Geek Answers Handbook

Python / WebApp Google App Engine - Testing for user / submission in headers

When you call the web service as follows:

username = 'test12' password = 'test34' client = httplib2.Http(".cache") client.add_credentials(username,password) URL = "http://localhost:8080/wyWebServiceTest" response, content = client.request(URL)

How do you get the username / password in the variables on the server side (i.e. in the web service that I am writing). I checked self.request.headers and self.request.environ and could not find them.

(I do not use Google Login, it is necessary to scan this user ID / pass against my own database in order to verify security.)

I tried to think from this page: http://pythonpaste.org/webob/reference.html#headers

Thanks,

Neal Walters

A slight improvement to the Peter code below:

  auth = None if 'Authorization' in self.request.headers: auth = self.request.headers['Authorization'] if not auth:
+4
source share
3 answers

I have not tested this code (insert a smiley face), but I think that this is exactly what you need. Basically, your credentials will not be in the header unless your server has returned 401 back to your client (the client must know the scope in order to know which credentials should provide).

 class MYREALM_securepage(webapp.RequestHandler): def get(self): if not 'Authorization' in self.request.headers: self.response.headers['WWW-Authenticate'] = 'Basic realm="MYREALM"' self.response.set_status(401) self.response.out.write("Authorization required") else: auth = self.request.headers['Authorization'] (username, password) = base64.b64decode(auth.split(' ')[1]).split(':') # Check the username and password, and proceed ...
+7
source

The credentials appear in the authorization header. The steps work as follows:

  • The client makes a request to your application without attempting authorization
  • The server responds with a “401 Authorization Required” response, and the “WWW-Authenticate” header is set to “Basic realm =" something "(for basic auth).
  • The client responds with the corresponding authorization header (see below).

The exact content of the client authorization header in step 3 depends on the authorization method used. For HTTP Basic auth, these are base64 encoded user credentials - see here . For the auth HTTP digest, both the server header and the response from the client are a bit more complicated - see here .

+3
source

httplib2 will only transmit credentials after a 401 response from the web server, after which credentials should be sent in the Authorization: header.

+1
source

More articles:


All Articles