/usr/share/pyshared/MoinMoin/auth/http.py is in python-moinmoin 1.9.3-1ubuntu2.3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 | # -*- coding: iso-8859-1 -*-
"""
MoinMoin - http authentication
HTTPAuth
========
HTTPAuth is just a dummy redirecting to MoinMoin.auth.GivenAuth for backwards
compatibility.
Please fix your setup, this dummy will be removed soon:
Old (1.8.x):
------------
from MoinMoin.auth.http import HTTPAuth
auth = [HTTPAuth(autocreate=True)]
# any presence (or absence) of 'http' auth name, e.g.:
auth_methods_trusted = ['http', 'xmlrpc_applytoken']
New (1.9.x):
------------
from MoinMoin.auth import GivenAuth
auth = [GivenAuth(autocreate=True)]
# presence (or absence) of 'given' auth name, e.g.:
auth_methods_trusted = ['given', 'xmlrpc_applytoken']
HTTPAuthMoin
============
HTTPAuthMoin is HTTP auth done by moin (not by your web server).
Moin will request HTTP Basic Auth and use the HTTP Basic Auth header it
receives to authenticate username/password against the moin user profiles.
from MoinMoin.auth.http import HTTPAuthMoin
auth = [HTTPAuthMoin()]
# check if you want 'http' auth name in there:
auth_methods_trusted = ['http', 'xmlrpc_applytoken']
@copyright: 2009 MoinMoin:ThomasWaldmann
@license: GNU GPL, see COPYING for details.
"""
from MoinMoin import log
logging = log.getLogger(__name__)
from MoinMoin import config, user
from MoinMoin.auth import BaseAuth, GivenAuth
class HTTPAuth(GivenAuth):
name = 'http' # GivenAuth uses 'given'
def __init__(self, *args, **kwargs):
logging.warning("DEPRECATED use of MoinMoin.auth.http.HTTPAuth, please read instructions there or docs/CHANGES!")
GivenAuth.__init__(self, *args, **kwargs)
class HTTPAuthMoin(BaseAuth):
""" authenticate via http (basic) auth """
name = 'http'
def __init__(self, autocreate=False, realm='MoinMoin', coding='iso-8859-1'):
self.autocreate = autocreate
self.realm = realm
self.coding = coding
BaseAuth.__init__(self)
def request(self, request, user_obj, **kw):
u = None
_ = request.getText
# always revalidate auth
if user_obj and user_obj.auth_method == self.name:
user_obj = None
# something else authenticated before us
if user_obj:
return user_obj, True
auth = request.authorization
if auth and auth.username and auth.password is not None:
logging.debug("http basic auth, received username: %r password: %r" % (
auth.username, auth.password))
u = user.User(request,
name=auth.username.decode(self.coding),
password=auth.password.decode(self.coding),
auth_method=self.name, auth_attribs=[])
logging.debug("user: %r" % u)
if not u or not u.valid:
from werkzeug import Response, abort
response = Response(_('Please log in first.'), 401,
{'WWW-Authenticate': 'Basic realm="%s"' % self.realm})
abort(response)
logging.debug("u: %r" % u)
if u and self.autocreate:
logging.debug("autocreating user")
u.create_or_update()
if u and u.valid:
logging.debug("returning valid user %r" % u)
return u, True # True to get other methods called, too
else:
logging.debug("returning %r" % user_obj)
return user_obj, True
|