3
3
MoinMoin - http authentication
5
You need either your webserver configured for doing HTTP auth (like Apache
6
reading some .htpasswd file) or Twisted (will accept HTTP auth against
7
password stored in moin user profile, but currently will NOT ask for auth)
8
or Standalone (in which case it will ask for auth and accept auth against
11
@copyright: 2006 MoinMoin:ThomasWaldmann
12
2007 MoinMoin:JohannesBerg
8
HTTPAuth is just a dummy redirecting to MoinMoin.auth.GivenAuth for backwards
11
Please fix your setup, this dummy will be removed soon:
15
from MoinMoin.auth.http import HTTPAuth
16
auth = [HTTPAuth(autocreate=True)]
17
# any presence (or absence) of 'http' auth name, e.g.:
18
auth_methods_trusted = ['http', 'xmlrpc_applytoken']
22
from MoinMoin.auth import GivenAuth
23
auth = [GivenAuth(autocreate=True)]
24
# presence (or absence) of 'given' auth name, e.g.:
25
auth_methods_trusted = ['given', 'xmlrpc_applytoken']
30
HTTPAuthMoin is HTTP auth done by moin (not by your web server).
32
Moin will request HTTP Basic Auth and use the HTTP Basic Auth header it
33
receives to authenticate username/password against the moin user profiles.
35
from MoinMoin.auth.http import HTTPAuthMoin
36
auth = [HTTPAuthMoin()]
37
# check if you want 'http' auth name in there:
38
auth_methods_trusted = ['http', 'xmlrpc_applytoken']
40
@copyright: 2009 MoinMoin:ThomasWaldmann
13
41
@license: GNU GPL, see COPYING for details.
44
from MoinMoin import log
45
logging = log.getLogger(__name__)
16
47
from MoinMoin import config, user
17
from MoinMoin.request import request_twisted, request_cli, request_standalone
18
from MoinMoin.auth import BaseAuth
19
from base64 import decodestring
21
class HTTPAuth(BaseAuth):
22
""" authenticate via http basic/digest/ntlm auth """
48
from MoinMoin.auth import BaseAuth, GivenAuth
51
class HTTPAuth(GivenAuth):
52
name = 'http' # GivenAuth uses 'given'
54
def __init__(self, *args, **kwargs):
55
logging.warning("DEPRECATED use of MoinMoin.auth.http.HTTPAuth, please read instructions there or docs/CHANGES!")
56
GivenAuth.__init__(self, *args, **kwargs)
59
class HTTPAuthMoin(BaseAuth):
60
""" authenticate via http (basic) auth """
25
def __init__(self, autocreate=False):
63
def __init__(self, autocreate=False, realm='MoinMoin', coding='iso-8859-1'):
26
64
self.autocreate = autocreate
27
67
BaseAuth.__init__(self)
29
69
def request(self, request, user_obj, **kw):
37
77
return user_obj, True
39
# for standalone, request authorization and verify it,
40
# deny access if it isn't verified
41
if isinstance(request, request_standalone.Request):
42
request.setHttpHeader('WWW-Authenticate: Basic realm="MoinMoin"')
43
auth = request.headers.get('Authorization')
45
auth = auth.split()[-1]
46
info = decodestring(auth).split(':', 1)
48
u = user.User(request, auth_username=info[0], password=info[1],
49
auth_method=self.name, auth_attribs=[])
51
request.makeForbidden(401, _('You need to log in.'))
52
# for Twisted, just check
53
elif isinstance(request, request_twisted.Request):
54
username = request.twistd.getUser().decode(config.charset)
55
password = request.twistd.getPassword().decode(config.charset)
56
# when using Twisted http auth, we use username and password from
57
# the moin user profile, so both can be changed by user.
58
u = user.User(request, auth_username=username, password=password,
59
auth_method=self.name, auth_attribs=())
60
elif not isinstance(request, request_cli.Request):
62
auth_type = env.get('AUTH_TYPE', '').lower()
63
if auth_type in ['basic', 'digest', 'ntlm', 'negotiate', ]:
64
username = env.get('REMOTE_USER', '').decode(config.charset)
65
if auth_type in ('ntlm', 'negotiate', ):
66
# converting to standard case so the user can even enter wrong case
67
# (added since windows does not distinguish between e.g.
69
username = username.split('\\')[-1] # split off domain e.g.
71
# this "normalizes" the login name from {meier, Meier, MEIER} to Meier
72
# put a comment sign in front of next line if you don't want that:
73
username = username.title()
74
# when using http auth, we have external user name and password,
75
# we don't use the moin user profile for those attributes.
76
u = user.User(request, auth_username=username,
77
auth_method=self.name, auth_attribs=('name', 'password'))
79
auth = request.authorization
80
if auth and auth.username and auth.password is not None:
81
logging.debug("http basic auth, received username: %r password: %r" % (
82
auth.username, auth.password))
83
u = user.User(request,
84
name=auth.username.decode(self.coding),
85
password=auth.password.decode(self.coding),
86
auth_method=self.name, auth_attribs=[])
87
logging.debug("user: %r" % u)
89
if not u or not u.valid:
90
from werkzeug import Response, abort
91
response = Response(_('Please log in first.'), 401,
92
{'WWW-Authenticate': 'Basic realm="%s"' % self.realm})
95
logging.debug("u: %r" % u)
79
96
if u and self.autocreate:
97
logging.debug("autocreating user")
80
98
u.create_or_update()
100
logging.debug("returning valid user %r" % u)
82
101
return u, True # True to get other methods called, too
103
logging.debug("returning %r" % user_obj)
84
104
return user_obj, True