search

krischer / jane

Jane - Document Database for Seismology
http://krischer.github.io/jane
GNU General Public License v3.0
27 stars 9 forks source link

FDSNWS: authenticated waveform requests always give "no permission" #64

Open megies opened 6 years ago

megies commented 6 years ago

..while anonymous requests return the waveform data..

CC @jwassermann

krischer commented 6 years ago

django has no HTTP digest authentication which is used by the fdsnws services and thus it does not work with ObsPy.

It should work fine if you for example just use requests which can also use basic auth.

I agree that this needs to be changed but I'm not entirely sure how to be honest. This (https://github.com/dimagi/django-digest) seems really outdated but it has seen some work recently.

krischer commented 6 years ago

@barsch Do you have any idea how to easily add digest authentication to a django app?

barsch commented 6 years ago

Why not using requests? It supports HTTP digest authentication http://docs.python-requests.org/en/master/user/authentication/#digest-authentication

btw: I would not mix Jane/Django auth and FDSN auth

krischer commented 6 years ago

This would only be client side, no? We do need server side digest authentication. And we already mix django and fdsn auth as the /queryauth routes in the fdnsws implementation work fine for example with basic auth.

We could of course easily support basic auth on the obspy side but this would not be fully standard compliant.

barsch commented 6 years ago

I see - django-digest had some activity 3 days ago - so I would at least give it a try - never needed digest authentication in Django projects before ...