repoze.who
通过删除所有base_config.sa_auth...
和禁用默认配置后base_config.auth_backend
,config/app_.cfg.py
应该可以将 repoze.who 配置为config/middleware.py
.
所以我创建了一个config/auth.py
这样的文件:
from logging import getLogger
from repoze.who.middleware import PluggableAuthenticationMiddleware
from repoze.who.classifiers import default_challenge_decider, default_request_classifier
from repoze.who.plugins.basicauth import BasicAuthPlugin
from repoze.who.plugins.htpasswd import HTPasswdPlugin, plain_check
def add_auth(app):
htpasswd = HTPasswdPlugin('/.../htpasswd', plain_check)
authenticators = [('htpasswd', htpasswd)]
base_auth = BasicAuthPlugin('Inventory DB')
challengers = [('base_auth', base_auth)]
identifiers = [('base_auth', base_auth)]
mdproviders = []
log_stream = getLogger('auth')
app_with_mw = PluggableAuthenticationMiddleware(
app,
identifiers,
authenticators,
challengers,
mdproviders,
default_request_classifier,
default_challenge_decider,
log_stream,
)
return app_with_mw
其中纯文本密码仅用于测试。然后,在config/middleware.py
这个函数中被导入并应用到函数app
的最后一步make_app
。
from invdb.config.app_cfg import base_config
from invdb.config.environment import load_environment
from auth import add_auth
__all__ = ['make_app']
make_base_app = base_config.setup_tg_wsgi_app(load_environment)
def make_app(global_conf, full_stack=True, **app_conf):
app = make_base_app(global_conf, full_stack=True, **app_conf)
app = add_auth(app)
return app
现在的问题是,身份验证实际上不起作用。不需要任何身份验证的控制器不会质询。控制器allow_only = tg.predicate.not_anonymous
将挑战 http 身份验证。但是即使plain_check 返回True
登录名也会立即被遗忘,并且再次显示挑战。tg.request.identity
停留None
。
我究竟做错了什么?