wget and basic authentication
11,693 views
Skip to first unread message
mdorval
Oct 31, 2011, 8:58:46 PM10/31/11
to web2py-users
Ok, so this command example is in the documentation under basic
authentication (http://web2py.com/book/default/chapter/08#Access-
Control-and-Basic-Authentication):
wget --user=[username] --password=[password] http://.../[app]/[controller]/give_me_time
but this command won't work with basic authentication in web2py, as
web2py doesn't throw a 401 when the Authentication header is missing,
but a 403 (at least with the current version of wget).
In order for wget to work properly with basic authentication, one must
do
wget --user=[username] --password=[password] --auth-no-challenge
http://.../[app]/[controller]/give_me_time
The documentation on wget's --auth-no-challenge flag is as follows:
‘--auth-no-challenge’
If this option is given, Wget will send Basic HTTP authentication
information (plaintext username and password) for all requests, just
like Wget 1.10.2 and prior did by default.
Use of this option is not recommended, and is intended only to support
some few obscure servers, which never send HTTP authentication
challenges, but accept unsolicited auth info, say, in addition to form-
based authentication.
So my question is: Is there a way to get web2py to handle these
requests properly (return a 401 status code to prompt the client to
resend with credentials)?
(on a related note, it seems requests using urllib2 run into a similar
problem: http://stackoverflow.com/questions/2407126/python-urllib2-basic-auth-problem/2955687#2955687)
authentication (http://web2py.com/book/default/chapter/08#Access-
Control-and-Basic-Authentication):
wget --user=[username] --password=[password] http://.../[app]/[controller]/give_me_time
but this command won't work with basic authentication in web2py, as
web2py doesn't throw a 401 when the Authentication header is missing,
but a 403 (at least with the current version of wget).
In order for wget to work properly with basic authentication, one must
do
wget --user=[username] --password=[password] --auth-no-challenge
http://.../[app]/[controller]/give_me_time
The documentation on wget's --auth-no-challenge flag is as follows:
‘--auth-no-challenge’
If this option is given, Wget will send Basic HTTP authentication
information (plaintext username and password) for all requests, just
like Wget 1.10.2 and prior did by default.
Use of this option is not recommended, and is intended only to support
some few obscure servers, which never send HTTP authentication
challenges, but accept unsolicited auth info, say, in addition to form-
based authentication.
So my question is: Is there a way to get web2py to handle these
requests properly (return a 401 status code to prompt the client to
resend with credentials)?
(on a related note, it seems requests using urllib2 run into a similar
problem: http://stackoverflow.com/questions/2407126/python-urllib2-basic-auth-problem/2955687#2955687)
Massimo Di Pierro
Oct 31, 2011, 11:09:49 PM10/31/11
to web2py-users
Please open a ticket. this is easy and I can take of it tomorrow.
On Oct 31, 7:58 pm, mdorval <rockingdor...@gmail.com> wrote:
> Ok, so this command example is in the documentation under basic
> authentication (http://web2py.com/book/default/chapter/08#Access-
> Control-and-Basic-Authentication):
>
> wget --user=[username] --password=[password] http://.../[app]/[controller]/give_me_time
>
> but this command won't work with basic authentication in web2py, as
> web2py doesn't throw a 401 when the Authentication header is missing,
> but a 403 (at least with the current version of wget).
>
> In order for wget to work properly with basic authentication, one must
> do
> wget --user=[username] --password=[password] --auth-no-challengehttp://.../[app]/[controller]/give_me_time
On Oct 31, 7:58 pm, mdorval <rockingdor...@gmail.com> wrote:
> Ok, so this command example is in the documentation under basic
> authentication (http://web2py.com/book/default/chapter/08#Access-
> Control-and-Basic-Authentication):
>
> wget --user=[username] --password=[password] http://.../[app]/[controller]/give_me_time
>
> but this command won't work with basic authentication in web2py, as
> web2py doesn't throw a 401 when the Authentication header is missing,
> but a 403 (at least with the current version of wget).
>
> In order for wget to work properly with basic authentication, one must
> do
>
> The documentation on wget's --auth-no-challenge flag is as follows:
> ‘--auth-no-challenge’
> If this option is given, Wget will send Basic HTTP authentication
> information (plaintext username and password) for all requests, just
> like Wget 1.10.2 and prior did by default.
> Use of this option is not recommended, and is intended only to support
> some few obscure servers, which never send HTTP authentication
> challenges, but accept unsolicited auth info, say, in addition to form-
> based authentication.
>
> So my question is: Is there a way to get web2py to handle these
> requests properly (return a 401 status code to prompt the client to
> resend with credentials)?
> (on a related note, it seems requests using urllib2 run into a similar
> problem:http://stackoverflow.com/questions/2407126/python-urllib2-basic-auth-...)> The documentation on wget's --auth-no-challenge flag is as follows:
> ‘--auth-no-challenge’
> If this option is given, Wget will send Basic HTTP authentication
> information (plaintext username and password) for all requests, just
> like Wget 1.10.2 and prior did by default.
> Use of this option is not recommended, and is intended only to support
> some few obscure servers, which never send HTTP authentication
> challenges, but accept unsolicited auth info, say, in addition to form-
> based authentication.
>
> So my question is: Is there a way to get web2py to handle these
> requests properly (return a 401 status code to prompt the client to
> resend with credentials)?
> (on a related note, it seems requests using urllib2 run into a similar
Michele Comitini
May 8, 2013, 9:32:30 AM5/8/13
to web...@googlegroups.com
No one opened a ticket so I fixed it a few months ago
On a recent you can use auth.basic
auth.basic(basic_auth_realm="<any string you like>")
BONUS: *the realm string can be changed runtime to allow the user to be logged out i.e. the browser will ask authentication credentials again*
2013/5/8 Ian MacKinnon <imac...@gmail.com>
Was a ticket ever filed for this? I'm encountering the same issue and I couldn't find a ticket for this issue.Ian
--
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Ian MacKinnon
May 8, 2013, 7:05:04 PM5/8/13
to web...@googlegroups.com
Indeed you did: https://github.com/web2py/web2py/pull/63
(linked for other people hitting this issue)
Thanks for this, I've put more time into finding a fix for this than I care to admit.
Ian
Reply all
Reply to author
Forward
0 new messages