2

I am trying to do HTTP basic authentication with bottle.py using the following decorator I have written:

def check_auth(username, password):
if username == 'admin' and password == 'pass':
    return True
else:
    return False

def authenticate(msg_string = "Authenticate."):
response.content_type = "application/json"
message = {'message': msg_string}
resp = jsonpickle.encode(message)
response.status = "401 - Unauthorized"
response.headers['WWW-Authenticate'] = 'Basic realm="PyBit"'

return resp

def requires_auth(f):
def decorated(*args, **kwargs):
    print request.auth
    auth = request.auth
    if not auth: 
        return authenticate()
    elif not check_auth(auth[0],auth[1]):
        response.status = "401 - Unauthorized"
        return authenticate("HTTP Authentication Failed.")
    else:
        return f(*args, **kwargs)
return decorated

It works in the builtin wsgiref server, but not when I run my app under Apache using mod_wsgi. The "auth" object is always "None" in that case.

Is apache pinching it?

James Bennet
  • 603
  • 2
  • 10
  • 22

1 Answers1

3

Nevermimd. sorted it. Authorisation headers are not passed through by default . We need to set the WSGIPassAuthorization directive to control whether HTTP authorisation headers are passed through to a WSGI application in the HTTP_AUTHORIZATION variable of the WSGI application environment when the equivalent HTTP request headers are present.

James Bennet
  • 603
  • 2
  • 10
  • 22
  • 1
    Your question seems to be a duplicate of [Passing apache2 digest authentication information to a wsgi script run by mod_wsgi](http://stackoverflow.com/questions/123499/passing-apache2-digest-authentication-information-to-a-wsgi-script-run-by-mod-ws). Why not delete yours and upvote that? – Pedro Romano Nov 14 '12 at 10:55
  • Wish I had found that in all my time searching! – James Bennet Nov 14 '12 at 15:44