flask-basicauth
flask-basicauth copied to clipboard
jpvanhal
HTTP basic access authentication for Flask.
return password == "password" is vulnerable to timing attacks. Something like https://github.com/PeterScott/streql should be used to prevent them. I can make a PR if you want.
I have a scenario where a route should only be protected by basic auth for certain methods: ``` python @app.route("/items", methods=["GET"]) @basic_auth.required def list_items(): ... @app.route("/items", methods=["POST"]) def create_item(): ......
I'm trying to figure out if flask-basicauth doesn't support this, or if I'm doing something wrong. With other http / apache Basic Auth you can get straight to the site...
I see the latest commit in master is from 2016. I want to write a PR for #11. But will @jpvanhal merge PRs? @jpvanhal I understand that life can get...
I had installed Flask-BasicAuth use: ``` sudo pip install Flask-BasicAuth ``` My code looks like this: ``` from flask import Flask, render_template from flask_basicauth import BasicAuth app = Flask(__name__) app.config['BASIC_AUTH_USERNAME']...
There are certain security benefits to publishing wheels ``` # mitigate supply chain risk by using --only-binary pip install flask-basicauth --only-binary=:all: ``` It looks like you're using setup.py, so if...
I'm trying to run the unit tests, so that I can write a PR. I can't figure out how. There's no `requirements.txt` or `requirements_test.txt`. `setup.py` only specifies `Flask` as a...
Hi, would you be interested in a patch that adds support for excluding certain routes when `BASIC_AUTH_FORCE = True`? I want to protect all endpoints with the exception of for...
This makes an Unauthorized exception be thrown so that extra information can be added to the response by an `@app.errorhandler(401)`.
