|
|
@@ -11,10 +11,7 @@ from passlib.hash import bcrypt
|
|
|
from hashes import users
|
|
|
|
|
|
def basic_auth(user, password, realm=None):
|
|
|
- if realm in users and user in users[realm]:
|
|
|
- return bcrypt.verify(password, users[realm][user])
|
|
|
- print(f"user not found {realm} {user}")
|
|
|
- return False
|
|
|
+ return bcrypt.verify(password, users[realm][user])
|
|
|
|
|
|
def verify_cert(pem):
|
|
|
return True
|
|
|
@@ -36,21 +33,26 @@ def auth_basic(check, text="Access denied"):
|
|
|
''' Callback decorator to require HTTP auth (basic).
|
|
|
TODO: Add route(check_auth=...) parameter. '''
|
|
|
def decorator(func):
|
|
|
- def wrapper(vhost, *a, **ka):
|
|
|
- realm = vhost
|
|
|
+ def wrapper(*a, **ka):
|
|
|
+ realm = request.headers['X-Forwarded-Host'].split('.')[0]
|
|
|
user, password = request.auth or (None, None)
|
|
|
- if user is None or not check(user, password, realm=realm):
|
|
|
- err = HTTPError(401, text)
|
|
|
+ if realm in users and user in users[realm]:
|
|
|
+ if user is None or not check(user, password, realm=realm):
|
|
|
+ err = HTTPError(401, text)
|
|
|
+ err.add_header('WWW-Authenticate', 'Basic realm="%s"' % realm)
|
|
|
+ return err
|
|
|
+ else:
|
|
|
+ err = HTTPError(401, f"User not found {realm}\{user}")
|
|
|
err.add_header('WWW-Authenticate', 'Basic realm="%s"' % realm)
|
|
|
return err
|
|
|
- return func(vhost, *a, **ka)
|
|
|
+ return func(*a, **ka)
|
|
|
return wrapper
|
|
|
return decorator
|
|
|
|
|
|
-@route('/authenticate/<vhost>')
|
|
|
+@route('/authenticate')
|
|
|
@auth_client_cert(verify_cert)
|
|
|
@auth_basic(basic_auth)
|
|
|
-def auth(vhost):
|
|
|
+def auth():
|
|
|
return HTTPResponse(status=200)
|
|
|
|
|
|
cherrypy.server.ssl_certificate = '/etc/private-ca/server-cert.pem'
|
Pi