Monthly Archives: August 2013

bottlepy authentication

Leave a reply

Simple example:
https://github.com/bbrodriges/bottlepy-user-auth/blob/master/bottlepy_user_auth.py

Full project:
http://cork.firelet.net/

Using decorators:
http://tumblr.kurttheviking.com/post/13053496552/using-decorators-to-require-sign-in-with-bottle-py

Another simple decorators example:
https://groups.google.com/forum/#!topic/bottlepy/C9XSuw8Xxas

AuthKit assumes the setup to follow Pylons conventions and uses a lot of
exceptions that are specific to Pylons/paste. These are not handled by
Bottle or any WSGI server other than paste. It is not easy to use
AuthKit as a standalone middleware.

If all you want is basic HTTP authentication, all you need is already
there: http://bottle.paws.de/docs/dev/api.html#bottle.Request.auth
Here is a decorator that checks for a valid (user, password) tuple in
‘request.auth’ and blocks unauthorized requests with a 401-error.

   from bottle import request, response, HTTPError
   def protected(check, realm="private", text="Access denied"):
     def decorator(func):
       def wrapper(*a, **ka):
         user, password = request.auth or (None, None)
         if user is None or not check(user, password):
           response.headers['WWW-Authenticate'] = 'Basic realm="%s"' % realm
           return HTTPError(401, text)
         return func(*a, **ka)
       return wrapper
     return decorator

Here is a working example:

   from bottle import route

   def check_valid_user(usr, pwd):
     ''' Return True if username and password are valid. '''
     return usr == 'admin' and pwd == 'secret'

   @route('/secret')
   @protected(check_user)
   def secret():
     return "Secret"