Package cherrypy :: Package lib :: Module auth_basic
[hide private]
[frames] | no frames]

Source Code for Module cherrypy.lib.auth_basic

 1  # This file is part of CherryPy <http://www.cherrypy.org/> 
 2  # -*- coding: utf-8 -*- 
 3  # vim:ts=4:sw=4:expandtab:fileencoding=utf-8 
 4   
 5  __doc__ = """This module provides a CherryPy 3.x tool which implements 
 6  the server-side of HTTP Basic Access Authentication, as described in 
 7  :rfc:`2617`. 
 8   
 9  Example usage, using the built-in checkpassword_dict function which uses a dict 
10  as the credentials store:: 
11   
12      userpassdict = {'bird' : 'bebop', 'ornette' : 'wayout'} 
13      checkpassword = cherrypy.lib.auth_basic.checkpassword_dict(userpassdict) 
14      basic_auth = {'tools.auth_basic.on': True, 
15                    'tools.auth_basic.realm': 'earth', 
16                    'tools.auth_basic.checkpassword': checkpassword, 
17      } 
18      app_config = { '/' : basic_auth } 
19   
20  """ 
21   
22  __author__ = 'visteya' 
23  __date__ = 'April 2009' 
24   
25  import binascii 
26  from cherrypy._cpcompat import base64_decode 
27  import cherrypy 
28   
29   
30 -def checkpassword_dict(user_password_dict):
31 """Returns a checkpassword function which checks credentials 32 against a dictionary of the form: {username : password}. 33 34 If you want a simple dictionary-based authentication scheme, use 35 checkpassword_dict(my_credentials_dict) as the value for the 36 checkpassword argument to basic_auth(). 37 """ 38 def checkpassword(realm, user, password): 39 p = user_password_dict.get(user) 40 return p and p == password or False
41 42 return checkpassword 43 44
45 -def basic_auth(realm, checkpassword, debug=False):
46 """A CherryPy tool which hooks at before_handler to perform 47 HTTP Basic Access Authentication, as specified in :rfc:`2617`. 48 49 If the request has an 'authorization' header with a 'Basic' scheme, this 50 tool attempts to authenticate the credentials supplied in that header. If 51 the request has no 'authorization' header, or if it does but the scheme is 52 not 'Basic', or if authentication fails, the tool sends a 401 response with 53 a 'WWW-Authenticate' Basic header. 54 55 realm 56 A string containing the authentication realm. 57 58 checkpassword 59 A callable which checks the authentication credentials. 60 Its signature is checkpassword(realm, username, password). where 61 username and password are the values obtained from the request's 62 'authorization' header. If authentication succeeds, checkpassword 63 returns True, else it returns False. 64 65 """ 66 67 if '"' in realm: 68 raise ValueError('Realm cannot contain the " (quote) character.') 69 request = cherrypy.serving.request 70 71 auth_header = request.headers.get('authorization') 72 if auth_header is not None: 73 try: 74 scheme, params = auth_header.split(' ', 1) 75 if scheme.lower() == 'basic': 76 username, password = base64_decode(params).split(':', 1) 77 if checkpassword(realm, username, password): 78 if debug: 79 cherrypy.log('Auth succeeded', 'TOOLS.AUTH_BASIC') 80 request.login = username 81 return # successful authentication 82 # split() error, base64.decodestring() error 83 except (ValueError, binascii.Error): 84 raise cherrypy.HTTPError(400, 'Bad Request') 85 86 # Respond with 401 status and a WWW-Authenticate header 87 cherrypy.serving.response.headers[ 88 'www-authenticate'] = 'Basic realm="%s"' % realm 89 raise cherrypy.HTTPError( 90 401, "You are not authorized to access that resource")
91