Re: Partly OT: Authenticating a Script

Wed, 09 Aug 2006 12:02:34 -0700 

Paul Sargent wrote:
> 3 is reasonably simple, but I want this to have some form of
> authorization. Django's normal authorization framework seems rather
> awkward, because I'd need my script to go through a login process to
> get the right cookie (right?).
> 
> Any other suggestions for authenticating in the view?

You can use HTTP Authorization for this. In one of my projects I need to 
handle not only clients with regular browsers but also download managers 
for which redirects to the login view would be useless. I've made a 
small middleware (attached) that does HTTP authorization. It works after 
standard Django's authorization and checks if user is already 
authenticated that way and if not tries HTTP auth.


The tricky part that you should write is choosing what to answer a 
non-authorized user: redirect it to the login page or just answer "401 
not authorized". This really depends on your project. You can check for 
specific URLs that should be accessed only by non-browser clients or 
some custom HTTP header set in request by your script.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---

class HTTPAuthMiddleware:
  '''
  Tries to authorize a user with HTTP Authorization if not already authorized.
  This is mainly used by non-browser clients.
  '''
  def process_request(self,request):
    if not request.user.is_anonymous():
      return
    from base64 import b64decode
    authorization = request.META.get('HTTP_AUTHORIZATION', '') or request.META.get('Authorization', '')
    if not authorization:
      return
    username, password = b64decode(authorization[6:]).split(':')
    from django.contrib.auth import authenticate, login, get_user
    user = authenticate(username=username, password=password)
    if user:
      login(request, user)
      request.user = get_user(request)

Reply via email to