login community faq

simple cherrypy authentication

0
1

hello all, I am learning CherryPy, and would like to have a simple cherrypy authentication against a MySQL database user table that stores a username and an MD5 hashed password string.

Is there a dead easy tutorial out there other than the example posted on the CherryPy wiki (http://tools.cherrypy.org/wiki/AuthenticationAndAccessRestrictions)?

I am coming from a PHP background, I do not know if that matters, but I am used to authentication schemes handled by server side PHP session objects. So, anything that can compare to that would be welcome, because it would help me relate. I decided to use CherryPy because it seems to be the framework that fit the bill. I have a couple of very simple python apps in the works and just need something to provide the HTTP handling. Alternatively, my other choice would be Web.py, but since CherryPy support is better with WebFaction, I thought I would go that route. In addition, if I understand my reading sufficiently, CherryPy will provide the robust framework I need.

Thanks in advance.

asked Feb 18 '12 at 13:03

neorou73's gravatar image

neorou73
32
3 Answers:
oldestnewestmost voted
1

There are some fairly simple examples of CherryPy authentication at: CherryPy Digest and Basic Authentication Tutorial

Here is the basic authentication example from that page, modified to work with MySQL as the source of user info:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
import cherrypy
import MySQLdb
from md5 import md5

class RootServer:
    @cherrypy.expose
    def index(self):
        return """This is a public page!"""

class SecureServer:
    @cherrypy.expose
    def index(self):
    return "This is a secure section"

def get_users():
    db = MySQLdb.connect(host='localhost', 
                         user='db_name',
                         passwd='db_pass', 
                         db='db_name')
    curs = db.cursor()
    curs.execute('select username,password from users')
    return dict(curs.fetchall())

def encrypt_pw(pw):
    return md5(pw).hexdigest()

if __name__ == '__main__':
    users = get_users()

    conf = {'/secure': {'tools.basic_auth.on': True,
                        'tools.basic_auth.realm': 'Some site2',
                        'tools.basic_auth.users': users,
                        'tools.basic_auth.encrypt': encrypt_pw}}
    root = RootServer()
    root.secure = SecureServer()
    cherrypy.quickstart(root, '/', config=conf)

I don't claim that the above code represents any sort of best-practice approach to doing this - just posting it as a simple example.

Hope that helps!

answered Feb 23 '12 at 16:04

seanf's gravatar image

seanf ♦♦
56291220

edited Feb 23 '12 at 16:06

1

seanf - you are the man!!!! this is exactly what i am looking for. best practice becomes best practice if everybody is doing it :) thank you so much - you made my week.

(Feb 24 '12 at 10:18) neorou73 neorou73's gravatar image
0

If you do not want to write all of the database/user boilerplate you might want to use a framework like Django. By definition CherryPy is a minimalist framework and so you will have to write a lot of the boilerplate yourself.

answered Feb 18 '12 at 17:19

johns's gravatar image

johns ♦♦
340427

Thank you for your answer, johns. I had considered using Django a long time ago. My problem is this: I write python applications without really thinking about the web side of it first. So, what I need, is to keep the HTTP and HTTP related functionality (like authentication) separate. Django is nice and (pretty complete, it seems), but they force you to use their standards. Last I checked, I could not use SQLAlchemy, for example, because DJango has its own ORM. Maybe this has changed. Either way, although it provides a lot of ready made solutions for you, it is not for me.

(Feb 23 '12 at 15:35) neorou73 neorou73's gravatar image
0

Unless you need some of the special things you can implement with CherryPy and you can't do with an out-of-the-box apache wsgi install, I wouldn't go through all the hassle. I can just second Johns suggestion to use django with mod-wsgi. However, if you still want to use CherryPy instead of apache you can use it together with django (or any other wsgi compliant python framework like turbogears 2x, pylons, etc.): http://docs.cherrypy.org/dev/refman/wsgiserver/init.html. If you want to use CherryPy the hard way, at least have a look at http://werkzeug.pocoo.org/

answered Feb 19 '12 at 14:33

markusbarth's gravatar image

markusbarth
112

edited Feb 19 '12 at 14:37

Thank you for your answer, markus. I answered johns' post about Django. It is not for me, sad to say. It is starting to look like I might just use mod_wsgi or web.py directly for my means. Werkzeug may also be a possibility.

(Feb 23 '12 at 15:39) neorou73 neorou73's gravatar image
Your answer
If you have an answer to the above question, then use the form below. Otherwise, use the appropriate 'add new comment' button above to post your feedback.
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×19
×14

Asked: Feb 18 '12 at 13:03

Seen: 2,209 times

Last updated: Feb 24 '12 at 10:18

Related questions

how can I set up trac to require authentication for every page it generates?

CherryPy Logging Question

svn permissions

bottle run with cherrypy

Digest authentication for WebDAV?

How to restart a cherrypy Server

authentication - Internal Server Error

When I install an application how can I view files in a web-browser?

could anybody recommend a php mysql membership system

BOTTLE elementary questions

Plans & prices    Sign up    Why WebFaction?    Contact us    Affiliate program    Support    Legal    Jobs    Blog    Control panel login
Powered by OSQA
© Copyright 2003-2012 Swarma Limited - WebFaction is a service of Swarma Limited