Commits

Robert Brewer  committed da38d70

Docstrings + tweaks for new auth.py.

  • Participants
  • Parent commits 8e7835b

Comments (0)

Files changed (1)

File cherrypy/lib/auth.py

-
 import cherrypy
-from cherrypy._cptools import Tool 
 
 from httpauth import parseAuthorization, checkResponse, basicAuth, digestAuth
+
 
-def check_auth(realm, users):
-    # Check if the user-agent provides an authorization header
-    # containing credentials
+def check_auth(users):
+    """If an authorization header contains credentials, return True, else False."""
     if 'authorization' in cherrypy.request.headers:
         # make sure the provided credentials are correctly set
         ah = parseAuthorization(cherrypy.request.headers['authorization'])
         if ah is None:
             raise cherrypy.HTTPError(400, 'Bad Request')
- 
+        
         # fetch the user password
         password = users.get(ah["username"], None)
- 
+        
         # validate the authorization by re-computing it here
         # and compare it with what the user-agent provided
         if checkResponse(ah, password, method=cherrypy.request.method):
             return True
-        
+    
     return False
- 
-def basic_auth(realm, users):
-    if check_auth(realm, users):
+
+def basic_auth(realm, users):
+    """If auth fails, raise 401 with a basic authentication header.
+    
+    realm: a string containing the authentication realm.
+    users: a dict of the form: {username: password}.
+    """
+    if check_auth(users):
         return
     
     # inform the user-agent this path is protected
     cherrypy.response.headers['www-authenticate'] = basicAuth(realm)
     
     raise cherrypy.HTTPError(401, "You are not authorized to access that resource") 
- 
+
 def digest_auth(realm, users):
-    if check_auth(realm, users):
+    """If auth fails, raise 401 with a digest authentication header.
+    
+    realm: a string containing the authentication realm.
+    users: a dict of the form: {username: password}.
+    """
+    if check_auth(users):
         return
     
     # inform the user-agent this path is protected