Allow securing with Basic auth #5

tuukkamustonen · 2017-12-15T11:12:15Z

While you're probably not supported to run this in production or in public servers, sometimes that would be just convenient.

Securing with Basic auth wouldn't probably be too big a task, but should do the job and doesn't require a session.

Would this be viable?

mgedmin · 2017-12-15T13:41:58Z

My gut feeling is that the frontend server should be responsible for authentication. You're deploying WSGI apps behind Apache or Nginx, aren't you?

tuukkamustonen · 2017-12-15T13:43:00Z

Not this time, I'm running gunicorn (with gevent) straight behind AWS Application Load Balancer.

tuukkamustonen · 2017-12-15T13:44:44Z

Sorry, misclick.

mgedmin · 2017-12-15T13:48:01Z

What do you propose?

I'm willing to accept a pull request, if it has tests and documentation.

tuukkamustonen · 2017-12-15T14:03:49Z

What do you propose?

Not sure what you mean - I don't have a PR to send now. I'm not familiar with WSGI middleware or mako et al. either.

I'm willing to accept a pull request, if it has tests and documentation.

That's good to know. I suggest we wait a bit and see if anyone else is interested in this...

mgedmin · 2017-12-15T14:14:29Z

What do you propose?

Not sure what you mean

Mostly, what API do you think would work well for your use case?

tuukkamustonen · 2017-12-16T08:18:53Z

Ah, just something like:

app = build_my_flask_app(...)
app.wsgi_app = Dozer(app.wsgi_app, basic_auth=('username', 'password'))

And then Dozer would secure all its endpoints (_dozer/, _profiler, other if there are any) with that.

mgedmin added the question label Dec 15, 2017

tuukkamustonen closed this as completed Dec 15, 2017

tuukkamustonen reopened this Dec 15, 2017

mgedmin added enhancement and removed question labels Dec 15, 2017

mgedmin added the help wanted label Dec 16, 2017

Provide feedback