aspen basic auth modle

httpbasic.py

import base64

from aspen import Response


def inbound_responder(*args, **kwargs):
    """ see BasicAuth object for args; they're passed through """
    auth = BasicAuth(*args, **kwargs)
    def _(request):
        request.auth = BAWrapper(auth, request)
        authed, response = auth.authorized(request):
        if not authed:
            raise response
        return request
    return _


class BAWrapper(object):
    def __init__(self, basicauth, request):
        self.auth = basicauth
        self.request = request

    def authorized(self):
        return self.auth.authorized(request)

    def userName(self):
        return self.auth.userName(request)

    def logout(self):
        return self.auth.logout(request)



class BasicAuth(object):

	def __init__(self, get_password, html=None, realm='protected'):
    	failhtml =  html or '''Not Authorized. <a href="#">Try again.</a>'''
		self.get_password = get_password
        self.fail_response = Response(401, failhtml, { 'WWW-Authenticate': 'Basic realm="%s"' % realm })

    def authorized(self, request):
		header = request.headers.get('Authorization', '')
		if not header.startswith('Basic'):
			# no auth header at all
			return False, fail_response
		userpass = base64.b64decode(header[len('Basic '):])
		if not ':' in userpass:
			# malformed user:pass
			return False, fail_response
		user, passwd = userpass.split(':',1)
		if self.get_password(user) != passwd:
			# wrong password
			# TODO: add a max attempts per timespan to slow down bot attacks
			return False, fail_response
        return True, None

    def userName(self, request):
		header = request.headers.get('Authorization', '')
		if not header.startswith('Basic'):
			return None
		userpass = base64.b64decode(header[len('Basic '):])
		if not ':' in userpass:
			return None
		user, passwd = userpass.split(':',1)
		return user		

    def logout(self, request):
		return self.fail_response