How can I get my bottle.py app (Running in Paste or Cherrypy) to do HTTP (basic or digest) authentication? - I need to secure it, but cant find a any HOWTOs.
Asked
Active
Viewed 1.1k times
14
-
possible duplicate of [How to implement user authentication and sessions with Python](http://stackoverflow.com/questions/5586141/how-to-implement-user-authentication-and-sessions-with-python) – Martijn Pieters Nov 07 '12 at 15:15
-
possible duplicate of [Bottle-friendly WSGI authentication library/middleware](http://stackoverflow.com/questions/4533674/bottle-friendly-wsgi-authentication-library-middleware) – Don Kirkby Dec 19 '12 at 20:40
2 Answers
26
bottle has a built in auth_basic
decorator that can be used on a view:
from bottle import auth_basic, request, route
def check(user, pw):
# Check user/pw here and return True/False
@route('/')
@auth_basic(check)
def home():
return { 'data': request.auth }
M Somerville
- 3,938
- 25
- 37
-
-
2That's not a lot of information to go on, I'm afraid. Your `check` function depends entirely on what you want to do, so it could say e.g. `if user == "user" and pw == "hello": return True` – though in general of course I would not hard code a password like that! – M Somerville Mar 14 '17 at 09:54
-
What happens if you fail the check? Can you decide what is shown? – Robert Johnstone Jan 10 '20 at 16:36
-
The auth_basic parameters are the function to call, the name of the auth realm, and the body to be displayed in the 401 error, so you can pass it in there. – M Somerville Jan 10 '20 at 22:12
2
There are some libraries on GitHub like https://github.com/FedericoCeratto/bottle-cork that should help. It may be easier to integrate than the repoze library suggested in the related post.
Brian Cajes
- 2,966
- 3
- 18
- 22