From b1215fbc1b3ec6aa18fe9138e0251de173d94915 Mon Sep 17 00:00:00 2001 From: j Date: Mon, 28 Jan 2019 15:02:31 +0530 Subject: [PATCH] add optional username/password protection --- oml/item/handlers.py | 40 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/oml/item/handlers.py b/oml/item/handlers.py index 2dd4dcf..19d6460 100644 --- a/oml/item/handlers.py +++ b/oml/item/handlers.py @@ -6,6 +6,7 @@ import mimetypes import os from urllib.request import quote import zipfile +import base64 import ox @@ -26,7 +27,42 @@ import state import logging logger = logging.getLogger(__name__) -class OMLHandler(tornado.web.RequestHandler): + +class OptionalBasicAuthMixin(object): + class SendChallenge(Exception): + pass + + def prepare(self): + if settings.preferences.get('authentication'): + try: + self.authenticate_user() + except self.SendChallenge: + self.send_auth_challenge() + + def send_auth_challenge(self): + realm = "Open Media Library" + hdr = 'Basic realm="%s"' % realm + self.set_status(401) + self.set_header('www-authenticate', hdr) + self.finish() + return False + + def authenticate_user(self): + auth_header = self.request.headers.get('Authorization') + if not auth_header or not auth_header.startswith('Basic '): + raise self.SendChallenge() + + auth_data = auth_header.split(None, 1)[-1] + auth_data = base64.b64decode(auth_data).decode('ascii') + username, password = auth_data.split(':', 1) + + auth = settings.preferences.get('authentication') + if auth.get('username') == username and auth.get('password') == password: + self._current_user = username + else: + raise self.SendChallenge() + +class OMLHandler(OptionalBasicAuthMixin, tornado.web.RequestHandler): def initialize(self): pass @@ -140,7 +176,7 @@ class ReaderHandler(OMLHandler): path = os.path.join(settings.static_path, html) return serve_static(self, path, 'text/html') -class UploadHandler(tornado.web.RequestHandler): +class UploadHandler(OMLHandler): def initialize(self, context=None): self._context = context