refreshing of basic_auth.users possible?

Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

refreshing of basic_auth.users possible?

Peter C. Miller
I have user auth working well in cherrypy with code below.

The problem I'm having is that if the target database of users gets updated - e.g. user adds or updates a password, cherrypy doesn't seem to know about it because it only brings in the data once at launch via below 'get_users()' method. the get_users simply returns a manual key value dict scraped form a pymongo_db.

Restarting cherrpy 'solves' the problem, but obviously realtime connection or update is needed.

I've tried setting basic_auth.users to just method name rather than the data coming from an actual call, and also best guesses at cherrypy config update calls, but no joy.

Can't find update examples either.

No luck with direct setting to pymongo db either.

Would greatly appreciate it if anyone out there has some pointers.

auth_users_config = {
    'tools.basic_auth.on': True,
    'tools.basic_auth.users': get_users(),
    'tools.basic_auth.realm': 'some.place.out.there',
    'tools.basic_auth.encrypt': pwe
}

.....

sslConfig = {
    # Users access:
    '/ExternalResource': auth_users_config,

.....

https_cp_app = cherrypy.tree.mount(api_sub_domain_container.dev,
                                               '/a_mount',
                                               sslConfig)

--
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/cherrypy-users/1acd7645-3603-4179-9d9f-4a882d9efee2%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: refreshing of basic_auth.users possible?

Sviatoslav Sydorenko (@webknjaz)
Hi Peter!

FYI basic_auth and digest_auth are deprecated and were removed over a year ago. You should instead adapt to use the more recent and better implemented auth_basic and auth_digest.
So auth_basic in fact supports a checkpassword setting which is a callable: https://docs.cherrypy.org/en/latest/basics.html?highlight=auth_basic#basic.

Also, I'd like to point out two more things:
1) It's more secure to prefer digest auth over basic. auth_digest also supports a callable setting (get_ha1): https://github.com/cherrypy/cherrypy/blob/v18.2.0/cherrypy/lib/auth_digest.py#L16
2) Don't forget that you can easily customize things by writing your own tools and/or plugins: https://docs.cherrypy.org/en/latest/extend.html#per-request-functions

ср, 25 вер. 2019 о 08:50 Peter C. Miller <[hidden email]> пише:
I have user auth working well in cherrypy with code below.

The problem I'm having is that if the target database of users gets updated - e.g. user adds or updates a password, cherrypy doesn't seem to know about it because it only brings in the data once at launch via below 'get_users()' method. the get_users simply returns a manual key value dict scraped form a pymongo_db.

Restarting cherrpy 'solves' the problem, but obviously realtime connection or update is needed.

I've tried setting basic_auth.users to just method name rather than the data coming from an actual call, and also best guesses at cherrypy config update calls, but no joy.

Can't find update examples either.

No luck with direct setting to pymongo db either.

Would greatly appreciate it if anyone out there has some pointers.

auth_users_config = {
    'tools.basic_auth.on': True,
    'tools.basic_auth.users': get_users(),
    'tools.basic_auth.realm': 'some.place.out.there',
    'tools.basic_auth.encrypt': pwe
}

.....

sslConfig = {
    # Users access:
    '/ExternalResource': auth_users_config,

.....

https_cp_app = cherrypy.tree.mount(api_sub_domain_container.dev,
                                               '/a_mount',
                                               sslConfig)

--
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/cherrypy-users/1acd7645-3603-4179-9d9f-4a882d9efee2%40googlegroups.com.


--
Cheers,
Sviatoslav.

--
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/cherrypy-users/CAFYONRCBkuGXcka34jWwAe4WPuKE0oWoj6v_GGS_m0US4z%3DJoA%40mail.gmail.com.