wsgidav.http_authenticator

Description

WSGI middleware for HTTP basic and digest authentication.

Usage:

from http_authenticator import HTTPAuthenticator

WSGIApp = HTTPAuthenticator(ProtectedWSGIApp, domain_controller, accept_basic,
                            accept_digest, default_to_digest)

where:
  ProtectedWSGIApp is the application requiring authenticated access

  domain_controller is a domain controller object meeting specific
  requirements (below)

  accept_basic is a boolean indicating whether to accept requests using
  the basic authentication scheme (default = True)

  accept_digest is a boolean indicating whether to accept requests using
  the digest authentication scheme (default = True)

  default_to_digest is a boolean. if True, an unauthenticated request will
  be sent a digest authentication required response, else the unauthenticated
  request will be sent a basic authentication required response
  (default = True)

The HTTPAuthenticator will put the following authenticated information in the environ dictionary:

environ["wsgidav.auth.realm"] = realm name
environ["wsgidav.auth.user_name"] = user_name
environ["wsgidav.auth.roles"] = <tuple> (optional)
environ["wsgidav.auth.permissions"] = <tuple> (optional)

Domain Controllers

The HTTP basic and digest authentication schemes are based on the following concept:

Each requested relative URI can be resolved to a realm for authentication, for example: /fac_eng/courses/ee5903/timetable.pdf -> might resolve to realm ‘Engineering General’ /fac_eng/examsolns/ee5903/thisyearssolns.pdf -> might resolve to realm ‘Engineering Lecturers’ /med_sci/courses/m500/surgery.htm -> might resolve to realm ‘Medical Sciences General’ and each realm would have a set of user_name and password pairs that would allow access to the resource.

A domain controller provides this information to the HTTPAuthenticator. This allows developers to write their own domain controllers, that might, for example, interface with their own user database.

for simple applications, a SimpleDomainController is provided that will take in a single realm name (for display) and a single dictionary of user_name (key) and password (value) string pairs

Usage:

from wsgidav.dc.simple_dc import SimpleDomainController
users = dict(({'John Smith': 'YouNeverGuessMe', 'Dan Brown': 'DontGuessMeEither'})
realm = 'Sample Realm'
domain_controller = SimpleDomainController(users, realm)

Domain Controllers must provide the methods as described in wsgidav.interfaces.domaincontrollerinterface (interface)

The environ variable here is the WSGI ‘environ’ dictionary. It is passed to all methods of the domain controller as a means for developers to pass information from previous middleware or server config (if required).

Classes

HTTPAuthenticator(wsgidav_app, next_app, config) WSGI Middleware for basic and digest authentication.

Functions

make_domain_controller(wsgidav_app, config)

Other Members

BaseMiddleware(wsgidav_app, next_app, config) Abstract base middleware class (optional).
SimpleDomainController(wsgidav_app, config)
calc_base64(s) Return base64 encoded binarystring.
calc_hexdigest(s) Return md5 digest for a string.
compat Tool functions to support Python 2 and 3.
dedent(text) Remove any common leading whitespace from every line in text.
dynamic_import_class(name) Import a class from a module string, e.g.
inspect Get useful information from live Python objects.
md5 Returns a md5 hash object; optionally initialized with a string
random Random variable generators.
re Support for regular expressions (RE).
time This module provides various functions to manipulate time values.
util Miscellaneous support functions for WsgiDAV.