summaryrefslogtreecommitdiff
path: root/wsgitools
diff options
context:
space:
mode:
authorHelmut Grohne <helmut@subdivi.de>2011-11-26 18:38:35 +0100
committerHelmut Grohne <helmut@subdivi.de>2011-11-26 18:38:35 +0100
commite71a708d06b5498c6c527a4ec263f3b99e350d32 (patch)
tree857e3ef3c0f4fa0b74e21aff6c776536927bf68d /wsgitools
parent768ba2f1b8ca7c6d9e392612098b91508b49e792 (diff)
downloadwsgitools-e71a708d06b5498c6c527a4ec263f3b99e350d32.tar.gz
broaden AuthDigestMiddleware.authorization_required
The interface of this internal function has changed in a backwards incompatible way. The last parameter is no longer the bool stale, but an exception now, which encodes more information than the previous bool. This was made possible by the previous commit. This exception can then be used by the new method www_authenticate to generate a suitable WWW-Authenticate header. The idea behind this change is that at some point it should be possible to override authorization_required (still internal now) to evaluate what condition lead to the failure and to generate custom error pages.
Diffstat (limited to 'wsgitools')
-rw-r--r--wsgitools/digest.py25
1 files changed, 16 insertions, 9 deletions
diff --git a/wsgitools/digest.py b/wsgitools/digest.py
index cbb902e..53b7dea 100644
--- a/wsgitools/digest.py
+++ b/wsgitools/digest.py
@@ -720,11 +720,8 @@ class AuthDigestMiddleware:
if response is None or response != credresponse:
raise AuthenticationRequired("wrong response")
- except StaleNonce:
- return self.authorization_required(environ, start_response,
- stale=True)
- except AuthenticationRequired:
- return self.authorization_required(environ, start_response)
+ except AuthenticationRequired, exc:
+ return self.authorization_required(environ, start_response, exc)
else:
environ["REMOTE_USER"] = credentials["username"]
def modified_start_response(status, headers, exc_info=None):
@@ -773,18 +770,28 @@ class AuthDigestMiddleware:
dig.insert(0, a1h)
return self.algorithms[algo](":".join(dig))
- def authorization_required(self, environ, start_response, stale=False):
- """internal method implementing wsgi interface, serving 401 page"""
+ def www_authenticate(self, exception):
+ """Generates a WWW-Authenticate header.
+
+ @type exception: AuthenticationRequired
+ @param exception: reason for generating the header
+ @rtype: (str, str)
+ @returns: the header as (part_before_colon, part_after_colon)
+ """
digest = dict(nonce=self.noncestore.newnonce(),
realm=self.gentoken.realm,
algorithm="md5",
qop="auth")
- if stale:
+ if isinstance(exception, StaleNonce):
digest["stale"] = "TRUE"
challenge = ", ".join(map('%s="%s"'.__mod__, digest.items()))
+ return ("WWW-Authenticate", "Digest %s" % challenge)
+
+ def authorization_required(self, environ, start_response, exception):
+ """internal method implementing wsgi interface, serving 401 page"""
status = "401 Not authorized"
headers = [("Content-type", "text/html"),
- ("WWW-Authenticate", "Digest %s" % challenge)]
+ self.www_authenticate(exception)]
data = "<html><head><title>401 Not authorized</title></head><body><h1>"
data += "401 Not authorized</h1></body></html>"
headers.append(("Content-length", str(len(data))))