def setup_auth(app,
authmetadata,
form_plugin=None,
form_identifies=True,
cookie_secret='secret',
cookie_name='authtkt',
login_url='/login',
login_handler='/login_handler',
post_login_url=None,
logout_handler='/logout_handler',
post_logout_url=None,
login_counter_name=None,
cookie_timeout=None,
cookie_reissue_time=None,
**who_args):
"""
Sets :mod:`repoze.who` up with the provided authenticators and
options to create FriendlyFormPlugin/FastFormPlugin.
It returns a middleware that provides identification,
authentication and authorization in a way that is compatible
with repoze.who and repoze.what.
"""
if 'charset' in who_args: #pragma: no cover
log.warn('charset argument in authentication setup is ignored')
who_args.pop('charset')
# If no identifiers are provided in repoze setup arguments
# then create a default one using AuthTktCookiePlugin.
if 'identifiers' not in who_args:
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
cookie = AuthTktCookiePlugin(cookie_secret,
cookie_name,
timeout=cookie_timeout,
reissue_time=cookie_reissue_time)
who_args['identifiers'] = [('cookie', cookie)]
who_args['authenticators'].insert(0, ('cookie', cookie))
# If no form plugin is provided then create a default
# one using the provided options.
if form_plugin is None:
from tg.configuration.auth.fastform import FastFormPlugin
form = FastFormPlugin(login_url,
login_handler,
post_login_url,
logout_handler,
post_logout_url,
rememberer_name='cookie',
login_counter_name=login_counter_name)
else:
form = form_plugin
if form_identifies:
who_args['identifiers'].insert(0, ('main_identifier', form))
# Setting the repoze.who challengers:
if 'challengers' not in who_args:
who_args['challengers'] = []
who_args['challengers'].append(('form', form))
# Including logging
log_file = who_args.pop('log_file', None)
if log_file is not None:
if log_file.lower() == 'stdout':
log_stream = sys.stdout
elif log_file.lower() == 'stderr':
log_stream = sys.stderr
else:
log_stream = open(log_file, 'wb')
who_args['log_stream'] = log_stream
log_level = who_args.get('log_level', None)
if log_level is None:
log_level = logging.INFO
else:
log_level = _LEVELS[log_level.lower()]
who_args['log_level'] = log_level
# Setting up the metadata provider for the user informations
if 'mdproviders' not in who_args:
who_args['mdproviders'] = []
if authmetadata:
authmd = _AuthMetadataProvider(authmetadata)
who_args['mdproviders'].append(('authmd', authmd))
# Set up default classifier
if 'classifier' not in who_args:
who_args['classifier'] = default_request_classifier
# Set up default challenger decider
if 'challenge_decider' not in who_args:
who_args['challenge_decider'] = turbogears_challenge_decider
skip_authn = who_args.pop('skip_authentication', False)
if asbool(skip_authn):
return _AuthenticationForgerMiddleware(app, **who_args)
else:
return PluggableAuthenticationMiddleware(app, **who_args)
def setup(self):
self.fform = FastFormPlugin('/login', '/login_handler', '/post_login', '/logout_handler',
'/post_logout', 'cookie')
def setup(self):
self.fform = FastFormPlugin('/login', '/login_handler', '/post_login',
'/logout_handler', '/post_logout',
'cookie')
class TestFastFormPlugin(object):
def setup(self):
self.fform = FastFormPlugin('/login', '/login_handler', '/post_login', '/logout_handler',
'/post_logout', 'cookie')
def test_login(self):
env = build_env('/login_handler', 'login=user&password=pwd&came_from=/goback')
cred = self.fform.identify(env)
assert isinstance(env['repoze.who.application'], HTTPFound)
assert cred['login'] == 'user'
assert cred['password'] == 'pwd'
assert env['repoze.who.application'].location == '/post_login?came_from=%2Fgoback'
def test_login_nocred(self):
env = build_env('/login_handler', 'login=user&came_from=/goback')
cred = self.fform.identify(env)
assert cred is None
def test_login_counter(self):
env = build_env('/login_handler', 'login=user&password=pwd&__logins=1')
cred = self.fform.identify(env)
assert isinstance(env['repoze.who.application'], HTTPFound)
assert cred['login'] == 'user'
assert cred['password'] == 'pwd'
assert env['repoze.who.application'].location == '/post_login?__logins=1'
def test_login_counter_keep(self):
env = build_env('/login', '__logins=1')
self.fform.identify(env)
assert 'logins' not in env['QUERY_STRING']
assert env['repoze.who.logins'] == 1
def test_logout_handler(self):
env = build_env('/logout_handler', 'came_from=%2Fgoback')
self.fform.identify(env)
assert isinstance(env['repoze.who.application'], HTTPUnauthorized)
assert env['came_from'] == '/goback'
def test_logout_handler_no_came_from(self):
env = build_env('/logout_handler')
self.fform.identify(env)
assert isinstance(env['repoze.who.application'], HTTPUnauthorized)
assert env['came_from'] == '/'
def test_logout_handler_challenge(self):
env = build_env('/logout_handler', 'came_from=%2Fgoback')
self.fform.identify(env)
ans = self.fform.challenge(env, '401 Unauthorized', [('app', '1')], [('forget', '1')])
assert isinstance(ans, HTTPFound)
assert ans.location == '/post_logout?came_from=%2Fgoback'
def test_challenge_redirect_to_form(self):
env = build_env('/private', SCRIPT_NAME='/SOMEWHERE')
ans = self.fform.challenge(env, '401 Unauthorized', [('app', '1')], [('forget', '1')])
assert isinstance(ans, HTTPFound)
assert ans.location == '/SOMEWHERE/login?came_from=%2FSOMEWHERE%2Fprivate'
def test_remember_forget(self):
env = build_env('/private', SCRIPT_NAME='/SOMEWHERE')
assert self.fform.remember(env, {}) == 'REMEMBER'
assert self.fform.forget(env, {}) == 'FORGET'
def test_repr(self):
assert repr(self.fform).startswith('<FastFormPlugin:/login_handler')
class TestFastFormPlugin(object):
def setup(self):
self.fform = FastFormPlugin('/login', '/login_handler', '/post_login',
'/logout_handler', '/post_logout',
'cookie')
def test_login(self):
env = build_env('/login_handler',
'login=user&password=pwd&came_from=/goback')
cred = self.fform.identify(env)
assert isinstance(env['repoze.who.application'], HTTPFound)
assert cred['login'] == 'user'
assert cred['password'] == 'pwd'
assert env[
'repoze.who.application'].location == '/post_login?came_from=%2Fgoback'
def test_login_nocred(self):
env = build_env('/login_handler', 'login=user&came_from=/goback')
cred = self.fform.identify(env)
assert cred is None
def test_login_counter(self):
env = build_env('/login_handler', 'login=user&password=pwd&__logins=1')
cred = self.fform.identify(env)
assert isinstance(env['repoze.who.application'], HTTPFound)
assert cred['login'] == 'user'
assert cred['password'] == 'pwd'
assert env[
'repoze.who.application'].location == '/post_login?__logins=1'
def test_login_counter_keep(self):
env = build_env('/login', '__logins=1')
self.fform.identify(env)
assert 'logins' not in env['QUERY_STRING']
assert env['repoze.who.logins'] == 1
def test_logout_handler(self):
env = build_env('/logout_handler', 'came_from=%2Fgoback')
self.fform.identify(env)
assert isinstance(env['repoze.who.application'], HTTPUnauthorized)
assert env['came_from'] == '/goback'
def test_logout_handler_no_came_from(self):
env = build_env('/logout_handler')
self.fform.identify(env)
assert isinstance(env['repoze.who.application'], HTTPUnauthorized)
assert env['came_from'] == '/'
def test_logout_handler_challenge(self):
env = build_env('/logout_handler', 'came_from=%2Fgoback')
self.fform.identify(env)
ans = self.fform.challenge(env, '401 Unauthorized', [('app', '1')],
[('forget', '1')])
assert isinstance(ans, HTTPFound)
assert ans.location == '/post_logout?came_from=%2Fgoback'
def test_challenge_redirect_to_form(self):
env = build_env('/private', SCRIPT_NAME='/SOMEWHERE')
ans = self.fform.challenge(env, '401 Unauthorized', [('app', '1')],
[('forget', '1')])
assert isinstance(ans, HTTPFound)
assert ans.location == '/SOMEWHERE/login?came_from=%2FSOMEWHERE%2Fprivate'
def test_challenge_redirect_to_form_with_args(self):
env = build_env('/private', qs='A=1&B=2', SCRIPT_NAME='/SOMEWHERE')
ans = self.fform.challenge(env, '401 Unauthorized', [('app', '1')],
[('forget', '1')])
assert isinstance(ans, HTTPFound)
# Cope with different dictionary ordering on Py2 and Py3
assert ans.location in (
'/SOMEWHERE/login?came_from=%2FSOMEWHERE%2Fprivate%3FA%3D1%26B%3D2',
'/SOMEWHERE/login?came_from=%2FSOMEWHERE%2Fprivate%3FB%3D2%26A%3D1'
), ans.location
def test_remember_forget(self):
env = build_env('/private', SCRIPT_NAME='/SOMEWHERE')
assert self.fform.remember(env, {}) == 'REMEMBER'
assert self.fform.forget(env, {}) == 'FORGET'
def test_repr(self):
assert repr(self.fform).startswith('<FastFormPlugin:/login_handler')
