| commit | author | age | ||
| 4a8c36 | 1 | import binascii |
| CM | 2 | |
| 02a504 | 3 | from repoze.who._compat import AUTHORIZATION |
| AO | 4 | from webob.exc import HTTPUnauthorized |
| 4a8c36 | 5 | |
| CM | 6 | from zope.interface import implements |
| 7 | ||
| cb5426 | 8 | from repoze.who.interfaces import IIdentifier |
| CM | 9 | from repoze.who.interfaces import IChallenger |
| 4a8c36 | 10 | |
| CM | 11 | class BasicAuthPlugin(object): |
| 12 | ||
| c51195 | 13 | implements(IIdentifier, IChallenger) |
| 4a8c36 | 14 | |
| d85ba6 | 15 | def __init__(self, realm): |
| 4a8c36 | 16 | self.realm = realm |
| CM | 17 | |
| c51195 | 18 | # IIdentifier |
| CM | 19 | def identify(self, environ): |
| 4a8c36 | 20 | authorization = AUTHORIZATION(environ) |
| CM | 21 | try: |
| 22 | authmeth, auth = authorization.split(' ', 1) | |
| 7dfea7 | 23 | except ValueError: # not enough values to unpack |
| 40a968 | 24 | return None |
| 4a8c36 | 25 | if authmeth.lower() == 'basic': |
| CM | 26 | try: |
| 27 | auth = auth.strip().decode('base64') | |
| 7dfea7 | 28 | except binascii.Error: # can't decode |
| 40a968 | 29 | return None |
| 4a8c36 | 30 | try: |
| CM | 31 | login, password = auth.split(':', 1) |
| 7dfea7 | 32 | except ValueError: # not enough values to unpack |
| 40a968 | 33 | return None |
| 7dfea7 | 34 | auth = {'login':login, 'password':password} |
| CM | 35 | return auth |
| 4a8c36 | 36 | |
| 40a968 | 37 | return None |
| 4a8c36 | 38 | |
| c51195 | 39 | # IIdentifier |
| CM | 40 | def remember(self, environ, identity): |
| 41 | # we need to do nothing here; the browser remembers the basic | |
| 42 | # auth info as a result of the user typing it in. | |
| 43 | pass | |
| 44 | ||
| 45 | def _get_wwwauth(self): | |
| 02a504 | 46 | head = [('WWW-Authenticate', 'Basic realm="%s"' % self.realm)] |
| c51195 | 47 | return head |
| CM | 48 | |
| 49 | # IIdentifier | |
| 50 | def forget(self, environ, identity): | |
| 51 | return self._get_wwwauth() | |
| 52 | ||
| 53 | # IChallenger | |
| 54 | def challenge(self, environ, status, app_headers, forget_headers): | |
| 55 | head = self._get_wwwauth() | |
| 4daaea | 56 | if head[0] not in forget_headers: |
| c51195 | 57 | head = head + forget_headers |
| CM | 58 | return HTTPUnauthorized(headers=head) |
| 7dfea7 | 59 | |
| 97cfa2 | 60 | def __repr__(self): |
| 396eef | 61 | return '<%s %s>' % (self.__class__.__name__, |
| TS | 62 | id(self)) #pragma NO COVERAGE |
| 97cfa2 | 63 | |
| 515c69 | 64 | def make_plugin(realm='basic'): |
| d85ba6 | 65 | plugin = BasicAuthPlugin(realm) |
| CM | 66 | return plugin |
| 67 | ||
