Update naming and add images to README

README.md

@@ -17,7 +17,11 @@ If no auth token is provided or the token is not valid then the request will be
 
 When you login to the auth service it will provide an auth token which will be used for subsequent requests.
 
-[Diagram](https://github.com/Siecje/nginx-auth-proxy/blob/master/steps.md)
+![Step 1](https://raw.githubusercontent.com/siecje/nginx-auth-proxy/master/notes/first.png)
+
+![Step 2](https://raw.githubusercontent.com/siecje/nginx-auth-proxy/master/notes/second.png)
+
+![Step 3](https://raw.githubusercontent.com/siecje/nginx-auth-proxy/master/notes/third.png)
 
 Using the `ngx_http_auth_request_module` with LDAP authentication is described in this article https://www.nginx.com/blog/nginx-plus-authenticate-users/.
 
@@ -85,15 +89,15 @@ sudo service nginx restart
 ### Start services
 
 ```shell
-virtualenv venv
-source venv/bin/activate
-pip install -r requirements.txt
+python -m venv venv
+venv/bin/python -m pip install pip setuptools wheel --upgrade
+venv/bin/python -m pip install -r requirements.txt
 ```
 
 ```shell
-python authenticator.py &
-python service1.py &
-python service2.py &
+venv/bin/python authenticator.py &
+venv/bin/python service1.py &
+venv/bin/python service2.py &
 ```
 
 When you visit `http://one.localhost/` you will be redirected to `http://one.localhost/` and need to login.
@@ -103,7 +107,7 @@ You will then be able to visit `https://two.localhost` and login with the same u
 
 ## Run in production
 
-- [ ] Implement the authentication logic in `ValidUser()` in `authenticator.py`.
+- [ ] Implement the authentication logic in `valid_user()` in `authenticator.py`.
 
 - [ ] Create secret_key file
 

authenticator.py

@@ -9,6 +9,7 @@
 from wtforms import HiddenField, StringField, PasswordField
 from wtforms.validators import DataRequired
 
+
 THIS_DIR = os.path.abspath(os.path.dirname(__file__))
 
 app = Flask(__name__)
@@ -36,19 +37,19 @@ class LoginForm(Form):
     target = HiddenField('Target', validators=[DataRequired()])
 
 
-def EncodeToken(user, password):
+def encode_token(user, password):
     return base64.b64encode(user + ':' + password)
 
 
-def DecodeToken(token):
+def decode_token(token):
     auth_decoded = base64.b64decode(token)
     user, password = auth_decoded.split(':', 2)
     return user, password
 
 
-def ValidUser(user, password):
+def valid_user(user, password):
     if user == 'admin':
-        enc = EncodeToken(user, password)
+        enc = encode_token(user, password)
         return enc
 
 
@@ -57,12 +58,13 @@ def authenticate():
     token = request.cookies.get('token')
     if token is None:
         abort(401)
-    username, password = DecodeToken(token)
-    if ValidUser(username, password) is not None:
+    username, password = decode_token(token)
+    if valid_user(username, password) is not None:
         # Add headers to be authenticated with services
         resp = make_response()
         resp.headers['REMOTE_USER'] = username
         resp.headers['X-WEBAUTH-USER'] = username
+        # TODO: add user headers
         return resp
     abort(401)
 
@@ -75,7 +77,7 @@ def login():
         username = form.login.data
         password = form.password.data
         target = form.target.data
-        auth_token = ValidUser(username, password)
+        auth_token = valid_user(username, password)
         if auth_token:
             resp = make_response(redirect(target))
 

service1.py

@@ -8,7 +8,7 @@
 @app.route('/', methods=["GET"])
 def home():
     remote_user = request.headers.get('REMOTE_USER')
-    return "Hello {}, this is the service1.".format(remote_user)
+    return "Hello {}, this is service1.".format(remote_user)
 
 
 if __name__ == "__main__":