refreshing of basic_auth.users possible?
27 views
Skip to first unread message
Peter C. Miller
Sep 25, 2019, 2:50:51 AM9/25/19
to cherrypy-users
I have user auth working well in cherrypy with code below.
The problem I'm having is that if the target database of users gets updated - e.g. user adds or updates a password, cherrypy doesn't seem to know about it because it only brings in the data once at launch via below 'get_users()' method. the get_users simply returns a manual key value dict scraped form a pymongo_db.
Restarting cherrpy 'solves' the problem, but obviously realtime connection or update is needed.
I've tried setting basic_auth.users to just method name rather than the data coming from an actual call, and also best guesses at cherrypy config update calls, but no joy.
Can't find update examples either.
No luck with direct setting to pymongo db either.
Would greatly appreciate it if anyone out there has some pointers.
auth_users_config = {
'tools.basic_auth.on': True,
'tools.basic_auth.users': get_users(),
'tools.basic_auth.realm': 'some.place.out.there',
'tools.basic_auth.encrypt': pwe
}
.....
sslConfig = {
# Users access:
'/ExternalResource': auth_users_config,
.....
https_cp_app = cherrypy.tree.mount(api_sub_domain_container.dev,
'/a_mount',
sslConfig)
The problem I'm having is that if the target database of users gets updated - e.g. user adds or updates a password, cherrypy doesn't seem to know about it because it only brings in the data once at launch via below 'get_users()' method. the get_users simply returns a manual key value dict scraped form a pymongo_db.
Restarting cherrpy 'solves' the problem, but obviously realtime connection or update is needed.
I've tried setting basic_auth.users to just method name rather than the data coming from an actual call, and also best guesses at cherrypy config update calls, but no joy.
Can't find update examples either.
No luck with direct setting to pymongo db either.
Would greatly appreciate it if anyone out there has some pointers.
auth_users_config = {
'tools.basic_auth.on': True,
'tools.basic_auth.users': get_users(),
'tools.basic_auth.realm': 'some.place.out.there',
'tools.basic_auth.encrypt': pwe
}
.....
sslConfig = {
# Users access:
'/ExternalResource': auth_users_config,
.....
https_cp_app = cherrypy.tree.mount(api_sub_domain_container.dev,
'/a_mount',
sslConfig)
Sviatoslav Sydorenko
Sep 25, 2019, 7:48:04 AM9/25/19
to cherryp...@googlegroups.com
Hi Peter!
So auth_basic in fact supports a checkpassword setting which is a callable: https://docs.cherrypy.org/en/latest/basics.html?highlight=auth_basic#basic.
Also, I'd like to point out two more things:
1) It's more secure to prefer digest auth over basic. auth_digest also supports a callable setting (get_ha1): https://github.com/cherrypy/cherrypy/blob/v18.2.0/cherrypy/lib/auth_digest.py#L16
2) Don't forget that you can easily customize things by writing your own tools and/or plugins: https://docs.cherrypy.org/en/latest/extend.html#per-request-functions
ср, 25 вер. 2019 о 08:50 Peter C. Miller <peter...@gmail.com> пише:
--
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cherrypy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cherrypy-users/1acd7645-3603-4179-9d9f-4a882d9efee2%40googlegroups.com.
Cheers,
Sviatoslav.
Reply all
Reply to author
Forward
0 new messages