summaryrefslogtreecommitdiff
path: root/talerbank/app/views.py
diff options
context:
space:
mode:
Diffstat (limited to 'talerbank/app/views.py')
-rw-r--r--talerbank/app/views.py32
1 files changed, 18 insertions, 14 deletions
diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index 33146ff..a6902be 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -25,6 +25,7 @@ import logging
import hashlib
import random
import re
+import base64
from urllib.parse import urlparse
import django.contrib.auth
import django.contrib.auth.views
@@ -626,7 +627,7 @@ def serve_public_accounts(request, name=None, page=None):
# @return FIXME.
def login_via_headers(view_func):
def _decorator(request, *args, **kwargs):
- user_account = auth_and_login(request)
+ user_account = basic_auth(request)
if not user_account:
raise LoginFailed("authentication failed")
return view_func(request, user_account, *args, **kwargs)
@@ -814,24 +815,27 @@ def serve_history(request, user_account):
return HttpResponse(status=204)
return JsonResponse(dict(data=history), status=200)
-
##
-# Helper function that authenticates a user by fetching the
-# credentials from the HTTP headers. Typically called from
-# decorators.
+# Implements the HTTP basic auth schema.
#
# @param request Django-specific HTTP request object.
# @return Django-specific "authentication object".
-def auth_and_login(request):
- """Return user instance after checking authentication
- credentials, False if errors occur"""
-
- username = request.META.get("HTTP_X_TALER_BANK_USERNAME")
- password = request.META.get("HTTP_X_TALER_BANK_PASSWORD")
- if not username or not password:
- raise LoginFailed("missing user/password")
- return django.contrib.auth.authenticate(username=username, password=password)
+def basic_auth(request):
+ auth_header = request.META.get("HTTP_AUTHORIZATION")
+
+ if not auth_header:
+ raise LoginFailed("missing Authorization header")
+ tokens = auth_header.split(" ")
+ if len(tokens) != 2:
+ raise LoginFailed("invalid Authorization header")
+
+ # decode the base64 content.
+ if tokens[0] != "Basic":
+ raise LoginFailed("Not supporting '%s' authorization method" % tokens[0])
+
+ username, password = base64.b64decode(tokens[1]).decode("utf-8").split(":")
+ return django.contrib.auth.authenticate(username=username, password=password)
##
# Serve a request of /reject (for rejecting wire transfers).
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-05 14:16:17 +0000