68 lines
1.7 KiB
Python
68 lines
1.7 KiB
Python
# SPDX-FileCopyrightText: Copyright (c) 2022 Dan Halbert for Adafruit Industries
|
|
#
|
|
# SPDX-License-Identifier: MIT
|
|
"""
|
|
`adafruit_httpserver.authentication`
|
|
====================================================
|
|
* Author(s): Michał Pokusa
|
|
"""
|
|
|
|
try:
|
|
from typing import Union, List
|
|
except ImportError:
|
|
pass
|
|
|
|
from binascii import b2a_base64
|
|
|
|
from .exceptions import AuthenticationError
|
|
from .request import HTTPRequest
|
|
|
|
|
|
class Basic:
|
|
"""Represents HTTP Basic Authentication."""
|
|
|
|
def __init__(self, username: str, password: str) -> None:
|
|
self._value = b2a_base64(f"{username}:{password}".encode()).decode().strip()
|
|
|
|
def __str__(self) -> str:
|
|
return f"Basic {self._value}"
|
|
|
|
|
|
class Bearer:
|
|
"""Represents HTTP Bearer Token Authentication."""
|
|
|
|
def __init__(self, token: str) -> None:
|
|
self._value = token
|
|
|
|
def __str__(self) -> str:
|
|
return f"Bearer {self._value}"
|
|
|
|
|
|
def check_authentication(
|
|
request: HTTPRequest, auths: List[Union[Basic, Bearer]]
|
|
) -> bool:
|
|
"""
|
|
Returns ``True`` if request is authorized by any of the authentications, ``False`` otherwise.
|
|
"""
|
|
|
|
auth_header = request.headers.get("Authorization")
|
|
|
|
if auth_header is None:
|
|
return False
|
|
|
|
return any(auth_header == str(auth) for auth in auths)
|
|
|
|
|
|
def require_authentication(
|
|
request: HTTPRequest, auths: List[Union[Basic, Bearer]]
|
|
) -> None:
|
|
"""
|
|
Checks if the request is authorized and raises ``AuthenticationError`` if not.
|
|
|
|
If the error is not caught, the server will return ``401 Unauthorized``.
|
|
"""
|
|
|
|
if not check_authentication(request, auths):
|
|
raise AuthenticationError(
|
|
"Request is not authenticated by any of the provided authentications"
|
|
)
|