mirror of
https://github.com/wassname/flask-security.git
synced 2026-07-05 17:30:14 +08:00
Add configurable http auth realm and optional realm specification in http_auth_required decorator
This commit is contained in:
@@ -78,6 +78,11 @@ def create_app(auth_config):
|
||||
def http():
|
||||
return render_template('index.html', content='HTTP Authentication')
|
||||
|
||||
@app.route('/http_custom_realm')
|
||||
@http_auth_required('My Realm')
|
||||
def http_custom_realm():
|
||||
return render_template('index.html', content='HTTP Authentication')
|
||||
|
||||
@app.route('/token')
|
||||
@auth_token_required
|
||||
def token():
|
||||
|
||||
@@ -57,7 +57,7 @@ _default_config = {
|
||||
'CONFIRM_SALT': 'confirm-salt',
|
||||
'RESET_SALT': 'reset-salt',
|
||||
'AUTH_SALT': 'auth-salt',
|
||||
'DEFAULT_HTTP_AUTH_HEADER': 'Basic realm="Login Required"'
|
||||
'DEFAULT_HTTP_AUTH_REALM': 'Login Required'
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -78,23 +78,26 @@ def _check_http_auth():
|
||||
return app.security.pwd_context.verify(auth.password, user.password)
|
||||
|
||||
|
||||
def http_auth_required(auth_header=None):
|
||||
def http_auth_required(realm):
|
||||
"""Decorator that protects endpoints using Basic HTTP authentication."""
|
||||
def wrapper(fn):
|
||||
|
||||
def decorator(fn):
|
||||
@wraps(fn)
|
||||
def decorated(*args, **kwargs):
|
||||
def wrapper(*args, **kwargs):
|
||||
if _check_http_auth():
|
||||
return fn(*args, **kwargs)
|
||||
|
||||
header = auth_header or _security.default_http_auth_header
|
||||
headers = {'WWW-Authenticate': header}
|
||||
r = _security.default_http_auth_realm if callable(realm) else realm
|
||||
h = {'WWW-Authenticate': 'Basic realm="%s"' % r}
|
||||
|
||||
return _get_unauthorized_response(headers=headers)
|
||||
return _get_unauthorized_response(headers=h)
|
||||
|
||||
return decorated
|
||||
return wrapper
|
||||
|
||||
return wrapper
|
||||
if callable(realm):
|
||||
return decorator(realm)
|
||||
|
||||
return decorator
|
||||
|
||||
|
||||
def auth_token_required(fn):
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
from __future__ import with_statement
|
||||
|
||||
import base64
|
||||
import time
|
||||
|
||||
try:
|
||||
@@ -130,8 +131,30 @@ class DefaultSecurityTests(SecurityTest):
|
||||
r = self._get('/token', headers={"X-Auth-Token": 'X'})
|
||||
self.assertEqual(401, r.status_code)
|
||||
|
||||
def test_http_auth(self):
|
||||
r = self._get('/http', headers={
|
||||
'Authorization': 'Basic ' + base64.b64encode("joe@lp.com:password")
|
||||
})
|
||||
self.assertIn('HTTP Authentication', r.data)
|
||||
|
||||
class ConfiguredURLTests(SecurityTest):
|
||||
def test_invalid_http_auth(self):
|
||||
r = self._get('/http', headers={
|
||||
'Authorization': 'Basic ' + base64.b64encode("joe@lp.com:bogus")
|
||||
})
|
||||
self.assertIn('<h1>Unauthorized</h1>', r.data)
|
||||
self.assertIn('WWW-Authenticate', r.headers)
|
||||
self.assertEquals('Basic realm="Login Required"', r.headers['WWW-Authenticate'])
|
||||
|
||||
def test_custom_http_auth_realm(self):
|
||||
r = self._get('/http_custom_realm', headers={
|
||||
'Authorization': 'Basic ' + base64.b64encode("joe@lp.com:bogus")
|
||||
})
|
||||
self.assertIn('<h1>Unauthorized</h1>', r.data)
|
||||
self.assertIn('WWW-Authenticate', r.headers)
|
||||
self.assertEquals('Basic realm="My Realm"', r.headers['WWW-Authenticate'])
|
||||
|
||||
|
||||
class ConfiguredSecurityTests(SecurityTest):
|
||||
|
||||
AUTH_CONFIG = {
|
||||
'SECURITY_REGISTERABLE': True,
|
||||
@@ -141,7 +164,8 @@ class ConfiguredURLTests(SecurityTest):
|
||||
'SECURITY_POST_LOGIN_VIEW': '/post_login',
|
||||
'SECURITY_POST_LOGOUT_VIEW': '/post_logout',
|
||||
'SECURITY_POST_REGISTER_VIEW': '/post_register',
|
||||
'SECURITY_UNAUTHORIZED_VIEW': '/unauthorized'
|
||||
'SECURITY_UNAUTHORIZED_VIEW': '/unauthorized',
|
||||
'SECURITY_DEFAULT_HTTP_AUTH_REALM': 'Custom Realm'
|
||||
}
|
||||
|
||||
def test_login_view(self):
|
||||
@@ -171,6 +195,14 @@ class ConfiguredURLTests(SecurityTest):
|
||||
msg = 'You are not allowed to access the requested resouce'
|
||||
self.assertIn(msg, r.data)
|
||||
|
||||
def test_default_http_auth_realm(self):
|
||||
r = self._get('/http', headers={
|
||||
'Authorization': 'Basic ' + base64.b64encode("joe@lp.com:bogus")
|
||||
})
|
||||
self.assertIn('<h1>Unauthorized</h1>', r.data)
|
||||
self.assertIn('WWW-Authenticate', r.headers)
|
||||
self.assertEquals('Basic realm="Custom Realm"', r.headers['WWW-Authenticate'])
|
||||
|
||||
|
||||
class RegisterableTests(SecurityTest):
|
||||
AUTH_CONFIG = {
|
||||
|
||||
Reference in New Issue
Block a user