def add_auth_middleware(self, app, skip_authentication):
"""
Configure authentication and authorization.
:param app: The TG2 application.
:param skip_authentication: Should authentication be skipped if
explicitly requested? (used by repoze.who-testutil)
:type skip_authentication: bool
"""
from repoze.what.plugins.quickstart import setup_sql_auth
from repoze.what.plugins.pylonshq import booleanize_predicates
# Predicates booleanized:
booleanize_predicates()
# Configuring auth logging:
if 'log_stream' not in self.sa_auth:
self.sa_auth['log_stream'] = logging.getLogger('auth')
# Removing keywords not used by repoze.who:
auth_args = copy(self.sa_auth)
if 'password_encryption_method' in auth_args:
del auth_args['password_encryption_method']
if not skip_authentication:
if not 'cookie_secret' in auth_args.keys():
msg = "base_config.sa_auth.cookie_secret is required " \
"you must define it in app_cfg.py or set " \
"sa_auth.cookie_secret in development.ini"
print msg
raise ConfigurationError(message=msg)
app = setup_sql_auth(app,
skip_authentication=skip_authentication,
**auth_args)
return app
def add_auth_middleware(self, app, skip_authentication):
"""
Configure authentication and authorization.
:param app: The TG2 application.
:param skip_authentication: Should authentication be skipped if
explicitly requested? (used by repoze.who-testutil)
:type skip_authentication: bool
"""
from repoze.what.plugins.quickstart import setup_sql_auth
from repoze.what.plugins.pylonshq import booleanize_predicates
# Predicates booleanized:
booleanize_predicates()
# Configuring auth logging:
if 'log_stream' not in self.sa_auth:
self.sa_auth['log_stream'] = logging.getLogger('auth')
# Removing keywords not used by repoze.who:
auth_args = copy(self.sa_auth)
if 'sa_auth' in config:
auth_args.update(config.sa_auth)
if 'password_encryption_method' in auth_args:
del auth_args['password_encryption_method']
if not skip_authentication:
if not 'cookie_secret' in auth_args.keys():
msg = "base_config.sa_auth.cookie_secret is required "\
"you must define it in app_cfg.py or set "\
"sa_auth.cookie_secret in development.ini"
raise TGConfigError(msg)
app = setup_sql_auth(app, skip_authentication=skip_authentication,
**auth_args)
return app
# * "sections" (default: "permissions"): The permissions granted to a given
# group.
# * "item_name" (default: "group_name"): The name of the table field that
# contains the primary key in the groups table.
# * "items" (default: "groups"): The groups that are granted a given
# permission.
adapters = configure_sql_adapters(User,
Group,
Permission,
DBSession,
group_translations={
'section_name': 'id',
'item_name': 'email'
},
permission_translations={
'section_name': 'name',
'item_name': 'id'
})
user = SQLAlchemyUserMDPlugin(User, DBSession)
# we get metadata based on user id, the only attribute an user is guaranteed to
# have regardles the authentication method he/she uses (Form, Facebook, Twitter)
user.translations['user_name'] = 'email'
group = AuthorizationMetadata({'sqlauth': adapters['group']},
{'sqlauth': adapters['permission']})
# THIS IS CRITICALLY IMPORTANT! Without this your site will
# consider every repoze.what predicate True!
booleanize_predicates()
# * "items" (default: "users"): The users that belong to a given group.
# * Permission source adapter:
# * "section_name" (default: "permission_name"): The name of the table field
# that contains the primary key in the permissions table.
# * "sections" (default: "permissions"): The permissions granted to a given
# group.
# * "item_name" (default: "group_name"): The name of the table field that
# contains the primary key in the groups table.
# * "items" (default: "groups"): The groups that are granted a given
# permission.
#adapters = configure_sql_adapters(User, Group, Permission, meta.Session,
# group_translations={'section_name': 'name',
# 'item_name': 'username'},
# permission_translations={'section_name': 'name',
# 'item_name': 'username'})
adapters = configure_sql_adapters(User, Group, Permission, meta.Session)
user = SQLAlchemyUserMDPlugin(User, meta.Session)
#user.translations['user_name'] = 'username'
group = AuthorizationMetadata(
{'sqlauth': adapters['group']},
{'sqlauth': adapters['permission']}
)
# THIS IS CRITICALLY IMPORTANT! Without this your site will
# consider every repoze.what predicate True!
booleanize_predicates()
