def check_credentials(self, auth): """ Checks incoming username/password and returns True only if they were valid and as expected. """ username, password = parse_basic_auth(auth) if username != self.username: self.logger.warn('Invalid username or password') return elif password != self.password: self.logger.warn('Invalid username or password') return else: # All good, we let the request in return True
def _pubsub_check_credentials(self, _invoke_channels=(CHANNEL.INVOKE, CHANNEL.INVOKE_ASYNC)): # If we are being through a CHANNEL.INVOKE* channel, it means that our caller used self.invoke # or self.invoke_async, so there will never by any credentials in HTTP headers (there is no HTTP request after all), # and we can run as an internal endpoint in this situation. if self.channel.type in _invoke_channels: return self.server.default_internal_pubsub_endpoint_id auth = self.wsgi_environ.get('HTTP_AUTHORIZATION') if not auth: raise Forbidden(self.cid) try: username, password = parse_basic_auth(auth) except ValueError: raise Forbidden(self.cid) basic_auth = itervalues(self.server.worker_store.request_dispatcher. url_data.basic_auth_config) for item in basic_auth: config = item['config'] if config['is_active']: if config['username'] == username and config[ 'password'] == password: auth_ok = True security_id = config['id'] break else: auth_ok = False if not auth_ok: raise Forbidden(self.cid) try: endpoint_id = self.pubsub.get_endpoint_id_by_sec_id(security_id) except KeyError: self.logger.warn( 'Client credentials are valid but there is no pub/sub endpoint using them, sec_id:`%s`, e:`%s`', security_id, format_exc()) raise Forbidden(self.cid) else: return endpoint_id