Lum*_*umy 4 python authentication curl http-headers flask
我正在运行 Flask 应用程序,使用带有 mod_wsgi 的 apache,以及我自己的 ssl 证书(自签名),我还使用 Flask-HTTPAuth lib(https://flask-httpauth.readthedocs.org/en/latest/)我确实使用 BasicAuth
app.auth = HTTPBasicAuth()
我正在尝试使用 curl 测试 api,但我的 Flask 应用程序没有让我登录。
这是卷曲线
/usr/bin/curl -H 'Accept: application/json' -H 'Content-type: application/json' -u 'user:mypasswd' --cacert path_to/rootCA.crt --key path_to/backend.key --cert path_to/backend.crt -X POST -d '{}' -vvv https://my_url:443/api/1.0/code/create
有来自服务器的答复
* Hostname was NOT found in DNS cache
* Trying ** ...
* Connected to ** (**) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: path_to/rootCA.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: ***
* start date: 2015-10-20 13:22:20 GMT
* expire date: 2017-03-03 13:22:20 GMT
* common name: *** (matched)
* issuer: ***
* SSL certificate verify ok.
* Server auth using Basic with user 'user'
> POST //api/1.0/code/create HTTP/1.1
> Authorization: Basic amFtZXM6TDMgbDFuZCEgQHYgczBsMyFM
> User-Agent: curl/7.35.0
> Host: ***
> Accept: application/json
> Content-type: application/json
> Content-Length: 83
>
* upload completely sent off: 83 out of 83 bytes
< HTTP/1.1 401 UNAUTHORIZED
< Date: Wed, 21 Oct 2015 12:29:17 GMT
* Server Apache/2.4.7 (Ubuntu) is not blacklisted
< Server: Apache/2.4.7 (Ubuntu)
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Authentication Required"
< Content-Length: 19
< Content-Type: text/html; charset=utf-8
<
* Connection #0 to host ***m left intact
Unauthorized Access
有一个由 -u 选项创建的 Authorization 标头。但是在我的烧瓶应用程序中没有给出用户或密码。
@app.auth.verify_password
def verify_password(username, passwd):
print "USername [%s] [%s]" % (username, passwd)
return False
给出的输出是:
USername [] []
所以我的问题是如何使用 curl 为 verify_password 装饰器提供用户名和密码?
谢谢你。
您需要配置 mod_wsgi 以将授权标头传递给您的 Flask 应用程序。
请注意,某些 Web 服务器默认情况下不会将 Authorization 标头传递给 WSGI 应用程序。
此外,来自以下文档verify_password:
如果定义了此回调,则在请求没有包含用户凭据的 Authorization 标头时也会调用它,在这种情况下,用户名和密码参数都设置为空字符串。
...这可以解释您看到的输出。
由于您将 Apache 与 mod_wsgi 一起使用,您应该在 Apache 配置中将WSGIPassAuthorization 指令设置 为On(其默认值为Off)。