Download Install Tutorial Docs FAQ Tools WikiLicense Team IRC Planet Involvement Shop Book

Changeset 1356

Show
Ignore:
Timestamp:
09/11/06 17:04:28
Author:
fumanchu
Message:

Added test_httpauth to test suite and re-used httpauth's md5 encoder.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/cherrypy/lib/auth.py

    r1355 r1356  
    1 import md5 
    21import cherrypy 
    3  
    4 from httpauth import parseAuthorization, checkResponse, basicAuth, digestAuth 
     2from cherrypy.lib import httpauth 
    53 
    64 
     
    97    if 'authorization' in cherrypy.request.headers: 
    108        # make sure the provided credentials are correctly set 
    11         ah = parseAuthorization(cherrypy.request.headers['authorization']) 
     9        ah = httpauth.parseAuthorization(cherrypy.request.headers['authorization']) 
    1210        if ah is None: 
    1311            raise cherrypy.HTTPError(400, 'Bad Request') 
    14  
     12         
    1513        if not encrypt: 
    16             encrypt = lambda x: md5.new(x).hexdigest() 
    17  
     14            encrypt = httpauth.DIGEST_AUTH_ENCODERS[httpauth.MD5] 
     15         
    1816        if callable(users): 
    1917            users = users() # expect it to return a dictionary 
    20  
     18         
    2119        if not isinstance(users, dict): 
    22             raise ValueError, "Authentication users must be passed contained in a dictionary" 
    23      
     20            raise ValueError, "Authentication users must be a dictionary" 
     21         
    2422        # fetch the user password 
    2523        password = users.get(ah["username"], None) 
     
    2725        # validate the authorization by re-computing it here 
    2826        # and compare it with what the user-agent provided 
    29         if checkResponse(ah, password, method=cherrypy.request.method, encrypt=encrypt): 
     27        if httpauth.checkResponse(ah, password, method=cherrypy.request.method, 
     28                                  encrypt=encrypt): 
    3029            return True 
    3130     
     
    4443     
    4544    # inform the user-agent this path is protected 
    46     cherrypy.response.headers['www-authenticate'] = basicAuth(realm) 
     45    cherrypy.response.headers['www-authenticate'] = httpauth.basicAuth(realm) 
    4746     
    4847    raise cherrypy.HTTPError(401, "You are not authorized to access that resource")  
     
    5857     
    5958    # inform the user-agent this path is protected 
    60     cherrypy.response.headers['www-authenticate'] = digestAuth(realm) 
     59    cherrypy.response.headers['www-authenticate'] = httpauth.digestAuth(realm) 
    6160     
    6261    raise cherrypy.HTTPError(401, "You are not authorized to access that resource")  

Hosted by WebFaction

Log in as guest/cpguest to create tickets