Changeset 68
- Timestamp:
- 04/22/07 21:04:29
- Files:
-
- AuthKit/branches/0.4/authkit/authenticate/__init__.py (modified) (3 diffs)
- AuthKit/branches/0.4/authkit/authenticate/basic.py (modified) (6 diffs)
- AuthKit/branches/0.4/authkit/authenticate/cookie.py (moved) (moved from AuthKit/branches/0.4/authkit/authenticate/auth_tkt.py) (19 diffs)
- AuthKit/branches/0.4/authkit/authenticate/digest.py (modified) (7 diffs)
- AuthKit/branches/0.4/authkit/authenticate/form.py (modified) (3 diffs)
- AuthKit/branches/0.4/authkit/authenticate/forward.py (modified) (3 diffs)
- AuthKit/branches/0.4/authkit/authenticate/multi.py (modified) (5 diffs)
- AuthKit/branches/0.4/authkit/authenticate/open_id.py (moved) (moved from AuthKit/branches/0.4/authkit/authenticate/passurl.py) (19 diffs)
- AuthKit/branches/0.4/authkit/authenticate/redirect.py (modified) (1 diff)
- AuthKit/branches/0.4/authkit/authorize.py (modified) (4 diffs)
- AuthKit/branches/0.4/authkit/permissions.py (modified) (6 diffs)
- AuthKit/branches/0.4/authkit/users/__init__.py (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
AuthKit/branches/0.4/authkit/authenticate/__init__.py
r67 r68 11 11 * HTTP Basic (``basic``) 12 12 * HTTP Digest (``digest``) 13 * OpenID Passurl (`` passurl``)13 * OpenID Passurl (``openid``) 14 14 * Form and Cookie (``form``) 15 15 * Forward (``forward``) 16 * Redirect (``redirect``) 16 17 17 18 The authenticate middleware can be configured directly or by means of a Paste … … 371 372 # 372 373 373 class AddToEnviron :374 class AddToEnviron(object): 374 375 """ 375 376 Simple middleware which adds a key to the ``environ`` dictionary. … … 387 388 return self.app(environ, start_response) 388 389 389 class RequireEnvironKey :390 class RequireEnvironKey(object): 390 391 def __init__(self, app, key, missing_error='Missing the key %(key)s from the environ. Have you setup the correct middleware?'): 391 392 self.app = app AuthKit/branches/0.4/authkit/authenticate/basic.py
r67 r68 37 37 from paste.httpexceptions import HTTPUnauthorized 38 38 from paste.httpheaders import * 39 from authkit.authenticate.multi import MultiHandler, status_checker 40 from authkit.authenticate import get_template, valid_password, \ 41 get_authenticate_function, strip_base, RequireEnvironKey 39 42 40 class AuthBasicAuthenticator :43 class AuthBasicAuthenticator(object): 41 44 """ 42 45 implements ``Basic`` authentication details … … 66 69 __call__ = authenticate 67 70 68 class AuthBasicHandler :71 class AuthBasicHandler(object): 69 72 """ 70 73 HTTP/1.0 ``Basic`` authentication middleware … … 99 102 def __call__(self, environ, start_response): 100 103 if environ.has_key('authkit.multi'): 101 # Shouldn't ever allow a response if this is called via the multi handler 104 # Shouldn't ever allow a response if this is called via the 105 # multi handler 102 106 authenitcation = self.authenticate.build_authentication() 103 107 return authenitcation.wsgi_application(environ, start_response) … … 108 112 middleware = AuthBasicHandler 109 113 110 class TryToAddUsername :114 class TryToAddUsername(object): 111 115 def __init__(self, application, realm, authfunc, users): 112 116 self.application = application … … 121 125 REMOTE_USER.update(environ, result) 122 126 return self.application(environ, start_response) 123 124 from authkit.authenticate.multi import MultiHandler, status_checker125 from authkit.authenticate import get_template, valid_password, get_authenticate_function, strip_base, RequireEnvironKey126 127 127 128 def make_basic_handler( … … 147 148 return app 148 149 149 # app = MultiHandler(app)150 # app.add_method('redirect', HandleRedirect, redirect_to = auth_conf['signin'])151 # app.add_checker('redirect', status_checker)152 # return app153 AuthKit/branches/0.4/authkit/authenticate/cookie.py
r67 r68 1 """Cookie handling based on paste.auth.auth_tkt but with some bug fixes and improvements 1 """Cookie handling based on paste.auth.auth_tkt but with some bug fixes and 2 improvements 2 3 3 4 Supported cookie options (described in detail in the AuthKit manual):: … … 28 29 #. We need the BadTicket handling in place 29 30 #. We need to be able to use a custom AuthTicket 30 #. The custom AuthTicket should accept cookie params specifiable in the config file 31 #. The cookie timestamp should be available in the environment as paste.auth_tkt.timestamp 31 #. The custom AuthTicket should accept cookie params specifiable in the 32 config file 33 #. The cookie timestamp should be available in the environment as 34 paste.auth_tkt.timestamp 32 35 33 36 .. Warning :: 34 37 35 You shouldn't rely on the bad ticket or server side expires code because when36 they are triggered, the sign in form isn't displayed.37 38 Instead it is better to let the cookie expire naturally. For this reason the39 server side expiration allows a second longer than the cookie expire time so it40 only kicks in if the cookie fails to expire.38 You shouldn't rely on the bad ticket or server side expires code because 39 when they are triggered, the sign in form isn't displayed. 40 41 Instead it is better to let the cookie expire naturally. For this reason 42 the server side expiration allows a second longer than the cookie expire 43 time so it only kicks in if the cookie fails to expire. 41 44 42 45 Here is an example: … … 69 72 # Imports 70 73 # 71 #raise Exception('asdasd') 74 72 75 from paste.deploy.converters import asbool 73 76 from paste.auth.auth_tkt import * … … 77 80 from paste.deploy.converters import asbool 78 81 from authkit.authenticate import strip_base, swap_underscore, AuthKitConfigError 82 79 83 # 80 84 # Setting up logging 81 85 # 82 86 83 log = logging.getLogger('authkit.authenticate. auth_tkt')87 log = logging.getLogger('authkit.authenticate.cookie') 84 88 85 89 # … … 110 114 user_data='', 111 115 time=None, 112 cookie_name='auth _tkt',116 cookie_name='authkit', 113 117 cookie_params=None 114 118 ): … … 117 121 self.cookie_params = {} 118 122 else: 119 # This is a bit of a hack to keep the API consistent with the base classs 123 # This is a bit of a hack to keep the API consistent with the base 124 # classs 120 125 if cookie_params.has_key('secure'): 121 126 secure = asbool(cookie_params.get('secure',False)) … … 142 147 self.ip, self.time, self.secret, self.userid, self.tokens, 143 148 self.user_data) 144 log.debug("Calculating the digest ip %r, time %r, secret %r, userid %r, tokens %r, user_data %r, digest %r", self.ip, self.time, self.secret, self.userid, self.tokens, self.user_data, digest_) 149 log.debug( 150 "Calculating the digest ip %r, time %r, secret %r, userid %r, " 151 "tokens %r, user_data %r, digest %r", 152 self.ip, 153 self.time, 154 self.secret, 155 self.userid, 156 self.tokens, 157 self.user_data, 158 digest_ 159 ) 145 160 return digest_ 146 161 … … 154 169 def cookie(self): 155 170 c = Cookie.SimpleCookie() 156 # XXX Th is is a bug?!171 # XXX There is is a bug in the base class implementation fixed here 157 172 c[self.cookie_name] = self.cookie_value().strip().replace('\n', '') 158 173 for k, v in self.cookie_params.items(): 159 174 if k not in ['path', 'expires']: 160 175 c[self.cookie_name][k] = v 161 # path and secure are handled differently to keep it consistent with the base class API 176 # path and secure are handled differently to keep it consistent with 177 # the base class API 162 178 if not self.cookie_params.has_key('path'): 163 179 c[self.cookie_name]['path'] = '/' … … 170 186 if self.secure: 171 187 c[self.cookie_name]['secure'] = 'true' 172 173 188 return c 174 189 175 # The other methods in the paste file, calculate_digest and encode_ip_timestamp are utility methods176 # which you shouldn't need to use on their own.190 # The other methods in the paste file, calculate_digest and encode_ip_timestamp 191 # are utility methods which you shouldn't need to use on their own. 177 192 178 193 def parse_ticket(secret, ticket, ip): … … 213 228 214 229 def calculate_digest(ip, timestamp, secret, userid, tokens, user_data): 215 log.debug("calculate_digest(ip=%r, timestamp=%r, secret=%r, userid=%r, tokens=%r, user_data=%r)", ip, timestamp, secret, userid, tokens, user_data) 216 230 log.debug( 231 "calculate_digest(ip=%r, timestamp=%r, secret=%r, userid=%r, " 232 "tokens=%r, user_data=%r)", 233 ip, 234 timestamp, 235 secret, 236 userid, 237 tokens, 238 user_data 239 ) 217 240 digest0 = md5.new( 218 241 encode_ip_timestamp(ip, timestamp) + secret + userid + '\0' … … 232 255 return ip_chars + ts_chars 233 256 234 235 236 237 238 257 # 239 258 # Custom AuthKitCookieMiddleware … … 257 276 app, 258 277 secret, 259 name='auth _tkt',278 name='authkit', 260 279 params=None, 261 280 includeip=True, … … 265 284 ): 266 285 log.debug("Setting up the cookie middleware") 267 268 286 secure = False 269 287 if params.has_key('secure') and asbool(params['secure']) == True: … … 284 302 self.cookie_enforce = enforce 285 303 if self.cookie_enforce and not self.cookie_params.has_key('expires'): 286 raise Exception("Cannot enforce cookie expiration since no cookie_params 'expires' has been set") 304 raise Exception( 305 "Cannot enforce cookie expiration since no cookie_params " 306 "'expires' has been set" 307 ) 287 308 288 309 def __call__(self, environ, start_response): … … 293 314 else: 294 315 cookie_value = '' 295 log.debug("Our cookie %r value is therefore %r", self.cookie_name, cookie_value) 296 remote_addr = environ.get('HTTP_X_FORWARDED_FOR', environ.get('REMOTE_ADDR','0.0.0.0')) 297 log.debug("Remote addr %r, value %r, include_ip %r", remote_addr, cookie_value, self.include_ip) 298 316 log.debug( 317 "Our cookie %r value is therefore %r", 318 self.cookie_name, 319 cookie_value 320 ) 321 remote_addr = environ.get( 322 'HTTP_X_FORWARDED_FOR', 323 environ.get('REMOTE_ADDR','0.0.0.0') 324 ) 325 log.debug( 326 "Remote addr %r, value %r, include_ip %r", 327 remote_addr, 328 cookie_value, 329 self.include_ip, 330 ) 299 331 if cookie_value: 300 332 if self.include_ip: … … 318 350 ) 319 351 if not msg: 320 msg = 'Bad cookie, you have been signed out. \n' 321 msg += 'If this problem persists please clear your browser\'s cookies.' 352 msg = 'Bad cookie, you have been signed out.\n If this' 353 msg += 'problem persists please clear your browser\'s ' 354 msg += 'cookies.' 322 355 return [msg] 323 356 try: 324 log.debug("Parsing ticket secret %r, cookie value %r, remote address %s", self.secret, cookie_value, remote_addr) 357 log.debug( 358 "Parsing ticket secret %r, cookie value %r, " 359 "remote address %s", 360 self.secret, 361 cookie_value, 362 remote_addr, 363 ) 325 364 timestamp, userid, tokens, user_data = parse_ticket( 326 self.secret, cookie_value, remote_addr) 365 self.secret, 366 cookie_value, 367 remote_addr 368 ) 327 369 except BadTicket, e: 328 370 if e.expected: 329 log.error("BadTicket: %s Expected: %s" %(e, e.expected))371 log.error("BadTicket: %s Expected: %s", e, e.expected) 330 372 else: 331 log.error("BadTicket: %s"%e) 332 373 log.error("BadTicket: %s", e) 333 374 return bad_ticket_app(environ, start_response) 334 375 else: 335 376 now = time.time() 336 log.debug("Cookie enforce: %s"%self.cookie_enforce) 337 log.debug("Time difference: %s"% str(now-timestamp)) 338 log.debug("Cookie params expire: %s"%self.cookie_params.get('expires')) 339 if self.cookie_enforce and now - timestamp > float(self.cookie_params['expires']) + 1: 340 return bad_ticket_app(environ, start_response, msg="Cookie expired.") 377 log.debug("Cookie enforce: %s", self.cookie_enforce) 378 log.debug("Time difference: %s", str(now-timestamp)) 379 log.debug( 380 "Cookie params expire: %s", 381 self.cookie_params.get('expires') 382 ) 383 if self.cookie_enforce and now - timestamp > \ 384 float(self.cookie_params['expires']) + 1: 385 return bad_ticket_app( 386 environ, 387 start_response, 388 msg="Cookie expired." 389 ) 341 390 else: 342 391 environ['paste.auth_tkt.timestamp'] = timestamp … … 426 475 return cookies 427 476 428 429 430 431 477 def make_cookie_handler( 432 478 app, … … 442 488 cookie_args[k] = v 443 489 if not cookie_args.has_key('secret'): 444 raise AuthKitConfigError('No cookie secret specified under %r'%(prefix+'secret')) 445 490 raise AuthKitConfigError( 491 'No cookie secret specified under %r'%(prefix+'secret') 492 ) 446 493 app = AuthKitCookieMiddleware( 447 494 app, … … 452 499 return app 453 500 454 455 AuthKit/branches/0.4/authkit/authenticate/digest.py
r67 r68 44 44 from paste.httpheaders import * 45 45 import md5, time, random, urllib2 46 from authkit.authenticate.multi import MultiHandler, status_checker 47 from authkit.authenticate import AuthKitConfigError, get_template, \ 48 valid_password, get_authenticate_function, strip_base, RequireEnvironKey 46 49 47 50 def digest_password(realm, username, password): … … 49 52 return md5.md5("%s:%s:%s" % (username,realm,password)).hexdigest() 50 53 51 class AuthDigestAuthenticator :54 class AuthDigestAuthenticator(object): 52 55 """ implementation of RFC 2617 - HTTP Digest Authentication """ 53 56 def __init__(self, realm, authfunc): … … 69 72 return HTTPUnauthorized(headers=head) 70 73 71 def compute(self, ha1, username, response, method, 72 path, nonce, nc, cnonce, qop): 73 """ computes the authentication, raises error if unsuccessful """ 74 def compute( 75 self, 76 ha1, 77 username, 78 response, 79 method, 80 path, 81 nonce, 82 nc, 83 cnonce, 84 qop 85 ): 86 """Computes the authentication, raises error if unsuccessful """ 74 87 if not ha1: 75 88 return self.build_authentication() … … 128 141 __call__ = authenticate 129 142 130 class AuthDigestHandler :143 class AuthDigestHandler(object): 131 144 """ 132 145 middleware for HTTP Digest authentication (RFC 2617) … … 182 195 def __call__(self, environ, start_response): 183 196 if environ.has_key('authkit.multi'): 184 # Shouldn't ever allow a response if this is called via the multi handler 197 # Shouldn't ever allow a response if this is called via the 198 # multi handler 185 199 authenitcation = self.authenticate.build_authentication() 186 200 return authenitcation.wsgi_application(environ, start_response) … … 192 206 return result.wsgi_application(environ, start_response) 193 207 194 class TryToAddUsername :208 class TryToAddUsername(object): 195 209 def __init__(self, application, realm, authfunc, users): 196 210 self.application = application … … 207 221 AUTH_TYPE.update(environ,'digest') 208 222 REMOTE_USER.update(environ, result) 209 210 223 return self.application(environ, start_response) 211 224 212 225 middleware = AuthDigestHandler 213 214 from authkit.authenticate.multi import MultiHandler, status_checker215 from authkit.authenticate import AuthKitConfigError, get_template, valid_password, get_authenticate_function, strip_base, RequireEnvironKey216 226 217 227 def make_digest_handler( AuthKit/branches/0.4/authkit/authenticate/form.py
r67 r68 8 8 from paste.auth.form import AuthFormHandler 9 9 from paste.request import construct_url, parse_formvars 10 from authkit.authenticate import get_template, valid_password, get_authenticate_function, strip_base, RequireEnvironKey 10 from authkit.authenticate import get_template, valid_password, \ 11 get_authenticate_function, strip_base, RequireEnvironKey 11 12 from authkit.authenticate.multi import MultiHandler, status_checker 12 13 13 14 14 template = """\ … … 43 43 44 44 def __call__(self, environ, start_response): 45 # Shouldn't ever allow a response if this is called via the multi handler 45 # Shouldn't ever allow a response if this is called via the 46 # multi handler 46 47 username = environ.get('REMOTE_USER','') 47 48 if 'POST' == environ['REQUEST_METHOD']: … … 74 75 app, 75 76 'paste.auth_tkt.set_user', 76 missing_error='Missing the key %(key)s from the environ. Have you added the cookie method after the form method?' 77 missing_error=( 78 'Missing the key %(key)s from the environ. ' 79 'Have you added the cookie method after the form method?' 80 ) 77 81 ) 78 79 82 template_conf = strip_base(auth_conf, 'template.') 80 83 if template_conf: AuthKit/branches/0.4/authkit/authenticate/forward.py
r59 r68 5 5 """ 6 6 7 from paste.recursive import RecursiveMiddleware, ForwardRequestException, CheckForRecursionMiddleware 7 from paste.recursive import RecursiveMiddleware, ForwardRequestException, \ 8 CheckForRecursionMiddleware 8 9 from authkit.authenticate.multi import MultiHandler, status_checker 9 10 from authkit.authenticate import AuthKitConfigError 10 11 11 class Redirect :12 class Redirect(object): 12 13 def __init__(self, app, forward_signin): 13 14 self.app = app … … 17 18 raise ForwardRequestException(self.signin_path) 18 19 19 class MyRecursive :20 class MyRecursive(object): 20 21 def __init__(self, app): 21 22 self.application = app … … 47 48 app.add_checker('forward', status_checker) 48 49 app = MyRecursive(RecursiveMiddleware(app)) 49 #app = load_cookie_middleware(app, final, prefix)50 50 return app 51 #52 #53 # authenticate_conf = strip_base(auth_conf, 'authenticate.')54 # app, authfunc = get_authenticate_function(55 # app,56 # authenticate_conf,57 # prefix=prefix+'authenticate.',58 # format='digest'59 # )60 # if not auth_conf.has_key('realm'):61 # raise AuthKitConfigError('No %s specified'%(prefix+'realm'))62 # app = MultiHandler(app)63 # app.add_method('digest', middleware, auth_conf['realm'], authfunc)64 # app.add_checker('digest', status_checker)65 # app = TryToAddUsername(app, auth_conf['realm'], authfunc)66 # return app67 #68 51 AuthKit/branches/0.4/authkit/authenticate/multi.py
r67 r68 44 44 for (checker,binding) in self.predicate: 45 45 if checker(environ): 46 log.debug("MultMiddleware self.predicate check() returning %r", binding) 46 log.debug( 47 "MultMiddleware self.predicate check() returning %r", 48 binding 49 ) 47 50 environ['authkit.multi'] = True 48 51 return binding(environ, logging_start_response) 49 52 for (checker,binding) in self.checker: 50 53 if not len(status_): 51 raise Exception('No status was returned by the applicaiton') 54 raise Exception( 55 'No status was returned by the applicaiton' 56 ) 52 57 if not len(headers_): 53 raise Exception('No headers were returned by the application') 58 raise Exception( 59 'No headers were returned by the application' 60 ) 54 61 if checker(environ, status_[0], headers_ and headers_[0] or []): 55 log.debug("MultMiddleware self.checker check() returning %r", binding) 62 log.debug( 63 "MultMiddleware self.checker check() returning %r", 64 binding 65 ) 56 66 environ['authkit.multi'] = True 57 67 return binding(environ, logging_start_response) … … 63 73 for data in app_iter: 64 74 if not called: 65 raise Exception('WSGI start_response was not called before a result was returned') 75 raise Exception( 76 'WSGI start_response was not called before a result was ' 77 'returned' 78 ) 66 79 else: 67 80 if not checked: … … 70 83 result = check() 71 84 except NoBindingFoundError, e: 72 log.debug("MutliMiddleware: No binding was found for the check") 73 start_response(status_[0], headers_ and headers_[0] or [], exc_info_[0]) 85 log.debug( 86 "Multi: No binding was found for the check" 87 ) 88 start_response( 89 status_[0], 90 headers_ and headers_[0] or [], 91 exc_info_[0] 92 ) 74 93 else: 75 # Commented out because it could create huge logs very quickly! 76 log.debug("Binding matched, returning result %r", result) 94 # Commented out because it could create huge logs! 95 # log.debug( 96 # "Binding matched, returning result %r", 97 # result 98 # ) 77 99 return result 78 100 f.append(data) … … 82 104 83 105 def status_checker(environ, status, headers): 84 log.debug("Status checker recieved status %r, headers %r, intecept %r", status, headers, environ['authkit.intercept']) 106 """ 107 Used by AuthKit to intercept statuses specified in the config file 108 option ``authkit.intercept``. 109 """ 110 log.debug( 111 "Status checker recieved status %r, headers %r, intecept %r", 112 status, 113 headers, 114 environ['authkit.intercept'] 115 ) 85 116 if str(status[:3]) in environ['authkit.intercept']: 86 117 log.debug("Status checker returns True") … … 88 119 log.debug("Status checker returns False") 89 120 return False 121 AuthKit/branches/0.4/authkit/authenticate/open_id.py
r67 r68 2 2 3 3 .. Note:: 4 5 "Passurl" is a trademark of James Gardner 2005.6 4 7 5 If you want to test this module feel free to setup an account at … … 11 9 Full documentation on the use of this OpenID module is in the AuthKit manual. 12 10 """ 13 14 # TODO: Package up the OpenID Libraries into an egg so they don't need15 # installing manually16 17 11 18 12 import cgi … … 22 16 from authkit.authenticate import AuthKitConfigError 23 17 from paste.request import construct_url 24 25 #try:26 18 from openid.consumer import consumer 27 19 from openid.oidutil import appendArgs 28 20 from yadis.discover import DiscoveryFailure 29 21 from urljr.fetchers import HTTPFetchingError 30 #except ImportError: 31 # raise Exception("Could not import all the requried OpenID libraries. Have you manually installed them?") 22 from authkit.authenticate import get_template, valid_password, \ 23 get_authenticate_function, strip_base, RequireEnvironKey 24 from authkit.authenticate.multi import MultiHandler, status_checker 32 25 33 26 template = """\ … … 39 32 <form action="$action" method="post"> 40 33 <dl> 41 <dt> Passurl:</dt>42 <dd><input type="text" name=" passurl" value="$value"></dd>34 <dt>OpenID Passurl:</dt> 35 <dd><input type="text" name="openid" value="$value"></dd> 43 36 </dl> 44 37 <input type="submit" name="authform" /> … … 62 55 return template 63 56 64 class PassURLSignIn :57 class PassURLSignIn(object): 65 58 """ 66 This middleware is triggered when the authenticate middleware catches a 401 response67 68 The form is submitted to the verify URL which the othermiddleware handles59 This middleware is triggered when the authenticate middleware catches 60 a 401 response. The form is submitted to the verify URL which the other 61 middleware handles 69 62 """ 70 63 def __init__(self, app, template, path_verify, baseurl=''): … … 75 68 76 69 def __call__(self, environ, start_response): 77 baseurl = self.baseurl or construct_url(environ, with_query_string=False, with_path_info=False) 78 # XXX For registration support this should render hidden fields with the sreg options 70 baseurl = self.baseurl or construct_url( 71 environ, 72 with_query_string=False, 73 with_path_info=False 74 ) 75 # XXX For registration support this should render hidden fields 76 # with the sreg options 79 77 content = render( 80 78 self.template, … … 124 122 class AuthOpenIDHandler: 125 123 """ 126 The template should be setup from authkit.passurl.template.file or authkit.passurl.template.obj before we get here! 124 The template should be setup from authkit.open_id.template.file or 125 authkit.open_id.template.obj before we get here! 127 126 """ 128 127 def __init__( … … 135 134 template=None, 136 135 session_secret=None, 137 session_key='authkit_ passurl',136 session_key='authkit_openid', 138 137 session_middleware='beaker.session', 139 138 path_verify='/verify', … … 144 143 self.baseurl = baseurl 145 144 self.template = template 146 #self.path_signin = path_signin147 145 self.path_signedin = path_signedin 148 146 self.path_verify = path_verify … … 176 174 def verify(self, environ, start_response): 177 175 # XXX This method should accept sreg options and continue with them 178 baseurl = self.baseurl or construct_url(environ, with_query_string=False, with_path_info=False) 176 baseurl = self.baseurl or construct_url( 177 environ, 178 with_query_string=False, 179 with_path_info=False 180 ) 179 181 params = dict(paste.request.parse_formvars(environ)) 180 openid_url = params.get(' passurl')182 openid_url = params.get('openid') 181 183 if not openid_url: 182 184 response = render( … … 267 269 268 270 def process(self, environ, start_response): 269 baseurl = self.baseurl or construct_url(environ, with_query_string=False, with_path_info=False) 271 baseurl = self.baseurl or construct_url( 272 environ, 273 with_query_string=False, 274 with_path_info=False 275 ) 270 276 value = '' 271 277 css_class = 'error' … … 278 284 fmt = "Verification of %s failed." 279 285 message = fmt % (cgi.escape(info.identity_url),) 280 environ['wsgi.errors'].write("PassURL Message: %s %s"%(message,info.message)) 286 environ['wsgi.errors'].write( 287 "Passurl Message: %s %s"%(message,info.message) 288 ) 281 289 elif info.status == consumer.SUCCESS: 282 290 username = info.identity_url … … 308 316 message = 'Verification cancelled' 309 317 else: 310 environ['wsgi.errors'].write("Pass URLMessage: %s"%info.message)318 environ['wsgi.errors'].write("Passurl Message: %s"%info.message) 311 319 message = 'Verification failed.' 312 320 value = self._quoteattr(info.identity_url) … … 341 349 qs = cgi.escape(s, 1) 342 350 return '"%s"' % (qs,) 343 344 345 346 347 from authkit.authenticate import get_template, valid_password, get_authenticate_function, strip_base, RequireEnvironKey348 from authkit.authenticate.multi import MultiHandler, status_checker349 350 351 352 351 353 352 def make_passurl_handler( … … 356 355 app_conf=None, 357 356 global_conf=None, 358 prefix='authkit. passurl',357 prefix='authkit.openid', 359 358 ): 360 359 global template … … 364 363 template_ = get_template(template_conf, prefix=prefix+'template.') 365 364 366 367 365 # Note, the session middleware should already be setup by now 368 366 # if we are not using beaker 369 from authkit.authenticate.passurl import PassURLSignIn, AuthOpenIDHandler, template370 367 app = MultiHandler(app) 371 368 app.add_method( 372 ' passurl',369 'openid', 373 370 PassURLSignIn, 374 371 template_, … … 376 373 baseurl=auth_conf.get('baseurl',''), 377 374 ) 378 app.add_checker(' passurl', status_checker)375 app.add_checker('openid', status_checker) 379 376 urltouser = auth_conf.get('urltouser', None) 380 377 if isinstance(urltouser, str): 381 378 urltouser = eval_import(urltouser) 382 383 379 for option in ['store.type', 'store.config', 'path.signedin']: 384 380 if not auth_conf.has_key(option): 385 raise AuthKitConfigError('Missing the config key %s%s'%(prefix, option)) 386 381 raise AuthKitConfigError( 382 'Missing the config key %s%s'%(prefix, option) 383 ) 387 384 app = AuthOpenIDHandler( 388 385 app, … … 395 392 urltouser = urltouser 396 393 ) 397 398 394 session_middleware = 'beaker.session' 399 395 session_secret = 'asdasd' 400 session_key = 'authkit_ passurl'396 session_key = 'authkit_openid' 401 397 if session_middleware == 'beaker.session': 402 398 if not session_secret: … … 404 400 from beaker.session import SessionMiddleware 405 401 app = SessionMiddleware(app, key=session_key, secret=session_secret) 406 407 #app = load_cookie_middleware(app, final, prefix)408 402 return app 409 403 AuthKit/branches/0.4/authkit/authenticate/redirect.py
r61 r68 1 """\ 2 Redirect middleware to redirect the browser to a different URL for sign in 3 """ 1 4 from authkit.authenticate import middleware 2 5 from authkit.authenticate.multi import MultiHandler, status_checker 3 6 4 class HandleRedirect :7 class HandleRedirect(object): 5 8 def __init__(self, app, redirect_to): 6 9 self.app = app AuthKit/branches/0.4/authkit/authorize.py
r61 r68 71 71 pass 72 72 73 class _PermissionStartResponse :73 class _PermissionStartResponse(object): 74 74 def __init__(self, status, headers, exc_info=None): 75 75 pass … … 88 88 # 89 89 90 class _Authorize :90 class _Authorize(object): 91 91 def __init__(self, app, permission): 92 92 self.app = app … … 106 106 raise 107 107 108 class _PermissionStartResponse :108 class _PermissionStartResponse(object): 109 109 def __init__(self, status, headers, exc_info=None): 110 110 pass … … 166 166 'Try using the authkit.authorize.middleware or the authorize decorator.' 167 167 ) 168 #if permission.require_response:169 # raise error170 #else:171 168 try: 172 169 def dummy_app(environ, start_response): AuthKit/branches/0.4/authkit/permissions.py
r67 r68 21 21 """ 22 22 23 from authkit.authorize import PermissionError, NotAuthenticatedError, NotAuthorizedError, middleware 23 from authkit.authorize import PermissionError, NotAuthenticatedError 24 from authkit.authorize import NotAuthorizedError, middleware 24 25 from authkit.authenticate import no_authkit_users_in_environ 25 26 … … 32 33 33 34 34 class Permission :35 class Permission(object): 35 36 """ 36 37 The base class for all permissions objects. … … 208 209 raise self.error 209 210 else: 210 raise NotAuthorizedError("User doesn't have the role %s"%role.lower()) 211 raise NotAuthorizedError( 212 "User doesn't have the role %s"%role.lower() 213 ) 211 214 return app(environ, start_response) 212 215 else: … … 217 220 raise self.error 218 221 else: 219 raise NotAuthorizedError("User doesn't have any of the specified roles") 222 raise NotAuthorizedError( 223 "User doesn't have any of the specified roles" 224 ) 220 225 221 226 class HasAuthKitGroup(RequestPermission): … … 261 266 raise self.error 262 267 else: 263 raise NotAuthorizedError("User is not a member of the specified group(s) %r"%self.groups) 268 raise NotAuthorizedError( 269 "User is not a member of the specified group(s) %r"%self.groups 270 ) 264 271 265 272 class ValidAuthKitUser(UserIn): … … 277 284 raise NotAuthenticatedError('Not Authenticated') 278 285 if not environ['authkit.users'].user_exists(environ['REMOTE_USER']): 279 raise NotAuthorizedError('You are not one of the users allowed to access this resource.') 280 return app(environ, start_response) 286 raise NotAuthorizedError( 287 'You are not one of the users allowed to access this resource.' 288 ) 289 return app(environ, start_response) 290 AuthKit/branches/0.4/authkit/users/__init__.py
r67 r68 76 76 pass 77 77 78 class Users :78 class Users(object): 79 79 """ 80 80 Base class from which all other Users classes should be derived.
</