Commits

Sylvain Hellegouarch committed 54056d0

Fix for #699

Comments (0)

Files changed (2)

cherrypy/lib/auth.py

             encrypt = httpauth.DIGEST_AUTH_ENCODERS[httpauth.MD5]
         
         if callable(users):
-            users = users() # expect it to return a dictionary
-        
-        if not isinstance(users, dict):
-            raise ValueError, "Authentication users must be a dictionary"
-        
-        # fetch the user password
-        password = users.get(ah["username"], None)
+            try:
+                # backward compatibility
+                users = users() # expect it to return a dictionary
+
+                if not isinstance(users, dict):
+                    raise ValueError, "Authentication users must be a dictionary"
+                
+                # fetch the user password
+                password = users.get(ah["username"], None)
+            except TypeError:
+                # returns a password (encrypted or clear text)
+                password = users(ah["username"])
+        else:
+            if not isinstance(users, dict):
+                raise ValueError, "Authentication users must be a dictionary"
+            
+            # fetch the user password
+            password = users.get(ah["username"], None)
         
         # validate the authorization by re-computing it here
         # and compare it with what the user-agent provided

cherrypy/test/test_httpauth.py

 from cherrypy.test import test
 test.prefer_parent_path()
 
-import md5
+import md5, sha
 
 import cherrypy
 from cherrypy.lib import httpauth
             return "Hello %s, you've been authorized." % cherrypy.request.login
         index.exposed = True
 
+    class BasicProtected2:
+        def index(self):
+            return "Hello %s, you've been authorized." % cherrypy.request.login
+        index.exposed = True
+
     def fetch_users():
         return {'test': 'test'}
 
+    def sha_password_encrypter(password):
+        return sha.new(password).hexdigest()
+    
+    def fetch_password(username):
+        return sha.new('test').hexdigest()
+
     conf = {'/digest': {'tools.digest_auth.on': True,
                         'tools.digest_auth.realm': 'localhost',
                         'tools.digest_auth.users': fetch_users},
             '/basic': {'tools.basic_auth.on': True,
                        'tools.basic_auth.realm': 'localhost',
-                       'tools.basic_auth.users': {'test': md5.new('test').hexdigest()}}}
+                       'tools.basic_auth.users': {'test': md5.new('test').hexdigest()}},
+            '/basic2': {'tools.basic_auth.on': True,
+                        'tools.basic_auth.realm': 'localhost',
+                        'tools.basic_auth.users': fetch_password,
+                        'tools.basic_auth.encrypt': sha_password_encrypter}}
     root = Root()
     root.digest = DigestProtected()
     root.basic = BasicProtected()
+    root.basic2 = BasicProtected2()
     cherrypy.tree.mount(root, config=conf)
     cherrypy.config.update({'environment': 'test_suite'})
 
         self.assertStatus('200 OK')
         self.assertBody("Hello test, you've been authorized.")
 
+    def testBasic2(self):
+        self.getPage("/basic2/")
+        self.assertStatus('401 Unauthorized')
+        self.assertHeader('WWW-Authenticate', 'Basic realm="localhost"')
+
+        self.getPage('/basic2/', [('Authorization', 'Basic dGVzdDp0ZX60')])
+        self.assertStatus('401 Unauthorized')
+        
+        self.getPage('/basic2/', [('Authorization', 'Basic dGVzdDp0ZXN0')])
+        self.assertStatus('200 OK')
+        self.assertBody("Hello test, you've been authorized.")
+
     def testDigest(self):
         self.getPage("/digest/")
         self.assertStatus('401 Unauthorized')
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.