diff options
Diffstat (limited to 'talerbank/app/views.py')
-rw-r--r-- | talerbank/app/views.py | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/talerbank/app/views.py b/talerbank/app/views.py index 33146ff..a6902be 100644 --- a/talerbank/app/views.py +++ b/talerbank/app/views.py @@ -25,6 +25,7 @@ import logging import hashlib import random import re +import base64 from urllib.parse import urlparse import django.contrib.auth import django.contrib.auth.views @@ -626,7 +627,7 @@ def serve_public_accounts(request, name=None, page=None): # @return FIXME. def login_via_headers(view_func): def _decorator(request, *args, **kwargs): - user_account = auth_and_login(request) + user_account = basic_auth(request) if not user_account: raise LoginFailed("authentication failed") return view_func(request, user_account, *args, **kwargs) @@ -814,24 +815,27 @@ def serve_history(request, user_account): return HttpResponse(status=204) return JsonResponse(dict(data=history), status=200) - ## -# Helper function that authenticates a user by fetching the -# credentials from the HTTP headers. Typically called from -# decorators. +# Implements the HTTP basic auth schema. # # @param request Django-specific HTTP request object. # @return Django-specific "authentication object". -def auth_and_login(request): - """Return user instance after checking authentication - credentials, False if errors occur""" - - username = request.META.get("HTTP_X_TALER_BANK_USERNAME") - password = request.META.get("HTTP_X_TALER_BANK_PASSWORD") - if not username or not password: - raise LoginFailed("missing user/password") - return django.contrib.auth.authenticate(username=username, password=password) +def basic_auth(request): + auth_header = request.META.get("HTTP_AUTHORIZATION") + + if not auth_header: + raise LoginFailed("missing Authorization header") + tokens = auth_header.split(" ") + if len(tokens) != 2: + raise LoginFailed("invalid Authorization header") + + # decode the base64 content. + if tokens[0] != "Basic": + raise LoginFailed("Not supporting '%s' authorization method" % tokens[0]) + + username, password = base64.b64decode(tokens[1]).decode("utf-8").split(":") + return django.contrib.auth.authenticate(username=username, password=password) ## # Serve a request of /reject (for rejecting wire transfers). |