Decoding HTTP_AUTHORIZATION
680 views
Skip to first unread message
peterk
Jun 7, 2008, 3:05:23 PM6/7/08
to Google App Engine
Strictly speaking this is a python issue (I guess) rather than
something peculiar to GAE, but I'm hoping someone might be able to
help. I'm kind of new to python/GAE..
I'm trying to roll my own http authentication for my app, rather than
use the Google User API. So I'm trying to read the contents of the
HTTP_AUTHORIZATION variable. All goes well until I try to decode it,
and get the username and password sent with the request. Here's my
code:
def authenticate(self):
environ = dict(os.environ.items())
try: environ['HTTP_AUTHORIZATION']
except KeyError:
self.forbidden()
else:
auth_info = environ['HTTP_AUTHORIZATION']
if auth_info.startswith("Basic "):
basic_info = auth_info.lstrip("Basic ")
u,p = basic_info.decode("base64").split(":")
I get the following error from the last line:
Traceback (most recent call last):
File "/base/python_lib/versions/1/google/appengine/ext/webapp/
__init__.py", line 499, in __call__
handler.get(*groups)
File "/base/data/home/apps/cocom/1.122/main.py", line 52, in get
if self.authenticate():
File "/base/data/home/apps/cocom/1.122/main.py", line 29, in
authenticate
u,p = basic_info.decode("base64").split(":")
File "/base/python_dist/lib/python2.5/encodings/base64_codec.py",
line 42, in base64_decode
output = base64.decodestring(input)
File "/base/python_dist/lib/python2.5/base64.py", line 321, in
decodestring
return binascii.a2b_base64(s)
Error: Incorrect padding
In other words, the base64 decoding seems to have some trouble. I'm
stripping away the "Basic " prefix to the encoded authentication info,
and the remaining data is just one line of encoded data, so I'm sort
of puzzled as to why it's doing this. Any ideas/comments?
Many thanks! :)
something peculiar to GAE, but I'm hoping someone might be able to
help. I'm kind of new to python/GAE..
I'm trying to roll my own http authentication for my app, rather than
use the Google User API. So I'm trying to read the contents of the
HTTP_AUTHORIZATION variable. All goes well until I try to decode it,
and get the username and password sent with the request. Here's my
code:
def authenticate(self):
environ = dict(os.environ.items())
try: environ['HTTP_AUTHORIZATION']
except KeyError:
self.forbidden()
else:
auth_info = environ['HTTP_AUTHORIZATION']
if auth_info.startswith("Basic "):
basic_info = auth_info.lstrip("Basic ")
u,p = basic_info.decode("base64").split(":")
I get the following error from the last line:
Traceback (most recent call last):
File "/base/python_lib/versions/1/google/appengine/ext/webapp/
__init__.py", line 499, in __call__
handler.get(*groups)
File "/base/data/home/apps/cocom/1.122/main.py", line 52, in get
if self.authenticate():
File "/base/data/home/apps/cocom/1.122/main.py", line 29, in
authenticate
u,p = basic_info.decode("base64").split(":")
File "/base/python_dist/lib/python2.5/encodings/base64_codec.py",
line 42, in base64_decode
output = base64.decodestring(input)
File "/base/python_dist/lib/python2.5/base64.py", line 321, in
decodestring
return binascii.a2b_base64(s)
Error: Incorrect padding
In other words, the base64 decoding seems to have some trouble. I'm
stripping away the "Basic " prefix to the encoded authentication info,
and the remaining data is just one line of encoded data, so I'm sort
of puzzled as to why it's doing this. Any ideas/comments?
Many thanks! :)
nchauvat
Jun 7, 2008, 3:30:39 PM6/7/08
to Google App Engine
> environ = dict(os.environ.items())
> try: environ['HTTP_AUTHORIZATION']
> except KeyError:
> self.forbidden()
> else:
> auth_info = environ['HTTP_AUTHORIZATION']
> if auth_info.startswith("Basic "):
> basic_info = auth_info.lstrip("Basic ")
> u,p = basic_info.decode("base64").split(":")
Since os.environ already is a dictionnary it would be nicer as
> try: environ['HTTP_AUTHORIZATION']
> except KeyError:
> self.forbidden()
> else:
> auth_info = environ['HTTP_AUTHORIZATION']
> if auth_info.startswith("Basic "):
> basic_info = auth_info.lstrip("Basic ")
> u,p = basic_info.decode("base64").split(":")
follows:
if 'HTTP_AUTHORIZATION' not in os.environ:
self.forbidden()
else:
auth_info = os.environ['HTTP_AUTHORIZATION']
if auth_info.startswith('Basic '):
basic_info = auth_info.lstrip('Basic ')
print 'XXX%sXXX' % basic_info
basic_info = auth_info.lstrip('Basic ')
then run this with dev_appserver.py and read the output on the console
and try to figure out why this string is not properly base64 encoded.
peterk
Jun 7, 2008, 4:13:49 PM6/7/08
to Google App Engine
Thanks, I'll implement that change to the os.environ bit..
I also figured out what was wrong with the decoding...it turns out you
don't strip the space after 'Basic' from the front of the
authorization string. If the space isn't there it doesn't work! :)
Thanks very much for your help!
I also figured out what was wrong with the decoding...it turns out you
don't strip the space after 'Basic' from the front of the
authorization string. If the space isn't there it doesn't work! :)
Thanks very much for your help!
Reply all
Reply to author
Forward
0 new messages