# (c) 2005 Clark C. Evans # This module is part of the Python Paste Project and is released under # the MIT License: http://www.opensource.org/licenses/mit-license.php # This code was written with funding by http://prometheusresearch.com """ Authentication via HTML Form This is a very simple HTML form login screen that asks for the username and password. This middleware component requires that an authorization function taking the name and passsword and that it be placed in your application stack. This class does not include any session management code or way to save the user's authorization; however, it is easy enough to put ``paste.auth.cookie`` in your application stack. >>> from paste.wsgilib import dump_environ >>> from paste.httpserver import serve >>> from paste.auth.cookie import AuthCookieHandler >>> from paste.auth.form import AuthFormHandler >>> def authfunc(environ, username, password): ... return username == password >>> serve(AuthCookieHandler( ... AuthFormHandler(dump_environ, authfunc))) serving on... """ from paste.request import construct_url, parse_formvars TEMPLATE = """\ <html> <head><title>Please Login!</title></head> <body> <h1>Please Login</h1> <form action="%s" method="post"> <dl> <dt>Username:</dt> <dd><input type="text" name="username"></dd> <dt>Password:</dt> <dd><input type="password" name="password"></dd> </dl> <input type="submit" name="authform" /> <hr /> </form> </body> </html> """ class AuthFormHandler(object): """ HTML-based login middleware This causes a HTML form to be returned if ``REMOTE_USER`` is not found in the ``environ``. If the form is returned, the ``username`` and ``password`` combination are given to a user-supplied authentication function, ``authfunc``. If this is successful, then application processing continues. Parameters: ``application`` The application object is called only upon successful authentication, and can assume ``environ['REMOTE_USER']`` is set. If the ``REMOTE_USER`` is already set, this middleware is simply pass-through. ``authfunc`` This is a mandatory user-defined function which takes a ``environ``, ``username`` and ``password`` for its first three arguments. It should return ``True`` if the user is authenticated. ``template`` This is an optional (a default is provided) HTML fragment that takes exactly one ``%s`` substution argument; which *must* be used for the form's ``action`` to ensure that this middleware component does not alter the current path. The HTML form must use ``POST`` and have two input names: ``username`` and ``password``. Since the authentication form is submitted (via ``POST``) neither the ``PATH_INFO`` nor the ``QUERY_STRING`` are accessed, and hence the current path remains _unaltered_ through the entire authentication process. If authentication succeeds, the ``REQUEST_METHOD`` is converted from a ``POST`` to a ``GET``, so that a redirect is unnecessary (unlike most form auth implementations) """ def __init__(self, application, authfunc, template=None): self.application = application self.authfunc = authfunc self.template = template or TEMPLATE def __call__(self, environ, start_response): username = environ.get('REMOTE_USER','') if username: return self.application(environ, start_response) if 'POST' == environ['REQUEST_METHOD']: formvars = parse_formvars(environ, include_get_vars=False) username = formvars.get('username') password = formvars.get('password') if username and password: if self.authfunc(environ, username, password): environ['AUTH_TYPE'] = 'form' environ['REMOTE_USER'] = username environ['REQUEST_METHOD'] = 'GET' environ['CONTENT_LENGTH'] = '' environ['CONTENT_TYPE'] = '' del environ['paste.parsed_formvars'] return self.application(environ, start_response) content = self.template % construct_url(environ) start_response("200 OK", [('Content-Type', 'text/html'), ('Content-Length', str(len(content)))]) return [content] middleware = AuthFormHandler __all__ = ['AuthFormHandler'] def make_form(app, global_conf, realm, authfunc, **kw): """ Grant access via form authentication Config looks like this:: [filter:grant] use = egg:Paste#auth_form realm=myrealm authfunc=somepackage.somemodule:somefunction """ from paste.util.import_string import eval_import import types authfunc = eval_import(authfunc) assert isinstance(authfunc, types.FunctionType), "authfunc must resolve to a function" template = kw.get('template') if template is not None: template = eval_import(template) assert isinstance(template, str), "template must resolve to a string" return AuthFormHandler(app, authfunc, template) if "__main__" == __name__: import doctest doctest.testmod(optionflags=doctest.ELLIPSIS)