Mercurial > hg > bitsyauth
annotate bitsyauth/minimal.py @ 11:6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
| author | ejucovy@socialplanning |
|---|---|
| date | Tue, 05 Jan 2010 12:54:28 -0500 |
| parents | |
| children | 2efb1b30da4a |
| rev | line source |
|---|---|
|
11
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
1 from webob import Request |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
2 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
3 import os |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
4 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
5 def pw(basedir, user): |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
6 file = os.path.join(basedir, user, '.password') |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
7 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
8 try: |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
9 fp = open(file) |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
10 except IOError: |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
11 return None |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
12 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
13 pw = fp.read().strip() |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
14 fp.close() |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
15 return pw |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
16 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
17 # from paste.auth.digest |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
18 try: |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
19 from hashlib import md5 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
20 except ImportError: |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
21 from md5 import md5 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
22 def hash(user, pw, realm): |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
23 return md5("%s:%s:%s" (user, realm, pw)).hexdigest() |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
24 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
25 class BitsyblogFilespaceAuth(object): |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
26 def __init__(self, realm, basedir): |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
27 self.realm = realm |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
28 self.basedir = basedir |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
29 def __call__(self, user, pw): |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
30 stored = pw(self.basedir, user) |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
31 if stored is None: |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
32 return False |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
33 return hash(user, pw, self.realm) == stored |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
34 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
35 def filter_factory(app, global_conf, realm, basedir): |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
36 #from paste.util.import_string import eval_import |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
37 #authfunc = eval_import(authfunc) |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
38 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
39 authfunc = BitsyblogFilespaceAuth(realm, basedir) |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
40 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
41 return BasicAuthMiddleware(app, realm, authfunc) |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
42 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
43 class BasicAuthMiddleware(object): |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
44 def __init__(self, app, realm, auth_checker): |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
45 self.app = app |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
46 self.realm = realm |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
47 self.auth_checker = auth_checker |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
48 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
49 def __call__(self, environ, start_response): |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
50 req = Request(environ) |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
51 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
52 header = req.headers.get('AUTHORIZATION') |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
53 if not header: |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
54 return self.app(environ, start_response) |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
55 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
56 (method, auth) = header.split(' ', 1) |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
57 if method != 'basic': |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
58 return self.app(environ, start_response) |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
59 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
60 auth = auth.strip().decode('base64') |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
61 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
62 username, password = auth.split(':', 1) |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
63 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
64 if self.auth_checker(username, password): |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
65 environ['REMOTE_USER'] = username |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
66 |
|
6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
ejucovy@socialplanning
parents:
diff
changeset
|
67 return self.app(environ, start_response) |