File: HttpAuthenticate.tex

package info (click to toggle)
cherrypy 0.10-1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 10,324 kB
  • ctags: 1,759
  • sloc: python: 14,411; sh: 6,915; perl: 2,472; makefile: 76
file content (61 lines) | stat: -rwxr-xr-x 2,354 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
\section{\module{HttpAuthenticate} --- Basic HTTP authentication.}
\declaremodule{standard}{HttpAuthenticate}

\subsection{Module}
This module allows you to protect a part of your website with a login and a password, using a basic
HTTP authentication scheme.

All you have to do is declare a CherryClass that inherits from \var{HttpAuthenticate}, and all your masks
and views will be automatically protected.

To perform this magic, \var{HttpAuthenticate} uses AOP (aspect oriented programming). This basically means
that it will add some extra code at the beginning of each of your masks and views.

You may override the following methods:

\begin{funcdesc}{function: getPasswordListForLogin}{login}
This is where you specify what the valid login/password combinations are. The input value is the login that the
user entered. The method should return a list of all valid passwords for this login. If the login is incorrect, just
return an empty list.

Note: Being able to return several matching passwords for a login allows you to keep a "master key" password that works 
with all logins.
\end{funcdesc}

\begin{funcdesc}{mask or view: unauthorized}{}
This is the page that is displayed when the user entered an incorrect login/password 3 times in a row.
\end{funcdesc}

\begin{memberdesc}{variable: login}
String containing the login of the user that is logged in. The string is empty if no-one is logged in.
\end{memberdesc}

Note: There is no "logout" method. Users are automatically logged out when they close their browser window.

\begin{seealso}
  \seemodule{CookieAuthenticate}{Cookie-based authentication.}
  \seemodule{CookieSessionAuthenticate}{Cookie/session-based authentication.}
\end{seealso}

\subsection{Example}
The following code is an exemple that uses the HttpAuthenticate module:

\begin{verbatim}
use HttpAuthenticate
CherryClass Root(HttpAuthenticate):
function:
    def getPasswordListForLogin(login):
        if login=='mySecretLogin': return ['mySecretPassword']
        return []
mask:
    def index(self):
        <html><body>
            Hello <py-eval="self.login">, I see you know the secret login and password ...
        </body></html>
    def unauthorized(self):
        <html><body>
            Hey dude, get out ! You're not allowed here if you don't know the login/password
        </body></html>
\end{verbatim}