Ticket #138: 0011-Allow-authentication-to-work-with-.htpasswd-style-fi.patch

NEWS

@@ -13 +13 @@
 *** Password protected WebStatus
 The WebStatus constructor can take an instance of IAuth (from
 status.web.authentication).  The class BasicAuth accepts a `userpass' keyword
-argument in pretty much the same way as Try_Userpass does.
+argument in pretty much the same way as Try_Userpass does.  The class
+HTPasswdAuth authenticate users with a .htpasswd-style file.
 Only users with a valid login/password can then force/stop builds from the
 WebStatus.
 

buildbot/status/web/authentication.py

@@ -1 @@
-
+import os
 from zope.interface import Interface, implements
 
 class IAuth(Interface):
@@ -45 +45 @@
                 return True
         self.err = "Invalid login or password"
         return False
+
+class HTPasswdAuth(AuthBase):
+    implements(IAuth)
+    """Implement an authentication against an .htpasswd-style file."""
+
+    file = ""
+    """Path to the .htpasswd-style file to use."""
+
+    def __init__(self, file):
+        """C{file} is a path to an .htpasswd-style file."""
+        assert os.path.exists(file)
+        self.file = file
+
+    def authenticate(self, login, password):
+        """Authenticate C{login} and C{password} against a .htpasswd-style
+        file"""
+        if not os.path.exists(self.file):
+            self.err = "No such file: " + self.file
+            return False
+        # Fetch the lines from the .htpasswd file and split them in a
+        # [login, password] array.
+        lines = [l.rstrip().split(':', 1)
+                 for l in file(self.file).readlines()]
+        # Keep only the line for this login
+        lines = [l for l in lines if l[0] == login]
+        if not lines:
+            self.err = "Invalid login"
+            return False
+        # This is the DES-hash of the password.  The first two characters are
+        # the salt used to introduce disorder in the DES algorithm.
+        hash = lines[0][1]
+        from crypt import crypt
+        res = hash == crypt(password, hash[0:2])
+        if res:
+            self.err = ""
+        else:
+            self.err = "Invalid password"
+        return res

docs/buildbot.texinfo

@@ -6127 +6127 @@
 @code{status.web.authentication.IAuth} as a @code{auth} keyword argument.
 The class @code{BasicAuth} implements a basic authentication mechanism
 using a list of login/password pairs provided from the configuration file.
+The class @code{HTPasswdAuth} implements an authentication against an
+@file{.htpasswd}-style file.
 
 @example
 from buildbot.status.html import WebStatus
 from buildbot.status.web.authentication import BasicAuth
 users = [('login', 'password'), ('bob', 'secret-pass')]
 c['status'].append(WebStatus(http_port=8080, auth=BasicAuth(users)))
+
+from buildbot.status.web.authentication import HTPasswdAuth
+file = '/path/to/file'
+c['status'].append(WebStatus(http_port=8080, auth=HTPasswdAuth(file)))
 @end example