1
2
3
4
5 __doc__ = """This module provides a CherryPy 3.x tool which implements
6 the server-side of HTTP Basic Access Authentication, as described in
7 :rfc:`2617`.
8
9 Example usage, using the built-in checkpassword_dict function which uses a dict
10 as the credentials store::
11
12 userpassdict = {'bird' : 'bebop', 'ornette' : 'wayout'}
13 checkpassword = cherrypy.lib.auth_basic.checkpassword_dict(userpassdict)
14 basic_auth = {'tools.auth_basic.on': True,
15 'tools.auth_basic.realm': 'earth',
16 'tools.auth_basic.checkpassword': checkpassword,
17 }
18 app_config = { '/' : basic_auth }
19
20 """
21
22 __author__ = 'visteya'
23 __date__ = 'April 2009'
24
25 import binascii
26 from cherrypy._cpcompat import base64_decode
27 import cherrypy
28
29
31 """Returns a checkpassword function which checks credentials
32 against a dictionary of the form: {username : password}.
33
34 If you want a simple dictionary-based authentication scheme, use
35 checkpassword_dict(my_credentials_dict) as the value for the
36 checkpassword argument to basic_auth().
37 """
38 def checkpassword(realm, user, password):
39 p = user_password_dict.get(user)
40 return p and p == password or False
41
42 return checkpassword
43
44
46 """A CherryPy tool which hooks at before_handler to perform
47 HTTP Basic Access Authentication, as specified in :rfc:`2617`.
48
49 If the request has an 'authorization' header with a 'Basic' scheme, this
50 tool attempts to authenticate the credentials supplied in that header. If
51 the request has no 'authorization' header, or if it does but the scheme is
52 not 'Basic', or if authentication fails, the tool sends a 401 response with
53 a 'WWW-Authenticate' Basic header.
54
55 realm
56 A string containing the authentication realm.
57
58 checkpassword
59 A callable which checks the authentication credentials.
60 Its signature is checkpassword(realm, username, password). where
61 username and password are the values obtained from the request's
62 'authorization' header. If authentication succeeds, checkpassword
63 returns True, else it returns False.
64
65 """
66
67 if '"' in realm:
68 raise ValueError('Realm cannot contain the " (quote) character.')
69 request = cherrypy.serving.request
70
71 auth_header = request.headers.get('authorization')
72 if auth_header is not None:
73 try:
74 scheme, params = auth_header.split(' ', 1)
75 if scheme.lower() == 'basic':
76 username, password = base64_decode(params).split(':', 1)
77 if checkpassword(realm, username, password):
78 if debug:
79 cherrypy.log('Auth succeeded', 'TOOLS.AUTH_BASIC')
80 request.login = username
81 return
82
83 except (ValueError, binascii.Error):
84 raise cherrypy.HTTPError(400, 'Bad Request')
85
86
87 cherrypy.serving.response.headers[
88 'www-authenticate'] = 'Basic realm="%s"' % realm
89 raise cherrypy.HTTPError(
90 401, "You are not authorized to access that resource")
91