> I've spotted behaviour that looks wierd: > > [uwsgi] > master = true > no-orphans = true > http = :8080 > wsgi-file = primary.py > > plugins = router_basicauth > route = ^/a basicauth:basic realm,foo:bar > route = ^/b basicauth:basic realm2,foo:bar > > > Correct login and password works as expected: > > lukasz.mierzwa@sudoku-admin:~/uwsgi$ curl -I -u foo:bar localhost:8080/a > HTTP/1.1 200 OK > Content-Type: text/plain > > lukasz.mierzwa@sudoku-admin:~/uwsgi$ curl -I -u foo:bar localhost:8080/b > HTTP/1.1 200 OK > Content-Type: text/plain > > > Bit if I use invalid password first route doesn't throw 401, but second > does: > > lukasz.mierzwa@sudoku-admin:~/uwsgi$ curl -I -u foo:barx localhost:8080/a > HTTP/1.1 200 OK > Content-Type: text/plain > > lukasz.mierzwa@sudoku-admin:~/uwsgi$ curl -I -u foo:barx localhost:8080/b > HTTP/1.1 401 Authorization Required > WWW-Authenticate: Basic realm="basic realm2" > > I should get 401 on both (?) > > --
It is the expected behaviour: until there are basicauth rules the policy is "GOON", the last unmatched basicauth rule trigger "BREAK". For such a reason you have to add the "empty" basicauth rule This is a "bug" in the docs (the older docs on trac had better explanation for this) By the way: route = ^/a basicauth:basic realm,foo:bar route = ^/a basicauth:basic realm, route = ^/b basicauth:basic realm2,foo:bar route = ^/b basicauth:basic realm2, this is the right config for multiple namespaces This has been written when the internal routing system was young, so i suspect we could have a better config system for authentication -- Roberto De Ioris http://unbit.it _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
