|
bruce bushby
bruce.bushby at googlemail.com
Sun Mar 29 07:17:58 EDT 2009
Hi
I've been struggling to implement form based user authentication for some
time now so I'm posting my progress in the hope that
more experienced members will comment and any new starters will save
themselves some time.
A big thanks to John Calixto for getting back to me and suggesting "AuthType
wgtiauth" and "Require wgti-user"
The example works as follows:
- Attempt to access the protected area gets intercepted by authenhandler, if
not authorized redirect to login, if login successful, continue to original
url.
- Uses DbmSessions (nice when used with a load balancer and RedHat GFS)
Cheers
Bruce
My setup:
OS: Linux Fedora Core 8
Apache: Apache/2.2.6 (Fedora)
mod_python: 3.3.1
*** add an entry in your hosts file:*
127.0.0.1 www.mysite.com mysite.com mysite
*/etc/httpd/conf/httpd.conf setup (virtual host):
*NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.mysite.com
ServerAlias mysite
ServerAdmin webmaster at mysite
DocumentRoot /var/www/html/mysite
<Directory />
SetHandler mod_python
AddHandler mod_python.publisher .py
PythonHandler mod_python.publisher
PythonOption mod_python.dbm_session.database_filename
"/var/www/html/mysite/dbm/mp_sess.dbm"
PythonOption ApplicationPath "/"
PythonPath "sys.path+['/var/www/html/mysite/modules']"
PythonDebug On
</Directory>
<Directory /var/www/html/mysite/members>
AuthType wgtiauth
AuthName "members"
Require wgti-user
PythonAuthenHandler authsession
PythonAuthzHandler authsession
</Directory>
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
LogLevel debug
ServerSignature On
</VirtualHost>
[root at core mysite]# pwd
/var/www/html/mysite
[root at core mysite]# find . -ls
6069239 4 drwxr-x--- 6 apache apache 4096 Mar 29 00:37 .
6069464 4 drwxr-x--- 2 apache apache 4096 Mar 29 11:43 ./html
6069466 4 -rwxr-x--- 1 apache apache 236 Mar 26 22:35
./html/login.html
6069467 4 -rwxr-x--- 1 apache apache 213 Mar 28 10:40
./html/indexWelcome.html
6069478 4 -rwxr-x--- 1 apache apache 448 Mar 29 00:37
./index.py
6069469 4 drwxr-x--- 2 apache apache 4096 Mar 29 11:43 ./dbm
6069195 12 -rw-r----- 1 apache apache 12288 Mar 29 11:44
./dbm/mp_sess.dbm
6069471 4 drwxr-x--- 3 apache apache 4096 Mar 28 10:57
./members
6069472 4 drwxr-x--- 2 apache apache 4096 Mar 28 10:56
./members/html
6069473 4 -rwxr-x--- 1 apache apache 159 Mar 28 10:17
./members/html/membersWelcome.html
6069474 4 -rwxr-x--- 1 apache apache 158 Mar 28 10:56
./members/html/membersForum.html
6069475 4 -rwxr-x--- 1 apache apache 569 Mar 28 10:57
./members/index.py
6069476 4 drwxr-x--- 2 apache apache 4096 Mar 29 11:40
./modules
6069194 4 -rwxr-x--- 1 apache apache 1173 Mar 29 03:10
./modules/funcs.pyc
6069196 4 -rwxr-x--- 1 apache apache 1019 Mar 29 03:10
./modules/authsession.pyc
6069497 4 -rwxr-x--- 1 apache apache 588 Mar 29 03:09
./modules/authsession.py
6069498 4 -rwxr-x--- 1 apache apache 804 Mar 29 03:09
./modules/funcs.py
-------------------------------------
./html/login.html
-------------------------------------
<html>
<body>
Login <br>
<form action=authenticate method=post>
<input name=user type=text><br>
<input name=password type=password><br>
<input name=submit type=submit value=Login>
</body>
</html>
-------------------------------------
./html/indexWelcome.html
-------------------------------------
<html>
<body>
index
<br>
source address: %s
<br>
<br>
<a href=http://mysite/members>members</a>
<br>
<br>
<a href=/login>login</a>
<br>
<a href=logout>logout</a>
</body>
</html>
-------------------------------------
./index.py
-------------------------------------
from funcs import *
from mod_python import util
from mod_python import Cookie
from mod_python import apache
from mod_python import Session
def index(req):
util.redirect(req,"http://mysite/welcome")
def welcome(req):
f = open("/var/www/html/mysite/html/indexWelcome.html")
indexWelcome = f.read()
return indexWelcome % req.connection.remote_ip
def login(req):
f = open("/var/www/html/mysite/html/login.html")
login = f.read()
return login
-------------------------------------
./members/html/membersWelcome.html
-------------------------------------
<html>
<body>
members
<br>
source address: %s
<br>
<br>
<a href=/welcome>Home</a>
<br>
<a href=/logout>Logout</a>
</body>
</html>
-------------------------------------
./members/html/membersForum.html
-------------------------------------
<html>
<body>
forum:
<br>
source address: %s
<br>
<br>
<a href=/welcome>Home</a>
<br>
<a href=/logout>Logout</a>
</body>
</html>
-------------------------------------
./members/index.py
-------------------------------------
from funcs import *
from mod_python import util
from mod_python import apache
from mod_python import Cookie
from mod_python import Session
def index(req):
util.redirect(req,"http://mysite/members/welcome")
def welcome(req):
f = open("/var/www/html/mysite/members/html/membersWelcome.html")
membersWelcome = f.read()
return membersWelcome % req.connection.remote_ip
def forum(req):
f = open("/var/www/html/mysite/members/html/membersForum.html")
membersForum = f.read()
return membersForum % req.connection.remote_ip
-------------------------------------
./modules/authsession.py
-------------------------------------
from mod_python import util
from mod_python import apache
from mod_python import Session
def authenhandler(req):
req.user = "nobody"
req.session = Session.DbmSession(req)
if req.session.is_new():
req.session['referer'] = "http://mysite" + req.unparsed_uri
req.session.save()
util.redirect(req,"http://mysite/login")
if req.session.has_key('authstatus') and req.session['authstatus']
== "authenticated":
return apache.OK
return apache.HTTP_UNAUTHORIZED
def authzhandler(req):
if req.user:
return apache.OK
return apache.HTTP_UNAUTHORIZED
-------------------------------------
./modules/funcs.py
-------------------------------------
from mod_python import util
from mod_python import apache
from mod_python import Session
def authenticate(req):
req.session = Session.DbmSession(req)
if req.session.is_new():
req.session['referer'] = "http://mysite/welcome"
referer = req.session['referer']
user = req.form['user']
password = req.form['password']
if user == "demo" and password == "demo":
req.user = user
req.session['user'] = user
req.session['authstatus'] = 'authenticated'
req.session.save()
util.redirect(req,referer)
else:
req.session.delete()
req.session = Session.DbmSession(req)
referer = req.session['referer']
req.session.save()
util.redirect(req,"http://mysite/login")
def logout(req):
req.session = Session.DbmSession(req)
req.session.delete()
util.redirect(req,"http://mysite/welcome")
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20090329/8916c798/attachment-0001.html
|