Added http basic authentication to results resources

10aed851 · Mark Watts · ad9ede13 · 10aed851 · 10aed851
Commit 10aed851 authored Feb 26, 2017 by Mark Watts
--- a/codespeed/auth.py
+++ b/codespeed/auth.py
+import logging
+from functools import wraps
+from django.contrib.auth import authenticate
+from django.http import HttpResponse, HttpResponseForbidden
+from base64 import b64decode
+
+
+def basic_auth_required(realm='default'):
+    def _helper(func):
+        @wraps(func)
+        def _decorator(request, *args, **kwargs):
+            if 'HTTP_AUTHORIZATION' in request.META:
+                http_auth = request.META['HTTP_AUTHORIZATION']
+                authmeth, auth = http_auth.split(' ', 1)
+                if authmeth.lower() == 'basic':
+                    authb = b64decode(auth.strip())
+                    auth = authb.decode()
+                    username, password = auth.split(':', 1)
+                    user = authenticate(username=username, password=password)
+                    if user is not None:
+                        logging.info(
+                            'Authentication succeeded for {}'.format(username))
+                        return func(request, *args, **kwargs)
+                    else:
+                        return HttpResponseForbidden()
+            res = HttpResponse()
+            res.status_code = 401
+            res.reason_phrase = 'Unauthorized'
+            res['WWW-Authenticate'] = 'Basic realm="{}"'.format(realm)
+            return res
+        return _decorator
+
+    return _helper
--- a/codespeed/views.py
+++ b/codespeed/views.py
@@ -14,6 +14,7 @@ from django.views.decorators.http import require_GET, require_POST
 from django.views.decorators.csrf import csrf_exempt
 from django.template import RequestContext
 from django.conf import settings
+from .auth import basic_auth_required

 from .models import (Environment, Report, Project, Revision, Result,
                     Executable, Benchmark, Branch)
@@ -697,6 +698,7 @@ def displaylogs(request):

 @csrf_exempt
 @require_POST
+@basic_auth_required('results')
 def add_result(request):
    response, error = save_result(request.POST)
    if error:
@@ -710,6 +712,7 @@ def add_result(request):

 @csrf_exempt
 @require_POST
+@basic_auth_required('results')
 def add_json_results(request):
    if not request.POST.get('json'):
        return HttpResponseBadRequest("No key 'json' in POST payload")