CODEWITHSUNDEEP
pythongoogle-app-engine.htaccessopenid.htpasswd
Jmlevick
Jmlevick

Reputation: 6686

Password Protect Static Page AppEngine HowTo?

So I'm working with AppEngine (Python) and what I want to do is to provide OpenID Login setting a Default provider so the user can Log-In without problems using that provider. The thing is, I want to prompt the user a Password right after they login in order to show static content (HTML Pages); If the user doesn't enter the correct password then I want to redirect them to another page. The protection has to be server side please :) Any Ideas??

P.S. I'm seeking for a solution similar to ".htaccess/htpasswd" but for app engine.

Upvotes: 0

Views: 1877

Answers (2)

swdev
swdev

Reputation: 3071

Try this out, you can mimic the .htaccess style password with Google App Engine:

def basicAuth(func):
  def callf(webappRequest, *args, **kwargs):
    # Parse the header to extract a user/password combo.
    # We're expecting something like "Basic XZxgZRTpbjpvcGVuIHYlc4FkZQ=="
    auth_header = webappRequest.request.headers.get('Authorization')

    if auth_header == None:
      webappRequest.response.set_status(401, message="Authorization Required")
      webappRequest.response.headers['WWW-Authenticate'] = 'Basic realm="Kalydo School"'
    else:
      # Isolate the encoded user/passwd and decode it
      auth_parts = auth_header.split(' ')
      user_pass_parts = base64.b64decode(auth_parts[1]).split(':')
      user_arg = user_pass_parts[0]
      pass_arg = user_pass_parts[1]

      if user_arg != "admin" or pass_arg != "foobar":
        webappRequest.response.set_status(401, message="Authorization Required")
        webappRequest.response.headers['WWW-Authenticate'] = 'Basic realm="Secure Area"'
        # Rendering a 401 Error page is a good way to go...
        self.response.out.write(template.render('templates/error/401.html', {}))
      else:
        return func(webappRequest, *args, **kwargs)

  return callf

class AuthTest(webapp.RequestHandler):
  @basicAuth
  def get(self):
     ....

How-To: Dynamic WWW-Authentication (.htaccess style) on Google App Engine

Upvotes: 0

Peter Knego
Peter Knego

Reputation: 80340

AFAIK, GAE does not support such setup (static password after OpenID login).

The only way I see to make this work would be to serve static content via your handler:

  1. Client makes a request for static content
  2. Your handler is registered to handle this URL
  3. Handler checks is user is authenticated. If not, requests a password.
  4. When authenticated, handler reads static file and sends it back to user.

Upvotes: 2

Related Questions