Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Added HTTP Auth to all calls

  • Loading branch information...
commit 1adf8a6e6f7fe35bf238ab6aa38a867c52bebf58 1 parent ab91f6a
Sylvain Zimmer authored March 14, 2013

Showing 1 changed file with 64 additions and 1 deletion. Show diff stats Hide diff stats

  1. 65  flower/urls.py
65  flower/urls.py
@@ -33,9 +33,11 @@
33 33
 
34 34
 from .views.error import NotFoundErrorHandler
35 35
 from .settings import APP_SETTINGS
  36
+import functools
  37
+import base64
36 38
 
37 39
 
38  
-handlers = [
  40
+_handlers = [
39 41
     # App
40 42
     (r"/", WorkersView),
41 43
     (r"/workers", WorkersView),
@@ -83,4 +85,65 @@
83 85
 
84 86
     # Error
85 87
     (r".*", NotFoundErrorHandler),
  88
+
  89
+"""
  90
+    This patch adds mandatory HTTP Basic Auth to all requests, except websockets
  91
+"""
  92
+
  93
+# http://kelleyk.com/post/7362319243/easy-basic-http-authentication-with-tornado
  94
+def require_basic_auth(handler_class, auth):
  95
+
  96
+    def _request_auth(handler):
  97
+        if hasattr(handler, "ws_connection"):
  98
+            return True  # TODO, basic auth not supported in websockets
  99
+
  100
+        handler.set_header('WWW-Authenticate', 'Basic realm=Flower')
  101
+        handler.set_status(401)
  102
+        handler._transforms = []
  103
+        handler.finish()
  104
+        return False
  105
+
  106
+    def wrap_execute(handler_execute):
  107
+        def require_basic_auth(handler):
  108
+            auth_header = handler.request.headers.get('Authorization')
  109
+            if auth_header is None or not auth_header.startswith('Basic '):
  110
+                return _request_auth(handler)
  111
+
  112
+            auth_decoded = base64.decodestring(auth_header[6:])
  113
+
  114
+            username, password = auth_decoded.split(':', 2)
  115
+
  116
+            if (auth(username, password)):
  117
+                return True
  118
+            else:
  119
+                return _request_auth(handler)
  120
+            
  121
+        def _execute(self, transforms, *args, **kwargs):
  122
+            if not require_basic_auth(self):
  123
+                return False
  124
+            return handler_execute(self, transforms, *args, **kwargs)
  125
+        return _execute
  126
+
  127
+    handler_class._execute = wrap_execute(handler_class._execute)
  128
+    return handler_class
  129
+
  130
+
  131
+import sys
  132
+import os
  133
+sys.path.append(os.getcwd())
  134
+
  135
+import config
  136
+
  137
+
  138
+def oxauth(username, password):
  139
+    return "%s:%s" % (username, password) == config.config["FLOWER_AUTH"]
  140
+
  141
+
  142
+# Force-add httpauth to each handler
  143
+handlers = []
  144
+for h in _handlers:
  145
+    if len(h) > 2:
  146
+        handlers.append((h[0], require_basic_auth(h[1], oxauth), h[2]))
  147
+    else:
  148
+        handlers.append((h[0], require_basic_auth(h[1], oxauth)))
86 149
 ]

0 notes on commit 1adf8a6

Please sign in to comment.
Something went wrong with that request. Please try again.