def get_auth_credentials(request: Request) -> Optional[Credentials]:
"""
Gets username and password as a :class:`Credentials` obejct, from an HTTP
request. Returns ``None`` if there is a problem.
"""
authorization = AUTHORIZATION(request.environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'basic': # ensure rquest is using basicauth
try:
# auth = auth.strip().decode('base64')
auth = base64.b64decode(auth.strip())
except binascii.Error: # can't decode
return None
# Turn it back into a string
auth = "".join(chr(x) for x in auth)
try:
username, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
return Credentials(username, password)
return None
def identify(self, environ):
"""Lookup the owner """
# New way using standard Authencation header
# Authentication: Mex user_id mex_token
authorization = AUTHORIZATION(environ)
try:
auth = authorization.split(' ')
except ValueError: # not enough values to unpack
auth = None
if auth and auth[0].lower() == 'mex':
log.debug("MexIdentify %s", auth)
try:
user, token = auth[1].split(':')
return {'bisque.mex_user': user, 'bisque.mex_token': token}
except ValueError:
pass
# OLD Way using custom header (deprecated)
mexheader = environ.get('HTTP_MEX', None)
if mexheader:
try:
# OLD code may ship a NEW token with the OLD header.
user, token = mexheader.split(':')
return {'bisque.mex_user': user, 'bisque.mex_token': token}
except ValueError:
return {'bisque.mex_token': mexheader}
return None
def identify(self, environ):
authorization = AUTHORIZATION(environ)
tokens = authorization.split(" ")
if len(tokens) != 2:
return None
if tokens[0] != "Bearer":
return None
return {"access_token": tokens[1]}
def identify(self, environ):
authorization = AUTHORIZATION(environ)
tokens = authorization.split(" ")
if len(tokens) != 2:
return None
if tokens[0] != "Bearer":
return None
return {"access_token": tokens[1]}
def authenticate(self, environ, identity):
authorization = AUTHORIZATION(environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'apikey':
acc = account.find_one_by('api_key', auth.strip())
if acc is not None:
return acc['name']
def authenticate(self, environ, identity):
authorization = AUTHORIZATION(environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'apikey':
acc = Account.by_api_key(auth.strip())
if acc is not None:
return acc.name
def _get_basicauth_credentials(request):
try:
authorization = AUTHORIZATION(request.environ)
authmeth, auth = authorization.split(' ', 1)
assert authmeth.lower() == 'basic'
auth = auth.strip().decode('base64')
username, password = auth.split(':', 1)
return {'username': username, 'password': password}
except (AssertionError, ValueError, binascii):
return None
def parse_auth_header(request):
"""
Parse HTTP auth headers
:param request: <pyramid_request>
:return: <tuple> auth method and auth credentials
"""
authorization = AUTHORIZATION(request.environ)
try:
authmethod, auth = authorization.split(' ', 1)
return authmethod.lower(), auth
except ValueError: # not enough values to unpack
raise HTTPBadRequest()
def parse_auth_header(request):
"""
Parse HTTP auth headers
:param request: <pyramid_request>
:return: <tuple> auth method and auth credentials
"""
authorization = AUTHORIZATION(request.environ)
try:
authmethod, auth = authorization.split(' ', 1)
return authmethod.lower(), auth
except ValueError: # not enough values to unpack
raise HTTPBadRequest()
def authenticate(self, environ):
authorization = AUTHORIZATION(environ)
if not authorization:
return self.build_authentication()
(authmeth, auth) = authorization.split(' ', 1)
if 'basic' != authmeth.lower():
return self.build_authentication()
auth = auth.strip().decode('base64')
username, password = auth.split(':', 1)
if check_credentials(
username, password, self.htaccess, self.auth_type):
return username
return self.build_authentication()
def authenticate(self, environ):
authorization = AUTHORIZATION(environ)
if not authorization:
return self.build_authentication()
(authmeth, auth) = authorization.split(' ', 1)
if 'basic' != authmeth.lower():
return self.build_authentication()
auth = base64.b64decode(auth.strip()).decode('utf-8')
username, password = auth.split(':', 1)
if check_credentials(
username, password, self.htaccess, self.auth_type):
# paste expects a str() type.
return str(username)
return self.build_authentication()
def authenticate(self, environ):
authorization = AUTHORIZATION(environ)
if not authorization:
return self.build_authentication()
(authmeth, auth) = authorization.split(' ', 1)
if 'basic' != authmeth.lower():
return self.build_authentication()
auth = auth.strip().decode('base64')
_parts = auth.split(':', 1)
if len(_parts) == 2:
username, password = _parts
if self.authfunc(environ, username, password):
return username
return self.build_authentication()
def authenticate(self, environ):
authorization = AUTHORIZATION(environ)
if not authorization:
return self.build_authentication()
(authmeth, auth) = authorization.split(' ', 1)
if 'basic' != authmeth.lower():
return self.build_authentication()
auth = auth.strip().decode('base64')
_parts = auth.split(':', 1)
if len(_parts) == 2:
username, password = _parts
if self.authfunc(environ, username, password):
return username
return self.build_authentication()
def _parse_params(self, environ):
# Try to find the parameters in various sources,
# reflecting preference order:
# Query string
params = dict(parse_querystring(environ))
# POST body
request = Request(environ)
if request.content_type == 'application/x-www-form-urlencoded':
body = request.body
params.update(parse_formvars(environ, include_get_vars=False))
request.body = body
# Authorization header
auth_header = AUTHORIZATION(environ)
if auth_header:
try:
params.update(oauth2.Request._split_header(auth_header))
except:
pass
# Remove the non-oauth params
if params:
for key in params.keys():
if not (key.startswith('oauth_') or key == 'realm'):
del params[key]
return dict(params)
def _get_basicauth_credentials(request):
authorization = AUTHORIZATION(request.environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'basic':
try:
auth = auth.strip().decode('base64')
except binascii.Error: # can't decode
return None
try:
login, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
return {'login':login, 'password':password}
return None
def _get_basicauth_credentials(request):
authorization = AUTHORIZATION(request.environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'basic':
try:
auth = auth.strip().decode('base64')
except binascii.Error: # can't decode
return None
try:
login, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
return {'login': login, 'password': password}
return None
def identify(self, environ):
authorization = AUTHORIZATION(environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'basic':
try:
auth = auth.strip().decode('base64')
except binascii.Error: # can't decode
return None
try:
login, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
auth = {'login':login, 'password':password}
return auth
return None
def get_basicauth_credentials(request):
from paste.httpheaders import AUTHORIZATION
authorization = AUTHORIZATION(request.environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'basic':
try:
auth = auth.strip().decode('base64')
except binascii.Error: # can't decode
return None
try:
username, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
return {'username': username, 'password': password}
return None
def identify(self, environ):
authorization = AUTHORIZATION(environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'basic':
try:
auth = auth.strip().decode('base64')
except binascii.Error: # can't decode
return None
try:
login, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
auth = {'login': login, 'password': password}
return auth
return None
def get_basicauth_credentials(request):
""" Get the user/password from HTTP basic auth """
authorization = AUTHORIZATION(request.environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'basic':
try:
auth = b64decode(auth.strip()).decode('utf8')
except (TypeError, binascii.Error): # can't decode
return None
try:
login, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
return {'login': login, 'password': password}
return None
def get_basicauth_credentials(request):
""" Get the user/password from HTTP basic auth """
authorization = AUTHORIZATION(request.environ)
try:
authmeth, auth = authorization.split(" ", 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == "basic":
try:
auth = b64decode(auth.strip()).decode("utf8")
except (TypeError, binascii.Error): # can't decode
return None
try:
login, password = auth.split(":", 1)
except ValueError: # not enough values to unpack
return None
return {"login": login, "password": password}
return None
def get_basicauth_credentials(request):
from paste.httpheaders import AUTHORIZATION
authorization = AUTHORIZATION(request.environ)
try:
authmeth, auth = authorization.split(" ", 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == "basic":
try:
auth = auth.strip().decode("base64")
except binascii.Error: # can't decode
return None
try:
username, password = auth.split(":", 1)
except ValueError: # not enough values to unpack
return None
return {"username": username, "password": password}
return None
def authenticate(self, environ):
authorization = AUTHORIZATION(environ)
if not authorization:
return self.build_authentication()
(authmeth, auth) = authorization.split(' ', 1)
if 'basic' != authmeth.lower():
return self.build_authentication()
auth = auth.strip().decode('base64')
_parts = auth.split(':', 1)
if len(_parts) == 2:
username, password = _parts
if self.authfunc(
username, password, environ, VCS_TYPE):
return username
if username and password:
# we mark that we actually executed authentication once, at
# that point we can use the alternative auth code
self.initial_call = False
return self.build_authentication()
def identify(self, environ):
"""
Try to identify user based on api key authorization in header
"""
# Get the authorization header as passed through paster
authorization = AUTHORIZATION(environ)
log.debug(authorization)
# Split the authorization header value by whitespace
try:
method, auth = authorization.split(' ', 1)
except ValueError:
# not enough values to unpack
return None
# If authentication method is apikey we return the identity
if method.lower() == 'apikey':
return {'apikey': auth.strip()}
# Return None if we get here (identity not found)
return None
def check(username, password, path="/"):
""" perform two-stage authentication to verify login """
(status,headers,content,errors) = \
raw_interactive(application,path, accept='text/html')
assert status.startswith("401")
challenge = WWW_AUTHENTICATE(headers)
response = AUTHORIZATION(username=username, password=password,
challenge=challenge, path=path)
assert "Digest" in response and username in response
(status,headers,content,errors) = \
raw_interactive(application,path,
HTTP_AUTHORIZATION=response)
if status.startswith("200"):
return content
if status.startswith("401"):
return None
assert False, "Unexpected Status: %s" % status