Authentication passwords are now sha256 hashed. Use --generate-pw to generate the proper hashed password.

pull/7/head
Ferry Boender 10 years ago
parent 60bfb9b969
commit 7ce6bc8b12
  1. 5
      examples/auth/README.md
  2. 4
      examples/auth/auth.json
  3. 2
      examples/simple/htaccess
  4. 36
      src/scriptform.py

@ -3,3 +3,8 @@ ScriptForm auth example
This example shows how to authenticate users. Everyone must authenticate. Only This example shows how to authenticate users. Everyone must authenticate. Only
user 'test2' is allowed to see and execute the 'only_some_users' form. user 'test2' is allowed to see and execute the 'only_some_users' form.
The credentials are:
test:secret
test2:password

@ -1,8 +1,8 @@
{ {
"title": "Authorization protected", "title": "Authorization protected",
"users": { "users": {
"test": "secret", "test": "2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b",
"test2": "password" "test2": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
}, },
"forms": { "forms": {
"do_nothing": { "do_nothing": {

@ -0,0 +1,2 @@
a:{SHA}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
fb:{SHA}MW7uIgOKtXmGLGk4ZKZl/cYBAjw=

@ -23,6 +23,7 @@ import datetime
import subprocess import subprocess
import base64 import base64
import tempfile import tempfile
import hashlib
html_header = '''<html> html_header = '''<html>
@ -287,9 +288,10 @@ class ScriptFormWebApp(WebAppHandler):
if auth_header is not None: if auth_header is not None:
auth_realm, auth_unpw = auth_header.split(' ', 1) auth_realm, auth_unpw = auth_header.split(' ', 1)
username, password = base64.decodestring(auth_unpw).split(":") username, password = base64.decodestring(auth_unpw).split(":")
pw_hash = hashlib.sha256(password).hexdigest()
# Validate the username and password # Validate the username and password
if username in self.scriptform.users and \ if username in self.scriptform.users and \
password == self.scriptform.users[username]: pw_hash == self.scriptform.users[username]:
self.username = username self.username = username
authorized = True authorized = True
@ -603,15 +605,35 @@ class ScriptForm:
WebSrv(ScriptFormWebApp, listen_addr=listen_addr, listen_port=listen_port) WebSrv(ScriptFormWebApp, listen_addr=listen_addr, listen_port=listen_port)
if __name__ == "__main__": def main_generate_pw(parser, options, args):
parser = optparse.OptionParser() import getpass
parser.set_usage(sys.argv[0] + " [option] <form_definition.json>") plain_pw = getpass.getpass()
if not plain_pw == getpass.getpass('Repeat password: '):
parser.add_option("-p", "--port", dest="port", action="store", type="int", default=80, help="Port to listen on.") sys.stderr.write("Passwords do not match.\n")
sys.exit(1)
print hashlib.sha256(plain_pw).hexdigest()
sys.exit(0)
(options, args) = parser.parse_args() def main_serve(parser, options, args):
if len(args) < 1: if len(args) < 1:
parser.error("Insufficient number of arguments") parser.error("Insufficient number of arguments")
sf = ScriptForm(args[0]) sf = ScriptForm(args[0])
sf.run(listen_port=options.port) sf.run(listen_port=options.port)
if __name__ == "__main__":
usage = [
sys.argv[0] + " [option] <form_definition.json>",
" " + sys.argv[0] + " --generate-pw",
]
parser = optparse.OptionParser()
parser.set_usage('\n'.join(usage))
parser.add_option("-g", "--generate-pw", dest="generate_pw", action="store_true", default=False, help="Generate password")
parser.add_option("-p", "--port", dest="port", action="store", type="int", default=80, help="Port to listen on")
(options, args) = parser.parse_args()
if options.generate_pw:
main_generate_pw(parser, options, args)
else:
main_serve(parser, options, args)

Loading…
Cancel
Save