Example #1
0
def basic_authentication():
    """ Tries to authenticate using the Authorization header.
    """
    authorization = flask.request.headers.get("Authorization")
    if authorization and authorization.startswith("Basic "):
        encoded = authorization.replace("Basic ", "")
        user_email, password = base64.b64decode(encoded).split(b":", 1)
        user = models.User.query.get(user_email.decode("utf8"))
        if nginx.check_credentials(user, password.decode('utf-8'),
                                   flask.request.remote_addr, "web"):
            response = flask.Response()
            response.headers["X-User"] = user.email
            return response
    response = flask.Response(status=401)
    response.headers["WWW-Authenticate"] = 'Basic realm="Login Required"'
    return response
Example #2
0
def basic_authentication():
    """ Tries to authenticate using the Authorization header.
    """
    client_ip = flask.request.headers.get('X-Real-IP',
                                          flask.request.remote_addr)
    if utils.limiter.should_rate_limit_ip(client_ip):
        response = flask.Response(status=401)
        response.headers[
            "WWW-Authenticate"] = 'Basic realm="Authentication rate limit from one source exceeded"'
        response.headers['Retry-After'] = '60'
        return response
    authorization = flask.request.headers.get("Authorization")
    if authorization and authorization.startswith("Basic "):
        encoded = authorization.replace("Basic ", "")
        user_email, password = base64.b64decode(encoded).split(b":", 1)
        user_email = user_email.decode("utf8")
        if utils.limiter.should_rate_limit_user(user_email, client_ip):
            response = flask.Response(status=401)
            response.headers[
                "WWW-Authenticate"] = 'Basic realm="Authentication rate limit for this username exceeded"'
            response.headers['Retry-After'] = '60'
            return response
        try:
            user = models.User.query.get(
                user_email) if '@' in user_email else None
        except sqlalchemy.exc.StatementError as exc:
            exc = str(exc).split('\n', 1)[0]
            app.logger.warn(f'Invalid user {user_email!r}: {exc}')
        else:
            if user is not None and nginx.check_credentials(
                    user, password.decode('utf-8'), client_ip, "web"):
                response = flask.Response()
                response.headers[
                    "X-User"] = models.IdnaEmail.process_bind_param(
                        flask_login, user.email, "")
                utils.limiter.exempt_ip_from_ratelimits(client_ip)
                return response
            # We failed check_credentials
            utils.limiter.rate_limit_user(
                user_email,
                client_ip) if user else utils.limiter.rate_limit_ip(client_ip)
    response = flask.Response(status=401)
    response.headers["WWW-Authenticate"] = 'Basic realm="Login Required"'
    return response