diff options
| author | Barry Warsaw | 2010-10-11 15:01:22 -0400 |
|---|---|---|
| committer | Barry Warsaw | 2010-10-11 15:01:22 -0400 |
| commit | 9dd13dc84e39702c8abb0a4bf8d513bf3a35ebbd (patch) | |
| tree | 6a43de65a5d27740fc40c5bfc83b729b3af05934 /src/mailman/rest/root.py | |
| parent | 90814a40b82e559ebfa999df2121ba2e8e32500f (diff) | |
| parent | 14caf656788903a553c4a374b3f9a934a4014033 (diff) | |
| download | mailman-9dd13dc84e39702c8abb0a4bf8d513bf3a35ebbd.tar.gz mailman-9dd13dc84e39702c8abb0a4bf8d513bf3a35ebbd.tar.zst mailman-9dd13dc84e39702c8abb0a4bf8d513bf3a35ebbd.zip | |
Diffstat (limited to 'src/mailman/rest/root.py')
| -rw-r--r-- | src/mailman/rest/root.py | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/mailman/rest/root.py b/src/mailman/rest/root.py index 6835586b8..f34e0eb77 100644 --- a/src/mailman/rest/root.py +++ b/src/mailman/rest/root.py @@ -25,7 +25,8 @@ __all__ = [ ] -from restish import http, resource +from base64 import b64decode +from restish import guard, http, resource from mailman.config import config from mailman.core.system import system @@ -36,6 +37,19 @@ from mailman.rest.members import AllMembers +def webservice_auth_checker(request, obj): + auth = request.environ.get('HTTP_AUTHORIZATION', '') + if auth.startswith('Basic '): + credentials = b64decode(auth[6:]) + username, password = credentials.split(':', 1) + if (username != config.webservice.admin_user or + password != config.webservice.admin_pass): + # Not authorized. + raise guard.GuardError(b'User is not authorized for the REST API') + else: + raise guard.GuardError(b'The REST API requires authentication') + + class Root(resource.Resource): """The RESTful root resource. @@ -44,7 +58,9 @@ class Root(resource.Resource): and we start at 3.0 to match the Mailman version number. That may not always be the case though. """ + @resource.child(config.webservice.api_version) + @guard.guard(webservice_auth_checker) def api_version(self, request, segments): return TopLevel() |