Jump to >

This documentation covers the in-development release of Review Board. You can see the latest stable docs or all previous versions.


HTTP Digest authentication backend.

class HTTPDigestBackend[source]

Bases: reviewboard.accounts.backends.base.BaseAuthBackend

Authenticate against a user in a digest password file.

This is controlled by the following Django settings:


The local file path on the server containing an HTTP password (htpasswd) file.

This is auth_digest_file_location in the site configuration.


The HTTP realm users will be authenticated into.

This is auth_digest_realm in the site configuration.

backend_id = u'digest'[source]
name = u'HTTP Digest Authentication'[source]

alias of reviewboard.accounts.forms.auth.HTTPBasicSettingsForm

login_instructions = u'Use your standard username and password.'[source]
authenticate(request, username, password, **kwargs)[source]

Authenticate a user against the HTTP password file.

This will attempt to authenticate the user against the digest password file. If the username and password are valid, a user will be returned, and added to the database if it doesn’t already exist.

Changed in version 4.0: The request argument is now mandatory as the first positional argument, as per requirements in Django.

  • request (django.http.HttpRequest) – The HTTP request from the caller. This may be None.
  • username (unicode) – The username to authenticate.
  • password (unicode) – The user’s password.
  • **kwargs (dict, unused) – Additional keyword arguments passed by the caller.

The authenticated user, or None if the user could not be authenticated for any reason.

Return type:


get_or_create_user(username, request=None)[source]

Return an existing user or create one if it doesn’t exist.

This does not authenticate the user.

If the user does not exist in the database, but does in the HTTP password file, its information will be stored in the database for later lookup.

  • username (unicode) – The name of the user to look up or create.
  • request (django.http.HttpRequest, unused) – The HTTP request from the client. This is unused.

The resulting user, or None if one could not be found.

Return type: