diff options
author | cce <devnull@localhost> | 2006-02-24 06:24:10 +0000 |
---|---|---|
committer | cce <devnull@localhost> | 2006-02-24 06:24:10 +0000 |
commit | 3ece86d36d841c3d5023f7bab029c0b2b235e7e7 (patch) | |
tree | 1244c60800daaf2b9d42d6960195909ff84f571f /paste/auth | |
parent | 29dda90805f7eb854bf0b9557a3d6f300e41fad3 (diff) | |
download | paste-3ece86d36d841c3d5023f7bab029c0b2b235e7e7.tar.gz |
This updates the paste.auth.* modules to include
environ in the authentication callback functions.
- auth.basic was modified to have a callback of
authfunc(environ, username, password)
- auth.digest was modified in a similar manner,
authfunc(environ, realm, password)
- auth.digest's digest_password also had it's
arguments reversed to be consistent with the
corresponding authfunc(); if you're going to
break -- let's fix two things at once!
- auth.form has a change similar to auth.basic
These changes were suggested via Matthew Scott
on the paste mailing list; only that I put the
environ first to be consistent with other
WSGI functions.
Diffstat (limited to 'paste/auth')
-rw-r--r-- | paste/auth/basic.py | 10 | ||||
-rw-r--r-- | paste/auth/digest.py | 28 | ||||
-rw-r--r-- | paste/auth/form.py | 10 | ||||
-rw-r--r-- | paste/auth/multi.py | 6 |
4 files changed, 26 insertions, 28 deletions
diff --git a/paste/auth/basic.py b/paste/auth/basic.py index 0f7f72c..8f0ecab 100644 --- a/paste/auth/basic.py +++ b/paste/auth/basic.py @@ -14,7 +14,7 @@ use ``digest`` authentication. >>> from paste.httpserver import serve >>> # from paste.auth.basic import AuthBasicHandler >>> realm = 'Test Realm' ->>> def authfunc(username, password): +>>> def authfunc(environ, username, password): ... return username == password >>> serve(AuthBasicHandler(dump_environ, realm, authfunc)) serving on... @@ -46,7 +46,7 @@ class AuthBasicAuthenticator: return self.build_authentication() auth = auth.strip().decode('base64') username, password = auth.split(':',1) - if self.authfunc(username, password): + if self.authfunc(environ, username, password): return username return self.build_authentication() @@ -74,9 +74,9 @@ class AuthBasicHandler: ``authfunc`` This is a mandatory user-defined function which takes a - ``username`` and ``password`` for its first and second - arguments respectively. It should return ``True`` if - the user is authenticated. + ``environ``, ``username`` and ``password`` for its first + three arguments. It should return ``True`` if the user is + authenticated. """ def __init__(self, application, realm, authfunc): diff --git a/paste/auth/digest.py b/paste/auth/digest.py index 9e7bcba..106f8e6 100644 --- a/paste/auth/digest.py +++ b/paste/auth/digest.py @@ -16,8 +16,8 @@ module has been tested with several common browsers "out-in-the-wild". >>> from paste.httpserver import serve >>> # from paste.auth.digest import digest_password, AuthDigestHandler >>> realm = 'Test Realm' ->>> def authfunc(realm, username): -... return digest_password(username, realm, username) +>>> def authfunc(environ, realm, username): +... return digest_password(realm, username, username) >>> serve(AuthDigestHandler(dump_environ, realm, authfunc)) serving on... @@ -33,7 +33,7 @@ from paste.httpexceptions import HTTPUnauthorized from paste.httpheaders import * import md5, time, random, urllib2 -def digest_password(username, realm, password): +def digest_password(realm, username, password): """ construct the appropriate hashcode needed for HTTP digest """ return md5.md5("%s:%s:%s" % (username,realm,password)).hexdigest() @@ -79,12 +79,13 @@ class AuthDigestAuthenticator: self.nonce[nonce] = nc return username - def authenticate(self, authorization, path, method): - """ This function takes the value of the 'Authorization' header, - the method used (e.g. GET), and the path of the request - relative to the server. The function either returns an - authenticated user or it returns the authentication error. + def authenticate(self, environ): + """ This function takes a WSGI environment and authenticates + the request returning authenticated user or error. """ + method = REQUEST_METHOD(environ) + fullpath = SCRIPT_NAME(environ) + PATH_INFO(environ) + authorization = AUTHORIZATION(environ) if not authorization: return self.build_authentication() (authmeth, auth) = authorization.split(" ",1) @@ -100,7 +101,7 @@ class AuthDigestAuthenticator: nonce = amap['nonce'] realm = amap['realm'] response = amap['response'] - assert authpath.split("?",1)[0] in path + assert authpath.split("?",1)[0] in fullpath assert realm == self.realm qop = amap.get('qop','') cnonce = amap.get('cnonce','') @@ -110,7 +111,7 @@ class AuthDigestAuthenticator: assert nonce and nc except: return self.build_authentication() - ha1 = self.authfunc(realm,username) + ha1 = self.authfunc(environ, realm, username) return self.compute(ha1, username, response, method, authpath, nonce, nc, cnonce, qop) @@ -157,7 +158,7 @@ class AuthDigestHandler: This is a callback function which performs the actual authentication; the signature of this callback is: - authfunc(realm, username) -> hashcode + authfunc(environ, realm, username) -> hashcode This module provides a 'digest_password' helper function which can help construct the hashcode; it is recommended @@ -171,10 +172,7 @@ class AuthDigestHandler: def __call__(self, environ, start_response): username = REMOTE_USER(environ) if not username: - method = REQUEST_METHOD(environ) - fullpath = SCRIPT_NAME(environ) + PATH_INFO(environ) - authorization = AUTHORIZATION(environ) - result = self.authenticate(authorization, fullpath, method) + result = self.authenticate(environ) if isinstance(result, str): AUTH_TYPE.update(environ,'digest') REMOTE_USER.update(environ, result) diff --git a/paste/auth/form.py b/paste/auth/form.py index 6cab687..4d660a7 100644 --- a/paste/auth/form.py +++ b/paste/auth/form.py @@ -16,7 +16,7 @@ to put ``paste.auth.cookie`` in your application stack. >>> from paste.httpserver import serve >>> from paste.auth.cookie import AuthCookieHandler >>> from paste.auth.form import AuthFormHandler ->>> def authfunc(username, password): +>>> def authfunc(environ, username, password): ... return username == password >>> serve(AuthCookieHandler( ... AuthFormHandler(dump_environ, authfunc))) @@ -66,9 +66,9 @@ class AuthFormHandler: ``authfunc`` This is a mandatory user-defined function which takes a - ``username`` and ``password`` for its first and second - arguments respectively. It should return ``True`` if - the user is authenticated. + ``environ``, ``username`` and ``password`` for its first + three arguments. It should return ``True`` if the user is + authenticated. ``template`` @@ -103,7 +103,7 @@ class AuthFormHandler: username = formvars.get('username') password = formvars.get('password') if username and password: - if self.authfunc(username,password): + if self.authfunc(environ, username, password): environ['AUTH_TYPE'] = 'form' environ['REMOTE_USER'] = username environ['REQUEST_METHOD'] = 'GET' diff --git a/paste/auth/multi.py b/paste/auth/multi.py index 47becae..12c9f26 100644 --- a/paste/auth/multi.py +++ b/paste/auth/multi.py @@ -18,12 +18,12 @@ stack; by default it uses form-based authentication unless >>> from paste.httpserver import serve >>> >>> multi = multi.MultiHandler(dump_environ) ->>> def authfunc(realm, user): -... return digest.digest_password(user, realm, user) +>>> def authfunc(environ, realm, user): +... return digest.digest_password(realm, user, user) >>> multi.add_method('digest', digest.middleware, "Test Realm", authfunc) >>> multi.set_query_argument('digest') >>> ->>> def authfunc(username, password): +>>> def authfunc(environ, username, password): ... return username == password >>> multi.add_method('form', form.middleware, authfunc) >>> multi.set_default('form') |