我正在运行一个 Flask 应用程序,将 apache 与 mod_wsgi 一起使用,使用我自己的 ssl 证书(自签名),我还使用 Flask-HTTPAuth 库(https://flask-httpauth.readthedocs.org/en/latest/)并且我确实使用 BasicAuth
app.auth = HTTPBasicAuth()
我正在尝试使用 curl 测试 api,但我的 flask 应用程序没有让我登录。
这是 curl 线
/usr/bin/curl -H 'Accept: application/json' -H 'Content-type: application/json' -u 'user:mypasswd' --cacert path_to/rootCA.crt --key path_to/backend.key --cert path_to/backend.crt -X POST -d '{}' -vvv https://my_url:443/api/1.0/code/create
服务器有响应
* Hostname was NOT found in DNS cache
* Trying ** ...
* Connected to ** (**) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: path_to/rootCA.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: ***
* start date: 2015-10-20 13:22:20 GMT
* expire date: 2017-03-03 13:22:20 GMT
* common name: *** (matched)
* issuer: ***
* SSL certificate verify ok.
* Server auth using Basic with user 'user'
> POST //api/1.0/code/create HTTP/1.1
> Authorization: Basic amFtZXM6TDMgbDFuZCEgQHYgczBsMyFM
> User-Agent: curl/7.35.0
> Host: ***
> Accept: application/json
> Content-type: application/json
> Content-Length: 83
>
* upload completely sent off: 83 out of 83 bytes
< HTTP/1.1 401 UNAUTHORIZED
< Date: Wed, 21 Oct 2015 12:29:17 GMT
* Server Apache/2.4.7 (Ubuntu) is not blacklisted
< Server: Apache/2.4.7 (Ubuntu)
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Authentication Required"
< Content-Length: 19
< Content-Type: text/html; charset=utf-8
<
* Connection #0 to host ***m left intact
Unauthorized Access
有一个由 -u 选项创建的授权 header 。但是在我的 flask 应用程序中没有给出用户名或密码。
@app.auth.verify_password
def verify_password(username, passwd):
print "USername [%s] [%s]" % (username, passwd)
return False
给出的输出是:
USername [] []
所以我的问题是如何使用 curl 为 verify_password 装饰器提供用户名和密码?
谢谢。
最佳答案
您需要配置 mod_wsgi 以将授权 header 传递给您的 Flask 应用程序。
Be aware that some web servers do not pass the Authorization headers to the WSGI application by default.
另外,来自 verify_password 的文档:
If this callback is defined, it is also invoked when the request does not have the Authorization header with user credentials, and in this case both the username and password arguments are set to empty strings.
...这可以解释您看到的输出。
由于您使用的是带有 mod_wsgi 的 Apache,因此您应该设置 WSGIPassAuthorization directive在 Apache 配置中设置为 On(默认为 Off)。
关于python - Flask 不使用 curl auth,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33259710/