wassname/flask-security
1
0
Fork 0
mirror of https://github.com/wassname/flask-security.git synced 2026-06-27 16:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #361 from nfvs/add_headers_to_auth_required

Browse Source 
Include WWW-Authenticate headers in @auth_required.
This commit is contained in:
Matt Wright
2015-05-02 13:50:23 -04:00
parent 2e08ec87a6 3681823fcf
commit 8a62b5f193
2 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flask_security/decorators.py
+7 -3
View File
@@ -137,11 +137,15 @@ def auth_required(*auth_methods):
def wrapper(fn):
@wraps(fn)
def decorated_view(*args, **kwargs):
mechanisms = [login_mechanisms.get(method) for method in auth_methods]
for mechanism in mechanisms:
h = {}
mechanisms = [(method, login_mechanisms.get(method)) for method in auth_methods]
for method, mechanism in mechanisms:
if mechanism and mechanism():
return fn(*args, **kwargs)
return _get_unauthorized_response()
elif method == 'basic':
r = _security.default_http_auth_realm
h['WWW-Authenticate'] = 'Basic realm="%s"' % r
return _get_unauthorized_response(headers=h)
return decorated_view
return wrapper
tests/test_common.py
+13
View File
@@ -226,6 +226,19 @@ def test_multi_auth_basic(client):
assert response.status_code == 401
def test_multi_auth_basic_invalid(client):
response = client.get('/multi_auth', headers={
'Authorization': 'Basic %s' % base64.b64encode(b"bogus:bogus").decode('utf-8')
})
assert b'<h1>Unauthorized</h1>' in response.data
assert 'WWW-Authenticate' in response.headers
assert 'Basic realm="Login Required"' == response.headers['WWW-Authenticate']
response = client.get('/multi_auth')
print(response.headers)
assert response.status_code == 401
def test_multi_auth_token(client):
response = json_authenticate(client)
token = response.jdata['response']['user']['authentication_token']