Index of the `authkit` module

m authkit ... - AuthKit - authentication and authorisation facilities
- m authorize ... - Please update your code to use authkit.authorize.wsgi_adaptors instead of this module.
  - m wsgi_adaptors ... - Authorization objects for checking permissions
    - C NotAuthorizedError ... - Raised when a permission check fails because the user is not authorized.
      - a comment ...
      - a code ...
      - a title ...
      - a required_headers ...
      - a explanation ...
      - a template ...
    - C PermissionSetupError ...
    - C NonConformingPermissionError ... - Raised when a custom permission object is not behaving in a compliant way
    - C PermissionError ... - Base class from which NotAuthenticatedError and NotAuthorizedError are inherited.
      - a code ...
      - a title ...
      - a explanation ...
    - C NotAuthenticatedError ... - Raised when a permission check fails because the user is not authenticated.
      - a code ...
      - a title ...
    - f authorize ... - This is an authorize decorator (requires Python 2.4) which can be used to decorate a function. It takes the permission to check as its only argument.
    - f middleware ... - Returns an WSGI app wrapped in authorization middleware and on each request will check the permission specified.
    - f authorized ...
    - f authorize_request ... - This function can be used within a controller action to ensure that no code after the function call is executed if the user doesn't pass the permission check specified by permission.
  - m pylons_adaptors ... - Pylons specific code to facilitate using AuthKit with Pylons
    - a request ...
    - f authorize ... - This is a decorator which can be used to decorate a Pylons controller action. It takes the permission to check as the only argument and can be used with all types of permission objects.
    - f authorized ... - Similar to the authorize_request() function with no access to the request but rather than raising an exception to stop the request if a permission check fails, this function simply returns False so that you can test permissions in your code without triggering a sign in. It can therefore be used in a controller action or template.
    - f authorize_request ... - This function can be used within a controller action to ensure that no code after the function call is executed if the user doesn't pass the permission check specified by permission.
- m authenticate ... - Authentication middleware
  - a log ...
  - a no_authkit_users_in_environ ...
  - C AddToEnviron ... - Simple middleware which adds a key to the environ dictionary.
    - f __call__ ...
    - f __init__ ...
  - C RequireEnvironKey ...
    - f __call__ ...
    - f __init__ ...
  - C AuthKitAuthHandler ... - The base class for all middleware responsible for handling authentication and setting whatever needs to be set so that the AuthKitUserSetter middleware can set REMOTE_USER on subsequent requests. AuthKitAuthHandler``s only get inserted into the middleware stack if an appropriate status code (as set in the ``authkit.setup.intercept config option) is intercepted by the authentication middleware.
  - C AddDictToEnviron ... - Simple middleware which adds the values of a dict to the environ.
    - f __call__ ...
    - f __init__ ...
  - C AuthKitUserSetter ... - The base class for all middleware responsible for attempting to set REMOTE_USER on each request. The class is overridden by the induvidual handlers.
  - f get_methods ... - Get a dictionary of the available method entry points.
  - f load_config ...
  - f valid_password ... - A function which can be used with the basic and form authentication methods to validate a username and passowrd.
  - f swap_underscore ...
  - f load_method ...
  - f strip_base ...
  - f get_template ... - Another utility method to reduce code duplication. This function parses a template from one of the available template options:
  - f digest_password ... - This is similar to valid_password() but is used with the digest authentication method and rather than checking a username and password and returning True or False it takes the realm and username as input, looks up the correct password and and returns a digest by calling the authkit.authenticate.digest.digest_password() function with the parameters realm, username and password respectively. The digest returned is then compared with the one submitted by the browser.
  - f sample_app ... - A sample WSGI application that returns a 401 status code when the path /private is entered, triggering the authenticate middleware to prompt the user to sign in.
  - f middleware ... - This function sets up the AuthKit authenticate middleware and its use and options are described in detail in the AuthKit manual.
  - f get_authenticate_function ... - Sets up the users object, adds the middleware to add the users object to the environ and then returns authenticate methods to check a password and a digest.
  - m digest ... - HTTP digest authentication middleware
    - a AGE ...
    - a SCRIPT_NAME ...
    - a PROXY_AUTHORIZATION ...
    - a REQUEST_METHOD ...
    - a USER_AGENT ...
    - a IF_UNMODIFIED_SINCE ...
    - a CONTENT_LENGTH ...
    - a AUTHORIZATION ...
    - a CONTENT_LANGUAGE ...
    - a VIA ...
    - a CONTENT_DISPOSITION ...
    - a TRANSFER_ENCODING ...
    - a SERVER ...
    - a REFERER ...
    - a ACCEPT ...
    - a COOKIE ...
    - a PATH_INFO ...
    - a ACCEPT_ENCODING ...
    - a REMOTE_USER ...
    - a IF_NONE_MATCH ...
    - a WARNING ...
    - a LOCATION ...
    - a CONTENT_LOCATION ...
    - a ACCEPT_RANGES ...
    - a MAX_FORWARDS ...
    - a RANGE ...
    - a CONTENT_ENCODING ...
    - a TRAILER ...
    - a SET_COOKIE ...
    - a CONNECTION ...
    - a PROXY_AUTHENTICATE ...
    - a EXPECT ...
    - a AUTH_TYPE ...
    - a ALLOW ...
    - a log ...
    - a EXPIRES ...
    - a HOST ...
    - a WWW_AUTHENTICATE ...
    - a IF_MATCH ...
    - a ETAG ...
    - a UPGRADE ...
    - a REMOTE_SESSION ...
    - a VARY ...
    - a RETRY_AFTER ...
    - a ACCEPT_LANGUAGE ...
    - a DATE ...
    - a ACCEPT_CHARSET ...
    - a IF_RANGE ...
    - a TE ...
    - a CACHE_CONTROL ...
    - a IF_MODIFIED_SINCE ...
    - a PRAGMA ...
    - a CONTENT_MD5 ...
    - a FROM ...
    - a LAST_MODIFIED ...
    - a CONTENT_RANGE ...
    - a CONTENT_TYPE ...
    - C DigestUserSetter ...
      - f __call__ ...
      - f __init__ ...
    - C DigestAuthHandler ... - middleware for HTTP Digest authentication (RFC 2617)
      - f __call__ ...
      - f __init__ ...
    - C AuthDigestAuthenticator ... - implementation of RFC 2617 - HTTP Digest Authentication
      - f __call__ ... - This function takes the value of the 'Authorization' header, the method used (e.g. GET), and the path of the request relative to the server. The function either returns an authenticated user or it returns the authentication error.
      - f authenticate ... - This function takes the value of the 'Authorization' header, the method used (e.g. GET), and the path of the request relative to the server. The function either returns an authenticated user or it returns the authentication error.
      - f compute ... - Computes the authentication, raises error if unsuccessful
      - f __init__ ...
      - f build_authentication ... - builds the authentication error
    - f make_digest_handler ...
    - f load_digest_config ...
    - f digest_password ... - construct the appropriate hashcode needed for HTTP digest
  - m redirect ... - Redirect middleware to redirect the browser to a different URL for sign in
    - C HandleRedirect ...
      - f __call__ ...
      - f __init__ ...
    - f make_redirect_handler ...
  - m open_id ... - Highly flexible OpenID based authentication middleware
    - C OpenIDAuthHandler ... - This middleware is triggered when the authenticate middleware catches a 401 response. The form is submitted to the verify URL which the other middleware handles
      - f __call__ ...
      - f __init__ ...
    - C AuthOpenIDHandler ... - The template should be setup from authkit.open_id.template.file or authkit.open_id.template.obj before we get here!
      - f process ...
      - f verify ...
      - f __call__ ...
      - f __init__ ...
    - C OpenIDUserSetter ...
      - f __call__ ...
      - f __init__ ...
    - f render ...
    - f make_store ...
    - f make_passurl_handler ...
    - f template ...
    - f load_openid_config ...
    - f passurl_urltouser ...
  - m basic ... - HTTP basic authentication middleware
    - C BasicUserSetter ...
      - f __call__ ...
      - f __init__ ...
    - C middleware ... - HTTP/1.0 Basic authentication middleware
      - f __call__ ...
      - f __init__ ...
    - C AuthBasicAuthenticator ... - implements Basic authentication details
      - a type ...
      - f __call__ ...
      - f authenticate ...
      - f __init__ ...
      - f build_authentication ...
    - f make_basic_auth_handler ...
    - f load_basic_config ...
  - m forward ... - Internal forward middleware for manual authentication handling
    - C Redirect ...
      - f __call__ ...
      - f __init__ ...
    - C MyRecursive ...
      - f __call__ ...
      - f __init__ ...
    - f make_forward_handler ...
  - m form ... - Form and cookie based authentication middleware
    - a log ...
    - C Form ...
      - f __call__ ...
      - f on_authorized ...
      - f __init__ ...
    - f load_form_config ...
    - f make_form_handler ...
    - f template ...
  - m sso ... - Authenticate Single Sign-On Middleware
    - m cas ... - CAS 1.0 and 2.0 SSO Implementation
      - a log ...
      - C AuthCASHandler ... - CAS 1.0 and 2.0 Redirect Handler
        
        f redirect_url ...
        f __init__ ...
      - C AuthCASMiddleware ... - CAS 1.0 and 2.0 Capable Authentication Handler
        
        f verify ...
        f __init__ ...
      - f make_cas_handler ...
    - m api ... - SSO API's
      - a log ...
      - C RedirectingAuthMiddleware ...
        
        f __call__ ...
        f verify ... - Perform verification of redirection
        f redirect_url ... - Construct the redirect URL
        f __init__ ... - Subclass should save several basic variables
      - C RedirectingAuthHandler ... - Handles generating redirect to SSO system
        
        f __call__ ...
      - C LoginFailure ... - The exception raised if the verification fails
        
        a code ...
        a explanation ...
      - f find_multi_app ... - Walks an app assuming it is a middleware stack with apps glued on at either self.app or self.application
  - m cookie ... - Cookie handling based on paste.auth.auth_tkt but with some bug fixes and improvements
    - a log ...
    - C CookieUserSetter ... - Same as paste's AuthTKTMiddleware except you can choose your own ticket class and your cookie is removed if there is a bad ticket. Also features server-side cookie expiration and IP-based cookies which use the correct IP address when a proxy server is used.
      - f __call__ ...
      - f set_user_cookie ...
      - f __init__ ...
      - f logout_user_cookie ...
    - C AuthKitTicket ... - This is a standard paste AuthTicket class except that it also supports a cookie_params dictionary which can have the following options: expires, path, comment, domain, max-age, secure and version.
      - f cookie_value ...
      - f cookie ...
      - f digest ...
      - f __init__ ...
    - f parse_ticket ... - Parse the ticket, returning (timestamp, userid, tokens, user_data).
    - f load_cookie_config ...
    - f calculate_digest ...
    - f make_cookie_user_setter ...
    - f encode_ip_timestamp ...
  - m multi ... - Middleware that can dynamically change the stack based on status or headers
    - a log ...
    - C AuthSwitcher ...
      - f __call__ ...
      - f switch ...
      - f __init__ ...
    - C MultiHandler ...
      - f add_checker ...
      - f __call__ ...
      - f __init__ ...
    - f status_checker ... - Used by AuthKit to intercept statuses specified in the config file option authkit.intercept.
- m users ... - Objects representing users, their passwords, roles and groups
  - C Users ... - Base class from which all other Users classes should be derived.
    - f user_password ... - Returns the password associated with the user or None if no password exists. Raises an exception is the user doesn't exist.
    - f user_add_role ... - Sets the user's role to the lowercase of role. If the role doesn't exist and add_if_necessary is True the role will also be added. Otherwise an AuthKitNoSuchRoleError will be raised. Raises an exception if the user doesn't exist.
    - f __init__ ...
    - f user_set_username ... - Sets the user's username to the lowercase of new_username. Raises an exception if the user doesn't exist or if there is already a user with the username specified by new_username.
    - f group_create ... - Add a new group to the system
    - f user_set_group ... - Sets the user's group to the lowercase of group or None. If the group doesn't exist and add_if_necessary is True the group will also be added. Otherwise an AuthKitNoSuchGroupError will be raised. Raises an exception if the user doesn't exist.
    - f user_remove_role ... - Removes the role from the user specified by username. Raises an exception if the user doesn't exist.
    - f user_roles ... - Returns a list of all the role names for the given username ordered alphabetically. Raises an exception if the username doesn't exist.
    - f user_remove_group ... - Sets the group to None for the user specified by username. Raises an exception if the user doesn't exist.
    - f role_delete_cascade ... - Remove the role specified and remove the role from any users who used it
    - f group_delete ... - Remove the group specified. Rasies an exception if the group is still in use. To delete the group and remove it from all existing users use group_delete_cascade()
    - f list_roles ... - Returns a lowercase list of all role names ordered alphabetically
    - f group_delete_cascade ... - Remove the group specified and remove the group from any users who used it
    - f list_groups ... - Returns a lowercase list of all groups ordered alphabetically
    - f user ... - Returns a dictionary in the following format:
    - f user_exists ... - Returns True if a user exists with the given username, False otherwise. Usernames are case insensitive.
    - f user_create ... - Create a new user with the username, password and group name specified.
    - f role_exists ... - Returns True if the role exists, False otherwise. Roles are case insensitive.
    - f user_delete ... - Remove the user with the specified username
    - f group_exists ... - Returns True if the group exists, False otherwise. Groups are case insensitive.
    - f user_has_role ... - Returns True if the user has the role specified, False otherwise. Raises an exception if the user doesn't exist.
    - f list_users ... - Returns a lowecase list of all usernames ordered alphabetically
    - f role_delete ... - Remove the role specified. Rasies an exception if the role is still in use. To delete the role and remove it from all existing users use role_delete_cascade()
    - f user_has_password ... - Returns True if the user has the password specified, False otherwise. Passwords are case sensitive. Raises an exception if the user doesn't exist.
    - f user_has_group ... - Returns True if the user has the group specified, False otherwise. The value for group can be None to test that the user doesn't belong to a group. Raises an exception if the user doesn't exist.
    - f role_create ... - Add a new role to the system
  - C AuthKitNoSuchRoleError ...
  - C UsersFromString ... - A Users class which cbtains user information from a string with lines formatted as` username1:password1:group role1, role2 etc where group is optional and zero or more roles can exist.
    - f user_password ... - Returns the password associated with the user or None if no password exists. Raises an exception is the user doesn't exist.
    - f user_group ... - Returns the group associated with the user or None if no group is associated. Raises an exception is the user doesn't exist.
    - f user_add_role ... - Sets the user's role to the lowercase of role. If the role doesn't exist and add_if_necessary is True the role will also be added. Otherwise an AuthKitNoSuchRoleError will be raised. Raises an exception if the user doesn't exist.
    - f __init__ ...
    - f user_set_username ... - Sets the user's username to the lowercase of new_username. Raises an exception if the user doesn't exist or if there is already a user with the username specified by new_username.
    - f group_create ... - Add a new group to the system
    - f user_set_group ... - Sets the user's group to the lowercase of group or None. If the group doesn't exist and add_if_necessary is True the group will also be added. Otherwise an AuthKitNoSuchGroupError will be raised. Raises an exception if the user doesn't exist.
    - f user_remove_role ... - Removes the role from the user specified by username. Raises an exception if the user doesn't exist.
    - f user_roles ... - Returns a list of all the role names for the given username ordered alphabetically. Raises an exception if the username doesn't exist.
    - f user_remove_group ... - Sets the group to None for the user specified by username. Raises an exception if the user doesn't exist.
    - f role_delete_cascade ... - Remove the role specified and remove the role from any users who used it
    - f group_delete ... - Remove the group specified. Rasies an exception if the group is still in use. To delete the group and remove it from all existing users use group_delete_cascade()
    - f list_roles ... - Returns a lowercase list of all role names ordered alphabetically
    - f group_delete_cascade ... - Remove the group specified and remove the group from any users who used it
    - f list_groups ... - Returns a lowercase list of all groups ordered alphabetically
    - f user ... - Returns a dictionary in the following format:
    - f user_exists ... - Returns True if a user exists with the given username, False otherwise. Usernames are case insensitive.
    - f user_create ... - Create a new user with the username, password and group name specified.
    - f user_delete ... - Remove the user with the specified username
    - f group_exists ... - Returns True if the group exists, False otherwise. Groups are case insensitive.
    - f user_has_role ... - Returns True if the user has the role specified, False otherwise. Raises an exception if the user doesn't exist.
    - f list_users ... - Returns a lowecase list of all usernames ordered alphabetically
    - f role_delete ... - Remove the role specified. Rasies an exception if the role is still in use. To delete the role and remove it from all existing users use role_delete_cascade()
    - f user_has_password ... - Passwords are case sensitive. Returns True if the user has the password specified, False otherwise. Raises an exception if the user doesn't exist.
    - f user_has_group ... - Returns True if the user has the group specified, False otherwise. Raises an exception if the user doesn't exist.
    - f role_create ... - Add a new role to the system
  - C AuthKitError ...
  - C UsersReadOnly ... - Like the Users class except that user information is read only. All the information is obtained from the attributes self.usernames, self.passwords, self.roles, self.groups which are expected to be setup in __init__().
    - f user_password ... - Returns the password associated with the user or None if no password exists. Raises an exception is the user doesn't exist.
    - f user_group ... - Returns the group associated with the user or None if no group is associated. Raises an exception is the user doesn't exist.
    - f user_add_role ... - Sets the user's role to the lowercase of role. If the role doesn't exist and add_if_necessary is True the role will also be added. Otherwise an AuthKitNoSuchRoleError will be raised. Raises an exception if the user doesn't exist.
    - f __init__ ...
    - f user_set_username ... - Sets the user's username to the lowercase of new_username. Raises an exception if the user doesn't exist or if there is already a user with the username specified by new_username.
    - f group_create ... - Add a new group to the system
    - f user_set_group ... - Sets the user's group to the lowercase of group or None. If the group doesn't exist and add_if_necessary is True the group will also be added. Otherwise an AuthKitNoSuchGroupError will be raised. Raises an exception if the user doesn't exist.
    - f user_remove_role ... - Removes the role from the user specified by username. Raises an exception if the user doesn't exist.
    - f user_roles ... - Returns a list of all the role names for the given username ordered alphabetically. Raises an exception if the username doesn't exist.
    - f user_remove_group ... - Sets the group to None for the user specified by username. Raises an exception if the user doesn't exist.
    - f role_delete_cascade ... - Remove the role specified and remove the role from any users who used it
    - f group_delete ... - Remove the group specified. Rasies an exception if the group is still in use. To delete the group and remove it from all existing users use group_delete_cascade()
    - f list_roles ... - Returns a lowercase list of all role names ordered alphabetically
    - f group_delete_cascade ... - Remove the group specified and remove the group from any users who used it
    - f list_groups ... - Returns a lowercase list of all groups ordered alphabetically
    - f user ... - Returns a dictionary in the following format:
    - f user_exists ... - Returns True if a user exists with the given username, False otherwise. Usernames are case insensitive.
    - f user_create ... - Create a new user with the username, password and group name specified.
    - f role_exists ... - Returns True if the role exists, False otherwise. Roles are case insensitive.
    - f user_delete ... - Remove the user with the specified username
    - f group_exists ... - Returns True if the group exists, False otherwise. Groups are case insensitive.
    - f user_has_role ... - Returns True if the user has the role specified, False otherwise. Raises an exception if the user doesn't exist.
    - f list_users ... - Returns a lowecase list of all usernames ordered alphabetically
    - f role_delete ... - Remove the role specified. Rasies an exception if the role is still in use. To delete the role and remove it from all existing users use role_delete_cascade()
    - f user_has_password ... - Passwords are case sensitive. Returns True if the user has the password specified, False otherwise. Raises an exception if the user doesn't exist.
    - f user_has_group ... - Returns True if the user has the group specified, False otherwise. Raises an exception if the user doesn't exist.
    - f role_create ... - Add a new role to the system
  - C AuthKitNotSupportedError ...
  - C AuthKitNoSuchGroupError ...
  - C AuthKitNoSuchUserError ...
  - C UsersFromFile ... - A Users class with the same implementation as UsersFromString except that user information is obtained from a file. The file should contain user information in the same format as the string accepted for UsersFromString.
    - f user_password ... - Returns the password associated with the user or None if no password exists. Raises an exception is the user doesn't exist.
    - f user_group ... - Returns the group associated with the user or None if no group is associated. Raises an exception is the user doesn't exist.
    - f user_add_role ... - Sets the user's role to the lowercase of role. If the role doesn't exist and add_if_necessary is True the role will also be added. Otherwise an AuthKitNoSuchRoleError will be raised. Raises an exception if the user doesn't exist.
    - f __init__ ...
    - f user_set_username ... - Sets the user's username to the lowercase of new_username. Raises an exception if the user doesn't exist or if there is already a user with the username specified by new_username.
    - f group_create ... - Add a new group to the system
    - f user_set_group ... - Sets the user's group to the lowercase of group or None. If the group doesn't exist and add_if_necessary is True the group will also be added. Otherwise an AuthKitNoSuchGroupError will be raised. Raises an exception if the user doesn't exist.
    - f user_remove_role ... - Removes the role from the user specified by username. Raises an exception if the user doesn't exist.
    - f user_roles ... - Returns a list of all the role names for the given username ordered alphabetically. Raises an exception if the username doesn't exist.
    - f user_remove_group ... - Sets the group to None for the user specified by username. Raises an exception if the user doesn't exist.
    - f role_delete_cascade ... - Remove the role specified and remove the role from any users who used it
    - f group_delete ... - Remove the group specified. Rasies an exception if the group is still in use. To delete the group and remove it from all existing users use group_delete_cascade()
    - f list_roles ... - Returns a lowercase list of all role names ordered alphabetically
    - f group_delete_cascade ... - Remove the group specified and remove the group from any users who used it
    - f list_groups ... - Returns a lowercase list of all groups ordered alphabetically
    - f user ... - Returns a dictionary in the following format:
    - f user_exists ... - Returns True if a user exists with the given username, False otherwise. Usernames are case insensitive.
    - f user_create ... - Create a new user with the username, password and group name specified.
    - f role_exists ... - Returns True if the role exists, False otherwise. Roles are case insensitive.
    - f user_delete ... - Remove the user with the specified username
    - f group_exists ... - Returns True if the group exists, False otherwise. Groups are case insensitive.
    - f user_has_role ... - Returns True if the user has the role specified, False otherwise. Raises an exception if the user doesn't exist.
    - f list_users ... - Returns a lowecase list of all usernames ordered alphabetically
    - f role_delete ... - Remove the role specified. Rasies an exception if the role is still in use. To delete the role and remove it from all existing users use role_delete_cascade()
    - f user_has_password ... - Passwords are case sensitive. Returns True if the user has the password specified, False otherwise. Raises an exception if the user doesn't exist.
    - f user_has_group ... - Returns True if the user has the group specified, False otherwise. Raises an exception if the user doesn't exist.
    - f role_create ... - Add a new role to the system
  - f parse ... - Parses the user data
  - f md5 ...
  - m sqlalchemy_driver ...
    - a NULLTYPE ...
    - a default_metadata ...
    - a EXT_PASS ...
    - C UsersFromDatabase ... - Database Versio

Index of the authkit module

Index of the `authkit` module