14

How can I get my bottle.py app (Running in Paste or Cherrypy) to do HTTP (basic or digest) authentication? - I need to secure it, but cant find a any HOWTOs.

James Bennet
  • 593
  • 2
  • 9
  • 22
  • possible duplicate of [How to implement user authentication and sessions with Python](http://stackoverflow.com/questions/5586141/how-to-implement-user-authentication-and-sessions-with-python) – Martijn Pieters Nov 07 '12 at 15:15
  • possible duplicate of [Bottle-friendly WSGI authentication library/middleware](http://stackoverflow.com/questions/4533674/bottle-friendly-wsgi-authentication-library-middleware) – Don Kirkby Dec 19 '12 at 20:40

2 Answers2

26

bottle has a built in auth_basic decorator that can be used on a view:

from bottle import auth_basic, request, route

def check(user, pw):
    # Check user/pw here and return True/False

@route('/')
@auth_basic(check)
def home():
    return { 'data': request.auth }
M Somerville
  • 3,938
  • 25
  • 37
  • Can you explain more? I am not sure how I can do check. – Fahad Ahammed Mar 13 '17 at 05:08
  • 2
    That's not a lot of information to go on, I'm afraid. Your `check` function depends entirely on what you want to do, so it could say e.g. `if user == "user" and pw == "hello": return True` – though in general of course I would not hard code a password like that! – M Somerville Mar 14 '17 at 09:54
  • What happens if you fail the check? Can you decide what is shown? – Robert Johnstone Jan 10 '20 at 16:36
  • The auth_basic parameters are the function to call, the name of the auth realm, and the body to be displayed in the 401 error, so you can pass it in there. – M Somerville Jan 10 '20 at 22:12
2

There are some libraries on GitHub like https://github.com/FedericoCeratto/bottle-cork that should help. It may be easier to integrate than the repoze library suggested in the related post.

Brian Cajes
  • 2,966
  • 3
  • 18
  • 22