Localhost issue with flask-http auth

Question

I have the following:

@auth.verify_password
def verify_password(username_or_token, password):
    logger = logging.getLogger('__name__')
    logger.error('username = %s' %username_or_token)
    # first try to authenticate by token    
    user = USER.verify_auth_token(username_or_token)
    if not user:
        with contextlib.closing(DBSession()) as session:                                                                                                                    
            try:
                # try to authenticate with username/password
                user = session.query(USER).filter_by(USERSEMAIL = username_or_token).first()
                if not user or not user.verify_password(password):
                    return False
            except exc.SQLAlchemyError, error:
                session.rollback()
                raise_database_error(error)       
    g.user = user
    return True



@app.route('/api/token')
@auth.login_required
def get_auth_token():
    token = g.user.generate_auth_token()
    return jsonify({ 'token': token.decode('ascii') })

When I access the api/token route using localhost, I am prompted to enter my username and password. Afterwards when I check my log, I find that the username_or_token variable is ''.

The strange this is I have tested the exact same code on my online server and had no issues..

I am using Advanced Rest Client. When using this plugin, I add an Authorisation header and use the drop down fields Login and Password under the Basic tab. I have been doing the same when executing on my online server.

I am using XAMPP. Not really too sure what other info to provide.

Has anyone ever experienced this before?

Request Details

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
Authorization: Basic Z2lyaTFAZ21haWwuY29tOmFzZA==
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh-TW;q=0.4

HTTPIE Output

enter image description here

Once again the username is set to ''.

The username is set to `''` when there is no Authorization header in the request, basically this is the mechanism that can allow access to anonymous users. Can you verify that there was an Authorization header in the request and what was the value in it? — Miguel Grinberg, Apr 12 '15 at 18:08
I'm going to make a guess here. I'm not sure, but I suspect there is an issue with CORS that is interfering. Could you try to send a request from a different client? For example, you can use httpie from the command line (`pip install httpie`, then `http --auth user:pass GET http://url`). — Miguel Grinberg, Apr 13 '15 at 14:38
I tried your method and also tried `REST Client for Android` on my mobile but unfortunately have the same problem... — , Apr 13 '15 at 14:50
I don't know if the REST client for Android is browser based or not. Can you try httpie as I suggested? That ensures there are no browser related troubles such as the CORS limitations. Send your request with httpie then add the output to your question. — Miguel Grinberg, Apr 13 '15 at 17:20
Thanks. You did say you are using XMPP, but I did not realize that means you are using Apache as reverse proxy. So I'm going to ask you two more things. Please add the apache configuration, and also check if you can authenticate if you run your server without a reverse proxy. You can use gunicorn or uwsgi. I'm wondering if Apache is consuming the authentication information and not passing it through to the Python app. — Miguel Grinberg, Apr 14 '15 at 14:14

Localhost issue with flask-http auth

0 Answers0