[TurboGears] Basic HTTP Authentication in turbogears 2.3

Mon, 26 May 2014 11:53:30 -0700 

Hi group,

i am trying to use basic http authentication with turbogears and did not 
yet succeed.  I have also posted this on stackoverflow 
(http://stackoverflow.com/questions/23872416/how-to-use-very-simple-http-auth-based-authentication-in-turbogears2)
 
but I noticed this group right now and thought it could not hurt to ask 
here also.

Basically i have completely disabled authentication in config/app_.cfg.py 
and wrap the application by 

repoze.who.middleware.PluggableAuthenticationMiddleware with the following 
function:

=====  config/auth.py  =====
from logging import getLogger

from repoze.who.middleware import PluggableAuthenticationMiddleware
from repoze.who.classifiers import default_challenge_decider, 
default_request_classifier

from repoze.who.plugins.basicauth import BasicAuthPlugin
from repoze.who.plugins.htpasswd import HTPasswdPlugin, plain_check

def add_auth(app):
    htpasswd = HTPasswdPlugin('/.../htpasswd', check_md5)
    authenticators = [('htpasswd', htpasswd)]

    base_auth = BasicAuthPlugin('Inventory DB')
    challengers = [('base_auth', base_auth)]
    identifiers = [('base_auth', base_auth)]

    mdproviders = []

    log_stream = getLogger('auth')

    app_with_mw = PluggableAuthenticationMiddleware(
        app,
        identifiers,
        authenticators,
        challengers,
        mdproviders,
        default_request_classifier,
        default_challenge_decider,
        log_stream,
        )
    return app_with_mw
===== =====

which is wrapped around the app as the last step in make_app:

===== config/middleware.py =====
from invdb.config.app_cfg import base_config
from invdb.config.environment import load_environment
from auth import add_auth

__all__ = ['make_app']
make_base_app = base_config.setup_tg_wsgi_app(load_environment)
def make_app(global_conf, full_stack=True, **app_conf):
    app = make_base_app(global_conf, full_stack=True, **app_conf)
    app = add_auth(app)
    return app
===== =====

I have tested my home_made check_md5-function on its own and even replaced it 
by lambda x, y: True. Even then a 401 Error is reported upon trying to access a 
controller with allow_only = not_anonymous(msg=l_('restricted access')).

Does anyone have an idea what is missing?

Sincerely,
Alexander Blinne

-- 
You received this message because you are subscribed to the Google Groups 
"TurboGears" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/turbogears.
For more options, visit https://groups.google.com/d/optout.

Reply via email to