Data to be returned back to the user.
-
sign_response
(nut, data)[source]¶ When nut is present, this method signs the data by adding
mac
key.For signing
crypto.HMAC.sign_data()
is used.
sqrl.sqrl module¶
sqrl.urls module¶
sqrl.utils module¶
-
class
sqrl.utils.
Base64
[source]¶ Bases:
object
Helper class for base64 encoding/decoding
-
class
sqrl.utils.
Encoder
[source]¶ Bases:
object
Helper class for encoding/decoding SQRL response data.
-
classmethod
base64_dumps
(data)[source]¶ Dumps given data into a single Base64 string.
Practically this is the same as
dumps()
exceptdumps()
can return multiline string fordict
. This method normalizes that further by converting that multiline string to a single base64 encoded value.Returns: Base64 encoded binary data of input data
Return type: binary
-
classmethod
dumps
(data)[source]¶ Recursively dumps given data to SQRL response format.
Before data is dumped out, it is normalized by using
normalize()
.This dumps each data type as follows:
Dict: returns an \r\n
multiline string. Each line is for a single key-pair of format<key>=<dumped value>
.List: tilde ( ~
) joined dumped list of valuesOther: no operation
-
classmethod
normalize
(data)[source]¶ Recursively normalize data for encoding.
This encodes each data type as follows:
Dict: returns an OrderedDict
where all values are recursively normalized. Empty dict is normalized to empty stringList: each value is recursively normalized Binary: Base64 encode data Str: no operation Other: data is casted to string using __str__
(or__unicode__
)
-
classmethod