/usr/share/pyshared/authkit/authenticate/basic.py is in python-authkit 0.4.3-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 | """\
HTTP basic authentication middleware
This implementation is identical to the `paste.auth.basic
<http://pythonpaste.org/module-paste.auth.basic.html>`_ implemenation.
Note:: If users are prompted to sign in this also seems to have the effect of
signing them out.
"""
#from paste.auth.basic import middleware
# (c) 2005 Clark C. Evans
# This module is part of the Python Paste Project and is released under
# the MIT License: http://www.opensource.org/licenses/mit-license.php
# This code was written with funding by http://prometheusresearch.com
"""
Basic HTTP/1.0 Authentication
This module implements ``Basic`` authentication as described in
HTTP/1.0 specification [1]_ . Do not use this module unless you
are using SSL or need to work with very out-dated clients, instead
use ``digest`` authentication.
>>> from paste.wsgilib import dump_environ
>>> from paste.util.httpserver import serve
>>> # from paste.auth.basic import AuthBasicHandler
>>> realm = 'Test Realm'
>>> def authfunc(username, password):
... return username == password
>>> serve(AuthBasicHandler(dump_environ, realm, authfunc))
serving on...
.. [1] http://www.w3.org/Protocols/HTTP/1.0/draft-ietf-http-spec.html#BasicAA
"""
from paste.httpexceptions import HTTPUnauthorized
from paste.httpheaders import *
from authkit.authenticate.multi import MultiHandler, status_checker
from authkit.authenticate import get_template, valid_password, \
get_authenticate_function, strip_base, RequireEnvironKey, \
AuthKitUserSetter, AuthKitAuthHandler
from authkit.permissions import AuthKitConfigError
class AuthBasicAuthenticator(object):
"""
implements ``Basic`` authentication details
"""
type = 'basic'
def __init__(self, realm, authfunc):
self.realm = realm
self.authfunc = authfunc
def build_authentication(self):
head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
return HTTPUnauthorized(headers=head)
def authenticate(self, environ):
authorization = AUTHORIZATION(environ)
if not authorization:
return self.build_authentication()
(authmeth, auth) = authorization.split(' ',1)
if 'basic' != authmeth.lower():
return self.build_authentication()
auth = auth.strip().decode('base64')
username, password = auth.split(':',1)
if self.authfunc(environ, username, password):
return username
return self.build_authentication()
__call__ = authenticate
class BasicAuthHandler(AuthKitAuthHandler):
"""
HTTP/1.0 ``Basic`` authentication middleware
Parameters:
``application``
The application object is called only upon successful
authentication, and can assume ``environ['REMOTE_USER']``
is set. If the ``REMOTE_USER`` is already set, this
middleware is simply pass-through.
``realm``
This is a identifier for the authority that is requesting
authorization. It is shown to the user and should be unique
within the domain it is being used.
``authfunc``
This is a mandatory user-defined function which takes a
``username`` and ``password`` for its first and second
arguments respectively. It should return ``True`` if
the user is authenticated.
"""
def __init__(self, application, realm, authfunc):
self.application = application
self.authenticate = AuthBasicAuthenticator(realm, authfunc)
def __call__(self, environ, start_response):
if environ.has_key('authkit.multi'):
authenitcation = self.authenticate.build_authentication()
return authenitcation.wsgi_application(environ, start_response)
else:
result = self.authenticate(environ)
return result.wsgi_application(environ, start_response)
class BasicUserSetter(AuthKitUserSetter):
def __init__(self, application, realm, authfunc, users):
self.application = application
self.users = users
self.authenticate = AuthBasicAuthenticator(realm, authfunc)
def __call__(self, environ, start_response):
environ['authkit.users'] = self.users
result = self.authenticate(environ)
if isinstance(result, str):
AUTH_TYPE.update(environ, 'basic')
REMOTE_USER.update(environ, result)
return self.application(environ, start_response)
def load_basic_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.basic',
):
auth_handler_params = {}
user_setter_params = {}
authenticate_conf = strip_base(auth_conf, 'authenticate.')
app, authfunc, users = get_authenticate_function(
app,
authenticate_conf,
prefix=prefix+'authenticate.',
format='basic'
)
realm = auth_conf.get('realm', 'AuthKit')
auth_handler_params['realm'] = realm
auth_handler_params['authfunc'] = authfunc
user_setter_params['realm'] = realm
user_setter_params['authfunc'] = authfunc
user_setter_params['users'] = users
return app, auth_handler_params, user_setter_params
def make_basic_auth_handler(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.basic',
):
app, auth_handler_params, user_setter_params = load_basic_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.basic',
)
app = MultiHandler(app)
app.add_method(
'basic',
BasicAuthHandler,
auth_handler_params['realm'],
auth_handler_params['authfunc']
)
app.add_checker('basic', status_checker)
app = BasicUserSetter(
app,
user_setter_params['realm'],
user_setter_params['authfunc'],
user_setter_params['users'],
)
return app
# Backwards compatibility
AuthBasicHandler = BasicAuthHandler
middleware = BasicAuthHandler
TryToAddUsername = BasicUserSetter
make_basic_handler = make_basic_auth_handler
|