Changeset 60

Timestamp:

03/12/07 21:56:33

Author:

thejimmyg

Message:

Some more changes, need further testing

Files:

• AuthKit/branches/0.4/authkit/authenticate/__init__.py (modified) (3 diffs)
• AuthKit/branches/0.4/authkit/authorize.py (modified) (3 diffs)
• AuthKit/branches/0.4/authkit/permissions.py (modified) (2 diffs)
• AuthKit/branches/0.4/authkit/pylons_adaptors.py (modified) (3 diffs)
• AuthKit/branches/0.4/test/test.py (modified) (1 diff)

AuthKit/branches/0.4/authkit/authenticate/__init__.py

@@ -720 +720 @@
-    else:
-        raise NotImplementedError('No %r method has been implemented'%method)
-
+
+
+
-def test_app(environ, start_response):
-    """
@@ -736 +738 @@
-    The path ``/`` always displays the environment.
-    """
- and not environ.has_key('REMOTE_USER')
-start_response('401 Not signed in', []
-el
+
+authorize(environ, RemoteUser()
+
-        start_response('200 OK', [('Content-type', 'text/plain')])
-        if environ.has_key('REMOTE_USER'):
@@ -749 +751 @@
-    else:
-        start_response('200 OK', [('Content-type', 'text/plain')])
-%s: %s\n'%(k,v) for k,v in environ.items()]    
-
+You Have Access To This Page.\n\nHere is the environment...\n\n%s: %s\n'%(k,v) for k,v in environ.items()]
+

AuthKit/branches/0.4/authkit/authorize.py

@@ -25 +25 @@
-
-from paste import httpexceptions
+from authkit.permissions import PermissionSetupError
+from authkit.authorize import NotAuthenticatedError, NotAuthorizedError
-
-#
@@ -66 +68 @@
-    """
-    pass
+
+class _PermissionStartResponse:
+    def __init__(self, status, headers, exc_info=None):
+        pass
+
+class _PermissionList(list):
+    def __iter__(self):
+        raise FiddledWith('Fiddled with response')
+    
+class _FiddledWith(Exception):
+    pass
+
+
-
-#
@@ -129 +144 @@
-    return decorate
-
+def authorize_request(environ, permission):
+    """
+    This function can be used within a controller action to ensure that no code 
+    after the function call is executed if the user doesn't pass the permission
+    check specified by ``permission``.
+
+    .. Note ::
+
+        Unlike the ``authorize()`` decorator or
+        ``authkit.authorize.middleware`` middleware, this function has no
+        access to the WSGI response so cannot be used to check response-based
+        permissions.  Since almost all AuthKit permissions are request-based
+        this shouldn't be a big problem unless you are defining your own 
+        advanced permission checks.
+    """
+    error = PermissionSetupError(
+        'The permissions being authorized require access to a response '
+        'and so cannot be used to authorize based on a request alone. '
+        'Try using the authkit.authorize.middleware or the authorize decorator.'
+    )
+    if permission.require_response:
+        raise error
+    else:
+        try:
+            def dummy_app(environ, start_response):
+                if not start_response == _PermissionStartResponse:
+                    raise _FiddledWith('Fiddled with start_response %r'%start_response)
+                start_response(
+                    '1000 Test Response For Permissions Check', 
+                    [('Content-type','text/plain')]
+                )
+                return _PermissionList('''Dummy response from permission check.''')
+            
+            if not isinstance(
+                permission.check(
+                    dummy_app, 
+                    environ, 
+                    _PermissionStartResponse
+                ), 
+                _PermissionList
+            ):
+                raise _FiddledWith('Fiddled with response')
+        except _FiddledWith:
+            raise error
+
+def authorized(environ, permission):
+    try:
+        authorize_request(environ, permission)
+    except (NotAuthorizedError, NotAuthenticatedError):
+        return False
+    else:
+        return True
+

AuthKit/branches/0.4/authkit/permissions.py

@@ -61 +61 @@
-    The base class for all request-based permissions
-    """
-
-
+
-
-class _TestBadlyLabelledResponseBasedPermission(RequestPermission):
@@ -150 +149 @@
-    ``REMOTE_USER``.
-    
-
-
+
+
+
-    """
-

AuthKit/branches/0.4/authkit/pylons_adaptors.py

@@ -19 +19 @@
-from authkit.permissions import PermissionSetupError
-from authkit.authorize import NotAuthenticatedError, NotAuthorizedError
+from authkit.authorize import authorize_request as authkit_authorize_request
-
-def authorize(permission):
@@ -31 +32 @@
-        return permission.check(app, request.environ, self.start_response)
-    return decorator(validate)
-
-class _PermissionStartResponse:
-    def __init__(self, status, headers, exc_info=None):
-        pass
-
-class _PermissionList(list):
-    def __iter__(self):
-        raise FiddledWith('Fiddled with response')
-    
-class _FiddledWith(Exception):
-    pass
-
-def authorize_request(permission):
@@ -58 +48 @@
-        advanced permission checks.
-    """
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-def authorized(permission):

AuthKit/branches/0.4/test/test.py

@@ +1 @@
+from authkit.authenticate import middleware, test_app
-from paste.fixture import *
-from paste.httpserver import serve
-from authkit.authenticate import middleware, test_app
-
-
+
+
-
-
-
+
+
+
+
+
+
-
-    app = middleware(
-        test_app,
-        method='basic',
-        users_valid=valid,
-    )
-    serve(app, host="0.0.0.0", port=8000)
-
-def test4():
-    app = middleware(
-        test_app,
-        config_file="config:test.ini",
-    )
-    serve(app, host="0.0.0.0", port=8000)
-