diff options
Diffstat (limited to 'backend/LocalBasicAuth.py')
| -rw-r--r-- | backend/LocalBasicAuth.py | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/backend/LocalBasicAuth.py b/backend/LocalBasicAuth.py new file mode 100644 index 0000000..967707c --- /dev/null +++ b/backend/LocalBasicAuth.py @@ -0,0 +1,35 @@ +import config +import utils +import base64 +from passlib.apache import HtpasswdFile + +# This authentication provider reads a local Apache-style htpassword file +# and performs HTTP Basic authentication. + +passwd_file = ".htpasswd" +realm = "cargohold" + +def login(env, post): + auth = get(env) + + if not auth: + return ["Please authenticate", [("WWW-Authenticate",'Basic realm="' + realm + '"')], "401 Authenticate"] + + utils.ensure_user(auth["user"]) + return utils.redirect("/admin") + +def get(env): + auth = env.get("HTTP_AUTHORIZATION", "") + if auth and auth.startswith("Basic "): + auth = str(base64.b64decode(auth[6:]), "utf-8").split(":") + try: + ht = HtpasswdFile(passwd_file) + if ht.check_password(auth[0], auth[1]): + return {"user": auth[0], "expire": None} + except IOError: + print("LocalBasicAuth: Failed to read credentials file at " + passwd_file) + return None + +def logout(): + # TODO + return False |