Permalink
Browse files

Added HTTP Auth to all calls

  • Loading branch information...
1 parent ab91f6a commit 1adf8a6e6f7fe35bf238ab6aa38a867c52bebf58 @sylvinus committed Mar 13, 2013
Showing with 64 additions and 1 deletion.
  1. +64 −1 flower/urls.py
View
@@ -33,9 +33,11 @@
from .views.error import NotFoundErrorHandler
from .settings import APP_SETTINGS
+import functools
+import base64
-handlers = [
+_handlers = [
# App
(r"/", WorkersView),
(r"/workers", WorkersView),
@@ -83,4 +85,65 @@
# Error
(r".*", NotFoundErrorHandler),
+
+"""
+ This patch adds mandatory HTTP Basic Auth to all requests, except websockets
+"""
+
+# http://kelleyk.com/post/7362319243/easy-basic-http-authentication-with-tornado
+def require_basic_auth(handler_class, auth):
+
+ def _request_auth(handler):
+ if hasattr(handler, "ws_connection"):
+ return True # TODO, basic auth not supported in websockets
+
+ handler.set_header('WWW-Authenticate', 'Basic realm=Flower')
+ handler.set_status(401)
+ handler._transforms = []
+ handler.finish()
+ return False
+
+ def wrap_execute(handler_execute):
+ def require_basic_auth(handler):
+ auth_header = handler.request.headers.get('Authorization')
+ if auth_header is None or not auth_header.startswith('Basic '):
+ return _request_auth(handler)
+
+ auth_decoded = base64.decodestring(auth_header[6:])
+
+ username, password = auth_decoded.split(':', 2)
+
+ if (auth(username, password)):
+ return True
+ else:
+ return _request_auth(handler)
+
+ def _execute(self, transforms, *args, **kwargs):
+ if not require_basic_auth(self):
+ return False
+ return handler_execute(self, transforms, *args, **kwargs)
+ return _execute
+
+ handler_class._execute = wrap_execute(handler_class._execute)
+ return handler_class
+
+
+import sys
+import os
+sys.path.append(os.getcwd())
+
+import config
+
+
+def oxauth(username, password):
+ return "%s:%s" % (username, password) == config.config["FLOWER_AUTH"]
+
+
+# Force-add httpauth to each handler
+handlers = []
+for h in _handlers:
+ if len(h) > 2:
+ handlers.append((h[0], require_basic_auth(h[1], oxauth), h[2]))
+ else:
+ handlers.append((h[0], require_basic_auth(h[1], oxauth)))
]

0 comments on commit 1adf8a6

Please sign in to comment.