Source code for mohawk.exc

"""
If you want to catch any exception that might be raised,
catch :class:`mohawk.exc.HawkFail`.

.. important::

    Never expose an exception message publicly, say, in an HTTP
    response, as it may provide hints to an attacker.
"""



[docs]class HawkFail(Exception):
    """
    All Mohawk exceptions derive from this base.
    """




[docs]class MissingAuthorization(HawkFail):
    """
    No authorization header was sent by the client.
    """




[docs]class InvalidCredentials(HawkFail):
    """
    The specified Hawk credentials are invalid.

    For example, the dict could be formatted incorrectly.
    """




[docs]class CredentialsLookupError(HawkFail):
    """
    A :class:`mohawk.Receiver` could not look up the
    credentials for an incoming request.
    """




[docs]class BadHeaderValue(HawkFail):
    """
    There was an error with an attribute or value when parsing
    or creating a Hawk header.
    """




[docs]class MacMismatch(HawkFail):
    """
    The locally calculated MAC did not match the MAC that was sent.
    """




[docs]class MisComputedContentHash(HawkFail):
    """
    The signature of the content did not match the actual content.
    """




[docs]class TokenExpired(HawkFail):
    """
    The timestamp on a message received has expired.

    You may also receive this message if your server clock is out of sync.
    Consider synchronizing it with something like `TLSdate`_.

    If you are unable to synchronize your clock universally,
    The `Hawk`_ spec mentions how you can `adjust`_
    your sender's time to match that of the receiver in the case
    of unexpected expiration.

    The ``www_authenticate`` attribute of this exception is a header
    that can be returned to the client. If the value is not None, it
    will include a timestamp HMAC'd with the sender's credentials.
    This will allow the client
    to verify the value and safely apply an offset.

    .. _`Hawk`: https://github.com/hueniverse/hawk
    .. _`adjust`: https://github.com/hueniverse/hawk#future-time-manipulation
    .. _`TLSdate`: http://linux-audit.com/tlsdate-the-secure-alternative-for-ntpd-ntpdate-and-rdate/
    """
    #: Current local time in seconds that was used to compare timestamps.
    localtime_in_seconds = None
    # A header containing an HMAC'd server timestamp that the sender can verify.
    www_authenticate = None

    def __init__(self, *args, **kw):
        self.localtime_in_seconds = kw.pop('localtime_in_seconds')
        self.www_authenticate = kw.pop('www_authenticate')
        super(HawkFail, self).__init__(*args, **kw)




[docs]class AlreadyProcessed(HawkFail):
    """
    The message has already been processed and cannot be re-processed.

    See :ref:`nonce` for details.
    """




[docs]class InvalidBewit(HawkFail):
    """
    The bewit is invalid; e.g. it doesn't contain the right number of
    parameters.
    """




[docs]class MissingContent(HawkFail):
    """
    A payload's `content` or `content_type` were not provided.

    See :ref:`skipping-content-checks` for details.
    """