search

hugapi / hug

Embrace the APIs of the future. Hug aims to make developing APIs as simple as possible, but no simpler.
MIT License
6.86k stars 386 forks source link

How to properly do User Authentication with Hug #340

Closed autoferrit closed 7 years ago

autoferrit commented 8 years ago

I know I could do basic user authentication the traditional way, but I would like to know how I could do this with hug the proper way using middleware. I can't seem to find much in the way of any docs or examples for this. It's possible I missed something. So I was just hoping to get pushed in the right direction.

incognick commented 8 years ago

I'm new to hug but I think method chaining is preferred over middleware for authentication purposes. 

import hug

admin_area = hug.http(requires=hug.authentication.basic(hug.authentication.verify('Nick', '1234')))

@hug.get('/')
def hello_world():
    return 'Hello world'

@admin_area.get('/admin/hello')
def admin_hello():
    return 'Hello Nick'

@admin_area.put('/admin/goodbye')
def admin_goodbye(name: hug.types.text):
    return 'Goodbye {0}'.format(name)

# -- TEST --
from base64 import b64encode
token = b64encode('{0}:{1}'.format('Nick', '1234').encode('utf8')).decode('utf8')

api = hug.API(__name__)

response = hug.test.get(api, '/')
print(response.status, response.data)

response = hug.test.get(api, '/admin/hello', )
print(response.status, response.data)

response = hug.test.get(api, '/admin/hello', headers={'Authorization': 'Basic {0}'.format(token)})
print(response.status, response.data)

response = hug.test.put(api, '/admin/goodbye', name='Joe', headers={'Authorization': 'Basic {0}'.format(token)})
print(response.status, response.data)

Outputs:

200 OK Hello world
401 Unauthorized {'errors': {'Authentication Required': 'Please provide valid Basic HTTP Authentication credentials'}}
200 OK Hello Nick
200 OK Goodbye Joe

References: http://www.hug.rest/website/learn/routing (scroll down to chaining) https://github.com/timothycrosley/hug/blob/develop/examples/authentication.py https://github.com/timothycrosley/hug/blob/develop/tests/test_authentication.py https://github.com/timothycrosley/hug/blob/develop/hug/authentication.py

incognick commented 7 years ago

@timothycrosley I think this can be closed.

Kentoseth commented 7 years ago

@timothycrosley I think this should be re-opened, only if @incognick is willing to contribute to the hacktoberfest with a better authentication example for the /examples/ folder.

Perhaps it can even be called "auth_advanced.py". Let us know how you feel about contributing an example @incognick :)

incognick commented 7 years ago

Sure, I would be willing. I just used hug for a decent sized API and could write a few examples.

Has there been a decision on the documentation style? I saw some comments about this but wasn't sure. E.g. Markdown, HTML, or plain text?

Kentoseth commented 7 years ago

@incognick The examples will live in the /examples/ folder for now. Having just the code (with some good comments on what each piece of code is doing) will help beginners for now. Once we decide on the documentation format, we can add more detailed walk-throughs of certain examples on the website.

timothycrosley commented 7 years ago

Going to go ahead and close this as the question was nicely answered by @incognick, the question label will help us dig it up for documentation purposes

Thanks!

~Timothy

cmin764 commented 5 years ago

Shouldn't we have an auth parameter providing this entire boilerplate in the testing module?