paste.auth.form – HTML form/cookie authentication

Authentication via HTML Form

This is a very simple HTML form login screen that asks for the username and password. This middleware component requires that an authorization function taking the name and passsword and that it be placed in your application stack. This class does not include any session management code or way to save the user’s authorization; however, it is easy enough to put paste.auth.cookie in your application stack.

>>> from paste.wsgilib import dump_environ
>>> from paste.httpserver import serve
>>> from paste.auth.cookie import AuthCookieHandler
>>> from paste.auth.form import AuthFormHandler
>>> def authfunc(environ, username, password):
...    return username == password
>>> serve(AuthCookieHandler(
...           AuthFormHandler(dump_environ, authfunc)))
serving on...

Module Contents

class paste.auth.form.AuthFormHandler(application, authfunc, template=None)

HTML-based login middleware

This causes a HTML form to be returned if REMOTE_USER is not found in the environ. If the form is returned, the username and password combination are given to a user-supplied authentication function, authfunc. If this is successful, then application processing continues.

Parameters:

application

The application object is called only upon successful authentication, and can assume environ['REMOTE_USER'] is set. If the REMOTE_USER is already set, this middleware is simply pass-through.

authfunc

This is a mandatory user-defined function which takes a environ, username and password for its first three arguments. It should return True if the user is authenticated.

template

This is an optional (a default is provided) HTML fragment that takes exactly one %s substution argument; which must be used for the form’s action to ensure that this middleware component does not alter the current path. The HTML form must use POST and have two input names: username and password.

Since the authentication form is submitted (via POST) neither the PATH_INFO nor the QUERY_STRING are accessed, and hence the current path remains _unaltered_ through the entire authentication process. If authentication succeeds, the REQUEST_METHOD is converted from a POST to a GET, so that a redirect is unnecessary (unlike most form auth implementations)

paste.auth.form.make_form(app, global_conf, realm, authfunc, **kw)

Grant access via form authentication

Config looks like this:

[filter:grant]
use = egg:Paste#auth_form
realm=myrealm
authfunc=somepackage.somemodule:somefunction