[Twisted-web] HTTP basic auth
Colin Alston
karnaugh at karnaugh.za.net
Tue Jan 8 05:09:43 EST 2008
On 08/01/2008 11:49 Vincent Bernat wrote:
> twisted.web2 authentication seems to be a good start, but I am using Nevow.
> Has someone already done a HTTP basic auth with nevow? In fact, my case is
> very similar to the one here:
> http://twistedmatrix.com/pipermail/twisted-web/2007-January/003270.html
>
> But, as I said, Nevow's guard.py seems best suited for web app
> authentication, not for web services. Can anyone confirm/infirm?
Guard is for web based applications authentication, yes. If you're
doing something other than this, you probably do want HTTP auth.
Doing HTTP authentication yourself for a web service should be as
simple as returning a 403 error until you get a positive
authentication. There may be some implementations around for doing
this as a resource using t.cred.
Digging through some of my older work with t.w turned up the following
(obviously extinct and horrific code, but shows what you're looking for)
class Page(object):
def authenticateUser(self, request, passinfo):
user, password = request.getUser(),
md5.md5(request.getPassword()).digest()
if user==passinfo['username'] and password==passinfo['password']:
return True
return False
def render(self,request, realm, passinfo):
if self.authenticateUser(request, passinfo):
return self.documentRender(self, request)
else:
request.setResponseCode(http.UNAUTHORIZED)
request.setHeader('WWW-authenticate', 'basic realm="%s"'
% realm)
return BaseResources.ErrorAuth().render()
--
Colin Alston ~ http://www.karnaugh.za.net/
"To the world you may be one person, to one person you may be the
world" ~ Rachel Ann Nunes.
More information about the Twisted-web
mailing list