8

How can i perform basic authentication in bottle framework? in flask i used to:

def check( username, password ):
    # This function is called to check if a username/password combination is valid
    return username == 'nikos' and password == '******'


def authenticate():
    # Sends a 401 response that enables basic auth
    return Response( 'Credentials of a registered user required!', 401, {'WWW-Authenticate': 'Basic realm="User!"'} )

and called as:

auth = request.authorization
if not auth or not counters.check( auth.username, auth.password ):
    return counters.authenticate()

How can i achieve the same in Bottle framework?

Νικόλαος Βέργος
  • 460
  • 1
  • 6
  • 21
  • Just left an answer for you, with an example. Hope it helps! But it's worth noting that I found an answer after only 15 seconds of searching Google/Stackoverflow, so I recommend searching a bit more before posting a question. (Otherwise, your questions are likely to be marked as duplicates.) – ron rothman Sep 23 '18 at 00:18
  • 1
    Possible duplicate of [Bottle.py HTTP Auth?](https://stackoverflow.com/questions/13272528/bottle-py-http-auth) – ron rothman Sep 23 '18 at 06:38
  • No, it is not. Before asking thsi question i have seen 3 threads here none of those helped me resolve my problem. – Νικόλαος Βέργος Sep 23 '18 at 07:09

2 Answers2

12

As reported here, Bottle natively contains a decorator that makes Basic Auth pretty straightforward:

from bottle import auth_basic, request, route

def is_authenticated_user(user, password):
    # You write this function. It must return
    # True if user/password is authenticated, or False to deny access.

@route('/')
@auth_basic(is_authenticated_user)
def home():
    return ['hooray, you are authenticated! your info is: {}'.format(request.auth)]
ron rothman
  • 17,348
  • 7
  • 41
  • 43
  • I did search and found some examples but it was very complicated to understand. Here in my case i have to save the 'username' user gives to authentication prompt to the database. Can i grab it as request.auth.username? And if the user gives in the prompt wrong credentials how can i send the user again to the authentication prompt? – Νικόλαος Βέργος Sep 23 '18 at 06:15
  • Have you tried? The browser will reprompt upon wrong credentials, with the code I already gave you. Please try/experiment before you ask. – ron rothman Sep 23 '18 at 06:19
  • Yes ima trying it. Sorry iam new to Bottle. Can i decorator be within another decorator? is something like this correct? `@app.route( '/file', methods=['POST'] ) @auth_basic( is_authenticated_user )` I'am getting `Method not allowed.` if i place `@auth_basic( is_authenticated_user )` inside a view function i get syntax error? Where exactly should i place the auth decorator? – Νικόλαος Βέργος Sep 23 '18 at 06:33
  • I'm having trouble making this work, i dont understnad why i'm getting method not allowed. Please help me. – Νικόλαος Βέργος Sep 23 '18 at 07:02
  • Yes, decorators can be nested. Have you tried reversing the order of your decorators? – ron rothman Sep 24 '18 at 02:53
  • Hi Ron, i have managed to make auth_basic working, `Method not allowes' was due to another error i had not relevant to auth. I need to get the value that users gives in auth prompt thoough. I tried `request.auth.user` and `request.auth.username` but that wont return the value? How can i retrieve user data given in the auth prompt? – Νικόλαος Βέργος Sep 24 '18 at 06:51
  • I don't know the answer to that. If you want further help, I suggest closing this question and asking a new one – ron rothman Sep 24 '18 at 12:02
  • ook, i already asked, thank you very much for helping me out. – Νικόλαος Βέργος Sep 24 '18 at 12:15
  • Great, happy to help. Please accept this answer if you feel it answered your original question. Good luck! – ron rothman Sep 24 '18 at 12:31
  • Most certainly! – Νικόλαος Βέργος Sep 24 '18 at 13:04
2

Adapted from ron rothman with a basic auth solution using werkzeug.

from bottle import auth_basic, request, route
from werkzeug.security import generate_password_hash, check_password_hash


users = {'user1': generate_password_hash('pwd!')}


def is_authenticated_user(user, password):
    # You write this function. It must return
    # True if user/password is authenticated, or False to deny access.
    return user in users and check_password_hash(users[user], password)

@route('/')
@auth_basic(is_authenticated_user)
def home():
    return ['hooray, you are authenticated! your info is: {}'.format(request.auth)]
ggorlen
  • 44,755
  • 7
  • 76
  • 106
Ben
  • 191
  • 8