python - Python WSGI Repoze.who 基本身份验证不要求用户和密码
问题描述
我正在尝试使用 repoze.who 对 wsgi apache Python 3.8 apt-get -y install python3 libexpat1 apache2 apache2-utils ssl-cert libapache2-mod-wsgi-py3 进行身份验证
我已经配置了 apache:nano /etc/apache2/conf-available/mod-wsgi.conf
WSGIPassAuthorization On
WSGIScriptAlias /test_wsgi /var/www/scripts/test.py
然后
a2enconf mod-wsgi a2enmod wsgi
并在 test.py
def application(environ, start_response):
start_response('200 OK', [('Content-Type', 'text/plain')])
yield 'Hello World\n'
如果我启动 http://myip/test_wsgi
我得到了你好世界
现在,如果我尝试使用 repoze.who 复制示例身份验证,我会尝试将该代码放入 /var/www/scripts/test.py:
from repoze.who.middleware import PluggableAuthenticationMiddleware
from repoze.who.interfaces import IIdentifier
from repoze.who.interfaces import IChallenger
from repoze.who.plugins.basicauth import BasicAuthPlugin
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
from repoze.who.plugins.redirector import RedirectorPlugin
from repoze.who.plugins.htpasswd import HTPasswdPlugin,plain_check
from io import StringIO
import logging, sys
def app(environ, start_response):
start_response('200 OK', [('Content-Type', 'text/html')])
return [b"good user"]
io = StringIO()
salt = 'aa'
for name, password in [ ('admin', 'admin'), ('chris', 'chris') ]:
io.write('%s:%s\n' % (name, password))
io.seek(0)
def cleartext_check(password, hashed):
return password == hashed
htpasswd = HTPasswdPlugin(io, cleartext_check)
basicauth = BasicAuthPlugin('repoze.who')
identifiers = [('basicauth', basicauth)]
authenticators = [('htpasswd', htpasswd)]
challengers = [('basicauth', basicauth)]
mdproviders = []
from repoze.who.classifiers import default_request_classifier
from repoze.who.classifiers import default_challenge_decider
log_stream = None
import os
log_stream = sys.stdout
middleware = PluggableAuthenticationMiddleware(
app,
identifiers,
authenticators,
challengers,
mdproviders,
default_request_classifier,
default_challenge_decider,
log_stream = log_stream,
log_level = logging.DEBUG
)
application = middleware
现在,如果我从浏览器(http://myip/test_wsgi)启动我的脚本,我得到了“好用户”,并且从来没有获得基本的身份验证表单来插入我的凭据。
有什么帮助吗?
解决方案
推荐阅读
- java - 在spring websocket中捕获会话ID
- python - 重复数据框的行
- apache-spark - Pyspark 错误 java.lang.IllegalArgumentException
- c# - 由于编码问题,非对称解密似乎无法通过 tcp 连接
- java - Android Studio 不会导出 Jar
- iphone - swift 4:发送前修改通知内容
- javascript - Javascript变量设置不正确?
- php - 按下按钮时触发插件功能
- php - Joomla 搜索栏未加载用户状态
- ruby-on-rails-4 - Rails 4 / i18n / 无法将语言环境传递到另一个页面