Mercurial > hg > bitsyauth
view bitsyauth/minimal.py @ 11:6fc4f426b8d4
add untested minimal bitsyauth filter that checks basicauth headers against bitsyblog passwords but doesn't issue any challenges of its own
author | ejucovy@socialplanning |
---|---|
date | Tue, 05 Jan 2010 12:54:28 -0500 |
parents | |
children | 2efb1b30da4a |
line wrap: on
line source
from webob import Request import os def pw(basedir, user): file = os.path.join(basedir, user, '.password') try: fp = open(file) except IOError: return None pw = fp.read().strip() fp.close() return pw # from paste.auth.digest try: from hashlib import md5 except ImportError: from md5 import md5 def hash(user, pw, realm): return md5("%s:%s:%s" (user, realm, pw)).hexdigest() class BitsyblogFilespaceAuth(object): def __init__(self, realm, basedir): self.realm = realm self.basedir = basedir def __call__(self, user, pw): stored = pw(self.basedir, user) if stored is None: return False return hash(user, pw, self.realm) == stored def filter_factory(app, global_conf, realm, basedir): #from paste.util.import_string import eval_import #authfunc = eval_import(authfunc) authfunc = BitsyblogFilespaceAuth(realm, basedir) return BasicAuthMiddleware(app, realm, authfunc) class BasicAuthMiddleware(object): def __init__(self, app, realm, auth_checker): self.app = app self.realm = realm self.auth_checker = auth_checker def __call__(self, environ, start_response): req = Request(environ) header = req.headers.get('AUTHORIZATION') if not header: return self.app(environ, start_response) (method, auth) = header.split(' ', 1) if method != 'basic': return self.app(environ, start_response) auth = auth.strip().decode('base64') username, password = auth.split(':', 1) if self.auth_checker(username, password): environ['REMOTE_USER'] = username return self.app(environ, start_response)