Changeset 71

Timestamp:

05/28/07 14:52:00

Author:

thejimmyg

Message:

Added sqlalchemy user API driver, as well as new permissions - IPFrom and BetweenTimes? and upgraded template code to use a function

Files:

• AuthKit/branches/0.4/authkit/authenticate/__init__.py (modified) (6 diffs)
• AuthKit/branches/0.4/authkit/authenticate/form.py (modified) (2 diffs)
• AuthKit/branches/0.4/authkit/authenticate/open_id.py (modified) (2 diffs)
• AuthKit/branches/0.4/authkit/permissions.py (modified) (5 diffs)
• AuthKit/branches/0.4/authkit/users/sqlalchemy_driver.py (added)
• AuthKit/branches/0.4/examples/user/database/app.py (modified) (2 diffs)
• AuthKit/branches/0.4/examples/user/database/create.py (modified) (1 diff)

AuthKit/branches/0.4/authkit/authenticate/__init__.py

@@ -48 +48 @@
-from paste.httpexceptions import HTTPExceptionHandler
-
+from authkit.authorize import authorize_request
+from authkit.permissions import RemoteUser, no_authkit_users_in_environ, AuthKitConfigError
+
-#
-# Setting up logging
@@ -58 +61 @@
-#
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
-
-#
@@ -314 +306 @@
-    ``template_obj``
-        A paste eval_import string or callable which returns a string
-    
-    ``base_part`` is added to the option name before the option is looked 
-    for. This means the code can be used to load templates for various different
-    authentication methods with different config options names.
-
-
-    authkit.method.form.template.string = 
@@ -351 +338 @@
-            )
-    elif template_conf.keys()[0] == 'obj':
-
-
-
-
+
-        if not template:
-            raise AuthKitConfigError(
@@ -366 +350 @@
-    if not template:
-        raise AuthKitConfigError("The template loaded did not contain any data")
+    if isinstance(template, (str, unicode)):
+        def render_template():
+            return template
+        return render_template
-    return template
-    
@@ -695 +683 @@
-        raise NotImplementedError('No %r method has been implemented'%method)
-           
-
-
+
-
-def sample_app(environ, start_response):

AuthKit/branches/0.4/authkit/authenticate/form.py

@@ -12 +12 @@
-from authkit.authenticate.multi import MultiHandler, status_checker
-
-
+
+
-<html>
-  <head><title>Please Sign In</title></head>
@@ -65 +66 @@
-                    return self.on_authorized(environ, start_response)
-
-
+()
-        start_response("401 Unauthorized",[('Content-Type', 'text/html'+self.charset),
-                                 ('Content-Length', str(len(content)))])

AuthKit/branches/0.4/authkit/authenticate/open_id.py

@@ -24 +24 @@
-from authkit.authenticate.multi import MultiHandler, status_checker
-
-
+
+
-<html>
-  <head><title>Please Sign In</title></head>
@@ -47 +48 @@
-def render(template, **p):
-    if sys.version_info >= (2,4):
-
+()
-            **p
-        )
-    else:
-        for k, v in p.items():
-
+()
-        return template
-

AuthKit/branches/0.4/authkit/permissions.py

@@ -23 +23 @@
-from authkit.authorize import PermissionError, NotAuthenticatedError
-from authkit.authorize import NotAuthorizedError, middleware
-
-
+
+
-import logging
-log = logging.getLogger('authkit.permissions')
+
+class AuthKitConfigError(Exception): 
+    """
+    Raised when there is a problem with the
+    configuration options chosen for the authenticate middleware
+    """
+    pass
+    
+no_authkit_users_in_environ = AuthKitConfigError(
+    'No authkit.users object exists in the environment. You may have '
+    'forgotton to specify a Users object or are using the the default '
+    'valid_password() method in the authenticate middleware when you '
+    'may have meant to specify your own.'
+)
-
-# 
-# Permission Classes
-#
-
-
-class Permission(object):
@@ -190 +203 @@
-        In this implementation role names are case insensitive.
-        """
-
+
+
-            raise no_authkit_users_in_environ
-has_key
- 
+get
+
-                raise self.error
-            raise NotAuthenticatedError('Not authenticated')
+        
-        users = environ['authkit.users']
-        if not users.user_exists(environ['REMOTE_USER']):
@@ -245 +260 @@
-        In this implementation group names are case insensitive.
-        """
-has_key
+get
-            raise no_authkit_users_in_environ
-has_key
+get
-            if self.error: 
-                raise self.error
@@ -281 +296 @@
-        if not environ.has_key('authkit.users'):
-            raise no_authkit_users_in_environ
-has_key
+get
-            raise NotAuthenticatedError('Not Authenticated')
-        if not environ['authkit.users'].user_exists(environ['REMOTE_USER']):
@@ -289 +304 @@
-        return app(environ, start_response)
-
+class FromIP(RequestPermission):
+    """
+    Checks that the remote host specified in the environment ``key`` is one 
+    of the hosts specified in ``hosts``.
+    """
+    def __init__(self, hosts, key='REMOTE_ADDR'):
+        self.hosts = hosts
+        if not isinstance(self.hosts, (list, tuple)):
+            self.hosts = [hosts]
+        self.key = key
+        
+    def check(self, app, environ, start_response):
+        if not environ.has_key(self.key):
+            raise Exception(
+                "No such key %r in environ so cannot check the host"%self.key
+            )
+        if not environ.get(self.key) in self.hosts:
+            raise NotAuthorizedError('Host %r not allowed'%environ.get(self.key))
+        return app(environ, start_response)
+
+class BetweenTimes(RequestPermission):
+    """
+    Only grants access if the request is made on or after ``start`` and 
+    before ``end``. Times should be specified as datetime.time objects.
+    """
+    def __init__(self, start, end):
+        self.start = start
+        self.end = end
+
+    def check(self, app, environ, start_response):
+        today = datetime.datetime.now()
+        now = datetime.time(today.hour, today.minute, today.second, today.microsecond)
+        error = NotAuthorizedError("Not authorized at this time of day")
+        if self.end > self.start:
+            if now >= self.start and now < self.end:
+                return app(environ, start_response)
+            else:
+                raise error
+        else:
+            if now < datetime.time(23, 59, 59, 999999) and now >= self.start:
+                return app(environ, start_response)
+            elif now >= datetime.time(0) and now < self.end:
+                return app(environ, start_response)
+            else:
+                raise error

AuthKit/branches/0.4/examples/user/database/app.py

@@ -16 +16 @@
-from authkit.authenticate import middleware
-from authkit.authorize import authorize
-database
+sqlalchemy_driver
-from authkit.permissions import ValidAuthKitUser, HasAuthKitRole, HasAuthKitGroup
-
@@ -78 +78 @@
-    setup_method='form,cookie',
-    cookie_secret='secret encryption string',
-database.
+sqlalchemy_driver:
-    form_authenticate_user_data = "model",
-    cookie_signoutpath = '/signout',

AuthKit/branches/0.4/examples/user/database/create.py

@@ -1 +1 @@
-import model
-database
+sqlalchemy_driver
-
-users = UsersFromDatabase(model)