Authentication¶
sandman supports HTTP basic authentication, meaning a username and password must be passed on each request via the Authorization header.
Enabling Authentication¶
Enabling authentication in your sandman installation is a straight-forward task. You’ll need to define two functions:
- get_password()
- before_request()
The former is required by Flask-HTTPAuth, which powers sandman's authentication. The latter is used to ensure that _all_ requests are authorized.
get_password¶
The get_password function takes a username as an argument and should return the associated password for that user. To notify Flask-HTTPAuth that this is the function responsible for returning passwords, it must be wrapped with the @auth.get_password decorator (auth is importable from sandman, e.g. from sandman import app, db, auth). How you implement your user management system is up to you; you simply need to implement get_password in whatever way is most appropriate for your security setup.
As a trivial example, here’s an implementation of get_password that always returns secret, meaning secret must be the password, regardless of the username:
@auth.get_password
def get_password(username):
"""Return the password for *username*."""
return 'secret'
before_request¶
Once you’ve hooked up your password function, it’s time to tell Flask which requests should require authentication. Rather than picking and choosing on a request by request basis, we use the @app.before_request decorator included in Flask to make sure _all_ requests are authenticated. Here’s a sample implementation:
@app.before_request
@auth.login_required
def before_request():
pass
Notice the function just calls pass; it needn’t have any logic, since the logic is added by Flask-HTTPAuth’s @auth.login_required decorator.
Token-based Authentication¶
There are plans for sandman to support token-based authentication, but this currently isn’t supported and no time frame for implementation has been set.