refreshing of basic_auth.users possible?

Skip to first unread message

Peter C. Miller

Sep 25, 2019, 2:50:51 AM9/25/19
to cherrypy-users
I have user auth working well in cherrypy with code below.

The problem I'm having is that if the target database of users gets updated - e.g. user adds or updates a password, cherrypy doesn't seem to know about it because it only brings in the data once at launch via below 'get_users()' method. the get_users simply returns a manual key value dict scraped form a pymongo_db.

Restarting cherrpy 'solves' the problem, but obviously realtime connection or update is needed.

I've tried setting basic_auth.users to just method name rather than the data coming from an actual call, and also best guesses at cherrypy config update calls, but no joy.

Can't find update examples either.

No luck with direct setting to pymongo db either.

Would greatly appreciate it if anyone out there has some pointers.

auth_users_config = {
    'tools.basic_auth.on': True,
    'tools.basic_auth.users': get_users(),
    'tools.basic_auth.realm': '',
    'tools.basic_auth.encrypt': pwe


sslConfig = {
    # Users access:
    '/ExternalResource': auth_users_config,


https_cp_app = cherrypy.tree.mount(,

Sviatoslav Sydorenko

Sep 25, 2019, 7:48:04 AM9/25/19
Hi Peter!

FYI basic_auth and digest_auth are deprecated and were removed over a year ago. You should instead adapt to use the more recent and better implemented auth_basic and auth_digest.
So auth_basic in fact supports a checkpassword setting which is a callable:

Also, I'd like to point out two more things:
1) It's more secure to prefer digest auth over basic. auth_digest also supports a callable setting (get_ha1):
2) Don't forget that you can easily customize things by writing your own tools and/or plugins:

ср, 25 вер. 2019 о 08:50 Peter C. Miller <> пише:
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

Reply all
Reply to author
0 new messages