CherryPy 身份验证超时

CherryPy authentication timeout

我向我的 CherryPy 服务器添加了摘要式身份验证,我想知道用户的身份验证根据什么标准被撤销并提示他们再次输入凭据。删除 cookie 不会强制提示,但使用隐身或其他浏览器会。

我的配置:

{ 'tools.auth_digest.on': True,
  'tools.auth_digest.realm': 'localhost',
  'tools.auth_digest.get_ha1': auth_digest.get_ha1_dict_plain(USERS),
  'tools.auth_digest.key': key,
  'tools.auth_digest.accept_charset': 'UTF-8' }

谢谢

您需要有正确的 HTTP 响应,以便浏览器清除用户凭据,基本上响应 401 Unauthorized 以及如何使用 WWW-Authenticate header 进行身份验证的挑战.

这是一个使用自定义 CherryPy 工具和 Cookie 的实现,它用作将意图传达给浏览器和后端的方式(HTTP 身份验证是无状态的,我们必须来回返回deauth 和重定向)。

import cherrypy
from cherrypy.lib import auth_digest


REALM = 'localhost'
KEY = '24684651368351320asd1wdasd'
CHARSET = 'UTF-8'


@cherrypy.tools.register('before_handler')
def with_logout_handler():
    if cherrypy.request.cookie.get('Unauthorize') is not None:
        response = cherrypy.response
        response.headers['WWW-Authenticate'] = auth_digest.www_authenticate(
            realm=REALM,
            key=KEY,
            accept_charset=CHARSET
        )
        # delete the cookie that was used to mark the intention to logout
        response.cookie['Unauthorize'] = 1
        response.cookie['Unauthorize']['expires'] = 0
        raise cherrypy.HTTPError(
            401, 'You are not authorized to access that resource')


class App:
    @cherrypy.expose
    @cherrypy.tools.with_logout_handler()
    def index(self):
        return ('Welcome {}! Do you want to <a href="/logout">logout</a>?'
                .format(cherrypy.request.login))

    @cherrypy.expose
    def logout(self):
        """
        Set a cookie to give it a clue to the index method to
        remove the user credentials from the following requests.

        This will be handled by the tool `with_logout_handler`.
        """
        cherrypy.response.cookie['Unauthorize'] = 1
        raise cherrypy.HTTPRedirect("/")


def main():
    users = {
        'foo': 'bar'
    }
    cherrypy.quickstart(App(), config={
        '/': {
            'tools.auth_digest.on': True,
            'tools.auth_digest.realm': REALM,
            'tools.auth_digest.get_ha1': auth_digest.get_ha1_dict_plain(users),
            'tools.auth_digest.key': KEY,
            'tools.auth_digest.accept_charset': CHARSET
        },
    })

if __name__ == '__main__':
    main()