Add DummyProvider for quick password based auth

[MridulS]

This hopefully gives a solution of quick password based authentication. No need to setup a full fledged OAuth app.

This fixes #2575 and also addresses https://discourse.holoviz.org/t/tips-guide-on-creating-a-simple-username-password-auth-for-panel-app/2582/13.

The PR adds 2 config options: --dummy-auth and --dummy-login-template. With --dummy-auth user can set the password and with --dummy-login-template they can override the default user login page (which I stole from https://github.com/bokeh/bokeh/tree/branch-3.2/examples/server/app/server_auth).

An example how to use this:

$ panel serve --dummy-auth "panel" --cookie-secret "SECRET" .......

This should open up something like:

I also changed couple of things in auth.py let me know if I should make another PR instead:

• The endpoints code doesn't seem like it is required? Ensure that URL query parameters are preserved during OAuth #3656 introduced it but it doesn't seem to fix the issue.

• For pathlib, is_file() is the equivalent to os.path.isfile, trying to inject templates was erroring out on my machine.

TODO:

• Add to Authentication docs
• Maybe add an example test for dummy auth?

[codecov]

Codecov Report

Merging #4684 (a2c47ab) into main (e812632) will decrease coverage by 12.68%.
The diff coverage is 54.03%.

@@             Coverage Diff             @@
##             main    #4684       +/-   ##
===========================================
- Coverage   83.16%   70.49%   -12.68%     
===========================================
  Files         266      267        +1     
  Lines       37453    37531       +78     
===========================================
- Hits        31148    26456     -4692     
- Misses       6305    11075     +4770     

Flag	Coverage Δ
ui-tests	?
unitexamples-tests	70.49% <54.03%> (-2.76%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
panel/auth.py	37.07% <24.00%> (-1.41%)	⬇️
panel/command/serve.py	38.61% <30.00%> (+0.14%)	⬆️
panel/tests/ui/test_auth.py	50.00% <50.00%> (ø)
panel/tests/util.py	82.65% <80.95%> (-9.16%)	⬇️
panel/config.py	68.62% <100.00%> (+0.43%)	⬆️
panel/io/resources.py	84.08% <100.00%> (+0.04%)	⬆️
panel/tests/command/test_serve.py	100.00% <100.00%> (+10.61%)	⬆️

... and 70 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[philippjfr]

Love this, thanks @MridulS! Some docs would indeed be nice, on the naming side I think we can name this something like SimpleAuth. Some other thoughts:

• Might be nice to allow the user to specify a json or yaml file with username: password pairs

Adding tests would also be nice, think the best way is probably just a UI/integration test (using playwright) that starts a server and then goes through the login flow.

[MarcSkovMadsen]

BasicAuth could be an alternative to SimpleAuth. In user forums people use the term "basic" rather than "simple" when searching for this type of auth.

[philippjfr]

Renamed to BasicAuth, added docs and added a test.

[philippjfr]

Thanks @MridulS!

[MridulS]

Wohoo! Thanks @philippjfr

[cdeil]

This is cool. Thanks!

Why does it not show up in the dev docs yet?
https://pyviz-dev.github.io/panel/how_to/authentication/index.html