def test_401(self, client):
client.app.add_route('/401', UnauthorizedResource())
response = client.simulate_request(path='/401')
assert response.status == falcon.HTTP_401
assert response.headers['www-authenticate'] == 'Basic realm="simple"'
response = client.simulate_post('/401')
assert response.status == falcon.HTTP_401
assert response.headers['www-authenticate'] == 'Newauth realm="apps", Basic realm="simple"'
response = client.simulate_put('/401')
assert response.status == falcon.HTTP_401
assert 'www-authenticate' not in response.headers
python类HTTP_401的实例源码
def __call__(self, f):
@functools.wraps(f)
def secure_handler(slf, req, resp, *args, **kwargs):
ctx = req.context
policy_engine = ctx.policy_engine
self.logger.debug("Enforcing policy %s on request %s" %
(self.action, ctx.request_id))
if policy_engine is not None and policy_engine.authorize(
self.action, ctx):
return f(slf, req, resp, *args, **kwargs)
else:
if ctx.authenticated:
slf.info(
ctx,
"Error - Forbidden access - action: %s" % self.action)
slf.return_error(
resp,
falcon.HTTP_403,
message="Forbidden",
retry=False)
else:
slf.info(ctx, "Error - Unauthenticated access")
slf.return_error(
resp,
falcon.HTTP_401,
message="Unauthenticated",
retry=False)
return secure_handler
def __call__(self, f):
@functools.wraps(f)
def secure_handler(slf, req, resp, *args, **kwargs):
ctx = req.context
policy_eng = ctx.policy_engine
# policy engine must be configured
if policy_eng is not None:
LOG.debug(
'Enforcing policy %s on request %s using engine %s',
self.action,
ctx.request_id,
policy_eng.__class__.__name__,
ctx=ctx)
else:
LOG.error('No policy engine configured', ctx=ctx)
raise ex.PromenadeException(
title="Auth is not being handled by any policy engine",
status=falcon.HTTP_500,
retry=False)
authorized = False
try:
if policy_eng.authorize(self.action, ctx):
LOG.debug('Request is authorized', ctx=ctx)
authorized = True
except Exception:
LOG.exception(
'Error authorizing request for action %s',
self.action,
ctx=ctx)
raise ex.ApiError(
title="Expectation Failed",
status=falcon.HTTP_417,
retry=False)
if authorized:
return f(slf, req, resp, *args, **kwargs)
else:
# raise the appropriate response exeception
if ctx.authenticated:
LOG.error(
'Unauthorized access attempted for action %s',
self.action,
ctx=ctx)
raise ex.ApiError(
title="Forbidden",
status=falcon.HTTP_403,
description="Credentials do not permit access",
retry=False)
else:
LOG.error(
'Unathenticated access attempted for action %s',
self.action,
ctx=ctx)
raise ex.ApiError(
title="Unauthenticated",
status=falcon.HTTP_401,
description="Credentials are not established",
retry=False)
return secure_handler
