devpi-lockdown: tools to enable authentication for read access
Project description
devpi-lockdown: tools to enable authentication for read access
This plugin adds some views to allow locking down read access to devpi.
Only tested with nginx so far.
Installation
devpi-lockdown needs to be installed alongside devpi-server.
You can install it with:
pip install devpi-lockdown
Usage
To lock down read access to devpi, you need a proxy in front of devpi which can use the provided views to limit access.
The views are:
/+authcheck
This returns 200 when the user is authenticated or 401 if not. It uses the regular devpi credential checks and an additional credential check using a cookie provided by devpi-lockdown to allow login with a browser.
/+login
A plain login form to allow access via browsers for use with devpi-web.
/+logout
Drops the authentication cookie.
For nginx the auth_request module is required. You should use the devpi-genconfig script to generate your nginx configuration. With devpi-server 6.0.0 or newer an nginx-devpi-lockdown.conf should have been generated. If not, then you need to add the following to your server block before the first location block:
# this redirects to the login view when not logged in
recursive_error_pages on;
error_page 401 = @error401;
location @error401 {
return 302 /+login?goto_url=$request_uri;
}
# lock down everything by default
auth_request /+authcheck;
# the location to check whether the provided infos authenticate the user
location = /+authcheck {
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-outside-url $scheme://$http_host; # copy the value from your existing configuration
proxy_set_header X-Real-IP $remote_addr; # copy the value from your existing configuration
proxy_pass http://localhost:3141; # copy the value from your existing configuration
}
Changelog
2.0.0 - 2021-05-16
Dropped Python 2.7, 3.4 and 3.5 support.
Support for devpi-server 6.0.0.
Redirect back to original URL after login.
With devpi-server 6.0.0 the devpi-gen-config script creates a nginx-devpi-lockdown.conf.
Automatically allow locations required for login page.
Show error message for invalid credentials.
Support Pyramid 2.0.
1.0.1 - 2018-11-16
Fix import for Pyramid >= 1.10.0.
Add /+static to configuration
Lock down everything by default in the configuration and only allow the necessary locations
1.0.0 - 2017-03-10
initial release
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for devpi_lockdown-2.0.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 57fa6e049d4ec9a9f5f438d88403c563e876665a7e77df892b88821949ad0ae2 |
|
MD5 | fc9fc2a360b571a750d32efb4e176296 |
|
BLAKE2b-256 | 85480b501aa50373aad1e394a3c768a44b013e5f789fc1fb4954a947cec9b41a |