def _get_principal(self, app: FlaskUnchained) -> Principal:
"""
Get an initialized instance of Flask Principal's.
:class:~flask_principal.Principal`.
"""
principal = Principal(app, use_sessions=False)
principal.identity_loader(self._identity_loader)
return principal
def _get_principal(app):
p = Principal(app, use_sessions=False)
p.identity_loader(_identity_loader)
return p
def _get_principal(app):
p = Principal(app, use_sessions=False)
p.identity_loader(_identity_loader)
return p
class Auth(object):
"""Auth extension."""
_extension_name = 'carafe.auth'
def __init__(self, app=None, provider=None):
self.principal = Principal(use_sessions=False)
self.require = PermissionFactory()
self.app = app
if self.app: # pragma: no cover
self.init_app(app, provider)
def init_app(self, app, provider=None):
"""Initialize app."""
app.config.setdefault('CARAFE_AUTH_ENABLED', True)
app.config.setdefault('CARAFE_AUTH_SESSION_ID_KEY', 'user_id')
app.config.setdefault('CARAFE_AUTH_IDENTITY_ID_KEY', 'id')
app.config.setdefault('CARAFE_AUTH_IDENTITY_ROLES_KEY', 'roles')
if not app.config['CARAFE_AUTH_ENABLED']: # pragma: no cover
return
if not hasattr(app, 'extensions'): # pragma: no cover
app.extensions = {}
app.extensions[self._extension_name] = {'provider': provider}
# NOTE: Instead of having principal use it's session loader, we'll use
# ours.
self.principal.init_app(app)
self.principal.identity_loader(self.session_identity_loader)
identity_loaded.connect_via(app)(self.on_identity_loaded)
@property
def session_id_key(self):
"""Property access to config's CARAFE_AUTH_SESSION_ID_KEY."""
return current_app.config['CARAFE_AUTH_SESSION_ID_KEY']
@property
def identity_id_key(self):
"""Property access to config's CARAFE_AUTH_IDENTITY_ID_KEY."""
return current_app.config['CARAFE_AUTH_IDENTITY_ID_KEY']
@property
def identity_roles_key(self):
"""Property access to config's CARAFE_AUTH_IDENTITY_ROLES_KEY."""
return current_app.config['CARAFE_AUTH_IDENTITY_ROLES_KEY']
@property
def user_id(self):
"""Property access to logged in user id."""
return session.get(self.session_id_key)
@property
def provider(self):
"""Property access to auth provider instance."""
return current_app.extensions[self._extension_name]['provider']
def session_identity_loader(self):
"""Fetch user id from session using config's auth id key"""
if self.session_id_key in session:
identity = Identity(session[self.session_id_key])
else:
identity = None
return identity
def on_identity_loaded(self, app, identity): # pylint: disable=unused-argument
"""Called if session_identity_loader() returns an identity (i.e. not
None).
"""
# Whatever is returned is used for our identity. Potentially, provider
# may return a different user than original identity (e.g. app provides
# way for admin users to access site using a different user account)
if self.provider:
ident = self.provider.identify(identity)
else:
ident = {self.identity_id_key: None}
if self.user_id and not ident:
# session has an user_id but the ident return is empty
# user possibly deleted or inactivated in another process
self.logout()
# provide auth (whether user is not anonymous)
if ident.get(self.identity_id_key):
identity.provides.add(login_need)
# provide roles
for role in ident.get(self.identity_roles_key, []):
identity.provides.add(RoleNeed(role))
def send_identity_changed(self, user_id):
"""Send identity changed event."""
if user_id is None:
identity = AnonymousIdentity()
else:
identity = Identity(user_id)
identity_changed.send(current_app._get_current_object(),
identity=identity)
def login(self, user_id, propagate=True):
"""Call after user has been authenticated for login."""
if session.get(self.session_id_key) != user_id:
session[self.session_id_key] = user_id
if propagate:
self.send_identity_changed(user_id)
def logout(self, propagate=True):
"""Call to log user out."""
if session.get(self.session_id_key):
del session[self.session_id_key]
if propagate:
self.send_identity_changed(None)
