Skip to main content

REST API for CubicWeb

Project description

Summary

This cube allows a client to forge signed HTTP resquests that are then recognized as valid by the CubicWeb web server, ie. the request is handled as an authenticated user. For example, it can be used to start an operation using an authenticated user.

It’s usually used alongside with cubicweb-rqlcontroller and cwclientlib.

This cube aims at make it easy to write REST-like APIs for CW.

Long story short: cubicweb-signedrequest allows you to make authenticated HTTP requests simply by addind a properly forged HTTP header in your request.

How to use signed HTTP requests in your CubicWeb app?

This cube aims at making it possible to use tokens to authenticate to a CubicWeb application. It provides a Token entity that have a unique token_id attribute and a generated (secret) token. This Token entity is related to a CWUser (using the token_for_user relation).

It’s the possible to make authenticated HTTP requests (authenticated as this CWUser) by adding a Authorization header to the HTTP request. This header is computed as a HMAC hash with:

  • the secret token as key,

  • the concatenation os method + url + all the signed headers.

By default, the method is the Cubicweb string, and the signed headers are ‘Content-SHA512’, ‘Content-Type’ and ‘Date’.

The doc/sreq_example.py script is an simple python script showing how to forge such a HTTP GET request using urllib2.

Please read the documentation of cwclientlib for examples of how it can be used.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cubicweb_signedrequest-3.1.0.tar.gz (19.3 kB view details)

Uploaded Source

Built Distribution

cubicweb_signedrequest-3.1.0-py3-none-any.whl (20.6 kB view details)

Uploaded Python 3

File details

Details for the file cubicweb_signedrequest-3.1.0.tar.gz.

File metadata

File hashes

Hashes for cubicweb_signedrequest-3.1.0.tar.gz
Algorithm Hash digest
SHA256 13d3e1884ae94ef89f9d2991d11fe8593ac59fa4c931eb6e9cd10e60e59074ae
MD5 c7e06b91637605a405ec3c955fa0286d
BLAKE2b-256 1047f4cb7824b1170b4ba911bcd928f95b6a98b1820410978ba4879f6712c49b

See more details on using hashes here.

File details

Details for the file cubicweb_signedrequest-3.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for cubicweb_signedrequest-3.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b66ac5f579d86675022967caccd64922f8fbf80acd1f693ad7a4464256998cf8
MD5 5e9286d352eb8a948fbf46419a096173
BLAKE2b-256 438f7bc88d844364cf854b8a53f721c526f7eb3afb97ce5916e8f49c053c5aba

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page