AuthKit

 

authenticate

Authentication middleware

The authenticate module is accessible via the authkit module.

This module provides one piece of middleware named authkit.authenticate.middleware which is used to intercept responses with a specified status code, present a user with a means of authenticating themselves and handle the sign in process.

Each of the authentication methods supported by the middleware is described in detail in the main AuthKit manual. The methods include:

The authenticate middleware can be configured directly or by means of a Paste deploy config file as used by Pylons. It can be used directly like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
from authkit.authenticate import middleware, test_app
from paste.httpserver import serve

import sys
app = middleware(
    test_app,
    enable = True,
    method = 'passurl',
    cookie_secret='some_secret',
)

serve(app, host='0.0.0.0', port=8000)

Attributes

a log

<logging.Logger instance at 0xb7645eec>

a no_authkit_users_in_environ

<authkit.permissions.AuthKitConfigError instance at 0xb764bcac>

Functions

f digest_password(environ, realm, username) ...

This is similar to valid_password() but is used with the digest authentication method and rather than checking a username and password and returning True or False it takes the realm and username as input, looks up the correct password and and returns a digest by calling the authkit.authenticate.digest.digest_password() function with the parameters realm, username and password respectively. The digest returned is then compared with the one submitted by the browser.

As with valid_password() this method is designed to work with the user management API so you can use it with authkit.users objects or your own custom Users objects. Alternatively you can specify your own function which can lookup the password in whichever way you prefer, perhaps from a database or LDAP connection.

Only required if you intend to use HTTP digest authentication.

f get_authenticate_function(app, authenticate_conf, format, prefix) ...

Sets up the users object, adds the middleware to add the users object to the environ and then returns authenticate methods to check a password and a digest.

f get_methods() ...

Get a dictionary of the available method entry points.

f get_template(template_conf, prefix) ...

Another utility method to reduce code duplication. This function parses a template from one of the available template options:

string
The template as a string
file
A file containing the template
obj
A paste eval_import string or callable which returns a string

authkit.form.template.string = authkit.form.template.file = authkit.form.template.obj =

f load_config(options, app_conf, prefix) ...

f load_method(name, from_these=None) ...

f middleware(app, app_conf=None, global_conf=None, prefix='authkit.', handle_httpexception=True, middleware=None, **options) ...

This function sets up the AuthKit authenticate middleware and its use and options are described in detail in the AuthKit manual.

The function takes the following arguments and returns a WSGI application wrapped in the appropriate AuthKit authentication middleware based on the options specified:

app
The WSGI application the authenticate middleware should wrap
app_conf
A paste deploy app_conf dictionary to be used to setup the middleware
global_conf
A paste deploy global_conf dictionary
prefix
The prefix which all authkit related options in the config file will have prefixed to their names. This defaults to authkit. and shouldn't normally need overriding.
middleware
A make_middleware function which should be called directly instead of loading and calling a function based on the method name. If this is set then authkit.setup.methof should not be set.
**options
Any AuthKit options which are setup directly in Python code. If specified, these options will override any options specifed in a config file.

All option names specified in the config file will have their prefix removed and any . characters replaced by _ before the options specified by options are merged in. This means that the the option authkit.cookie.name specified in a config file sets the same options as cookie_name specified directly as an option.

f sample_app(environ, start_response) ...

A sample WSGI application that returns a 401 status code when the path /private is entered, triggering the authenticate middleware to prompt the user to sign in.

If used with the authenticate middleware's form method, the path /signout will display a signed out message if authkit.cookie.signout = /signout is specified in the config file.

If used with the authenticate middleware's forward method, the path /signin should be used to display the sign in form.

The path / always displays the environment.

f strip_base(conf, base) ...

f swap_underscore(*confs) ...

f valid_password(environ, username, password) ...

A function which can be used with the basic and form authentication methods to validate a username and passowrd.

This implementation is used by default if no other method is specified. It checks the for an authkit.users object present in the environ dictionary under the authkit.users key and uses the information there to validate the username and password.

In this implementation usernames are case insensitive and passwords are case sensitive. The function returns True if the user username has the password specified by password and returns False if the user doesn't exist or the password is incorrect.

If you create and specify your own authkit.users object with the same API, this method will also work correctly with your custom solution. See the AuthKit manual for information on the user management api, how to specify a different authkit.users object (say to read user information from a file rather than have it specified directly) and for information on how to create your own Users objects.

Classes

C AddDictToEnviron(...) ...

Simple middleware which adds the values of a dict to the environ.

This class contains 2 members.

C AddToEnviron(...) ...

Simple middleware which adds a key to the environ dictionary.

Used to add the authkit.users key to the environ when this is appropriate.

This class contains 2 members.

C AuthKitAuthHandler(...) ...

The base class for all middleware responsible for handling authentication and setting whatever needs to be set so that the AuthKitUserSetter middleware can set REMOTE_USER on subsequent requests. AuthKitAuthHandler``s only get inserted into the middleware stack if an appropriate status code (as set in the ``authkit.setup.intercept config option) is intercepted by the authentication middleware.

This class contains 1 member.

C AuthKitUserSetter(...) ...

The base class for all middleware responsible for attempting to set REMOTE_USER on each request. The class is overridden by the induvidual handlers.

This class contains 1 member.

C RequireEnvironKey(...) ...

This class contains 2 members.

Modules

The authkit.authenticate module exposes 9 submodules:

basic
HTTP basic authentication middleware
cookie
Cookie handling based on paste.auth.auth_tkt but with some bug fixes and improvements
digest
HTTP digest authentication middleware
form
Form and cookie based authentication middleware
forward
Internal forward middleware for manual authentication handling
multi
Middleware that can dynamically change the stack based on status or headers
open_id
Highly flexible OpenID based authentication middleware
redirect
Redirect middleware to redirect the browser to a different URL for sign in
sso
Authenticate Single Sign-On Middleware

See the source for more information.