[3] | 1 | # (c) 2005 Clark C. Evans |
---|
| 2 | # This module is part of the Python Paste Project and is released under |
---|
| 3 | # the MIT License: http://www.opensource.org/licenses/mit-license.php |
---|
| 4 | # This code was written with funding by http://prometheusresearch.com |
---|
| 5 | """ |
---|
| 6 | Basic HTTP/1.0 Authentication |
---|
| 7 | |
---|
| 8 | This module implements ``Basic`` authentication as described in |
---|
| 9 | HTTP/1.0 specification [1]_ . Do not use this module unless you |
---|
| 10 | are using SSL or need to work with very out-dated clients, instead |
---|
| 11 | use ``digest`` authentication. |
---|
| 12 | |
---|
| 13 | >>> from paste.wsgilib import dump_environ |
---|
| 14 | >>> from paste.httpserver import serve |
---|
| 15 | >>> # from paste.auth.basic import AuthBasicHandler |
---|
| 16 | >>> realm = 'Test Realm' |
---|
| 17 | >>> def authfunc(environ, username, password): |
---|
| 18 | ... return username == password |
---|
| 19 | >>> serve(AuthBasicHandler(dump_environ, realm, authfunc)) |
---|
| 20 | serving on... |
---|
| 21 | |
---|
| 22 | .. [1] http://www.w3.org/Protocols/HTTP/1.0/draft-ietf-http-spec.html#BasicAA |
---|
| 23 | """ |
---|
| 24 | from paste.httpexceptions import HTTPUnauthorized |
---|
| 25 | from paste.httpheaders import * |
---|
| 26 | |
---|
| 27 | class AuthBasicAuthenticator(object): |
---|
| 28 | """ |
---|
| 29 | implements ``Basic`` authentication details |
---|
| 30 | """ |
---|
| 31 | type = 'basic' |
---|
| 32 | def __init__(self, realm, authfunc): |
---|
| 33 | self.realm = realm |
---|
| 34 | self.authfunc = authfunc |
---|
| 35 | |
---|
| 36 | def build_authentication(self): |
---|
| 37 | head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm) |
---|
| 38 | return HTTPUnauthorized(headers=head) |
---|
| 39 | |
---|
| 40 | def authenticate(self, environ): |
---|
| 41 | authorization = AUTHORIZATION(environ) |
---|
| 42 | if not authorization: |
---|
| 43 | return self.build_authentication() |
---|
| 44 | (authmeth, auth) = authorization.split(' ', 1) |
---|
| 45 | if 'basic' != authmeth.lower(): |
---|
| 46 | return self.build_authentication() |
---|
| 47 | auth = auth.strip().decode('base64') |
---|
| 48 | username, password = auth.split(':', 1) |
---|
| 49 | if self.authfunc(environ, username, password): |
---|
| 50 | return username |
---|
| 51 | return self.build_authentication() |
---|
| 52 | |
---|
| 53 | __call__ = authenticate |
---|
| 54 | |
---|
| 55 | class AuthBasicHandler(object): |
---|
| 56 | """ |
---|
| 57 | HTTP/1.0 ``Basic`` authentication middleware |
---|
| 58 | |
---|
| 59 | Parameters: |
---|
| 60 | |
---|
| 61 | ``application`` |
---|
| 62 | |
---|
| 63 | The application object is called only upon successful |
---|
| 64 | authentication, and can assume ``environ['REMOTE_USER']`` |
---|
| 65 | is set. If the ``REMOTE_USER`` is already set, this |
---|
| 66 | middleware is simply pass-through. |
---|
| 67 | |
---|
| 68 | ``realm`` |
---|
| 69 | |
---|
| 70 | This is a identifier for the authority that is requesting |
---|
| 71 | authorization. It is shown to the user and should be unique |
---|
| 72 | within the domain it is being used. |
---|
| 73 | |
---|
| 74 | ``authfunc`` |
---|
| 75 | |
---|
| 76 | This is a mandatory user-defined function which takes a |
---|
| 77 | ``environ``, ``username`` and ``password`` for its first |
---|
| 78 | three arguments. It should return ``True`` if the user is |
---|
| 79 | authenticated. |
---|
| 80 | |
---|
| 81 | """ |
---|
| 82 | def __init__(self, application, realm, authfunc): |
---|
| 83 | self.application = application |
---|
| 84 | self.authenticate = AuthBasicAuthenticator(realm, authfunc) |
---|
| 85 | |
---|
| 86 | def __call__(self, environ, start_response): |
---|
| 87 | username = REMOTE_USER(environ) |
---|
| 88 | if not username: |
---|
| 89 | result = self.authenticate(environ) |
---|
| 90 | if isinstance(result, str): |
---|
| 91 | AUTH_TYPE.update(environ, 'basic') |
---|
| 92 | REMOTE_USER.update(environ, result) |
---|
| 93 | else: |
---|
| 94 | return result.wsgi_application(environ, start_response) |
---|
| 95 | return self.application(environ, start_response) |
---|
| 96 | |
---|
| 97 | middleware = AuthBasicHandler |
---|
| 98 | |
---|
| 99 | __all__ = ['AuthBasicHandler'] |
---|
| 100 | |
---|
| 101 | def make_basic(app, global_conf, realm, authfunc, **kw): |
---|
| 102 | """ |
---|
| 103 | Grant access via basic authentication |
---|
| 104 | |
---|
| 105 | Config looks like this:: |
---|
| 106 | |
---|
| 107 | [filter:grant] |
---|
| 108 | use = egg:Paste#auth_basic |
---|
| 109 | realm=myrealm |
---|
| 110 | authfunc=somepackage.somemodule:somefunction |
---|
| 111 | |
---|
| 112 | """ |
---|
| 113 | from paste.util.import_string import eval_import |
---|
| 114 | import types |
---|
| 115 | authfunc = eval_import(authfunc) |
---|
| 116 | assert isinstance(authfunc, types.FunctionType), "authfunc must resolve to a function" |
---|
| 117 | return AuthBasicHandler(app, realm, authfunc) |
---|
| 118 | |
---|
| 119 | |
---|
| 120 | if "__main__" == __name__: |
---|
| 121 | import doctest |
---|
| 122 | doctest.testmod(optionflags=doctest.ELLIPSIS) |
---|