Monday, September 12, 2016

Re: Extracting the username:password from the host

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJX1wSUAAoJEC0ft5FqUuEhWRoP/icpsNjrfdIIE1iOeYy+5DHW
RH7ktRFFNmZyc00WsQiUvU/KvP48+yrLpt1w2mH++d5jtkvKXSBURq/3sBQuWGAk
NN26Z1S5RwLRQJ7kjdh/sG/EhBK+ivpKQFh7kmf4hVHXHU1L5TeguGcGQhsZ3dRT
jk0Vw/Bykxx5jMYGIuYIJt1V9a1A2rkGQvinGwn6b2SQOMPlv7FTaZQgkmmQL0ec
J23s/pm8f3U6u4KCHWWMwiqR+8uHOBoeTKwq2jYONqxfYNZ1O2f/hozUQFjDihD5
cPSti6Wcezajp+Cn4wgolLuPHza/96sS10xkDWJTeusYnb+UMq7MjrKZJn9PHkVP
R53/dm/FD1Ued6PyavApWHOOq+ZoTyee5B1APtxGMXM9/wVkweicfExT7Ey2bNvw
jRIBPiD5HTpkKOmH09xWl6QjGjnkVinZ0+rIA750/BDLjvlrDL/ltY10OeUbUxIU
Uk7MBIMdkSGc4c8Ph5AIdV31+B4BzuCiN3TfkzFtN/ZI/2uniaVJibMiWigbL7wk
A4xvdqgMRH6LaSgCGYxCbwcvESuB54YF523mxsTiFjT7c2WKT1bzYS5SN2bd+Yzq
X+QlDEIEi/GOa22yrajDiMmlts9BfP8aDaOva3gU8ODO5yEKBiVV+SOXkJnWzsM0
p/KKfnBzuCKgKaadGa5w
=Xv0u
-----END PGP SIGNATURE-----
Hi Christophe,

On 09/12/2016 03:35 PM, Christophe Pettus wrote:
> I've encountered a service that does postbacks as part of its API.
> The only authentication mechanism is putting the username and
> password in the POST URL in the form:
>
> https://user:pass@example.com/api/endpoint
>
> Is there a portable way of extracting that information from the
> request object?

Yes, it should be in `request.META['HTTP_AUTHORIZATION']`; see
https://www.djangosnippets.org/snippets/243/ for an example.

The user:pass@host URL syntax is just a way of expressing credentials
for HTTP Basic Authentication; the values should end up in the
Authorization header.

Carl

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ff41ac39-6fb9-43c1-b254-8751ba925dc7%40oddbird.net.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)