diff options
| author | Robert Brewer <fumanchu@aminus.org> | 2006-09-11 18:28:34 +0000 |
|---|---|---|
| committer | Robert Brewer <fumanchu@aminus.org> | 2006-09-11 18:28:34 +0000 |
| commit | 06d8ffcd7c9e19c220bb22c0957df6df9bf56c1d (patch) | |
| tree | 516c799dcc02d8509f27ae6f2041188ff6e093c6 /cherrypy/lib | |
| parent | 02d96a3374c51ba9a66cfbb8a0b4ab4e4d1a26b9 (diff) | |
| download | cherrypy-git-06d8ffcd7c9e19c220bb22c0957df6df9bf56c1d.tar.gz | |
Docstrings + tweaks for new auth.py.
Diffstat (limited to 'cherrypy/lib')
| -rw-r--r-- | cherrypy/lib/auth.py | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/cherrypy/lib/auth.py b/cherrypy/lib/auth.py index 3e95a695..fed8820f 100644 --- a/cherrypy/lib/auth.py +++ b/cherrypy/lib/auth.py @@ -1,39 +1,47 @@ - import cherrypy -from cherrypy._cptools import Tool from httpauth import parseAuthorization, checkResponse, basicAuth, digestAuth +
-def check_auth(realm, users): - # Check if the user-agent provides an authorization header - # containing credentials +def check_auth(users): + """If an authorization header contains credentials, return True, else False.""" if 'authorization' in cherrypy.request.headers: # make sure the provided credentials are correctly set ah = parseAuthorization(cherrypy.request.headers['authorization']) if ah is None: raise cherrypy.HTTPError(400, 'Bad Request') - + # fetch the user password password = users.get(ah["username"], None) - + # validate the authorization by re-computing it here # and compare it with what the user-agent provided if checkResponse(ah, password, method=cherrypy.request.method): return True - +
return False - -def basic_auth(realm, users): - if check_auth(realm, users): + +def basic_auth(realm, users):
+ """If auth fails, raise 401 with a basic authentication header.
+
+ realm: a string containing the authentication realm.
+ users: a dict of the form: {username: password}.
+ """ + if check_auth(users): return # inform the user-agent this path is protected cherrypy.response.headers['www-authenticate'] = basicAuth(realm) raise cherrypy.HTTPError(401, "You are not authorized to access that resource") - + def digest_auth(realm, users): - if check_auth(realm, users): + """If auth fails, raise 401 with a digest authentication header. +
+ realm: a string containing the authentication realm.
+ users: a dict of the form: {username: password}.
+ """ + if check_auth(users): return # inform the user-agent this path is protected |