Flask simple authentication doesn't work under Apache
I am creating a site with Flask where I now want to secure the admin view with a very simple authentication mechanism. To do this, I wrote the following shell code:
def check_auth(username, password):
current_app.logger.error('Log from check_auth')
return username == 'myusername' and password == 'mypassword'
def authenticate():
current_app.logger.error('Log from authenticate function')
return Response('Bad luck my friend.', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
def requires_auth(f):
@wraps(f)
def decorated(*args, **kwargs):
current_app.logger.error('Log from requires_auth function')
auth = request.authorization
current_app.logger.error(auth) # <= HERE I LOG auth
if not auth or not check_auth(auth.username, auth.password):
return authenticate()
return f(*args, **kwargs)
return decorated
@requires_auth
def some_view():
return 'some stuff'
This works great when using the Flask development server. I just deployed this to Apache / mod_wsgi, but unfortunately it doesn't work right now; after filling in my credentials, it just reloads the login screen (assuming the password is incorrect).
I posted several protocols there and now it logs the following:
Log from requires_auth function
None
Log from authenticate function
So, as you can see, auth
(which should contain the filled in username and password) remains None. The strange thing is that these three logs are already displayed as soon as the login screen is displayed. This means that instead of waiting for the user to fill in their username and password, the function continues to execute.
Does anyone know what I am doing wrong here? And why does it work with Flask development server but doesn't it work with Apache / mod_wsgi? All advice is appreciated!
source to share