Jump to >


HTTP Digest authentication backend.

class HTTPDigestBackend[source]

Bases: reviewboard.accounts.backends.base.BaseAuthBackend

Authenticate against a user in a digest password file.

This is controlled by the following Django settings:


The local file path on the server containing an HTTP password (htpasswd) file.

This is auth_digest_file_location in the site configuration.


The HTTP realm users will be authenticated into.

This is auth_digest_realm in the site configuration.

backend_id = 'digest'[source]

The unique ID for the authentication backend.

name = 'HTTP Digest Authentication'[source]

The display name for the authentication backend.

This will be shown in the list of backends in the administration UI.


alias of reviewboard.accounts.forms.auth.HTTPBasicSettingsForm

login_instructions = 'Use your standard username and password.'[source]

Authentication instructions to display above the Login form.

authenticate(request, username, password, **kwargs)[source]

Authenticate a user against the HTTP password file.

This will attempt to authenticate the user against the digest password file. If the username and password are valid, a user will be returned, and added to the database if it doesn’t already exist.

Changed in version 4.0: The request argument is now mandatory as the first positional argument, as per requirements in Django.

  • request (django.http.HttpRequest) – The HTTP request from the caller. This may be None.

  • username (unicode) – The username to authenticate.

  • password (unicode) – The user’s password.

  • **kwargs (dict, unused) – Additional keyword arguments passed by the caller.


The authenticated user, or None if the user could not be authenticated for any reason.

Return type


get_or_create_user(username, request=None)[source]

Return an existing user or create one if it doesn’t exist.

This does not authenticate the user.

If the user does not exist in the database, but does in the HTTP password file, its information will be stored in the database for later lookup.

  • username (unicode) – The name of the user to look up or create.

  • request (django.http.HttpRequest, unused) – The HTTP request from the client. This is unused.


The resulting user, or None if one could not be found.

Return type


__annotations__ = {}