wassname/flask-security
1
0
Fork 0
mirror of https://github.com/wassname/flask-security.git synced 2026-06-27 16:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed http_auth when authorization is not provided in header

Browse Source
This commit is contained in:
Rodrigue Cloutier
2013-04-03 21:29:04 -04:00
parent c84c485493
commit 3575a2df18
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flask_security/decorators.py
+3 -1
View File
@@ -67,7 +67,9 @@ def _check_token():
def _check_http_auth():
auth = request.authorization or dict(username=None, password=None)
from collections import namedtuple
Auth = namedtuple('Auth', 'username, password')
auth = request.authorization or Auth(username=None, password=None)
user = _security.datastore.find_user(email=auth.username)
if user and utils.verify_and_update_password(auth.password, user):
tests/functional_tests.py
+7
View File
@@ -142,6 +142,13 @@ class DefaultSecurityTests(SecurityTest):
})
self.assertIn('HTTP Authentication', r.data)
def test_http_auth_no_authorization(self):
r = self._get('/http', headers={})
self.assertIn('<h1>Unauthorized</h1>', r.data)
self.assertIn('WWW-Authenticate', r.headers)
self.assertEquals('Basic realm="Login Required"',
r.headers['WWW-Authenticate'])
def test_invalid_http_auth_invalid_username(self):
r = self._get('/http', headers={
'Authorization': 'Basic ' + base64.b64encode("bogus:bogus")