def _request_login(request):
""" Return a 401 to force pip to upload its HTTP basic auth credentials """
response = HTTPUnauthorized()
realm = WWW_AUTHENTICATE.tuples('Basic realm="%s"' %
request.registry.realm)
response.headers.update(realm)
return response
def _request_login(request):
""" Return a 401 to force pip to upload its HTTP basic auth credentials """
response = HTTPUnauthorized()
realm = WWW_AUTHENTICATE.tuples('Basic realm="%s"' %
request.registry.realm)
response.headers.update(realm)
return response
def build_authentication(self):
head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
if self._rc_auth_http_code and self._rc_auth_http_code == "403":
# return 403 if alternative http return code is specified in
# RhodeCode config
return HTTPForbidden(headers=head)
return HTTPUnauthorized(headers=head)
def get_login_page(request):
""" Catch login and redirect to login wall """
login_url = request.app_url('login')
if request.userid is not None:
# User is logged in and fetching /login, so redirect to /
if request.url == login_url:
return HTTPFound(location=request.app_url())
else:
# If user is not authorized, hide the fact that the page doesn't
# exist
request.response.status_code = 404
return request.response
if request.url != login_url:
request.session['next'] = request.url
# If pip requested a protected package and it's not authed, prompt for
# credentials
if (request.path.startswith('/simple')
or request.path.startswith('/pypi')):
request.response.status_code = 401
realm = WWW_AUTHENTICATE.tuples('Basic realm="%s"' %
request.registry.realm)
request.response.headers.update(realm)
return request.response
elif 'next' in request.GET:
request.session['next'] = request.GET['next']
else:
request.session['next'] = request.app_url()
request.response.status_code = 403
return {}
def build_authentication(self):
head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
if self._rc_auth_http_code and self._rc_auth_http_code == '403':
# return 403 if alternative http return code is specified in
# RhodeCode config
return HTTPForbidden(headers=head)
return HTTPUnauthorized(headers=head)
def get_login_page(request):
""" Catch login and redirect to login wall """
login_url = request.app_url('login')
if request.userid is not None:
# User is logged in and fetching /login, so redirect to /
if request.url == login_url:
return HTTPFound(location=request.app_url())
else:
# If user is not authorized, hide the fact that the page doesn't
# exist
request.response.status_code = 404
return request.response
if request.url != login_url:
request.session['next'] = request.url
# If pip requested a protected package and it's not authed, prompt for
# credentials
if (request.path.startswith('/simple') or
request.path.startswith('/pypi')):
request.response.status_code = 401
realm = WWW_AUTHENTICATE.tuples('Basic realm="%s"' %
request.registry.realm)
request.response.headers.update(realm)
return request.response
elif 'next' in request.GET:
request.session['next'] = request.GET['next']
else:
request.session['next'] = request.app_url()
request.response.status_code = 403
return {}
def challenge(self, environ, status, app_headers, forget_headers):
r"""If the request failed due to invalid or insufficient parameters or
permissions return a WWW-Authenticate header with the realm.
"""
# Add the WWW-Authenticate header
headers = WWW_AUTHENTICATE.tuples('OAuth realm="%s"' % self.realm)
if headers[0] not in forget_headers:
headers += forget_headers
return HTTPUnauthorized(headers=headers)
def challenge(self, environ, status, app_headers, forget_headers):
r"""If the request failed due to invalid or insufficient parameters or
permissions return a WWW-Authenticate header with the realm.
"""
# Add the WWW-Authenticate header
headers = WWW_AUTHENTICATE.tuples('OAuth realm="%s"' % self.realm)
if headers[0] not in forget_headers:
headers += forget_headers
return HTTPUnauthorized(headers=headers)
def build_authentication(self):
head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
if self._rc_auth_http_code and not self.initial_call:
# return alternative HTTP code if alternative http return code
# is specified in RhodeCode config, but ONLY if it's not the
# FIRST call
custom_response_klass = self._get_response_from_code(
self._rc_auth_http_code)
return custom_response_klass(headers=head)
return HTTPUnauthorized(headers=head)
def _forbid(request):
"""
Return a 403 if user is logged in, otherwise return a 401.
This is required to force pip to upload its HTTP basic auth credentials
"""
if request.userid is None:
request.response.status_code = 401
realm = WWW_AUTHENTICATE.tuples('Basic realm="%s"' %
request.registry.realm)
request.response.headers.update(realm)
return request.response
else:
return HTTPForbidden()
def _forbid(request):
"""
Return a 403 if user is logged in, otherwise return a 401.
This is required to force pip to upload its HTTP basic auth credentials
"""
if request.userid is None:
request.response.status_code = 401
realm = WWW_AUTHENTICATE.tuples('Basic realm="%s"' %
request.registry.realm)
request.response.headers.update(realm)
return request.response
else:
return HTTPForbidden()
def check(username, password, path="/"):
""" perform two-stage authentication to verify login """
(status,headers,content,errors) = \
raw_interactive(application,path, accept='text/html')
assert status.startswith("401")
challenge = WWW_AUTHENTICATE(headers)
response = AUTHORIZATION(username=username, password=password,
challenge=challenge, path=path)
assert "Digest" in response and username in response
(status,headers,content,errors) = \
raw_interactive(application,path,
HTTP_AUTHORIZATION=response)
if status.startswith("200"):
return content
if status.startswith("401"):
return None
assert False, "Unexpected Status: %s" % status
def forget(self, request):
head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
return head
def forget(self, request):
head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
return head
def _get_wwwauth(self):
head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
return head
def _get_wwwauth(self):
head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
return head
