FeatReq: basic_auth_required accepting callable about quart-auth HOT 8 CLOSED

The credentials are stored in the app's config, which can be loaded from the environment or files (no need to store credentials in the code).

I'm not sure whether to add this functionality to Quart-Auth directly - it is quite easily to adapt and create your own basic_auth_required decorator based on the existing one e.g. for your use case (with check_auth):

def basic_auth_required(func: Callable) -> Callable:
    @wraps(func)
    async def wrapper(*args: Any, **kwargs: Any) -> Any:
        if has_request_context():
            auth = request.authorization
        elif has_websocket_context():
            auth = websocket.authorization
        else:
            raise RuntimeError("Not used in a valid request/websocket context")

        valid = await check_auth(auth)
        if valid:
            return await current_app.ensure_async(func)(*args, **kwargs)
        else:
            raise UnauthorizedBasicAuth()

    return wrapper

from quart-auth.

Thanks for the prompt reply ! Agreed it's easy but just suggesting merging the above while keeping the explicit user/pwd validation e.g. making the args mutually exclusive (user/pwd or validation function). Feel free to close, I am all set.

from quart-auth.

qq: do you monitor more - and do you prefer keep logs in - gitter, gitlab or github ? There are many channels you mentioned ;-)

from quart-auth.

I'm currently moving everything to github (watch this space...).

from quart-auth.

Just discovered a possible bug: when executing the wrapped function (past validation), if the function/view has no argument, you get TypeError: xxxx() takes 0 positional arguments but 2 were given
Workaround - for now - is to add a dummy arg array in the view definition i.e. async def xxx(*dummy_args):

from quart-auth.

Hmm, I'm not sure why it would error like that - could you share the stack trace?

from quart-auth.

OMG - embarrassing:

    @wraps(func)
    async def wrapper(*args, **kwargs):
        print_log(f'{session=}, {vars(session)}')
        if auth := request.authorization:
            if 'iw_cookies' not in session:
                if request.method == 'POST':
                    args = (await request.get_json()).get('userDefinedContext')

... I am reassigning args later in the code. Sorry for the oversight.

from quart-auth.

No worries, thanks for clarifying - a mystery closed :).

from quart-auth.