pollutri
/
res_levis_API
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
203 MiB
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
res_levis_API/lib/python3.6/site-packages/websockets/auth.py

161 lines
5.3 KiB
Raw Permalink Blame History 

  1. """

  2. :mod:`websockets.auth` provides HTTP Basic Authentication according to

  3. :rfc:`7235` and :rfc:`7617`.

  4. 

  5. """

  6. 

  7. 

  8. import functools

  9. import http

  10. from typing import Any, Awaitable, Callable, Iterable, Optional, Tuple, Type, Union

  11. 

  12. from .exceptions import InvalidHeader

  13. from .headers import build_www_authenticate_basic, parse_authorization_basic

  14. from .http import Headers

  15. from .server import HTTPResponse, WebSocketServerProtocol

  16. 

  17. 

  18. __all__ = ["BasicAuthWebSocketServerProtocol", "basic_auth_protocol_factory"]

  19. 

  20. Credentials = Tuple[str, str]

  21. 

  22. 

  23. def is_credentials(value: Any) -> bool:

  24.     try:

  25.         username, password = value

  26.     except (TypeError, ValueError):

  27.         return False

  28.     else:

  29.         return isinstance(username, str) and isinstance(password, str)

  30. 

  31. 

  32. class BasicAuthWebSocketServerProtocol(WebSocketServerProtocol):

  33.     """

  34.     WebSocket server protocol that enforces HTTP Basic Auth.

  35. 

  36.     """

  37. 

  38.     def __init__(

  39.         self,

  40.         *args: Any,

  41.         realm: str,

  42.         check_credentials: Callable[[str, str], Awaitable[bool]],

  43.         **kwargs: Any,

  44.     ) -> None:

  45.         self.realm = realm

  46.         self.check_credentials = check_credentials

  47.         super().__init__(*args, **kwargs)

  48. 

  49.     async def process_request(

  50.         self, path: str, request_headers: Headers

  51.     ) -> Optional[HTTPResponse]:

  52.         """

  53.         Check HTTP Basic Auth and return a HTTP 401 or 403 response if needed.

  54. 

  55.         If authentication succeeds, the username of the authenticated user is

  56.         stored in the ``username`` attribute.

  57. 

  58.         """

  59.         try:

  60.             authorization = request_headers["Authorization"]

  61.         except KeyError:

  62.             return (

  63.                 http.HTTPStatus.UNAUTHORIZED,

  64.                 [("WWW-Authenticate", build_www_authenticate_basic(self.realm))],

  65.                 b"Missing credentials\n",

  66.             )

  67. 

  68.         try:

  69.             username, password = parse_authorization_basic(authorization)

  70.         except InvalidHeader:

  71.             return (

  72.                 http.HTTPStatus.UNAUTHORIZED,

  73.                 [("WWW-Authenticate", build_www_authenticate_basic(self.realm))],

  74.                 b"Unsupported credentials\n",

  75.             )

  76. 

  77.         if not await self.check_credentials(username, password):

  78.             return (

  79.                 http.HTTPStatus.UNAUTHORIZED,

  80.                 [("WWW-Authenticate", build_www_authenticate_basic(self.realm))],

  81.                 b"Invalid credentials\n",

  82.             )

  83. 

  84.         self.username = username

  85. 

  86.         return await super().process_request(path, request_headers)

  87. 

  88. 

  89. def basic_auth_protocol_factory(

  90.     realm: str,

  91.     credentials: Optional[Union[Credentials, Iterable[Credentials]]] = None,

  92.     check_credentials: Optional[Callable[[str, str], Awaitable[bool]]] = None,

  93.     create_protocol: Type[

  94.         BasicAuthWebSocketServerProtocol

  95.     ] = BasicAuthWebSocketServerProtocol,

  96. ) -> Callable[[Any], BasicAuthWebSocketServerProtocol]:

  97.     """

  98.     Protocol factory that enforces HTTP Basic Auth.

  99. 

  100.     ``basic_auth_protocol_factory`` is designed to integrate with

  101.     :func:`~websockets.server.serve` like this::

  102. 

  103.         websockets.serve(

  104.             ...,

  105.             create_protocol=websockets.basic_auth_protocol_factory(

  106.                 realm="my dev server",

  107.                 credentials=("hello", "iloveyou"),

  108.             )

  109.         )

  110. 

  111.     ``realm`` indicates the scope of protection. It should contain only ASCII

  112.     characters because the encoding of non-ASCII characters is undefined.

  113.     Refer to section 2.2 of :rfc:`7235` for details.

  114. 

  115.     ``credentials`` defines hard coded authorized credentials. It can be a

  116.     ``(username, password)`` pair or a list of such pairs.

  117. 

  118.     ``check_credentials`` defines a coroutine that checks whether credentials

  119.     are authorized. This coroutine receives ``username`` and ``password``

  120.     arguments and returns a :class:`bool`.

  121. 

  122.     One of ``credentials`` or ``check_credentials`` must be provided but not

  123.     both.

  124. 

  125.     By default, ``basic_auth_protocol_factory`` creates a factory for building

  126.     :class:`BasicAuthWebSocketServerProtocol` instances. You can override this

  127.     with the ``create_protocol`` parameter.

  128. 

  129.     :param realm: scope of protection

  130.     :param credentials: hard coded credentials

  131.     :param check_credentials: coroutine that verifies credentials

  132.     :raises TypeError: if the credentials argument has the wrong type

  133. 

  134.     """

  135.     if (credentials is None) == (check_credentials is None):

  136.         raise TypeError("provide either credentials or check_credentials")

  137. 

  138.     if credentials is not None:

  139.         if is_credentials(credentials):

  140. 

  141.             async def check_credentials(username: str, password: str) -> bool:

  142.                 return (username, password) == credentials

  143. 

  144.         elif isinstance(credentials, Iterable):

  145.             credentials_list = list(credentials)

  146.             if all(is_credentials(item) for item in credentials_list):

  147.                 credentials_dict = dict(credentials_list)

  148. 

  149.                 async def check_credentials(username: str, password: str) -> bool:

  150.                     return credentials_dict.get(username) == password

  151. 

  152.             else:

  153.                 raise TypeError(f"invalid credentials argument: {credentials}")

  154. 

  155.         else:

  156.             raise TypeError(f"invalid credentials argument: {credentials}")

  157. 

  158.     return functools.partial(

  159.         create_protocol, realm=realm, check_credentials=check_credentials

  160.     )