Implement a basic authentication API

2025-02-19 19:10:25 +02:00 · 2017-11-20 00:08:48 +01:00 · 2017-11-20 00:08:48 +01:00 · 17b184e5c8
commit 17b184e5c8
parent 8920982213
1 changed files with 20 additions and 0 deletions
--- a/core/admin/mailu/internal/views.py
+++ b/core/admin/mailu/internal/views.py
@ -3,6 +3,8 @@ from mailu.internal import internal, nginx

 import flask
 import flask_login
+import base64
+import urllib


@internal.route("/auth/email")
@ -28,3 +30,21 @@ def admin_authentication():
        and flask_login.current_user.global_admin):
        return ""
    return flask.abort(403)
+
+
+@internal.route("/auth/basic")
+def basic_authentication():
+    """ Tries to authenticate using the Authorization header.
+    """
+    authorization = flask.request.headers.get("Authorization")
+    if authorization and authorization.startswith("Basic "):
+        encoded = authorization.replace("Basic ", "")
+        user_email, password = base64.b64decode(encoded).split(b":")
+        user = models.User.query.get(user_email.decode("utf8"))
+        if user and user.check_password(password.decode("utf8")):
+            response = flask.Response()
+            response.headers["X-User"] = user.email
+            return response
+    response = flask.Response(status=401)
+    response.headers["WWW-Authenticate"] = 'Basic realm="Login Required"'
+    return response