devpi-lockdown: tools to enable authentication for read access
Project description
devpi-lockdown: tools to enable authentication for read access
This plugin adds some views to allow locking down read access to devpi.
Only tested with nginx so far.
Installation
devpi-lockdown needs to be installed alongside devpi-server.
You can install it with:
pip install devpi-lockdown
Usage
To lock down read access to devpi, you need a proxy in front of devpi which can use the provided views to limit access.
The views are:
/+authcheck
This returns 200 when the user is authenticated or 401 if not. It uses the regular devpi credential checks and an additional credential check using a cookie provided by devpi-lockdown to allow login with a browser.
/+login
A plain login form to allow access via browsers for use with devpi-web.
/+logout
Drops the authentication cookie.
For nginx the auth_request module is required. You should use the devpi-genconfig script to generate your nginx configuration. With devpi-server 6.0.0 or newer an nginx-devpi-lockdown.conf should have been generated. If not, then you need to add the following to your server block before the first location block:
# this redirects to the login view when not logged in
recursive_error_pages on;
error_page 401 = @error401;
location @error401 {
return 302 /+login?goto_url=$request_uri;
}
# lock down everything by default
auth_request /+authcheck;
# the location to check whether the provided infos authenticate the user
location = /+authcheck {
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-outside-url $scheme://$http_host; # copy the value from your existing configuration
proxy_set_header X-Real-IP $remote_addr; # copy the value from your existing configuration
proxy_pass http://localhost:3141; # copy the value from your existing configuration
}Changelog
2.0.0 - 2021-05-16
Dropped Python 2.7, 3.4 and 3.5 support.
Support for devpi-server 6.0.0.
Redirect back to original URL after login.
With devpi-server 6.0.0 the devpi-gen-config script creates a nginx-devpi-lockdown.conf.
Automatically allow locations required for login page.
Show error message for invalid credentials.
Support Pyramid 2.0.
1.0.1 - 2018-11-16
Fix import for Pyramid >= 1.10.0.
Add /+static to configuration
Lock down everything by default in the configuration and only allow the necessary locations
1.0.0 - 2017-03-10
initial release
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file devpi-lockdown-2.0.0.tar.gz.
File metadata
- Download URL: devpi-lockdown-2.0.0.tar.gz
- Upload date:
- Size: 14.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: devpi-server/5.5.0 (py3.7.3; linux)
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | eccfcabc47aebd514d5abdba1db0323740d3132a2dfb6a316e2d5d5cc5f46968 |
|
| MD5 | 486a9c42ff11a192f3f08941233bcad0 |
|
| BLAKE2b-256 | d4d4f02ad291a2b5b3dd375e044f89ea5ce292f86f623c8a9bb51e482947f7b9 |
File details
Details for the file devpi_lockdown-2.0.0-py2.py3-none-any.whl.
File metadata
- Download URL: devpi_lockdown-2.0.0-py2.py3-none-any.whl
- Upload date:
- Size: 7.1 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: devpi-server/5.5.0 (py3.7.3; linux)
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 57fa6e049d4ec9a9f5f438d88403c563e876665a7e77df892b88821949ad0ae2 |
|
| MD5 | fc9fc2a360b571a750d32efb4e176296 |
|
| BLAKE2b-256 | 85480b501aa50373aad1e394a3c768a44b013e5f789fc1fb4954a947cec9b41a |
