Package cherrypy :: Package lib :: Module auth
[hide private]
[frames] | no frames]

Source Code for Module cherrypy.lib.auth

 1  import cherrypy 
 2  from cherrypy.lib import httpauth 
 3   
 4   
5 -def check_auth(users, encrypt=None, realm=None):
6 """If an authorization header contains credentials, return True, else False.""" 7 if 'authorization' in cherrypy.request.headers: 8 # make sure the provided credentials are correctly set 9 ah = httpauth.parseAuthorization(cherrypy.request.headers['authorization']) 10 if ah is None: 11 raise cherrypy.HTTPError(400, 'Bad Request') 12 13 if not encrypt: 14 encrypt = httpauth.DIGEST_AUTH_ENCODERS[httpauth.MD5] 15 16 if callable(users): 17 try: 18 # backward compatibility 19 users = users() # expect it to return a dictionary 20 21 if not isinstance(users, dict): 22 raise ValueError, "Authentication users must be a dictionary" 23 24 # fetch the user password 25 password = users.get(ah["username"], None) 26 except TypeError: 27 # returns a password (encrypted or clear text) 28 password = users(ah["username"]) 29 else: 30 if not isinstance(users, dict): 31 raise ValueError, "Authentication users must be a dictionary" 32 33 # fetch the user password 34 password = users.get(ah["username"], None) 35 36 # validate the authorization by re-computing it here 37 # and compare it with what the user-agent provided 38 if httpauth.checkResponse(ah, password, method=cherrypy.request.method, 39 encrypt=encrypt, realm=realm): 40 cherrypy.request.login = ah["username"] 41 return True 42 43 cherrypy.request.login = False 44 return False
45
46 -def basic_auth(realm, users, encrypt=None):
47 """If auth fails, raise 401 with a basic authentication header. 48 49 realm: a string containing the authentication realm. 50 users: a dict of the form: {username: password} or a callable returning a dict. 51 encrypt: callable used to encrypt the password returned from the user-agent. 52 if None it defaults to a md5 encryption. 53 """ 54 if check_auth(users, encrypt): 55 return 56 57 # inform the user-agent this path is protected 58 cherrypy.response.headers['www-authenticate'] = httpauth.basicAuth(realm) 59 60 raise cherrypy.HTTPError(401, "You are not authorized to access that resource")
61
62 -def digest_auth(realm, users):
63 """If auth fails, raise 401 with a digest authentication header. 64 65 realm: a string containing the authentication realm. 66 users: a dict of the form: {username: password} or a callable returning a dict. 67 """ 68 if check_auth(users, realm=realm): 69 return 70 71 # inform the user-agent this path is protected 72 cherrypy.response.headers['www-authenticate'] = httpauth.digestAuth(realm) 73 74 raise cherrypy.HTTPError(401, "You are not authorized to access that resource")
75