changeset 4595:59728f08e040

HTTPAuthMoin: http basic auth done by moin
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 17 Feb 2009 12:53:59 +0100
parents d706f5d4f4ec
children ea636cd71757
files MoinMoin/auth/http.py
diffstat 1 files changed, 67 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth/http.py	Mon Feb 16 00:07:22 2009 +0100
+++ b/MoinMoin/auth/http.py	Tue Feb 17 12:53:59 2009 +0100
@@ -1,8 +1,11 @@
 # -*- coding: iso-8859-1 -*-
 """
-    MoinMoin - http authentication (or rather: using REMOTE_USER)
+    MoinMoin - http authentication
 
-    This is just a dummy redirecting to MoinMoin.auth.GivenAuth for backwards
+    HTTPAuth
+    ========
+
+    HTTPAuth is just a dummy redirecting to MoinMoin.auth.GivenAuth for backwards
     compatibility.
 
     Please fix your setup, this dummy will be removed soon:
@@ -21,6 +24,19 @@
     # presence (or absence) of 'given' auth name, e.g.:
     auth_methods_trusted = ['given', 'xmlrpc_applytoken']
 
+    HTTPAuthMoin
+    ============
+
+    HTTPAuthMoin is HTTP auth done by moin (not by your web server).
+
+    Moin will request HTTP Basic Auth and use the HTTP Basic Auth header it
+    receives to authenticate username/password against the moin user profiles.
+
+    from MoinMoin.auth.http import HTTPAuthMoin
+    auth = [HTTPAuthMoin()]
+    # check if you want 'http' auth name in there:
+    auth_methods_trusted = ['http', 'xmlrpc_applytoken']
+
     @copyright: 2009 MoinMoin:ThomasWaldmann
     @license: GNU GPL, see COPYING for details.
 """
@@ -28,9 +44,56 @@
 from MoinMoin import log
 logging = log.getLogger(__name__)
 
-from MoinMoin.auth import GivenAuth
+from MoinMoin import config, user
+from MoinMoin.auth import BaseAuth, GivenAuth
+
 
 class HTTPAuth(GivenAuth):
     name = 'http'  # GivenAuth uses 'given'
-    logging.warning("DEPRECATED use of MoinMoin.auth.http, please read instructions there or docs/CHANGES!")
+    logging.warning("DEPRECATED use of MoinMoin.auth.http.HTTPAuth, please read instructions there or docs/CHANGES!")
 
+
+class HTTPAuthMoin(BaseAuth):
+    """ authenticate via http (basic) auth """
+    name = 'http'
+
+    def __init__(self, autocreate=False, realm='MoinMoin', coding='iso-8859-1'):
+        self.autocreate = autocreate
+        self.realm = realm
+        self.coding = coding
+        BaseAuth.__init__(self)
+
+    def request(self, request, user_obj, **kw):
+        u = None
+        _ = request.getText
+        # always revalidate auth
+        if user_obj and user_obj.auth_method == self.name:
+            user_obj = None
+        # something else authenticated before us
+        if user_obj:
+            return user_obj, True
+
+        auth = request.authorization
+        if auth and auth.username and auth.password is not None:
+            logging.debug("http basic auth, received username: %r password: %r" % (
+                          auth.username, auth.password))
+            u = user.User(request,
+                          name=auth.username.decode(self.coding),
+                          password=auth.password.decode(self.coding),
+                          auth_method=self.name, auth_attribs=[])
+            logging.debug("user: %r" % u)
+
+        if not u or not u.valid:
+            from werkzeug import Response
+            from werkzeug.exceptions import _ProxyException
+            response = Response(_('Please log in first.'), 401,
+                                {'WWW-Authenticate': 'Basic realm="%s"' % self.realm})
+            raise _ProxyException(response)
+
+        if u and self.autocreate:
+            u.create_or_update()
+        if u and u.valid:
+            return u, True # True to get other methods called, too
+        else:
+            return user_obj, True
+