Added authentication logic, AuthenticationError, UNAUTHORIZED_401 status

Author: michalpokusa

adafruit_httpserver/authentication.py

@@ -0,0 +1,68 @@
+# SPDX-FileCopyrightText: Copyright (c) 2022 Dan Halbert for Adafruit Industries
+#
+# SPDX-License-Identifier: MIT
+"""
+`adafruit_httpserver.authentication`
+====================================================
+* Author(s): Michał Pokusa
+"""
+
+try:
+    from typing import Union, List
+except ImportError:
+    pass
+
+from binascii import b2a_base64
+
+from .exceptions import AuthenticationError
+from .request import HTTPRequest
+
+
+class Basic:
+    """Represents HTTP Basic Authentication."""
+
+    def __init__(self, username: str, password: str) -> None:
+        self._value = b2a_base64(f"{username}:{password}".encode()).decode().strip()
+
+    def __str__(self) -> str:
+        return f"Basic {self._value}"
+
+
+class Bearer:
+    """Represents HTTP Bearer Token Authentication."""
+
+    def __init__(self, token: str) -> None:
+        self._value = token
+
+    def __str__(self) -> str:
+        return f"Bearer {self._value}"
+
+
+def check_authentication(
+    request: HTTPRequest, auths: List[Union[Basic, Bearer]]
+) -> bool:
+    """
+    Returns ``True`` if request is authorized by any of the authentications, ``False`` otherwise.
+    """
+
+    auth_header = request.headers.get("Authorization")
+
+    if auth_header is None:
+        return False
+
+    return any(auth_header == str(auth) for auth in auths)
+
+
+def require_authentication(
+    request: HTTPRequest, auths: List[Union[Basic, Bearer]]
+) -> None:
+    """
+    Checks if the request is authorized and raises ``AuthenticationError`` if not.
+
+    If the error is not caught, the server will return ``401 Unauthorized``.
+    """
+
+    if not check_authentication(request, auths):
+        raise AuthenticationError(
+            "Request is not authenticated by any of the provided authentications"
+        )

adafruit_httpserver/exceptions.py

@@ -8,6 +8,12 @@
 """
 
 
+class AuthenticationError(Exception):
+    """
+    Raised by ``require_authentication`` when the ``HTTPRequest`` is not authorized.
+    """
+
+
 class InvalidPathError(Exception):
     """
     Parent class for all path related errors.

adafruit_httpserver/server.py

@@ -16,7 +16,7 @@
 
 from errno import EAGAIN, ECONNRESET, ETIMEDOUT
 
-from .exceptions import FileNotExistsError, InvalidPathError
+from .exceptions import AuthenticationError, FileNotExistsError, InvalidPathError
 from .methods import HTTPMethod
 from .request import HTTPRequest
 from .response import HTTPResponse
@@ -185,6 +185,13 @@ def poll(self):
                             request, status=CommonHTTPStatus.BAD_REQUEST_400
                         ).send()
 
+                except AuthenticationError:
+                    HTTPResponse(
+                        request,
+                        status=CommonHTTPStatus.UNAUTHORIZED_401,
+                        headers={"WWW-Authenticate": 'Basic charset="UTF-8"'},
+                    ).send()
+
                 except InvalidPathError as error:
                     HTTPResponse(request, status=CommonHTTPStatus.FORBIDDEN_403).send(
                         str(error)

adafruit_httpserver/status.py

@@ -39,6 +39,9 @@ class CommonHTTPStatus(HTTPStatus):  # pylint: disable=too-few-public-methods
     BAD_REQUEST_400 = HTTPStatus(400, "Bad Request")
     """400 Bad Request"""
 
+    UNAUTHORIZED_401 = HTTPStatus(401, "Unauthorized")
+    """401 Unauthorized"""
+
     FORBIDDEN_403 = HTTPStatus(403, "Forbidden")
     """403 Forbidden"""