Commits

Sylvain Hellegouarch committed 8e7835b

Split the httpauth code for licensing potential issue.

Comments (0)

Files changed (3)

cherrypy/_cptools.py

 
 #                              Builtin tools                              #
 
-from cherrypy.lib import cptools, encoding, httpauth, static, tidy
+from cherrypy.lib import cptools, encoding, auth, static, tidy
 from cherrypy.lib import sessions as _sessions, xmlrpc as _xmlrpc
 from cherrypy.lib import caching as _caching, wsgiapp as _wsgiapp
 
 default_toolbox.nsgmls = Tool('before_finalize', tidy.nsgmls)
 default_toolbox.ignore_headers = Tool('before_request_body', cptools.ignore_headers)
 default_toolbox.referer = Tool('before_request_body', cptools.referer)
-default_toolbox.basicauth = Tool('on_start_resource', httpauth.basic_auth)
-default_toolbox.digestauth = Tool('on_start_resource', httpauth.digest_auth)
+default_toolbox.basicauth = Tool('on_start_resource', auth.basic_auth)
+default_toolbox.digestauth = Tool('on_start_resource', auth.digest_auth)
 
 
-del cptools, encoding, httpauth, static, tidy
+del cptools, encoding, auth, static, tidy

cherrypy/lib/auth.py

+
+import cherrypy
+from cherrypy._cptools import Tool 
+
+from httpauth import parseAuthorization, checkResponse, basicAuth, digestAuth
+
+def check_auth(realm, users):
+    # Check if the user-agent provides an authorization header
+    # containing credentials
+    if 'authorization' in cherrypy.request.headers:
+        # make sure the provided credentials are correctly set
+        ah = parseAuthorization(cherrypy.request.headers['authorization'])
+        if ah is None:
+            raise cherrypy.HTTPError(400, 'Bad Request')
+ 
+        # fetch the user password
+        password = users.get(ah["username"], None)
+ 
+        # validate the authorization by re-computing it here
+        # and compare it with what the user-agent provided
+        if checkResponse(ah, password, method=cherrypy.request.method):
+            return True
+        
+    return False
+ 
+def basic_auth(realm, users):
+    if check_auth(realm, users):
+        return
+    
+    # inform the user-agent this path is protected
+    cherrypy.response.headers['www-authenticate'] = basicAuth(realm)
+    
+    raise cherrypy.HTTPError(401, "You are not authorized to access that resource") 
+ 
+def digest_auth(realm, users):
+    if check_auth(realm, users):
+        return
+    
+    # inform the user-agent this path is protected
+    cherrypy.response.headers['www-authenticate'] = digestAuth(realm)
+    
+    raise cherrypy.HTTPError(401, "You are not authorized to access that resource") 
+ 

cherrypy/lib/httpauth.py

 
 
 
-
-import cherrypy
-from cherrypy._cptools import Tool 
-
-def check_auth(realm, users):
-    # Check if the user-agent provides an authorization header
-    # containing credentials
-    if 'authorization' in cherrypy.request.headers:
-        # make sure the provided credentials are correctly set
-        ah = parseAuthorization(cherrypy.request.headers['authorization'])
-        if ah is None:
-            raise cherrypy.HTTPError(400, 'Bad Request')
- 
-        # fetch the user password
-        password = users.get(ah["username"], None)
- 
-        # validate the authorization by re-computing it here
-        # and compare it with what the user-agent provided
-        if checkResponse(ah, password, method=cherrypy.request.method):
-            return True
-        
-    return False
- 
-def basic_auth(realm, users):
-    if check_auth(realm, users):
-        return
-    
-    # inform the user-agent this path is protected
-    cherrypy.response.headers['www-authenticate'] = basicAuth(realm)
-    
-    raise cherrypy.HTTPError(401, "You are not authorized to access that resource") 
- 
-def digest_auth(realm, users):
-    if check_auth(realm, users):
-        return
-    
-    # inform the user-agent this path is protected
-    cherrypy.response.headers['www-authenticate'] = digestAuth(realm)
-    
-    raise cherrypy.HTTPError(401, "You are not authorized to access that resource") 
-