Authentication

You can use both, basic and digest access authentication, just create your authentication function, and decorate selected resources.

Basic access authentication

#!/usr/bin/env python
# -*- coding: utf-8 -*-
from CodernityREST.router_ex import ResourceRouter
from CodernityREST.utils import basic_auth


@basic_auth
def auth(req, user, password, *args, **kwargs):
    if user == 'test' and password == 'password':
        return user


def test_auth(req, resp):
    return True


def get_routes():
    r_auth = ResourceRouter('/auth', dec=((9, auth), ))
    r_auth.add_str('GET', '/test_auth', test_auth)
    return r_auth
  • auth - function that checks user and password, and returns user if valid, or None otherwise

Digest access authentication

#!/usr/bin/env python
# -*- coding: utf-8 -*-
from CodernityREST.misc.digest_auth import digest_auth
from CodernityREST.router_ex import ResourceRouter


def get_password(username):
    if username == 'admin':
        return 'password'
    else:
        raise Exception('wrong user')


def test_auth(req, resp):
    return True


def get_routes():
    r_auth = ResourceRouter('/auth', dec=((9, digest_auth(get_password)), ))
    r_auth.add_str('GET', '/test_digest2', test_auth)
    return r_auth
  • get_password - function that returns password for given user, or raise an exception if user doesn’t exists.
digest_auth(get_password, create_nonce_function=None, validate_nonce_function=None, after_process_function=None, secret_key=uuid.uuid4().hex)

Helper for digest access authentication

Parameters:
  • get_password – function that returns password for given user
  • create_nonce_function – function that creates nonce for given request
  • validate_nonce_function – function that validates nonce for given request and auth parameters
  • after_process_function – function executed after user is authenticated
  • secret_key – Secret key, used by defaults create_nonce_function and validate_nonce_function

Advanced digest access authentication

#!/usr/bin/env python
# -*- coding: utf-8 -*-
from functools import wraps
import uuid
import time
from CodernityREST.misc.digest_auth import check_auth_digest
from CodernityREST.router_ex import ResourceRouter
from hashlib import md5


def digest_auth_func(f):
    secret_key = uuid.uuid4().hex

    def _get_password(login):
        if login == 'admin':
            return 'password'
        else:
            raise Exception('wrong user')

    def _validate_nonce(req, auth):
        t, hash_ = auth['nonce'].split(':')
        return hash_ == md5(':'.join([secret_key, t])).hexdigest() and (
            time.time() - int(t) < 60) and int(auth['nc'], 16) < 10

    def process(req, auth):
        yield _get_password(auth['username'])
        yield _validate_nonce(req, auth)

    def create_nonce(req):
        now = str(int(time.time()))
        hash_ = md5(':'.join([secret_key, now])).hexdigest()
        return ':'.join([now, hash_])

    @wraps(f)
    def _inner(req, resp, *args, **kwargs):
        check_auth_digest(req, resp, process, create_nonce=create_nonce)
        return f(req, resp, *args, **kwargs)

    return _inner


def test_auth(req, resp):
    return True


def get_routes():
    r_auth = ResourceRouter('/auth', dec=((9, digest_auth_func), ))
    r_auth.add_str('GET', '/test_digest', test_auth)
    return r_auth
  • process - generator that:
    • must yield password for given username
    • must yield True if given nonce is valid (or just True if you don’t want to check this), False otherwise
    • may do something with the request (after the second yield user is already authenticated)
  • create_nonce - function that returns nonce for given request. If not given, nonce will be automatically created, ant the second yield must always yield True