diff options
author | Simo Sorce <simo@redhat.com> | 2015-03-23 15:41:35 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-03-23 15:41:35 -0400 |
commit | f134e09fa91fd1e00f538ef3e403ff6a35d21e8e (patch) | |
tree | d67a655a3eeb43cd362b5955494b70b048b59dfc /custodia | |
parent | 26fbab88d505c8e9cd1aded7cdea85775ce635c8 (diff) | |
download | custodia-f134e09fa91fd1e00f538ef3e403ff6a35d21e8e.tar.gz custodia-f134e09fa91fd1e00f538ef3e403ff6a35d21e8e.tar.xz custodia-f134e09fa91fd1e00f538ef3e403ff6a35d21e8e.zip |
Add simple header auth module
This is useful when authentication is handled by a proxy sitting in
front of custodia.
Alternatively it can be used with shared secrets/bearer tokens sent
in plain text in the headers.
Diffstat (limited to 'custodia')
-rw-r--r-- | custodia/http/authenticators.py | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/custodia/http/authenticators.py b/custodia/http/authenticators.py index ad912c6..0a4d9c7 100644 --- a/custodia/http/authenticators.py +++ b/custodia/http/authenticators.py @@ -30,3 +30,34 @@ class SimpleCredsAuth(HTTPAuthenticator): request['valid_user'] = True else: raise HTTPError(403) + + +class SimpleHeaderAuth(HTTPAuthenticator): + + def __init__(self, config=None): + super(SimpleHeaderAuth, self).__init__(config) + self.name = 'REMOTE_USER' + self.value = None + if 'header' in self.config: + self.name = self.config['header'] + if 'value' in self.config: + self.value = self.config['value'] + + def handle(self, request): + if self.name not in request['headers']: + raise HTTPError(403) + value = request['headers'][self.name] + if self.value is None: + # Any value is accepted + pass + elif isinstance(self.value, str): + if value != self.value: + raise HTTPError(403) + elif isinstance(self.value, list): + if value not in self.value: + raise HTTPError(403) + else: + raise HTTPError(403) + + request['valid_user'] = True + request['valid_header'] = value |