时间戳

首页 > 解决方案 > Python WSGI Repoze.who 基本身份验证不要求用户和密码

python - Python WSGI Repoze.who 基本身份验证不要求用户和密码

问题描述

我正在尝试使用 repoze.who 对 wsgi apache Python 3.8 apt-get -y install python3 libexpat1 apache2 apache2-utils ssl-cert libapache2-mod-wsgi-py3 进行身份验证

我已经配置了 apache:nano /etc/apache2/conf-available/mod-wsgi.conf

WSGIPassAuthorization On
WSGIScriptAlias /test_wsgi /var/www/scripts/test.py

然后

a2enconf mod-wsgi a2enmod wsgi

并在 test.py

def application(environ, start_response):
start_response('200 OK', [('Content-Type', 'text/plain')])
yield 'Hello World\n'

如果我启动 http://myip/test_wsgi

我得到了你好世界

现在,如果我尝试使用 repoze.who 复制示例身份验证,我会尝试将该代码放入 /var/www/scripts/test.py:

    from repoze.who.middleware import PluggableAuthenticationMiddleware
    from repoze.who.interfaces import IIdentifier
    from repoze.who.interfaces import IChallenger
    from repoze.who.plugins.basicauth import BasicAuthPlugin
    from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
    from repoze.who.plugins.redirector import RedirectorPlugin
    from repoze.who.plugins.htpasswd import HTPasswdPlugin,plain_check
    from io import StringIO
    import logging, sys
    
    
    def app(environ, start_response):
        start_response('200 OK', [('Content-Type', 'text/html')])
        return [b"good user"]
    
    
    io = StringIO()
    salt = 'aa'
    for name, password in [ ('admin', 'admin'), ('chris', 'chris') ]:
        io.write('%s:%s\n' % (name, password))
    io.seek(0)
    def cleartext_check(password, hashed):
        return password == hashed
    htpasswd = HTPasswdPlugin(io, cleartext_check)
    basicauth = BasicAuthPlugin('repoze.who')
    identifiers = [('basicauth', basicauth)]
    authenticators = [('htpasswd', htpasswd)]
    challengers = [('basicauth', basicauth)]
    mdproviders = []
    
    from repoze.who.classifiers import default_request_classifier
    from repoze.who.classifiers import default_challenge_decider
    log_stream = None
    import os
    log_stream = sys.stdout
    
    middleware = PluggableAuthenticationMiddleware(
        app,
        identifiers,
        authenticators,
        challengers,
        mdproviders,
        default_request_classifier,
        default_challenge_decider,
        log_stream = log_stream,
        log_level = logging.DEBUG
        )
    
    
    application = middleware

现在,如果我从浏览器(http://myip/test_wsgi)启动我的脚本,我得到了“好用户”,并且从来没有获得基本的身份验证表单来插入我的凭据。

有什么帮助吗?

标签: pythonbasic-authenticationwsgirepoze.who

解决方案

推荐阅读