diff options
| author | Joar Wandborg <git@wandborg.com> | 2012-10-20 23:56:00 +0200 |
|---|---|---|
| committer | Joar Wandborg <git@wandborg.com> | 2012-10-20 23:56:00 +0200 |
| commit | ac4c5aef5775d5c4a3d8ebd5528e6d2db8062174 (patch) | |
| tree | 7f8f55e8d0be48e168c283af5a24daa5bceb95db /mediagoblin/plugins/httpapiauth | |
| parent | f93ac9f28cf966f67af4a675a07fc79429e3095d (diff) | |
| download | mediagoblin-ac4c5aef5775d5c4a3d8ebd5528e6d2db8062174.tar.lz mediagoblin-ac4c5aef5775d5c4a3d8ebd5528e6d2db8062174.tar.xz mediagoblin-ac4c5aef5775d5c4a3d8ebd5528e6d2db8062174.zip | |
Added HTTP API auth plugin
Diffstat (limited to 'mediagoblin/plugins/httpapiauth')
| -rw-r--r-- | mediagoblin/plugins/httpapiauth/__init__.py | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/mediagoblin/plugins/httpapiauth/__init__.py b/mediagoblin/plugins/httpapiauth/__init__.py new file mode 100644 index 00000000..d3d2065e --- /dev/null +++ b/mediagoblin/plugins/httpapiauth/__init__.py @@ -0,0 +1,58 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import logging +import base64 + +from werkzeug.exceptions import BadRequest, Unauthorized + +from mediagoblin.plugins.api.tools import Auth + +_log = logging.getLogger(__name__) + + +def setup_http_api_auth(): + _log.info('Setting up HTTP API Auth...') + + +class HTTPAuth(Auth): + def trigger(self, request): + if request.authorization: + return True + + return False + + def __call__(self, request, *args, **kw): + _log.debug('Trying to authorize the user agent via HTTP Auth') + if not request.authorization: + return False + + user = request.db.User.query.filter_by( + username=request.authorization['username']).first() + + if user.check_login(request.authorization['password']): + request.user = user + return True + else: + raise Unauthorized() + + return False + + + +hooks = { + 'setup': setup_http_api_auth, + 'auth': HTTPAuth()} |