On 19 July 2010 02:29, fampinheiro <[email protected]> wrote: > I´m setting up a server where i can have multiple svn repositories. > The users that have access to that repositories aren´t static and > rewrite the authorisation file is not a good option in my opinion. > > So i want to have the authorisation step to be handled by a script. > > my directive under apache looks like this: > > <Location /svn> > DAV svn > SVNParentPath c:/svn > > Require valid-user > > AuthType Basic > AuthName "Svn Authentication" > AuthBasicProvider wsgi > WSGIAuthUserScript c:/scripts/authn.wsgi > WSGIAccessScript c:/scripts/auths.wsgi > Require valid-user > </Location> > > authn.wsgi > > def check_password(environ, user, password): > if user == 'admin' or user == 'spy': > if password == 'secret': > return True > return False > return None > > The authentication phase works worderfully. > > The problem is the authorisation. > > auths > > def allow_access(environ, host): > if environ['REMOTE_USER'] == 'admin' > return True > return False > > i assume this was supposed to work !?
No. > i was using mod_python and PythonAuthzHandler to do this. Which is not the same thing. The equivalent phase in mod_python is PythonAccessHandler. > Am i missing something !? Host access, ie., WSGIAaccessScript, is done before user authentication and so doesn't have access to user login information. > be gentle i'm new to this world :) and have a lot to learn. > > ps: i also tried WSGIAuthGroupScript but apache returns status code > 401 and i want that if a valid user can´t access the repository to > return 403 Apache returns 401 because that is the correct status code to return. If you don't return that you aren't giving a user the option to enter in a different set of credentials to allow them into area with more constrained authorisation requirements. Thus would be abusing the notion of how the HTTP authentication mechanism is supposed to work. Graham -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
