Flask 不使用 curl auth
Flask not using curl auth
我是 运行 Flask 应用程序,使用带有 mod_wsgi 的 apache,使用我自己的 ssl 证书 (self-signed),我还使用 Flask-HTTPAuth 库 ( https://flask-httpauth.readthedocs.org/en/latest/) 而且我使用 BasicAuth
app.auth = HTTPBasicAuth()
我正在尝试使用 curl 测试 api,但我的 Flask 应用程序没有让我登录。
这是卷曲线
/usr/bin/curl -H 'Accept: application/json' -H 'Content-type: application/json' -u 'user:mypasswd' --cacert path_to/rootCA.crt --key path_to/backend.key --cert path_to/backend.crt -X POST -d '{}' -vvv https://my_url:443/api/1.0/code/create
有服务器回复
* Hostname was NOT found in DNS cache
* Trying ** ...
* Connected to ** (**) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: path_to/rootCA.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: ***
* start date: 2015-10-20 13:22:20 GMT
* expire date: 2017-03-03 13:22:20 GMT
* common name: *** (matched)
* issuer: ***
* SSL certificate verify ok.
* Server auth using Basic with user 'user'
> POST //api/1.0/code/create HTTP/1.1
> Authorization: Basic amFtZXM6TDMgbDFuZCEgQHYgczBsMyFM
> User-Agent: curl/7.35.0
> Host: ***
> Accept: application/json
> Content-type: application/json
> Content-Length: 83
>
* upload completely sent off: 83 out of 83 bytes
< HTTP/1.1 401 UNAUTHORIZED
< Date: Wed, 21 Oct 2015 12:29:17 GMT
* Server Apache/2.4.7 (Ubuntu) is not blacklisted
< Server: Apache/2.4.7 (Ubuntu)
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Authentication Required"
< Content-Length: 19
< Content-Type: text/html; charset=utf-8
<
* Connection #0 to host ***m left intact
Unauthorized Access
有一个由 -u 选项创建的授权 header。但是在我的烧瓶应用程序中没有给出用户名或密码。
@app.auth.verify_password
def verify_password(username, passwd):
print "USername [%s] [%s]" % (username, passwd)
return False
给出的输出是:
USername [] []
所以我的问题是如何使用 curl 为 verify_password 装饰器提供用户名和密码?
谢谢。
谢谢@jeremy-allen 就是这样。
因此,如果像这样的东西阻止了您(并且您正在使用 mod_wsgi)。
点击链接:https://flask-httpauth.readthedocs.org/en/latest/#deployment-considerations and https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization
您可能在 Apache 配置中遗漏了 WSGIPassAuthorization 变量。
谢谢。
您需要配置 mod_wsgi 以将授权 headers 传递给您的 flask 应用程序。
Be aware that some web servers do not pass the Authorization headers
to the WSGI application by default.
另外,来自 verify_password 的文档:
If this callback is defined, it is also invoked when the request does
not have the Authorization header with user credentials, and in this
case both the username and password arguments are set to empty
strings.
...这可以解释您看到的输出。
由于您使用 Apache 和 mod_wsgi,您应该在 Apache 配置中将 WSGIPassAuthorization directive 设置为 On(默认为 Off)。
我是 运行 Flask 应用程序,使用带有 mod_wsgi 的 apache,使用我自己的 ssl 证书 (self-signed),我还使用 Flask-HTTPAuth 库 ( https://flask-httpauth.readthedocs.org/en/latest/) 而且我使用 BasicAuth
app.auth = HTTPBasicAuth()
我正在尝试使用 curl 测试 api,但我的 Flask 应用程序没有让我登录。
这是卷曲线
/usr/bin/curl -H 'Accept: application/json' -H 'Content-type: application/json' -u 'user:mypasswd' --cacert path_to/rootCA.crt --key path_to/backend.key --cert path_to/backend.crt -X POST -d '{}' -vvv https://my_url:443/api/1.0/code/create
有服务器回复
* Hostname was NOT found in DNS cache
* Trying ** ...
* Connected to ** (**) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: path_to/rootCA.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: ***
* start date: 2015-10-20 13:22:20 GMT
* expire date: 2017-03-03 13:22:20 GMT
* common name: *** (matched)
* issuer: ***
* SSL certificate verify ok.
* Server auth using Basic with user 'user'
> POST //api/1.0/code/create HTTP/1.1
> Authorization: Basic amFtZXM6TDMgbDFuZCEgQHYgczBsMyFM
> User-Agent: curl/7.35.0
> Host: ***
> Accept: application/json
> Content-type: application/json
> Content-Length: 83
>
* upload completely sent off: 83 out of 83 bytes
< HTTP/1.1 401 UNAUTHORIZED
< Date: Wed, 21 Oct 2015 12:29:17 GMT
* Server Apache/2.4.7 (Ubuntu) is not blacklisted
< Server: Apache/2.4.7 (Ubuntu)
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Authentication Required"
< Content-Length: 19
< Content-Type: text/html; charset=utf-8
<
* Connection #0 to host ***m left intact
Unauthorized Access
有一个由 -u 选项创建的授权 header。但是在我的烧瓶应用程序中没有给出用户名或密码。
@app.auth.verify_password
def verify_password(username, passwd):
print "USername [%s] [%s]" % (username, passwd)
return False
给出的输出是:
USername [] []
所以我的问题是如何使用 curl 为 verify_password 装饰器提供用户名和密码?
谢谢。
谢谢@jeremy-allen 就是这样。
因此,如果像这样的东西阻止了您(并且您正在使用 mod_wsgi)。
点击链接:https://flask-httpauth.readthedocs.org/en/latest/#deployment-considerations and https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization
您可能在 Apache 配置中遗漏了 WSGIPassAuthorization 变量。
谢谢。
您需要配置 mod_wsgi 以将授权 headers 传递给您的 flask 应用程序。
Be aware that some web servers do not pass the Authorization headers to the WSGI application by default.
另外,来自 verify_password 的文档:
If this callback is defined, it is also invoked when the request does not have the Authorization header with user credentials, and in this case both the username and password arguments are set to empty strings.
...这可以解释您看到的输出。
由于您使用 Apache 和 mod_wsgi,您应该在 Apache 配置中将 WSGIPassAuthorization directive 设置为 On(默认为 Off)。