diff options
author | cbdev <cb@cbcdn.com> | 2022-07-04 19:21:34 +0200 |
---|---|---|
committer | cbdev <cb@cbcdn.com> | 2022-07-04 19:21:34 +0200 |
commit | 507f0d060da30a8f65bec8b2ac1f08837d536b4c (patch) | |
tree | b2c5a1f9cc5080fb7f2586e2371fce443e43fbaa /backend/LocalBasicAuth.py | |
parent | 4369d6a7f024f9ebf3c5f41a8fe17bfc65d0a820 (diff) | |
download | cargohold-507f0d060da30a8f65bec8b2ac1f08837d536b4c.tar.gz cargohold-507f0d060da30a8f65bec8b2ac1f08837d536b4c.tar.bz2 cargohold-507f0d060da30a8f65bec8b2ac1f08837d536b4c.zip |
Implement authentication modules for admin panel
Diffstat (limited to 'backend/LocalBasicAuth.py')
-rw-r--r-- | backend/LocalBasicAuth.py | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/backend/LocalBasicAuth.py b/backend/LocalBasicAuth.py new file mode 100644 index 0000000..967707c --- /dev/null +++ b/backend/LocalBasicAuth.py @@ -0,0 +1,35 @@ +import config +import utils +import base64 +from passlib.apache import HtpasswdFile + +# This authentication provider reads a local Apache-style htpassword file +# and performs HTTP Basic authentication. + +passwd_file = ".htpasswd" +realm = "cargohold" + +def login(env, post): + auth = get(env) + + if not auth: + return ["Please authenticate", [("WWW-Authenticate",'Basic realm="' + realm + '"')], "401 Authenticate"] + + utils.ensure_user(auth["user"]) + return utils.redirect("/admin") + +def get(env): + auth = env.get("HTTP_AUTHORIZATION", "") + if auth and auth.startswith("Basic "): + auth = str(base64.b64decode(auth[6:]), "utf-8").split(":") + try: + ht = HtpasswdFile(passwd_file) + if ht.check_password(auth[0], auth[1]): + return {"user": auth[0], "expire": None} + except IOError: + print("LocalBasicAuth: Failed to read credentials file at " + passwd_file) + return None + +def logout(): + # TODO + return False |