def check_credentials(self, auth):
""" Checks incoming username/password and returns True only if they were valid and as expected.
"""
username, password = parse_basic_auth(auth)
if username != self.username:
self.logger.warn('Invalid username or password')
return
elif password != self.password:
self.logger.warn('Invalid username or password')
return
else:
# All good, we let the request in
return True
def _pubsub_check_credentials(self,
_invoke_channels=(CHANNEL.INVOKE,
CHANNEL.INVOKE_ASYNC)):
# If we are being through a CHANNEL.INVOKE* channel, it means that our caller used self.invoke
# or self.invoke_async, so there will never by any credentials in HTTP headers (there is no HTTP request after all),
# and we can run as an internal endpoint in this situation.
if self.channel.type in _invoke_channels:
return self.server.default_internal_pubsub_endpoint_id
auth = self.wsgi_environ.get('HTTP_AUTHORIZATION')
if not auth:
raise Forbidden(self.cid)
try:
username, password = parse_basic_auth(auth)
except ValueError:
raise Forbidden(self.cid)
basic_auth = itervalues(self.server.worker_store.request_dispatcher.
url_data.basic_auth_config)
for item in basic_auth:
config = item['config']
if config['is_active']:
if config['username'] == username and config[
'password'] == password:
auth_ok = True
security_id = config['id']
break
else:
auth_ok = False
if not auth_ok:
raise Forbidden(self.cid)
try:
endpoint_id = self.pubsub.get_endpoint_id_by_sec_id(security_id)
except KeyError:
self.logger.warn(
'Client credentials are valid but there is no pub/sub endpoint using them, sec_id:`%s`, e:`%s`',
security_id, format_exc())
raise Forbidden(self.cid)
else:
return endpoint_id