Dec-08-2022, 12:41 PM
The colon at the end of
But you also require handling:
Code to handle this:
https://github.com/mvantellingen/wsgi-basic-auth
WWW-Authenticate
is wrong.But you also require handling:
- Not Authorized
- Authorized
- Incorrect authorization
Code to handle this:
from base64 import b64decode from hashlib import sha256 from wsgiref.simple_server import make_server CREDENTIALS = ["fb44d98b9d56bbe49028eacc8574f5715178e6d3470d276a1697de3df68e7579"] HEADER_AUTH = [ ("Content-type", "text/plain; charset=utf-8"), ("WWW-Authenticate", "Basic realm=Access to the internal site"), ] HEADER_NORMAL = [HEADER_AUTH[0]] HTTP401 = "401 Unauthorized" def app(environ, start_response): auth = environ.get("HTTP_AUTHORIZATION", "") if not auth.startswith("Basic"): start_response(HTTP401, HEADER_AUTH) return [b"401 Unauthorized"] username, password = b64decode(auth.split()[-1]).split(b":") if sha256(username + password).hexdigest() in CREDENTIALS: start_response("200 Ok", HEADER_NORMAL) return [b"200 Ok"] else: start_response(HTTP401, HEADER_AUTH) return [b"401 Unauthorized"] with make_server("", 8000, app) as httpd: print("Serving on port 8000...") httpd.serve_forever()You won't use this in production. There is a middleware for HTTPBasicAuth.
https://github.com/mvantellingen/wsgi-basic-auth
Almost dead, but too lazy to die: https://sourceserver.info
All humans together. We don't need politicians!
All humans together. We don't need politicians!