def __init__(self,
identifiers=None,
remembered=False,
authenticated=False,
host=None,
session=None,
session_creation_enabled=True,
security_manager=None):
self._identifiers = None
self.security_manager = security_manager
self.identifiers = identifiers
self.remembered = remembered
self.authenticated = authenticated
self.host = host
if session is not None:
session.stop_session_callback = self.session_stopped
self.session = session
else:
self.session = None
self.session_creation_enabled = session_creation_enabled
self.run_as_identifiers_session_key = 'run_as_identifiers_session_key'
self._logger = get_logger()
def __init__(self, settings, session_handler=NativeSessionHandler()):
session_settings = SessionSettings(settings)
self.absolute_timeout = session_settings.absolute_timeout
self.idle_timeout = session_settings.idle_timeout
self.event_bus = None
self.session_handler = session_handler
self._logger = get_logger()
def __init__(self,
yosai,
settings,
realms=None,
cache_handler=None,
authenticator=None,
authorizer=ModularRealmAuthorizer(),
serialization_manager=None,
session_manager=None,
remember_me_manager=None,
subject_store=SubjectStore()):
self._logger = get_logger()
self.yosai = yosai
self.subject_store = subject_store
self.realms = realms
self.remember_me_manager = remember_me_manager
if not session_manager:
session_manager = NativeSessionManager(settings)
self.session_manager = session_manager
self.authorizer = authorizer
if not authenticator:
authenticator = DefaultAuthenticator(settings)
self.authenticator = authenticator
if serialization_manager and self.remember_me_manager:
self.remember_me_manager.serialization_manager = serialization_manager
self.apply_event_bus(event_bus)
self.apply_cache_handler(cache_handler)
self.apply_realms()
def __init__(self, settings):
self._logger = get_logger()
default_cipher_key = RememberMeSettings(settings).default_cipher_key
# new to yosai.core.
self.serialization_manager = None
self.encryption_cipher_key = default_cipher_key
self.decryption_cipher_key = default_cipher_key
def __init__(self, yosai, security_manager):
self.account_id = None
self.authentication_token = None
self.authenticated = None
self.identifiers = None
self.host = None
self.security_manager = security_manager
self.yosai = yosai
self.session = None
self.session_id = None
self.session_creation_enabled = True
self.subject = None
self._logger = get_logger()
def __init__(self, settings):
# type: (LazySettings) -> None
"""
:param settings: lazy settings from yosai
"""
settings = settings.ACCOUNT_STORE
self._settings = settings
self._uri = settings['uri']
self._dbname = settings['dbname']
self._retry_limit = settings['retry_limit']
self._client = MongoClient(self._uri)
self._db = self._client[self._dbname]
self._logger = get_logger()
def __init__(self, eventbus):
self._logger = get_logger()
eventbus.subscribe(self.log_session_event, 'SESSION.START')
eventbus.subscribe(self.log_session_event, 'SESSION.STOP')
eventbus.subscribe(self.log_session_event, 'SESSION.EXPIRE')
eventbus.subscribe(self.log_authc_event, 'AUTHENTICATION.ACCOUNT_NOT_FOUND')
eventbus.subscribe(self.log_authc_event, 'AUTHENTICATION.PROGRESS')
eventbus.subscribe(self.log_authc_event, 'AUTHENTICATION.SUCCEEDED')
eventbus.subscribe(self.log_authc_event, 'AUTHENTICATION.FAILED')
eventbus.subscribe(self.log_authz_event, 'AUTHORIZATION.GRANTED')
eventbus.subscribe(self.log_authz_event, 'AUTHORIZATION.DENIED')
eventbus.subscribe(self.log_authz_event, 'AUTHORIZATION.RESULTS')
def __init__(self,
source_name=None,
identifier=None,
identifier_collection=None):
"""
:type source_name: String
:type identifier: String or ?
:type identifier_collection: subject_abcs.IdentifierCollection
"""
self.source_identifiers = collections.OrderedDict()
self._primary_identifier = None
self._logger = get_logger()
if identifier_collection:
self.add_collection(identifier_collection=identifier_collection)
elif source_name and identifier:
self.add(source_name=source_name, identifier=identifier)
def __init__(self,
name='AccountStoreRealm_' + str(uuid4()),
account_store=None,
authc_verifiers=None,
permission_verifier=DefaultPermissionVerifier()):
"""
:authc_verifiers: tuple of Verifier objects
"""
self.name = name
self._logger = get_logger()
self.account_store = account_store
self.authc_verifiers = authc_verifiers # a tuple
self.permission_verifier = permission_verifier
self.cache_handler = None
self.token_resolver = self.init_token_resolver()
def __init__(self, settings, strategy=first_realm_successful_strategy):
self.authc_settings = AuthenticationSettings(settings)
self.authentication_strategy = strategy
try:
dconfig = self.authc_settings.mfa_dispatcher_config
self.mfa_dispatcher = self.authc_settings.mfa_dispatcher(dconfig)
except TypeError:
self.mfa_dispatcher = None
self.realms = None
self.token_realm_resolver = None
self.locking_realm = None
self.locking_limit = None
self.event_bus = None
self._logger = get_logger()
def __init__(self, absolute_timeout, idle_timeout, host=None):
super(SimpleSession, self).__init__()
self.attributes = {}
self.internal_attributes = {
'run_as_identifiers_session_key': None,
'authenticated_session_key': None,
'identifiers_session_key': None
}
self.is_expired = None
self.stop_timestamp = None
self.start_timestamp = round(time.time() * 1000) # milliseconds
self.last_access_time = self.start_timestamp
self.absolute_timeout = absolute_timeout
self.idle_timeout = idle_timeout
self.host = host
self._logger = get_logger()
def __init__(self):
self._schemas = {list.__name__: ListSchema, dict.__name__: DictSchema}
self._logger = get_logger()
def __init__(self):
self._logger = get_logger()
class Yosai(object):
_logger = get_logger()
def __init__(self, env_var=None, file_path=None, session_attributes=None):
"""
:type session_attributes: tuple
"""
# you can configure LazySettings in one of two ways: env or file_path
self.settings = LazySettings(env_var=env_var, file_path=file_path)
self.security_manager = \
self.generate_security_manager(self.settings, session_attributes)
def generate_security_manager(self, settings, session_attributes):
# don't forget to pass default_cipher_key into the WebSecurityManager
mgr_builder = SecurityManagerCreator()
return mgr_builder.create_manager(self, settings, session_attributes)
def _get_subject(self):
"""
Returns the currently accessible Subject available to the calling code
depending on runtime environment.
:returns: the Subject currently accessible to the calling code
"""
subject_context = SubjectContext(
yosai=self, security_manager=self.security_manager)
subject = self.security_manager.create_subject(
subject_context=subject_context)
global_subject_context.stack.append(subject)
return subject
@staticmethod
@contextmanager
def context(yosai):
global_yosai_context.stack.append(yosai)
try:
yield
except:
raise
finally:
global_yosai_context.stack = []
global_subject_context.stack = []
@classmethod
def get_current_subject(cls):
try:
subject = global_subject_context.stack[-1]
msg = ('A subject instance DOES exist in the global context. '
'Touching and then returning it.')
cls._logger.debug(msg)
subject.get_session().touch()
return subject
except IndexError:
msg = 'A subject instance _DOES NOT_ exist in the global context. Creating one.'
cls._logger.debug(msg)
subject = Yosai.get_current_yosai()._get_subject()
global_subject_context.stack.append(subject)
return subject
@staticmethod
def get_current_yosai():
try:
return global_yosai_context.stack[-1]
except IndexError:
msg = 'A yosai instance does not exist in the global context.'
raise IndexError(msg)
@staticmethod
def requires_authentication(fn):
"""
Requires that the calling Subject be authenticated before allowing access.
:raises UnauthenticatedException: indicating that the decorated method is
not allowed to be executed because the
Subject failed to authenticate
"""
@functools.wraps(fn)
def wrap(*args, **kwargs):
subject = Yosai.get_current_subject()
if not subject.authenticated:
msg = "The current Subject is not authenticated. ACCESS DENIED."
raise UnauthenticatedException(msg)
return fn(*args, **kwargs)
return wrap
@staticmethod
def requires_user(fn):
"""
Requires that the calling Subject be *either* authenticated *or* remembered
via RememberMe services before allowing access.
This method essentially ensures that subject.identifiers IS NOT None
:raises UnauthenticatedException: indicating that the decorated method is
not allowed to be executed because the
Subject attempted to perform a user-only
operation
"""
@functools.wraps(fn)
def wrap(*args, **kwargs):
subject = Yosai.get_current_subject()
if subject.identifiers is None:
msg = ("Attempting to perform a user-only operation. The "
"current Subject is NOT a user (they haven't been "
"authenticated or remembered from a previous login). "
"ACCESS DENIED.")
raise UnauthenticatedException(msg)
return fn(*args, **kwargs)
return wrap
@staticmethod
def requires_guest(fn):
"""
Requires that the calling Subject be NOT (yet) recognized in the system as
a user -- the Subject is not yet authenticated nor remembered through
RememberMe services.
This method essentially ensures that subject.identifiers IS None
:raises UnauthenticatedException: indicating that the decorated method is
not allowed to be executed because the
Subject attempted to perform a guest-only
operation
"""
@functools.wraps(fn)
def wrap(*args, **kwargs):
subject = Yosai.get_current_subject()
if subject.identifiers is not None:
msg = ("Attempting to perform a guest-only operation. The "
"current Subject is NOT a guest (they have either been "
"authenticated or remembered from a previous login). "
"ACCESS DENIED.")
raise UnauthenticatedException(msg)
return fn(*args, **kwargs)
return wrap
@staticmethod
def requires_permission(permission_s, logical_operator=all):
"""
Requires that the calling Subject be authorized to the extent that is
required to satisfy the permission_s specified and the logical operation
upon them.
:param permission_s: the permission(s) required
:type permission_s: a List of Strings or List of Permission instances
:param logical_operator: indicates whether all or at least one permission
is true (and, any)
:type: and OR all (from python standard library)
:raises AuthorizationException: if the user does not have sufficient
permission
Elaborate Example:
requires_permission(
permission_s=['domain1:action1,action2', 'domain2:action1'],
logical_operator=any)
Basic Example:
requires_permission(['domain1:action1,action2'])
"""
def outer_wrap(fn):
@functools.wraps(fn)
def inner_wrap(*args, **kwargs):
subject = Yosai.get_current_subject()
subject.check_permission(permission_s, logical_operator)
return fn(*args, **kwargs)
return inner_wrap
return outer_wrap
@staticmethod
def requires_dynamic_permission(permission_s, logical_operator=all):
"""
This method requires that the calling Subject be authorized to the extent
that is required to satisfy the dynamic permission_s specified and the logical
operation upon them. Unlike ``requires_permission``, which uses statically
defined permissions, this function derives a permission from arguments
specified at declaration.
Dynamic permissioning requires that the dynamic arguments be keyword
arguments of the decorated method.
:param permission_s: the permission(s) required
:type permission_s: a List of Strings or List of Permission instances
:param logical_operator: indicates whether all or at least one permission
is true (and, any)
:type: and OR all (from python standard library)
:raises AuthorizationException: if the user does not have sufficient
permission
Elaborate Example:
requires_permission(
permission_s=['{kwarg1.domainid}:action1,action2',
'{kwarg2.domainid}:action1'],
logical_operator=any)
Basic Example:
requires_permission(['{kwarg.domainid}:action1,action2'])
"""
def outer_wrap(fn):
@functools.wraps(fn)
def inner_wrap(*args, **kwargs):
newperms = [perm.format(**kwargs) for perm in permission_s]
subject = Yosai.get_current_subject()
subject.check_permission(newperms, logical_operator)
return fn(*args, **kwargs)
return inner_wrap
return outer_wrap
@staticmethod
def requires_role(role_s, logical_operator=all):
"""
Requires that the calling Subject be authorized to the extent that is
required to satisfy the role_s specified and the logical operation
upon them.
:param role_s: a collection of the role(s) required, specified by
identifiers (such as a role name)
:type role_s: a List of Strings
:param logical_operator: indicates whether all or at least one permission
is true (and, any)
:type: and OR all (from python standard library)
:raises AuthorizationException: if the user does not have sufficient
role membership
Elaborate Example:
requires_role(role_s=['sysadmin', 'developer'], logical_operator=any)
Basic Example:
requires_role('physician')
"""
def outer_wrap(fn):
@functools.wraps(fn)
def inner_wrap(*args, **kwargs):
subject = Yosai.get_current_subject()
subject.check_role(role_s, logical_operator)
return fn(*args, **kwargs)
return inner_wrap
return outer_wrap
def __eq__(self, other):
return self.security_manager == other.security_manager
def __init__(self, ss_evaluator=SessionStorageEvaluator()):
self.session_storage_evaluator = ss_evaluator
self.dsc_isk = 'identifiers_session_key'
self.dsc_ask = 'authenticated_session_key'
self._logger = get_logger()
def __init__(self, delete_invalid_sessions=True):
super(WebSessionHandler,
self).__init__(delete_invalid_sessions=delete_invalid_sessions)
self.is_session_id_cookie_enabled = True
self._logger = get_logger()
def __init__(self, settings):
authc_settings = AuthenticationSettings(settings)
self.password_cc = self.create_password_crypt_context(authc_settings)
self.totp_factory = create_totp_factory(authc_settings=authc_settings)
self.supported_tokens = [UsernamePasswordToken, TOTPToken]
self._logger = get_logger()
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from marshmallow import fields, post_load, pre_dump
from session import SimpleSession
from yosaipy2.core.serialize.serializer import BaseSchema
from yosaipy2.core.subject.schema import SimpleIdentifierSchema
from yosaipy2.core.utils.utils import get_logger
from copy import copy
logger = get_logger()
class SimpleSessionSchema(BaseSchema):
under_type = SimpleSession
session_id = fields.String(allow_none=True)
start_timestamp = fields.Integer(allow_none=True)
stop_timestamp = fields.Integer(allow_none=True)
last_access_time = fields.Integer(allow_none=True)
idle_timeout = fields.Integer(allow_none=True)
absolute_timeout = fields.Integer(allow_none=True)
is_expired = fields.Boolean(allow_none=True)
host = fields.String(allow_none=True)
internal_attributes = fields.Dict(allow_none=True)
attributes = fields.Dict(allow_none=True)
@pre_dump
def encode_attribute(self, data):
# type:(SimpleSession) -> SimpleSession
internal_attributes = data.internal_attributes
if 'identifiers_session_key' not in internal_attributes: