Download Install Tutorial Docs FAQ Tools WikiLicense Team IRC Planet Involvement Shop Book

root/trunk/cherrypy/lib/auth.py

Revision 1931 (checked in by fumanchu, 6 months ago)

Fixed setup.py for the restsrv -> process change, plus fixed a couple svn props.

  • Property svn:eol-style set to native
Line 
1 import cherrypy
2 from cherrypy.lib import httpauth
3
4
5 def check_auth(users, encrypt=None, realm=None):
6     """If an authorization header contains credentials, return True, else False."""
7     if 'authorization' in cherrypy.request.headers:
8         # make sure the provided credentials are correctly set
9         ah = httpauth.parseAuthorization(cherrypy.request.headers['authorization'])
10         if ah is None:
11             raise cherrypy.HTTPError(400, 'Bad Request')
12        
13         if not encrypt:
14             encrypt = httpauth.DIGEST_AUTH_ENCODERS[httpauth.MD5]
15        
16         if callable(users):
17             try:
18                 # backward compatibility
19                 users = users() # expect it to return a dictionary
20
21                 if not isinstance(users, dict):
22                     raise ValueError, "Authentication users must be a dictionary"
23                
24                 # fetch the user password
25                 password = users.get(ah["username"], None)
26             except TypeError:
27                 # returns a password (encrypted or clear text)
28                 password = users(ah["username"])
29         else:
30             if not isinstance(users, dict):
31                 raise ValueError, "Authentication users must be a dictionary"
32            
33             # fetch the user password
34             password = users.get(ah["username"], None)
35        
36         # validate the authorization by re-computing it here
37         # and compare it with what the user-agent provided
38         if httpauth.checkResponse(ah, password, method=cherrypy.request.method,
39                                   encrypt=encrypt, realm=realm):
40             cherrypy.request.login = ah["username"]
41             return True
42    
43         cherrypy.request.login = False
44     return False
45
46 def basic_auth(realm, users, encrypt=None):
47     """If auth fails, raise 401 with a basic authentication header.
48     
49     realm: a string containing the authentication realm.
50     users: a dict of the form: {username: password} or a callable returning a dict.
51     encrypt: callable used to encrypt the password returned from the user-agent.
52              if None it defaults to a md5 encryption.
53     """
54     if check_auth(users, encrypt):
55         return
56    
57     # inform the user-agent this path is protected
58     cherrypy.response.headers['www-authenticate'] = httpauth.basicAuth(realm)
59    
60     raise cherrypy.HTTPError(401, "You are not authorized to access that resource")
61
62 def digest_auth(realm, users):
63     """If auth fails, raise 401 with a digest authentication header.
64     
65     realm: a string containing the authentication realm.
66     users: a dict of the form: {username: password} or a callable returning a dict.
67     """
68     if check_auth(users, realm=realm):
69         return
70    
71     # inform the user-agent this path is protected
72     cherrypy.response.headers['www-authenticate'] = httpauth.digestAuth(realm)
73    
74     raise cherrypy.HTTPError(401, "You are not authorized to access that resource")
75  
Note: See TracBrowser for help on using the browser.

Hosted by WebFaction

Log in as guest/cpguest to create tickets