[Paste] Possible change to AuthBasicAuthenticator?

Wed, 13 Feb 2008 17:37:05 -0800 

Hello!

This is probably mostly a question to Ian...

I'm wondering if it might be possible to modify the authenticate()
function in the AuthBasicAuthenticator class, so that it calls the user
provided auth() function, even if the client has not provided any
credentials at all. Currently, it just rejects such a request outright,
without giving my user provided auth() function the chance to do
anything.

I made a small modification, which calls the user provided auth()
function with username and password set to None, if the client doesn't
provide a username and password (None seems to be perfectly appropriate
for that situation). This allows me more fine grained control later in
my application, where some parts of my URI space allow anonymous access,
while others do not.

The modification is as follows (new on left, old on right):

    def authenticate(self, environ):                                def 
authenticate(self, environ):
        authorization = AUTHORIZATION(environ)                          
authorization = AUTHORIZATION(environ)
        if not authorization:                                           if not 
authorization:
            username = password = None                        |             
return self.build_authentication()
        else:                                                 |         
(authmeth, auth) = authorization.split(' ', 1)
            (authmeth, auth) = authorization.split(' ', 1)    |         if 
'basic' != authmeth.lower():
            if 'basic' != authmeth.lower():                   |             
return self.build_authentication()
                return self.build_authentication()            |         auth = 
auth.strip().decode('base64')
            auth = auth.strip().decode('base64')              |         
username, password = auth.split(':', 1)
            username, password = auth.split(':', 1)           <
        if self.authfunc(environ, username, password):                  if 
self.authfunc(environ, username, password):
            return username                                                 
return username
        return self.build_authentication()                              return 
self.build_authentication()



What do you think?

I could imagine that the __init__() method for the AuthBasicHandler
class could take an optional argument, which would enable this feature,
so that already existing apps (which may rely on the current behavior)
do not break.


Juergen




_______________________________________________
Paste-users mailing list
[email protected]
http://webwareforpython.org/cgi-bin/mailman/listinfo/paste-users

Reply via email to