1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
# Copyright 2002-2004 CherryPy Team (team@cherrypy.org)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
# 02111-1307, USA.
#
# As a special exception, the CherryPy team gives unlimited permission to
# copy, distribute and modify the CherryPy scripts that are the
# output of CherryPy. You need not follow the terms of the GNU
# General Public License when using or distributing such scripts, even
# though portions of the text of CherryPy appear in them. The GNU
# General Public License (GPL) does govern all other use of the
# material that constitutes the CherryPy program.
#
# Certain portions of the CherryPy source text are designed to be
# copied (in certain cases, depending on the input) into the output of
# CherryPy. We call these the "data" portions. The rest of the
# CherryPY source text consists of comments plus executable code that
# decides which of the data portions to output in any given case. We
# call these comments and executable code the "non-data" portions.
# CherryPy never copies any of the non-data portions into its output.
#
# This special exception to the GPL applies to versions of CherryPy
# released by the CherryPy team. When you make and distribute a modified
# version of CherryPy, you may extend this special exception to the
# GPL to apply to your modified version as well, *unless* your
# modified version has the potential to copy into its output some of
# the text that was the non-data portion of the version that you
# started with. (In other words, unless your change moves or copies
# text from the non-data portions to the data portions.) If your
# modification has such potential, you must delete any notice of this
# special exception to the GPL from your modified version.
import base64
# CherryClass to implement HttpAuthentication
# Use the following way:
# - Create your own class that derives from this one
# - set domain and userMap
# - subClass unauthorized with your own error message
# - subClass getPasswordListForLogin with your own method
################
CherryClass HttpAuthenticate abstract:
################
variable:
domain = 'Domain'
aspect:
(method.type=='view' or method.type=='mask') and method.name!='unauthorized' and not method.isHidden start:
if self.getPasswordListForLogin("")!=1:
_authorized=0
if request.headerMap.has_key('authorization'):
_sp=request.headerMap['authorization'].split()
if _sp and _sp[0].lower()=='basic':
_str=base64.decodestring(_sp[1])
_login, _password=_str.split(':')
_realPasswordList=self.getPasswordListForLogin(_login)
if _realPasswordList==1 or _password in _realPasswordList:
_authorized=1
self.login=_login
if not _authorized:
self.login=""
response.headerMap['status']=401
response.headerMap['WWW-Authenticate']='Basic realm="%s"'%self.domain
return self.unauthorized()
function:
def getPasswordListForLogin(self, login):
if login=='login': return ['password']
return []
mask:
def unauthorized(self):
<html><body>Unauthorized</body></html>
|
