diff options
| author | Solly Ross <sross@redhat.com> | 2015-08-25 16:44:24 -0400 |
|---|---|---|
| committer | Solly Ross <sross@redhat.com> | 2015-08-25 17:52:20 -0400 |
| commit | 1e2b5c2256d31e34083935f8adb2c8433cd40f7f (patch) | |
| tree | 6e445718408ab9bfd5290aafed21f288051586d3 /websockify/auth_plugins.py | |
| parent | 6c1543c05b79ae8bef2d2f7d703002a432776baf (diff) | |
| download | websockify-feature/http-auth-plugins.tar.gz | |
Rework Auth Plugins to Support HTTP Authfeature/http-auth-plugins
This commit reworks auth plugins slightly to enable
support for HTTP authentication. By raising an
AuthenticationError, auth plugins can now return
HTTP responses to the upgrade request (such as 401).
Related to kanaka/noVNC#522
Diffstat (limited to 'websockify/auth_plugins.py')
| -rw-r--r-- | websockify/auth_plugins.py | 50 |
1 files changed, 47 insertions, 3 deletions
diff --git a/websockify/auth_plugins.py b/websockify/auth_plugins.py index 647c26e..924d5de 100644 --- a/websockify/auth_plugins.py +++ b/websockify/auth_plugins.py @@ -7,7 +7,15 @@ class BasePlugin(object): class AuthenticationError(Exception): - pass + def __init__(self, log_msg=None, response_code=403, response_headers={}, response_msg=None): + self.code = response_code + self.headers = response_headers + self.msg = response_msg + + if log_msg is None: + log_msg = response_msg + + super(AuthenticationError, self).__init__('%s %s' % (self.code, log_msg)) class InvalidOriginError(AuthenticationError): @@ -16,8 +24,44 @@ class InvalidOriginError(AuthenticationError): self.actual_origin = actual super(InvalidOriginError, self).__init__( - "Invalid Origin Header: Expected one of " - "%s, got '%s'" % (expected, actual)) + response_msg='Invalid Origin', + log_msg="Invalid Origin Header: Expected one of " + "%s, got '%s'" % (expected, actual)) + + +class BasicHTTPAuth(object): + def __init__(self, src=None): + self.src = src + + def authenticate(self, headers, target_host, target_port): + import base64 + + auth_header = headers.get('Authorization') + if auth_header: + if not auth_header.startswith('Basic '): + raise AuthenticationError(response_code=403) + + try: + user_pass_raw = base64.b64decode(auth_header[6:]) + except TypeError: + raise AuthenticationError(response_code=403) + + user_pass = user_pass_raw.split(':', 1) + if len(user_pass) != 2: + raise AuthenticationError(response_code=403) + + if not self.validate_creds: + raise AuthenticationError(response_code=403) + + else: + raise AuthenticationError(response_code=401, + response_headers={'WWW-Authenticate': 'Basic realm="Websockify"'}) + + def validate_creds(username, password): + if '%s:%s' % (username, password) == self.src: + return True + else: + return False class ExpectOrigin(object): def __init__(self, src=None): |