ironic.common.auth_basic module

class ironic.common.auth_basic.BasicAuthMiddleware(app, auth_file)[source]

Bases: object

Middleware which performs HTTP basic authentication on requests

__call__(env, start_response)[source]

Call self as a function.

format_exception(e)[source]
ironic.common.auth_basic.auth_entry(entry, password)[source]

Compare a password with a single user auth file entry

Param:

entry: Line from auth user file to use for authentication

Param:

password: Password encoded as bytes

Returns:

A dictionary of WSGI environment values to append to the request

Raises:

Unauthorized, if the entry doesn’t match supplied password or if the entry is encrypted with a method other than bcrypt

ironic.common.auth_basic.authenticate(auth_file, username, password)[source]

Finds username and password match in Apache style user auth file

The user auth file format is expected to comply with Apache documentation[1] however the bcrypt password digest is the only digest format supported.

[1] https://httpd.apache.org/docs/current/misc/password_encryptions.html

Param:

auth_file: Path to user auth file

Param:

username: Username to authenticate

Param:

password: Password encoded as bytes

Returns:

A dictionary of WSGI environment values to append to the request

Raises:

Unauthorized, if no file entries match supplied username/password

ironic.common.auth_basic.parse_entry(entry)[source]

Extrace the username and encrypted password from a user auth file entry

Param:

entry: Line from auth user file to use for authentication

Returns:

a tuple of username and encrypted password

Raises:

ConfigInvalid if the password is not in the supported bcrypt format

ironic.common.auth_basic.parse_header(env)[source]

Parse WSGI environment for Authorization header of type Basic

Param:

env: WSGI environment to get header from

Returns:

Token portion of the header value

Raises:

Unauthorized, if header is missing or if the type is not Basic

ironic.common.auth_basic.parse_token(token)[source]

Parse the token portion of the Authentication header value

Param:

token: Token value from basic authorization header

Returns:

tuple of username, password

Raises:

Unauthorized, if username and password could not be parsed for any reason

ironic.common.auth_basic.unauthorized(message=None)[source]

Raise an Unauthorized exception to prompt for basic authentication

Param:

message: Optional message for esception

Raises:

Unauthorized with WWW-Authenticate header set

ironic.common.auth_basic.validate_auth_file(auth_file)[source]

Read the auth user file and validate its correctness

Param:

auth_file: Path to user auth file

Raises:

ConfigInvalid on validation error