Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python/WebApp Google App Engine - testing for user/pass in the headers

When you call a web service like this:

   username = 'test12'
   password = 'test34' 
   client = httplib2.Http(".cache") 
   client.add_credentials(username,password)
   URL = "http://localhost:8080/wyWebServiceTest"
   response, content = client.request(URL) 

How do you get the username/password into variables on the server side (i.e. in the web-service that I'm writing). I checked the self.request.headers and self.request.environ and couldn't find them.

(I'm not using Google Login, need to bounce this userid/pass against my own database to verify security.)

I was trying to ideas from this page: http://pythonpaste.org/webob/reference.html#headers

Thanks,

Neal Walters

Slight enhancement to Peter's code below:

 auth = None 
 if 'Authorization' in self.request.headers: 
    auth = self.request.headers['Authorization']
 if not auth:
like image 539
NealWalters Avatar asked Dec 22 '22 08:12

NealWalters


1 Answers

I haven't tested this code (insert smiley) but I think this is the sort of thing you need. Basically your credentials won't be in the header if your server hasn't bounced a 401 back to your client (the client needs to know the realm to know what credentials to provide).

class MYREALM_securepage(webapp.RequestHandler):
  def get(self):
      if not 'Authorization' in self.request.headers:
          self.response.headers['WWW-Authenticate'] = 'Basic realm="MYREALM"'
          self.response.set_status(401)
          self.response.out.write("Authorization required")
      else:
          auth = self.request.headers['Authorization']
          (username, password) = base64.b64decode(auth.split(' ')[1]).split(':')
          # Check the username and password, and proceed ...
like image 195
Peter S Magnusson Avatar answered Jan 25 '23 23:01

Peter S Magnusson