Mercurial > hg > bitsyauth
comparison bitsyauth/minimal.py @ 11:6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
author | ejucovy@socialplanning |
---|---|
date | Tue, 05 Jan 2010 12:54:28 -0500 |
parents | |
children | 2efb1b30da4a |
comparison
equal
deleted
inserted
replaced
10:16c33fd5fb20 | 11:6fc4f426b8d4 |
---|---|
1 from webob import Request | |
2 | |
3 import os | |
4 | |
5 def pw(basedir, user): | |
6 file = os.path.join(basedir, user, '.password') | |
7 | |
8 try: | |
9 fp = open(file) | |
10 except IOError: | |
11 return None | |
12 | |
13 pw = fp.read().strip() | |
14 fp.close() | |
15 return pw | |
16 | |
17 # from paste.auth.digest | |
18 try: | |
19 from hashlib import md5 | |
20 except ImportError: | |
21 from md5 import md5 | |
22 def hash(user, pw, realm): | |
23 return md5("%s:%s:%s" (user, realm, pw)).hexdigest() | |
24 | |
25 class BitsyblogFilespaceAuth(object): | |
26 def __init__(self, realm, basedir): | |
27 self.realm = realm | |
28 self.basedir = basedir | |
29 def __call__(self, user, pw): | |
30 stored = pw(self.basedir, user) | |
31 if stored is None: | |
32 return False | |
33 return hash(user, pw, self.realm) == stored | |
34 | |
35 def filter_factory(app, global_conf, realm, basedir): | |
36 #from paste.util.import_string import eval_import | |
37 #authfunc = eval_import(authfunc) | |
38 | |
39 authfunc = BitsyblogFilespaceAuth(realm, basedir) | |
40 | |
41 return BasicAuthMiddleware(app, realm, authfunc) | |
42 | |
43 class BasicAuthMiddleware(object): | |
44 def __init__(self, app, realm, auth_checker): | |
45 self.app = app | |
46 self.realm = realm | |
47 self.auth_checker = auth_checker | |
48 | |
49 def __call__(self, environ, start_response): | |
50 req = Request(environ) | |
51 | |
52 header = req.headers.get('AUTHORIZATION') | |
53 if not header: | |
54 return self.app(environ, start_response) | |
55 | |
56 (method, auth) = header.split(' ', 1) | |
57 if method != 'basic': | |
58 return self.app(environ, start_response) | |
59 | |
60 auth = auth.strip().decode('base64') | |
61 | |
62 username, password = auth.split(':', 1) | |
63 | |
64 if self.auth_checker(username, password): | |
65 environ['REMOTE_USER'] = username | |
66 | |
67 return self.app(environ, start_response) |