def run(self):
task.LoopingCall(self.status_check).start(0.5)
root = File('www')
root.putChild('st', StatusHandler(self))
root.putChild('upd', self.updateHandler)
root.putChild('cfg', ConfigHandler(self))
root.putChild('upt', UptimeHandler(self))
if self.config['config']['use_auth']:
clk = ClickHandler(self)
args = {
self.config['site']['username']:
self.config['site']['password']
}
checker = checkers.InMemoryUsernamePasswordDatabaseDontUse(**args)
realm = HttpPasswordRealm(clk)
p = portal.Portal(realm, [checker])
credentialFactory = BasicCredentialFactory(
"Garage Door Controller")
protected_resource = HTTPAuthSessionWrapper(p, [credentialFactory])
root.putChild('clk', protected_resource)
cla = CloseHandler(self)
cla_args = {
self.config['site']['username']:
self.config['site']['password']
}
cla_checker = checkers.InMemoryUsernamePasswordDatabaseDontUse(
**cla_args)
cla_realm = HttpPasswordRealm(cla)
cla_p = portal.Portal(cla_realm, [cla_checker])
credentialFactory = BasicCredentialFactory(
"Garage Door Controller")
cla_protected_resource = HTTPAuthSessionWrapper(
cla_p, [credentialFactory])
root.putChild('cla', cla_protected_resource)
else:
root.putChild('clk', ClickHandler(self))
root.putChild('cla', CloseHandler(self))
if self.config['config']['allow_api']:
root.putChild('api', APIHandler(self))
site = server.Site(root)
if not self.get_config_with_default(self.config['config'], 'use_https',
False):
reactor.listenTCP(self.config['site']['port'],
site) # @UndefinedVariable
reactor.run() # @UndefinedVariable
else:
sslContext = ssl.DefaultOpenSSLContextFactory(
self.config['site']['ssl_key'],
self.config['site']['ssl_cert'])
reactor.listenSSL(self.config['site']['port_secure'], site,
sslContext) # @UndefinedVariable
reactor.run() # @UndefinedVariable
def __init__(self, portal, credentialFactories, redirectTo, keyPath,
db):
HTTPAuthSessionWrapper.__init__(self, portal, credentialFactories)
self.openIDStore = MemoryStore()
self.loginSemaphore = DeferredSemaphore(1)
self.redirectTo = redirectTo
self.db = db
if keyPath.exists():
self.fernet = Fernet(keyPath.getContent())
else:
key = Fernet.generate_key()
keyPath.setContent(key)
self.fernet = Fernet(key)
def getAuthResource(in_resource,
sname,
config,
password_checker=AnchorePasswordChecker()):
if not password_checker:
# explicitly passed in null password checker obj
return (in_resource)
if sname in config['services']:
localconfig = config['services'][sname]
else:
# no auth required
return in_resource
do_auth = True
if localconfig and 'require_auth' in localconfig and not localconfig[
'require_auth']:
do_auth = False
if do_auth:
# if localconfig and 'require_auth' in localconfig and localconfig['require_auth']:
# if 'require_auth_file' not in localconfig or not os.path.exists(localconfig['require_auth_file']):
# raise Exception("require_auth is set for service, but require_auth_file is not set/invalid")
realm = HTTPAuthRealm(resource=in_resource)
portal = Portal(realm, [password_checker])
credential_factory = BasicCredentialFactory(b'Authentication required')
resource = HTTPAuthSessionWrapper(portal, [credential_factory])
else:
resource = in_resource
return resource
def require_digest_auth(resource):
p = portal.Portal(TestAuthRealm(DIGEST_AUTH_PAGE))
c = checkers.InMemoryUsernamePasswordDatabaseDontUse()
c.addUser("digestuser", "digestuser")
p.registerChecker(c)
cred_factory = DigestCredentialFactory("md5", "Digest Auth protected area")
return HTTPAuthSessionWrapper(p, [cred_factory])
def require_basic_auth(resource):
p = portal.Portal(TestAuthRealm())
c = checkers.InMemoryUsernamePasswordDatabaseDontUse()
c.addUser("john", "john")
p.registerChecker(c)
cred_factory = BasicCredentialFactory("Basic Auth protected area")
return HTTPAuthSessionWrapper(p, [cred_factory])
def addBasicAuth(resource, desc, **users):
"""Add basic auth for a resource.
Twisteds modulation of everything makes this quite.. messy."""
realm = SimpleResourceRealm(resource)
portal = Portal(realm, [InMemoryUsernamePasswordDatabaseDontUse(**users)])
credentialFactory = BasicCredentialFactory(desc)
return HTTPAuthSessionWrapper(portal, [credentialFactory])
def get_protected_resource(self, resource):
checker = RapidSMSRelayAccessChecker(self.get_avatar_id)
realm = RapidSMSRelayRealm(resource)
p = portal.Portal(realm, [checker])
factory = BasicCredentialFactory("RapidSMS Relay")
protected_resource = HTTPAuthSessionWrapper(p, [factory])
return protected_resource
def setupRootResource(facade, development=None):
"""Get the root resource to use for the API service.
@param facade: A L{Facade} instance.
@return: An C{HTTPAuthSessionWrapper} instance.
"""
from fluiddb.web.root import WSFERealm, IFacadeRealm
from fluiddb.web.checkers import (AnonymousChecker, FacadeChecker,
FacadeOAuthChecker, FacadeOAuth2Checker,
IFacadeChecker)
portal = Portal(WSFERealm(), [
FacadeChecker(),
FacadeOAuthChecker(),
FacadeOAuth2Checker(),
AnonymousChecker()
])
realm = IFacadeRealm(portal.realm)
realm.facadeClient = facade
for checker in portal.checkers.values():
if IFacadeChecker.providedBy(checker):
checker.facadeClient = facade
factories = [
BasicCredentialFactory('fluidinfo.com'),
OAuthCredentialFactory('fluidinfo.com'),
OAuth2CredentialFactory('fluidinfo.com', development)
]
return HTTPAuthSessionWrapper(portal, factories)
def getResource(app, sname, config):
if sname in config['services']:
localconfig = config['services'][sname]
else:
# no auth required
return(app.resource())
if localconfig and 'require_auth' in localconfig and localconfig['require_auth']:
#if 'require_auth_file' not in localconfig or not os.path.exists(localconfig['require_auth_file']):
# raise Exception("require_auth is set for service, but require_auth_file is not set/invalid")
realm = HTTPAuthRealm(resource=app.resource())
portal = Portal(realm, [AnchorePasswordChecker()])
#portal = Portal(realm, [FilePasswordDB(localconfig['require_auth_file'])])
#portal = Portal(realm, [FilePasswordDB(localconfig['require_auth_file'], hash=hellothere)])
#
# for route-based auth, need anon and auth
#
#from twisted.cred.checkers import AllowAnonymousAccess
#portal = Portal(
# realm, [
# FilePasswordDB('./configs/server-auth.db'),
# AllowAnonymousAccess(),
# ],
#)
credential_factory = BasicCredentialFactory('Authentication required')
#credential_factory = DigestCredentialFactory('md5', 'anchore')
resource = HTTPAuthSessionWrapper(portal, [credential_factory])
else:
resource = app.resource()
return (resource)
def run(self):
task.LoopingCall(self.status_check).start(0.5)
root = File('www')
root.putChild('upd', self.updateHandler)
root.putChild('cfg', ConfigHandler(self))
if self.config['config']['use_auth']:
clk = ClickHandler(self)
args = {
self.config['site']['username']:
self.config['site']['password']
}
checker = checkers.InMemoryUsernamePasswordDatabaseDontUse(**args)
realm = HttpPasswordRealm(clk)
p = portal.Portal(realm, [checker])
credentialFactory = BasicCredentialFactory(
"Garage Door Controller")
protected_resource = HTTPAuthSessionWrapper(p, [credentialFactory])
root.putChild('clk', protected_resource)
else:
root.putChild('clk', ClickHandler(self))
site = server.Site(root)
reactor.listenTCP(self.config['site']['port'],
site) # @UndefinedVariable
reactor.run() # @UndefinedVariable
def run(self):
"""
Start the server and listen on host:port
"""
f = None
unix_prefix = 'unix://'
if self.http_enabled:
rpc = JsonRpcHttpResource()
rpc.rpcprocessor = self.rpcprocessor
rpc.tls_client_auth_enabled = self.tls_client_auth_enabled
if self.http_basic_auth_enabled:
checker = PasswordChecker(self.passwdCheckFunction)
realm = HttpPasswordRealm(rpc)
p = portal.Portal(realm, [checker])
realm_name = 'Reflect RPC'
if sys.version_info.major == 2:
realm_name = realm_name.encode('utf-8')
credentialFactory = BasicCredentialFactory(realm_name)
rpc = HTTPAuthSessionWrapper(p, [credentialFactory])
root = RootResource(rpc)
f = server.Site(root)
else:
f = JsonRpcProtocolFactory(self.rpcprocessor,
self.tls_client_auth_enabled)
if self.tls_enabled:
if not self.tls_client_auth_enabled:
reactor.listenSSL(self.port,
f,
self.cert.options(),
interface=self.host)
else:
reactor.listenSSL(self.port,
f,
self.cert.options(self.client_auth_ca),
interface=self.host)
else:
if self.host.startswith(unix_prefix):
path = self.host[len(unix_prefix):]
reactor.listenUNIX(path,
f,
backlog=self.unix_socket_backlog,
mode=self.unix_socket_mode,
wantPID=self.unix_socket_want_pid)
else:
reactor.listenTCP(self.port, f, interface=self.host)
if self.host.startswith(unix_prefix):
print("Listening on %s" % (self.host))
else:
print("Listening on %s:%d" % (self.host, self.port))
reactor.run()
def on_load(self):
self.config = self.server.config.web
with open('./web/js/init.js', 'w') as f:
port = self.config.web_interface_port2
auth = self.config.auth_key
f.write('var server_port = "%s";\n var auth_key = "%s"' % (port,
auth))
root = File('./web')
root.indexNames = ['index.html']
root.putChild('css', static.File("./web/css"))
root.putChild('js', static.File("./web/js"))
root.putChild('img', static.File("./web/img"))
checker = PasswordDictChecker(self.config)
realm = HttpPasswordRealm(root)
p = portal.Portal(realm, [checker])
credentialFactory = DigestCredentialFactory("md5",
"Cuwo Interface Login")
protected_resource = HTTPAuthSessionWrapper(p, [credentialFactory])
auth_resource = resource.Resource()
auth_resource.putChild("", protected_resource)
site = SiteOverride(auth_resource)
reactor.listenTCP(self.config.web_interface_port1, site)
self.web_factory = WebFactory(self)
reactor.listenTCP(self.config.web_interface_port2,
WebSocketFactory(self.web_factory))
def build_sharing_resource():
passwd_file = os.path.join(os.path.dirname(__file__), "httpd.password")
root = build_shared_folder_resource()
portal = Portal(PublicHTMLRealm(root), [FilePasswordDB(passwd_file)])
credentialFactory = BasicCredentialFactory("Realm Description....")
return HTTPAuthSessionWrapper(portal, [credentialFactory])
def resource():
"""Initialize the HTTP Authentication."""
resthandle = RestIntf()
realm = CheckRealm(resource=resthandle.app.resource())
portal = Portal(realm, [FilePasswordDB('./server-auth.db')])
credential_factory = BasicCredentialFactory(b"http auth realm")
return HTTPAuthSessionWrapper(portal, [credential_factory])
def authed_resource(self, resource):
"""
See HTTPInterface.register_resource()
"""
return HTTPAuthSessionWrapper(
Portal(EnDroidRealm(resource), self._creds),
[BasicCredentialFactory("EnDroid")])
def wrap_with_auth(resource, passwdF, realm="Auth"):
"""
@param resource: resource to protect
"""
checkers = [PasswordDictCredentialChecker(passwdF)]
return HTTPAuthSessionWrapper(Portal(PublicHTMLRealm(resource), checkers),
[BasicCredentialFactory(realm)])
def wrap_with_auth(resource, passwords, realm="Auth"):
"""
@param resource: resource to protect
@param passwords: a dict-like object mapping usernames to passwords
"""
portal = Portal(PublicHTMLRealm(resource),
[PasswordDictCredentialChecker(passwords)])
credentialFactory = BasicCredentialFactory(realm)
return HTTPAuthSessionWrapper(portal, [credentialFactory])
def setUp(self):
checker = InMemoryUsernamePasswordDatabaseDontUse(user='******')
portal = Portal(AuthDummyServer(), [checker])
credentialFactory = BasicCredentialFactory('localhost')
resource = HTTPAuthSessionWrapper(portal, [credentialFactory])
site = Site(resource)
self.port = reactor.listenTCP(0, site)
self.portNumber = self.port._realPortNumber
def run_server(project):
portal = Portal(ProjectRealm(project), [DatabaseAuth(project.userbase)])
credentialFactory = BasicCredentialFactory(project.description())
resource = HTTPAuthSessionWrapper(portal, [credentialFactory])
factory = Site(resource)
reactor.listenTCP(8880, factory)
reactor.run()
def _authorizedResource(self, request):
token = request.getCookie(self.cookieName)
if token is None:
return HTTPAuthSessionWrapper._authorizedResource(self, request)
try:
username = self.decryptToken(token)
except InvalidToken:
request.addCookie(self.cookieName, '',
path=b'/', max_age=0)
return HTTPAuthSessionWrapper._authorizedResource(self, request)
def _cb((interface, avatar, logout)):
return avatar
credentials = Preauthenticated(username)
d = self._portal.login(credentials, None, IResource)
d.addCallback(_cb)
return DeferredResource(d)
def boot(listen_addr='127.0.0.1',
port=8080,
session_bus=False,
sage_www_root=DEFAULT_SAGE_ROOT,
auth_realm=None,
auth_passwd=None,
allow_ga=None,
deny_ga=None,
no_www=False):
assert not (
allow_ga and deny_ga
), 'Must not specify both deny and allow rules for group addresses'
global api
global factory
DBusGMainLoop(set_as_default=True)
if session_bus:
bus = dbus.SessionBus()
else:
bus = dbus.SystemBus()
obj = bus.get_object(DBUS_SERVICE, DBUS_PATH)
api = dbus.Interface(obj, DBUS_INTERFACE)
uri = createWsUrl(listen_addr, port)
factory = SageProtocolFactory(uri,
debug=False,
api=api,
allow_ga=allow_ga,
deny_ga=deny_ga)
factory.setProtocolOptions(allowHixie76=True, webStatus=False)
factory.protocol = SageProtocol
factory.clients = []
resource = WebSocketResource(factory)
if no_www:
root = resource
else:
root = File(sage_www_root)
root.putChild('saged', resource)
if auth_realm != None and auth_passwd != None:
portal = Portal(SageRealm(root), [ApachePasswordDB(auth_passwd)])
credentialFactories = [
BasicCredentialFactory(auth_realm),
]
root = HTTPAuthSessionWrapper(portal, credentialFactories)
site = Site(root)
site.protocol = HTTPChannelHixie76Aware
reactor.listenTCP(port, site, interface=listen_addr)
reactor.run()
def get_web_app(config, controller):
auth = config.get_bool('web', 'auth', False)
if auth:
auth_file = config.get_string('web', 'auth-db')
portal = Portal(PublicHTMLRealm(config, controller),
[FilePasswordDB(auth_file)])
credential_factory = DigestCredentialFactory('md5', b'scrapy-do')
resource = HTTPAuthSessionWrapper(portal, [credential_factory])
return resource
return WebApp(config, controller)
def get_authenticated_resource(self, resource):
if not self.web_username:
return resource
realm = HttpRpcRealm(resource)
checkers = [
StaticAuthChecker(self.web_username, self.web_password),
]
portal = Portal(realm, checkers)
cred_factories = [
BasicCredentialFactory(self.web_auth_domain),
]
return HTTPAuthSessionWrapper(portal, cred_factories)
def main():
readIniFile()
LOGGING['handlers']['file']['filename'] = logpath + '/mpexagent.log'
logging.config.dictConfig(LOGGING)
observer = twlog.PythonLoggingObserver()
observer.start()
args = parse_args()
try:
if args.mpex_url:
mpexagent = MPExAgent(replaycheck=True, mpexurl=args.mpex_url)
else:
mpexagent = MPExAgent(replaycheck=True)
mpexagent.passphrase = getpass("Enter your GPG passphrase: ")
root = JSON_RPC().customize(RPCServer)
root.eventhandler.agent = mpexagent
if (mode != 'noweb'):
webroot = static.File(webpath)
webroot.putChild('jsonrpc', root)
root = webroot
if (auth != 'noauth'):
if (auth == 'md5'):
hashfunc = hashmd5
if (auth == 'sha1'):
hashfunc = hashsha1
if (auth == 'plain'):
hashfunc = hashplain
realm = HttpPasswordRealm(root)
p = portal.Portal(realm, [
checkers.FilePasswordDB(passpath, delim=":", hash=hashfunc)
])
credentialFactory = BasicCredentialFactory("MpexAgent")
protected_resource = HTTPAuthSessionWrapper(
p, [credentialFactory])
root = protected_resource
site = server.Site(root)
bindaddr = '*:' if args.listen_addr == '' else args.listen_addr + ':'
log.info('Listening on %s%d...', bindaddr, args.port)
if (mode != 'https'):
reactor.listenTCP(args.port, site, interface=args.listen_addr)
else:
reactor.listenSSL(
args.port, site,
ssl.DefaultOpenSSLContextFactory(keypath, certpath))
reactor.run()
except KeyboardInterrupt:
print '^C received, shutting down server'
server.socket.close()
def getChildWithDefault(self, name, request):
if name == 'openid':
return OpenIDEndpoint('https://steamcommunity.com/openid',
self.openIDStore, self.loginSemaphore,
self._steamLogin)
if name == 'logout':
# Delete auth cookie
request.addCookie(self.cookieName, '',
path=b'/', max_age=0)
request.getSession().expire()
return Redirect(self.redirectTo)
return HTTPAuthSessionWrapper.getChildWithDefault(self, name, request)
def startService(self):
service.Service.startService(self)
if self.broker:
# daemon mode - print init message
log.debug("fileserver init")
self.storage = self.broker.storage
self.db = self.broker.db
self.keyring = self.broker.keyring
else:
# standalone - print version
self.print_version()
# create storage and database connection on our own
self.storage = storage.__dict__[self.config['broker']['storage'][0]](*self.config['broker']['storage'][1:])
self.db = database.connect_config(self.config)
self.storage.set_datasource(self.db)
self.keyring = keyring.Keyring(database.servers(self.db), str(self.config['server']['fingerprint']))
credFactory = utils.AuthKontalkTokenFactory(str(self.config['server']['fingerprint']), self.keyring)
# setup upload endpoint
portal = Portal(FileUploadRealm(self), [utils.AuthKontalkToken()])
resource = HTTPAuthSessionWrapper(portal, [credFactory])
self.putChild('upload', resource)
# setup download endpoint
portal = Portal(FileDownloadRealm(self), [utils.AuthKontalkToken()])
resource = HTTPAuthSessionWrapper(portal, [credFactory])
self.putChild('download', resource)
# setup serverlist endpoint
self.putChild('serverlist', ServerlistDownload(self))
# create http service
factory = server.Site(self)
fs_service = internet.TCPServer(port=self.config['server']['fileserver.bind'][1],
factory=factory, interface=self.config['server']['fileserver.bind'][0])
fs_service.setServiceParent(self.parent)
# old attachments entries purger
self._loop(self.config['fileserver']['attachments_purger.delay'], self._purge_attachments, True)
def makeAgentService(store):
"""
Returns a service which will process GatewayAMPCommands, using a socket
file descripter acquired by launchd
@param store: an already opened store
@returns: service
"""
from twisted.internet import reactor
sockets = launchActivateSocket("AgentSocket")
fd = sockets[0]
family = socket.AF_INET
endpoint = AdoptedStreamServerEndpoint(reactor, fd, family)
directory = store.directoryService()
def becameInactive():
log.warn("Agent inactive; shutting down")
reactor.stop()
from twistedcaldav.config import config
inactivityDetector = InactivityDetector(
reactor, config.AgentInactivityTimeoutSeconds, becameInactive
)
root = Resource()
root.putChild(
"gateway",
AgentGatewayResource(
store, directory, inactivityDetector
)
)
# We need this service to be able to return com.apple.calendarserver,
# so tell it not to suppress system accounts.
directory = OpenDirectoryDirectoryService(
"/Local/Default", suppressSystemRecords=False
)
portal = Portal(
AgentRealm(root, [u"com.apple.calendarserver"]),
[HTTPDigestCredentialChecker(directory)]
)
credentialFactory = NoQOPDigestCredentialFactory(
"md5", "/Local/Default"
)
wrapper = HTTPAuthSessionWrapper(portal, [credentialFactory])
site = Site(wrapper)
return StreamServerEndpointService(endpoint, site)
def getChild(self, conversation_key, request):
if conversation_key:
res = self.resource_class(self.worker, conversation_key)
checker = ConversationAccessChecker(self.worker, conversation_key)
realm = ConversationRealm(res)
p = portal.Portal(realm, [checker])
factory = BasicCredentialFactory("Conversation Realm")
protected_resource = HTTPAuthSessionWrapper(p, [factory])
return protected_resource
else:
return resource.NoResource()
def protectResource(resource, accessKey, secretKey, realm=None):
from twisted.cred.checkers import InMemoryUsernamePasswordDatabaseDontUse
from twisted.web.guard import HTTPAuthSessionWrapper
from twisted.cred.portal import Portal
portal_realm = _SingleResourceRealm(resource)
cred_checker = InMemoryUsernamePasswordDatabaseDontUse()
cred_checker.addUser(accessKey, secretKey)
portal = Portal(portal_realm, [cred_checker])
cred_factory = AuthHMACCredentialFactory(realm or 'twoost-app')
return HTTPAuthSessionWrapper(portal, [cred_factory])
def __init__(self, server, filename):
"""
Initialisation. Read saved data from disk, start looping calls that check system resources and read SIM card
data and serve the dashboard webpage.
@param server (Olof) Reference to the main Olof server instance.
"""
olof.core.Plugin.__init__(self, server, filename)
self.base_path = self.server.paths['plugins'] + '/dashboard'
self.root = RootResource(self)
status_resource = self.root
self.root.putChild("dashboard", status_resource)
authFile = self.base_path + '/data/auth.password'
if os.path.isfile(authFile):
portal = Portal(AuthenticationRealm(self),
[FilePasswordDB(authFile)])
credfac = BasicCredentialFactory("Gyrid Server")
rsrc = HTTPAuthSessionWrapper(portal, [credfac])
status_resource.putChild("content", rsrc)
else:
status_resource.putChild("content", ContentResource(self))
status_resource.putChild("static",
StaticResource(self.base_path + "/static/"))
self.scanners = self.storage.loadObject('scanners', {})
for s in self.scanners.values():
s.init(self)
for sens in s.sensors.values():
sens.init()
try:
import multiprocessing
self.cpuCount = multiprocessing.cpu_count()
except:
self.cpuCount = 1
self.connectionLagProcessing = True
self.parseMVNumbers()
self.updateConnectionLagConfig()
self.checkResourcesCall = task.LoopingCall(self.checkResources)
self.checkResourcesCall.start(10)
reactor.callLater(2, self.startListening)
def application(config):
app = Application("Scrapyd")
http_port = config.getint('http_port', 6800)
bind_address = config.get('bind_address', '127.0.0.1')
poll_interval = config.getfloat('poll_interval', 5)
poller = QueuePoller(config)
eggstorage = FilesystemEggStorage(config)
scheduler = SpiderScheduler(config)
environment = Environment(config)
app.setComponent(IPoller, poller)
app.setComponent(IEggStorage, eggstorage)
app.setComponent(ISpiderScheduler, scheduler)
app.setComponent(IEnvironment, environment)
laupath = config.get('launcher', 'scrapyd.launcher.Launcher')
laucls = load_object(laupath)
launcher = laucls(config, app)
timer = TimerService(poll_interval, poller.poll)
webpath = config.get('webroot', 'scrapyd.website.Root')
webcls = load_object(webpath)
username = config.get('username', '')
password = config.get('password', '')
if username and password:
if ':' in username:
sys.exit("The `username` option contains illegal character ':', "
"check and update the configuration file of Scrapyd")
portal = Portal(PublicHTMLRealm(webcls(config, app)),
[StringCredentialsChecker(username, password)])
credential_factory = BasicCredentialFactory("Auth")
resource = HTTPAuthSessionWrapper(portal, [credential_factory])
log.msg("Basic authentication enabled")
else:
resource = webcls(config, app)
log.msg("Basic authentication disabled as either `username` or `password` is unset")
webservice = TCPServer(http_port, server.Site(resource), interface=bind_address)
log.msg(format="Scrapyd web console available at http://%(bind_address)s:%(http_port)s/",
bind_address=bind_address, http_port=http_port)
launcher.setServiceParent(app)
timer.setServiceParent(app)
webservice.setServiceParent(app)
return app
def _get_auth_resource(self,
in_resource,
password_checker=AnchorePasswordChecker()):
assert (self.anchore_service is not None)
assert (hasattr(self.anchore_service, 'configuration'))
if not password_checker or not self.anchore_service.configuration or not self.anchore_service.configuration.get(
'require_auth', False):
# no auth required
return in_resource
realm = HTTPAuthRealm(resource=in_resource)
portal = Portal(realm, [password_checker])
credential_factory = BasicCredentialFactory(b'Authentication required')
return HTTPAuthSessionWrapper(portal, [credential_factory])
def secure_resource(self, api_resource):
"""
Wrap the provide API resource with an HTTP Authentication Session Wrapper
:param api_resource: API resource to wrap
:return: Resource, wrapped as requested
"""
checkers = [self._checker]
realm = Realm(api_resource, self._checker.users)
portal = Portal(realm, checkers)
credentials_factory = DigestCredentialFactory(self._algorithm,
self._auth_realm)
resource = HTTPAuthSessionWrapper(portal, [credentials_factory])
return resource
def _login(self, creds):
log.msg("Logging in: {0!r}".format(creds))
return HTTPAuthSessionWrapper._login(self, creds)
