uploadserver 5.1.1__tar.gz → 5.2.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {uploadserver-5.1.1/uploadserver.egg-info → uploadserver-5.2.0}/PKG-INFO +3 -5
- {uploadserver-5.1.1 → uploadserver-5.2.0}/README.md +2 -4
- {uploadserver-5.1.1 → uploadserver-5.2.0}/setup.py +1 -1
- {uploadserver-5.1.1 → uploadserver-5.2.0}/uploadserver/__init__.py +24 -12
- {uploadserver-5.1.1 → uploadserver-5.2.0/uploadserver.egg-info}/PKG-INFO +3 -5
- {uploadserver-5.1.1 → uploadserver-5.2.0}/LICENSE +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.0}/setup.cfg +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.0}/uploadserver/__main__.py +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.0}/uploadserver/cgi.py +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.0}/uploadserver.egg-info/SOURCES.txt +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.0}/uploadserver.egg-info/dependency_links.txt +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.0}/uploadserver.egg-info/entry_points.txt +0 -0
- {uploadserver-5.1.1 → uploadserver-5.2.0}/uploadserver.egg-info/top_level.txt +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: uploadserver
|
|
3
|
-
Version: 5.
|
|
3
|
+
Version: 5.2.0
|
|
4
4
|
Summary: Python's http.server extended to include a file upload page
|
|
5
5
|
Home-page: https://github.com/Densaugeo/uploadserver
|
|
6
6
|
Author: Densaugeo
|
|
@@ -64,9 +64,7 @@ Now you can upload with basic authentication. For example:
|
|
|
64
64
|
curl -X POST http://127.0.0.1:8000/upload -F 'files=@basicauth-example.txt' -u hello:world
|
|
65
65
|
~~~
|
|
66
66
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
The server checks credentials before it handles the body of the request, so this mode of operation is not susceptible to DoS attack mentioned in the previous section.
|
|
67
|
+
All requests without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
|
|
70
68
|
|
|
71
69
|
## Basic Authentication (uploads only)
|
|
72
70
|
|
|
@@ -76,7 +74,7 @@ python3 -m uploadserver --basic-auth-upload hello:world
|
|
|
76
74
|
|
|
77
75
|
The same as above, but authentication is only required for upload operations.
|
|
78
76
|
|
|
79
|
-
If both
|
|
77
|
+
If both `--basic-auth` and `--basic-auth-upload` are specified, all requests will require one of the two credentials, but only the `--basic-auth-upload` credentials will be able to upload files.
|
|
80
78
|
|
|
81
79
|
## Theme Option
|
|
82
80
|
|
|
@@ -50,9 +50,7 @@ Now you can upload with basic authentication. For example:
|
|
|
50
50
|
curl -X POST http://127.0.0.1:8000/upload -F 'files=@basicauth-example.txt' -u hello:world
|
|
51
51
|
~~~
|
|
52
52
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
The server checks credentials before it handles the body of the request, so this mode of operation is not susceptible to DoS attack mentioned in the previous section.
|
|
53
|
+
All requests without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
|
|
56
54
|
|
|
57
55
|
## Basic Authentication (uploads only)
|
|
58
56
|
|
|
@@ -62,7 +60,7 @@ python3 -m uploadserver --basic-auth-upload hello:world
|
|
|
62
60
|
|
|
63
61
|
The same as above, but authentication is only required for upload operations.
|
|
64
62
|
|
|
65
|
-
If both
|
|
63
|
+
If both `--basic-auth` and `--basic-auth-upload` are specified, all requests will require one of the two credentials, but only the `--basic-auth-upload` credentials will be able to upload files.
|
|
66
64
|
|
|
67
65
|
## Theme Option
|
|
68
66
|
|
|
@@ -191,15 +191,31 @@ def check_http_authentication(handler):
|
|
|
191
191
|
It validates Authorization header and sends back 401 response on failure.
|
|
192
192
|
It returns False if this happens.
|
|
193
193
|
"""
|
|
194
|
-
if
|
|
195
|
-
auth
|
|
194
|
+
if not args.basic_auth_upload:
|
|
195
|
+
# If no auth settings apply, check always passes
|
|
196
|
+
if not args.basic_auth:
|
|
197
|
+
return True
|
|
198
|
+
|
|
199
|
+
# If only --basic-auth is supplied, it's used for all requests
|
|
200
|
+
valid, message = check_http_authentication_header(handler, args.basic_auth)
|
|
196
201
|
else:
|
|
197
|
-
auth
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
202
|
+
# If --basic-auth-upload is supplied, it's always required for /upload
|
|
203
|
+
if handler.path == '/upload':
|
|
204
|
+
valid, message = check_http_authentication_header(handler,
|
|
205
|
+
args.basic_auth_upload)
|
|
206
|
+
else:
|
|
207
|
+
# For paths outside /upload, no auth is required when --basic-auth
|
|
208
|
+
# is not supplied
|
|
209
|
+
if not args.basic_auth:
|
|
210
|
+
return True
|
|
211
|
+
|
|
212
|
+
# For paths outise /upload, if both auths are supplied both are
|
|
213
|
+
# accepted
|
|
214
|
+
else:
|
|
215
|
+
valid, message = check_http_authentication_header(handler, args.basic_auth)
|
|
216
|
+
|
|
217
|
+
if not valid:
|
|
218
|
+
valid, message = check_http_authentication_header(handler, args.basic_auth_upload)
|
|
203
219
|
|
|
204
220
|
if not valid:
|
|
205
221
|
handler.log_message(f'Request rejected ({message})')
|
|
@@ -421,8 +437,4 @@ def main():
|
|
|
421
437
|
args = parser.parse_args()
|
|
422
438
|
if not hasattr(args, 'directory'): args.directory = os.getcwd()
|
|
423
439
|
|
|
424
|
-
if args.basic_auth and args.basic_auth_upload:
|
|
425
|
-
print('Cannot set both --basic--auth and --basic-auth-upload')
|
|
426
|
-
sys.exit(6)
|
|
427
|
-
|
|
428
440
|
serve_forever()
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: uploadserver
|
|
3
|
-
Version: 5.
|
|
3
|
+
Version: 5.2.0
|
|
4
4
|
Summary: Python's http.server extended to include a file upload page
|
|
5
5
|
Home-page: https://github.com/Densaugeo/uploadserver
|
|
6
6
|
Author: Densaugeo
|
|
@@ -64,9 +64,7 @@ Now you can upload with basic authentication. For example:
|
|
|
64
64
|
curl -X POST http://127.0.0.1:8000/upload -F 'files=@basicauth-example.txt' -u hello:world
|
|
65
65
|
~~~
|
|
66
66
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
The server checks credentials before it handles the body of the request, so this mode of operation is not susceptible to DoS attack mentioned in the previous section.
|
|
67
|
+
All requests without authentication will be rejected. Note that basic authentication credentials can be stolen if sent over plain HTTP, so this option is best used with HTTPS.
|
|
70
68
|
|
|
71
69
|
## Basic Authentication (uploads only)
|
|
72
70
|
|
|
@@ -76,7 +74,7 @@ python3 -m uploadserver --basic-auth-upload hello:world
|
|
|
76
74
|
|
|
77
75
|
The same as above, but authentication is only required for upload operations.
|
|
78
76
|
|
|
79
|
-
If both
|
|
77
|
+
If both `--basic-auth` and `--basic-auth-upload` are specified, all requests will require one of the two credentials, but only the `--basic-auth-upload` credentials will be able to upload files.
|
|
80
78
|
|
|
81
79
|
## Theme Option
|
|
82
80
|
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|