使用 Cherrypy 进行身份验证

Authenticating with Cherrypy

CherryPy 文档的

This page 包含以下片段:

from cherrypy.lib import auth_digest

USERS = {'jon': 'secret'}

conf = {
   '/protected/area': {
        'tools.auth_digest.on': True,
        'tools.auth_digest.realm': 'localhost',
        'tools.auth_digest.get_ha1': auth_digest.get_ha1_dict_plain(USERS),
        'tools.auth_digest.key': 'a565c27146791cfb'
   }
}

cherrypy.quickstart(myapp, '/', conf)

tools.auth_digest开头的4项是什么意思?

摘要是一种比基本身份验证稍微更安全的身份验证机制,请参阅此处的定义What is digest authentication?

我查看了 CherryPy 源代码,看看是否有关于参数含义的任何类型的文档,this file 它说参数是:

realm
    A string containing the authentication realm.

get_ha1
    A callable which looks up a username in a credentials store
    and returns the HA1 string, which is defined in the RFC to be
    MD5(username : realm : password).  The function's signature is:
    ``get_ha1(realm, username)``
    where username is obtained from the request's 'authorization' header.
    If username is not found in the credentials store, get_ha1() returns
    None.

key
    A secret string known only to the server, used in the synthesis of nonces.

on 标志将(希望很明显)仅启用摘要身份验证并强制它搜索摘要参数而不是基本身份验证参数。

注意get_ha1参数是可调用的,从文件中搜索有3个版本:

get_ha1_dict_plain
get_ha1_dict
get_ha1_file_htdigest

如果您想确切了解它们的工作原理,这些函数有适当的文档字符串。

希望对您有所帮助!