Skip to content

gvalkov/tornado-http-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

tornado-http-auth

Latest version released on PyPi Apache License, Version 2.0.

Digest and basic authentication for the Tornado web framework. Based on code and ideas from Twisted's cred.

Installation

The latest stable version of tornado-http-auth can be installed from pypi:

$ pip install tornado-http-auth

Usage

import tornado.ioloop
from tornado.web import RequestHandler, Application
from tornado_http_auth import DigestAuthMixin, BasicAuthMixin, auth_required

credentials = {'user1': 'pass1'}

# Example 1 (using decorator).
class MainHandler(DigestAuthMixin, RequestHandler):
    @auth_required(realm='Protected', auth_func=credentials.get)
    def get(self):
        self.write('Hello %s' % self._current_user)

# Example 2 (using prepare and get_authentciated_user).
class MainHandler(BasicAuthMixin, RequestHandler):
    def prepare(self):
        self.get_authenticated_user(check_credentials_func=credentials.get, realm='Protected')

    def get(self):
        self.write('Hello %s' % self._current_user)

app = Application([
    (r'/', MainHandler),
])

app.listen(8888)
tornado.ioloop.IOLoop.current().start()

# curl --user user1:pass1 -v http://localhost:8888  -> 200 OK
# curl --user user2:pass2 -v http://localhost:8888  -> 401 Unauthorized
# Remove or comment second class
# curl --digest --user user1:pass1 -v http://localhost:8888  -> 200 OK
# curl --digest --user user2:pass2 -v http://localhost:8888  -> 401 Unauthorized

License

This project is released under the terms of the Apache License, Version 2.0.