def test_acl_deleted(self, factories, pyramid_request):
"""
Nobody -- not even the owner -- should have any permissions on a
deleted annotation.
"""
policy = ACLAuthorizationPolicy()
ann = factories.Annotation(userid='saoirse', deleted=True)
res = AnnotationResource(pyramid_request, ann)
for perm in ['read', 'admin', 'update', 'delete']:
assert not policy.permits(res, ['saiorse'], perm)
def test_acl_deleted(self, factories, group_service, links_service):
"""
Nobody -- not even the owner -- should have any permissions on a
deleted annotation.
"""
policy = ACLAuthorizationPolicy()
ann = factories.Annotation(userid="saoirse", deleted=True)
res = AnnotationContext(ann, group_service, links_service)
for perm in ["read", "admin", "update", "delete", "moderate"]:
assert not policy.permits(res, ["saiorse"], perm)
def test_acl_shared_admin_perms(self, factories, group_service, links_service):
"""
Shared annotation contexts should still only give admin/update/delete
permissions to the owner.
"""
policy = ACLAuthorizationPolicy()
ann = factories.Annotation(shared=False, userid="saoirse")
res = AnnotationContext(ann, group_service, links_service)
for perm in ["admin", "update", "delete"]:
assert policy.permits(res, ["saoirse"], perm)
assert not policy.permits(res, ["someoneelse"], perm)
def test_acl_shared_admin_perms(self, factories, pyramid_request):
"""
Shared annotation resources should still only give admin/update/delete
permissions to the owner.
"""
policy = ACLAuthorizationPolicy()
ann = factories.Annotation(shared=False, userid='saoirse')
res = AnnotationResource(pyramid_request, ann)
for perm in ['admin', 'update', 'delete']:
assert policy.permits(res, ['saoirse'], perm)
assert not policy.permits(res, ['someoneelse'], perm)
def permits(self, context, principals, permission):
"""map users and groups to their roles !"""
for p in self.get_contextual_principals(context):
if not p in principals:
principals.append(p)
acl = BACLAuthorizationPolicy.permits(self, context, principals, permission)
#if 'ACLDenied' == acl.__class__.__name__:
# import pdb;pdb.set_trace()
return acl
class ACLAuthorizationPolicyWithLocalRoles(object):
# FIXME: document this
# Basically it uses the standard Pyramid ACLAuthorizationPolicy
# and adds support for our local roles.
implements(IAuthorizationPolicy)
def __init__(self):
self.acl_policy = ACLAuthorizationPolicy()
def permits(self, context, principals, permission):
#log.debug("permits(context=%s, principals=%s, permission=%s)" % (repr(context), repr(principals), repr(permission)))
try:
local_roles = context._get_merged_local_roles()
except AttributeError:
local_roles = None
if local_roles:
expanded_principals = set(principals)
for p in principals:
roles = local_roles.get(p)
if roles:
expanded_principals.update(roles)
#log.debug("in permits - local_roles=%s expanded_principals=%s" % (repr(local_roles), repr(expanded_principals)))
principals = expanded_principals
return self.acl_policy.permits(context, principals, permission)
def principals_allowed_by_permission(self, context, permission):
#log.debug("principals_allowed_by_permission(context=%s, permission=%s)" % (repr(context), repr(permission)))
allowed = self.acl_policy.principals_allowed_by_permission(context, permission)
try:
local_roles = context._get_merged_local_roles()
except AttributeError:
local_roles = None
if local_roles:
principals_by_role = _invert_local_roles(local_roles)
expanded_allowed = set(allowed)
for r in allowed:
principals = principals_by_role.get(r)
if principals:
expanded_allowed.update(principals)
#log.debug("in principals_allowed_by_permission - local_roles=%s allowed=%s expanded_allowed=%s" % (repr(local_roles), repr(allowed), repr(expanded_allowed)))
allowed = expanded_allowed
return allowed
class BaseACLTest(unittest.TestCase):
""" Base test for anything checking ACLs """
def setUp(self):
self.request = DummyRequest()
self.request.userid = None
self.auth = ACLAuthorizationPolicy()
def allowed(self, context, perm):
""" Get all allowed principals from a context or an ACL """
if not hasattr(context, '__acl__'):
acl = context
context = MagicMock()
context.__acl__ = acl
context.__parent__ = None
return self.auth.principals_allowed_by_permission(context, perm)
def assert_allowed(self, context, perm, principals):
""" Assert that only a particular set of principals has access """
allowed = self.allowed(context, perm)
self.assertEqual(allowed, set(principals))
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
authentication_policy = AuthTktAuthenticationPolicy('somesecret')
authorization_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
authentication_policy=authentication_policy,
authorization_policy=authorization_policy)
config.include('pyramid_jinja2')
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('blog', '/blog/{id:\d+}/{slug}')
config.add_route('blog_action',
'/blog/{action}',
factory='blog_app.security.BlogRecordFactory')
config.add_route('auth', '/sign/{action}')
config.include('.routes')
config.include('.models')
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
zodb_uri = settings.get('zodb_uri')
if zodb_uri is None:
raise ValueError("No 'zodb_uri' in application configuration.")
finder = PersistentApplicationFinder(zodb_uri, appmaker)
def get_root(request):
return finder(request.environ)
authentication_policy = AuthTktAuthenticationPolicy('vof5934d',
callback=groupfinder)
authorization_policy = ACLAuthorizationPolicy()
config = Configurator(root_factory=get_root,
settings=settings,
authentication_policy=authentication_policy,
authorization_policy=authorization_policy)
config.add_static_view('static', 'spionistoserver:static')
config.scan('spionistoserver')
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application. """
authn_policy = OAuth2AuthenticationPolicy()
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
root_factory='werewolf.app.resource.RootResource',
default_permission='authenticated')
config.include('pyramid_jinja2')
config.add_renderer(".html", "pyramid_jinja2.renderer_factory")
config.add_renderer('json', "werewolf.app.renderer.json_renderer")
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
add_static_view(config, 'bower_components')
add_static_view(config, 'css')
add_static_view(config, 'scripts')
add_static_view(config, 'static', '')
config.add_route('layout', '/')
config.add_route('api_user', '/api/v1/user')
config.add_route('api_user_nickname_update',
'/api/v1/user/nickname/update')
config.add_route('api_auth_token', '/api/v1/auth/token')
config.add_route('api_village_list', '/api/v1/village/list')
config.add_route('api_village_detail', '/api/v1/village/{identity}')
config.add_route('api_village_join', '/api/v1/village/join')
config.add_route('socketio', '/socket.io/*remaining')
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
initialize_sql(settings)
authn_policy = AuthTktAuthenticationPolicy(
settings.get('auth.secret'),
callback=UserMgr.auth_groupfinder)
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
root_factory='bookie.RootFactory',
authentication_policy=authn_policy,
authorization_policy=authz_policy)
config.set_request_factory(RequestWithUserAttribute)
import bookie.bcelery.celeryapp
bookie.bcelery.celeryapp.load_config(settings)
config = build_routes(config)
config.add_static_view('static', 'bookie:static')
config.scan('bookie.views')
return config.make_wsgi_app()
def main(global_config, **settings):
config = Configurator(settings=settings,
root_factory='tutorial.models.Root')
config.include('pyramid_chameleon')
# Security policies
authn_policy = AuthTktAuthenticationPolicy('sosecret',
callback=groupfinder,
hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_route('wiki_view', '/')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('wikipage_add', '/add')
config.add_route('wikipage_view', '/{uid}')
config.add_route('wikipage_edit', '/{uid}/edit')
config.add_route('wikipage_delete', '/{uid}/delete')
config.add_static_view(name='static', path='tutorial:static')
config.add_static_view('deform_static', 'deform:static/')
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
authn_policy = AuthTktAuthenticationPolicy(
'todo: replacethiswithasecretstring!',
callback=groupFinder,
hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.include('pyramid_chameleon')
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a WSGI application.
"""
config = Configurator(settings=settings)
config.set_session_factory(session_factory_from_settings(settings))
#authentication/authorization
config.set_authentication_policy(AuthTktAuthenticationPolicy('seekrit'))
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_root_factory(RootFactory)
#beaker
config.include('pyramid_beaker')
#jinja2
config.include('pyramid_jinja2')
config.add_renderer('.html', 'pyramid_jinja2.renderer_factory')
#views
config.add_static_view('static', 'triage:static')
config.scan('triage.views')
config.scan('triage.subscribers')
#routes
config.include('triage.routes.routes')
#mongoengine
mongoengine.connect(settings['mongodb.db_name'], host=settings['mongodb.host'])
config.registry.settings['projects'] = app_settings.PROJECTS
config.registry.settings['default_project'] = app_settings.DEFAULT_PROJECT
app = config.make_wsgi_app()
return app
def includeme(config):
"""Allow developers to use ``config.include('pyramid_bimt')``."""
if 'development.ini' in ' '.join(sys.argv).lower():
config.registry.settings['bimt.mode'] = Modes.development.name
elif 'testing.ini' in ' '.join(sys.argv).lower():
config.registry.settings['bimt.mode'] = Modes.testing.name
elif 'production.ini' in ' '.join(sys.argv).lower():
config.registry.settings['bimt.mode'] = Modes.production.name
else:
config.registry.settings['bimt.mode'] = Modes.unknown.name
logger.warning('Unknown mode of operation: {}'.format(' '.join(
sys.argv).lower()))
check_required_settings(config)
# Setup the DB session and such
config.include('pyramid_tm')
config.include('pyramid_basemodel')
config.include('pyramid_fanstatic')
# Add support for encrypted session cookies
config.include('pyramid_beaker')
# Setup authentication and authorization policies.
authentication_policy = AuthTktAuthenticationPolicy(
secret=config.registry.settings['authtkt.secret'],
hashalg='sha512',
callback=groupfinder,
)
authorization_policy = ACLAuthorizationPolicy()
config.set_authorization_policy(authorization_policy)
config.set_authentication_policy(authentication_policy)
configure(config, config.registry.settings)
def configure_authentication(self):
"""Set up authentication and authorization policies.
For more information see Pyramid auth documentation.
"""
from websauna.system.auth.principals import resolve_principals
from websauna.system.auth.authentication import get_request_user
from pyramid.authorization import ACLAuthorizationPolicy
from websauna.system.auth.policy import SessionAuthenticationPolicy
authn_policy = SessionAuthenticationPolicy(callback=resolve_principals)
authz_policy = ACLAuthorizationPolicy()
self.config.set_authentication_policy(authn_policy)
self.config.set_authorization_policy(authz_policy)
# We need to carefully be above TM view, but below exc view so that internal server error page doesn't trigger session authentication that accesses the database
self.config.add_tween(
"websauna.system.auth.tweens.SessionInvalidationTweenFactory",
under="pyramid_tm.tm_tween_factory")
# Grab incoming auth details changed events
from websauna.system.auth import subscribers
self.config.scan(subscribers)
# Experimental support for transaction aware properties
try:
from pyramid_tm.reify import transaction_aware_reify
self.config.add_request_method(callable=transaction_aware_reify(
self.config, get_request_user),
name="user",
property=True,
reify=False)
except ImportError:
self.config.add_request_method(get_request_user,
'user',
reify=True)
def main(global_config, **settings):
"""Return a Pyramid WSGI application."""
if 'DATABASE_URL' in os.environ:
settings['sqlalchemy.url'] = os.environ.get('DATABASE_URL')
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
secret = os.environ.get('dsfkljfvjkvnadssvjkbavhfdlbvhfdlv', 'vndjkvbndlv')
authentication_policy = AuthTktAuthenticationPolicy(secret)
authorization_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
authentication_policy=authentication_policy,
authorization_policy=authorization_policy,
root_factory=BaseFactory)
config.include('pyramid_jinja2')
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('index_route', '/')
config.add_route('new_route', '/add')
config.add_route('entry_route', '/entries/{id:\d+}')
config.add_route('edit_route', '/entries/{id:\d+}/edit')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
authn_policy = AuthTktAuthenticationPolicy('sosecret',
callback=groupfinder,
hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
root_factory='tutorial.models.RootFactory')
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.include('pyramid_chameleon')
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('view_wiki', '/')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('view_page', '/{pagename}')
config.add_route('add_page', '/add_page/{pagename}')
config.add_route('edit_page', '/{pagename}/edit_page')
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
session_factory = session_factory_from_settings(settings)
authn_policy = AuthTktAuthenticationPolicy( 'sosecret', callback=groupfinder, hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings, root_factory='geogallery.models.models.RootFactory')
config.set_request_property(get_user, str('user'), reify=True)
config.include('bag.web.pyramid.flash_msg')
config.set_session_factory(session_factory)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_static_view('static', 'static', cache_max_age=3600)
# Adding the static resources from Deform
config.add_static_view('deform_static', 'deform:static', cache_max_age=3600)
config.add_static_view('deform_bootstrap_static', 'deform_bootstrap:static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('login', '/login')
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
# setup database
settings = setup_database(global_config, **settings)
config = Configurator(
settings=settings,
request_factory=APIRequest,
authentication_policy=AuthenticationPolicy(),
authorization_policy=ACLAuthorizationPolicy(),
default_permission='view',
)
# add basic authentication parsing
config.add_tween('.api.auth.basic_auth_tween_factory')
# add access-control-allow-origin header setting
config.add_tween('.api.allow_origin.allow_origin_tween_factory')
# provides table entity to json renderers
config.include('.renderers')
# provides api views
config.include('.api')
config.scan(ignore=b'billy.tests')
return config.make_wsgi_app()
def setUpClass(cls):
cls.config = testing.setUp()
cls.config.add_renderer('jsonp', JSONP(param_name='callback'))
cls.config.include("cornice")
cls.authz_policy = ACLAuthorizationPolicy()
cls.authn_policy = AuthenticationPolicy(
'openprocurement/archivarius/core/tests/auth.ini', __name__)
cls.config.set_authorization_policy(cls.authz_policy)
cls.config.set_authentication_policy(cls.authn_policy)
cls.config.registry.db = MagicMock()
cls.config.registry.db.save.return_value = [
'', '1-{}'.format(uuid.uuid4().hex)
]
cls.config.registry.server_id = uuid.uuid4().hex
cls.config.registry.docservice_key = MagicMock()
cls.config.context = munchify(tender.serialize.return_value)
cls.config.registry.docservice_key.vk = 'a' * 32
cls.config.add_subscriber(add_logging_context, NewRequest)
cls.config.add_subscriber(MagicMock(), ContextFound)
cls.config.add_subscriber(MagicMock(), NewRequest)
cls.config.add_subscriber(MagicMock(), BeforeRender)
cls.config.scan("openprocurement.archivarius.core.tests.utils")
cls.app = TestApp(CatchErrors(cls.config.make_wsgi_app()))
def includeme(config):
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('recepts', '/recepts')
config.add_route('collection', '/collection')
config.add_route('recept_view', '/recepts/{id:\w+}')
config.add_route('create_recept', '/create-recept')
authn_policy = AuthTktAuthenticationPolicy('seekrit', hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
# config = Configurator(root_factory=HelloFactory)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
print('kek')
config.add_route('hello', '/hello/{name}')
config.add_view(hello_world, route_name='hello', permission='view')
# login form
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_view(login, route_name='login')
config.add_view(logout, route_name='logout')
def main(global_settings, **settings):
authn_policy = AuthTktAuthenticationPolicy(settings['auth.secret'], )
authz_policy = ACLAuthorizationPolicy()
config = Configurator(
settings=settings,
authentication_policy=authn_policy,
authorization_policy=authz_policy,
)
config.add_route('home', '/')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('users', '/users')
config.add_route('user', '/user/{login}')
config.add_route('pages', '/pages')
config.add_route('create_page', '/create_page')
config.add_route('page', '/page/{title}')
config.add_route('edit_page', '/page/{title}/edit')
config.scan(__name__)
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
session_factory = session_factory_from_settings(settings)
config = Configurator(
root_factory=root_factory,
session_factory=session_factory,
settings=settings,
)
config.add_static_view('static', 'static', cache_max_age=3600)
config.include('ticketing.setup')
config.include('ticketing.mainviews')
config.include('ticketing.raven')
config.include('ticketing.profile')
config.include('ticketing.boxoffice')
config.include('ticketing.queue')
config.include('ticketing.manage', route_prefix="/admin")
config.include('ticketing.checkin')
config.add_renderer('api_renderer',
'ticketing.api.api_renderer.APIRenderer')
config.include('ticketing.api')
config.add_route("admin_catch", "/admin")
# Add authentication policies
authentication_policy = AuthTktAuthenticationPolicy('ticketing',
callback=checkGroups,
hashalg='sha512')
authorization_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authentication_policy)
config.set_authorization_policy(authorization_policy)
config.set_default_permission("public")
# Scan for views
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
engine = engine_from_config(settings, prefix='sqlalchemy.')
authn_policy = AuthTktAuthenticationPolicy(settings['auth.secret'],
hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
authentication_policy=authn_policy,
authorization_policy=authz_policy)
config.include('pyramid_chameleon')
config.add_static_view('public', 'tdf:public')
# Routes
config.add_route('index', '/')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
# View Plugin
config.scan('.app.views.index_view')
config.scan('.app.views.authentication_view')
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
# Update the settings with the current app root path
settings['app_root'] = abspath(dirname(dirname(__file__)))
initialize_sql(settings)
authn_policy = AuthTktAuthenticationPolicy(
settings.get('auth.secret'), callback=UserMgr.auth_groupfinder)
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
root_factory='bookie.RootFactory',
authentication_policy=authn_policy,
authorization_policy=authz_policy)
config.set_request_factory(RequestWithUserAttribute)
config = build_routes(config)
config.add_static_view('static', 'bookie:static')
config.scan('bookie.views')
return config.make_wsgi_app()
def main(global_config, **settings):
"""This function returns a Pyramid WSGI application."""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
authn_policy = AuthTktAuthenticationPolicy(
secret='sosecret',
callback=group_finder,
hashalg='sha512',
)
authz_policy = ACLAuthorizationPolicy()
config = Configurator(
settings=settings,
session_factory=my_session_factory,
root_factory='okarchive.models.RootFactory',
)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_static_view('deform', 'deform:static', cache_max_age=3600)
config.include('pyramid_chameleon')
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application."""
authn_policy = AuthTktAuthenticationPolicy(secret=settings['auth_secret'],
callback=groupfinder,
secure=False, include_ip=False,
hashalg='sha512',
wild_domain=False)
authz_policy = ACLAuthorizationPolicy()
session_factory = UnencryptedCookieSessionFactoryConfig(
settings['cookie_secret'])
config = Configurator(settings=settings,
root_factory=RootFactory,
authentication_policy=authn_policy,
authorization_policy=authz_policy,
session_factory=session_factory)
config.add_request_method(get_user, 'user', reify=True)
config.add_static_view('data', path=STORAGE_PATH,
cache_max_age=3600)
config.add_static_view('images', path='/tmp/octopi_images/',
cache_max_age=3600)
config.add_static_view('static', 'static', cache_max_age=3600)
config.include(set_routes)
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
config = Configurator(settings=settings, root_factory=RootFactory)
config.include('pyramid_ldap3')
config.include('pyramid_chameleon')
config.set_authentication_policy(
AuthTktAuthenticationPolicy('seekr1t', callback=groupfinder))
config.set_authorization_policy(ACLAuthorizationPolicy())
config.ldap_setup('ldap://localhost',
bind='CN=ldap user,CN=Users,DC=example,DC=com',
passwd='ld@pu5er')
config.ldap_set_login_query('CN=Users,DC=example,DC=com',
'(sAMAccountName=%(login)s)',
scope=ldap3.SUBTREE,
cache_period=0)
config.ldap_set_groups_query(
'CN=Users,DC=example,DC=com',
# '(member:1.2.840.113556.1.4.1941:=%(userdn)s)',
'(&(objectCategory=group)(member=%(userdn)s))',
cache_period=60)
config.add_route('sampleapp.root', '/')
config.add_route('sampleapp.login', '/login')
config.add_route('sampleapp.logout', '/logout')
config.scan('.views')
return config.make_wsgi_app()
def main(self, global_config, **settings):
config = global_config
config.add_settings(settings)
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
authz_policy = ACLAuthorizationPolicy()
config.set_authorization_policy(authz_policy)
authn_policy = AuthTktAuthenticationPolicy('secret')
config.set_authentication_policy(authn_policy)
session_factory = session_factory_from_settings(settings)
config.set_session_factory(session_factory)
config.registry.registerUtility(DBSession, IDBSession)
config.include('hiero')
app = config.make_wsgi_app()
return app
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
settings['mako.directories'] = 'osmtm:templates'
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
authn_policy = AuthTktAuthenticationPolicy(secret='super_secret')
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
authentication_policy=authn_policy,
authorization_policy=authz_policy)
session_factory = UnencryptedCookieSessionFactoryConfig('itsasecret')
config.set_session_factory(session_factory)
config.include('pyjade.ext.pyramid')
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('oauth_callback', '/oauth_callback')
config.add_route('project_new', '/project/new')
config.add_route('project', '/project/{project}')
config.add_route('project_edit', '/project/{project}/edit')
config.add_route('project_partition', '/project/{project}/partition')
config.add_route('project_mapnik',
'/project/{project}/{z}/{x}/{y}.{format}')
config.add_route('task_xhr', '/task/{id}', xhr=True)
config.add_renderer('mapnik', MapnikRendererFactory)
config.scan()
return config.make_wsgi_app()
def main():
""" This function returns a Pyramid WSGI application.
"""
settings = {
'sqlalchemy.url': 'postgresql://localhost:5432/weather_test'
}
config = Configurator(settings=settings)
config.include('pyramid_jwt')
config.include('pyramid_restful')
config.set_root_factory(RootACL)
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_jwt_authentication_policy(
'superseekretseekrit',
auth_type='Bearer',
callback=add_role_principals,
)
config.include('weather_api.models')
config.include('weather_api.routes')
config.scan()
return config.make_wsgi_app()
def setUp(self):
self.request = DummyRequest()
self.request.userid = None
self.auth = ACLAuthorizationPolicy()
def authz_policy(self):
return ACLAuthorizationPolicy()
def get_app(self):
self.time_start = time.time()
secret = 'itsasecreet' # XXX
self.my_session_factory = SignedCookieSessionFactory(secret + 'sign')
self.root_factory = MCDPResourceRoot
config = Configurator(root_factory=self.root_factory,
settings=self.settings)
config.set_session_factory(self.my_session_factory)
# config.include('pyramid_debugtoolbar')
authn_policy = AuthTktAuthenticationPolicy(secret + 'authn',
hashalg='sha512',
callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.set_default_permission(Privileges.ACCESS)
config.add_renderer('jsonp', JSONP(param_name='callback'))
config.add_static_view(name='static',
path='static',
cache_max_age=3600)
config.include('pyramid_jinja2')
AppStatus.config(self, config)
AppVisualization.config(self, config)
AppQR.config(self, config)
AppSolver.config(self, config)
AppInteractive.config(self, config)
AppEditorFancyGeneric.config(self, config)
WebAppImages.config(self, config)
AppLogin.config(self, config)
AppSolver2.config(self, config)
config.add_view(self.view_dummy,
context=ResourceAbout,
renderer='about.jinja2')
config.add_view(self.view_index,
context=MCDPResourceRoot,
renderer='index.jinja2')
config.add_view(self.view_dummy,
context=ResourceLibraries,
renderer='list_libraries.jinja2')
config.add_view(self.view_dummy,
context=ResourceRepos,
renderer='repos.jinja2')
config.add_view(self.view_dummy,
context=ResourceLibraryInteractive,
renderer='empty.jinja2')
config.add_view(self.view_dummy,
context=ResourceLibrary,
renderer='library_index.jinja2',
permission=Privileges.READ)
config.add_view(self.view_dummy,
context=ResourceThings,
renderer='library_index.jinja2',
permission=Privileges.READ) # same as above
config.add_view(self.view_dummy,
context=ResourceRepo,
renderer='shelves_index.jinja2')
config.add_view(self.view_dummy,
context=ResourceShelves,
renderer='shelves_index.jinja2') # same as above
config.add_view(self.view_dummy,
context=ResourceAllShelves,
renderer='shelves_index.jinja2') # same as above
config.add_view(self.view_changes,
context=ResourceChanges,
renderer='changes.jinja2')
config.add_view(self.view_tree,
context=ResourceTree,
renderer='tree.jinja2')
config.add_view(self.view_not_found_generic,
context=ResourceNotFoundGeneric,
renderer='not_found_generic.jinja2',
permission=NO_PERMISSION_REQUIRED)
config.add_view(self.view_shelf_library_new,
context=ResourceLibrariesNewLibname,
permission=Privileges.WRITE)
config.add_view(self.view_shelf,
context=ResourceShelf,
renderer='shelf.jinja2',
permission=Privileges.DISCOVER)
config.add_view(self.view_shelves_subscribe,
context=ResourceShelvesShelfSubscribe,
permission=Privileges.SUBSCRIBE)
config.add_view(self.view_shelves_unsubscribe,
context=ResourceShelvesShelfUnsubscribe,
permission=Privileges.SUBSCRIBE)
config.add_view(self.view_library_doc,
context=ResourceLibraryDocRender,
renderer='library_doc.jinja2',
permission=Privileges.READ)
config.add_view(self.view_library_doc_not_found,
context=ResourceLibraryDocNotFound,
renderer='library_doc_not_found.jinja2',
permission=Privileges.READ)
config.add_view(self.view_library_asset_not_found,
context=ResourceLibraryAssetNotFound,
renderer='asset_not_found.jinja2',
permission=Privileges.READ)
config.add_view(self.view_library_asset,
context=ResourceLibraryAsset,
permission=Privileges.READ)
config.add_view(self.view_refresh_library,
context=ResourceLibraryRefresh,
permission=Privileges.READ)
config.add_view(self.view_refresh, context=ResourceRefresh)
config.add_view(self.view_users,
context=ResourceListUsers,
renderer='users.jinja2',
permission=Privileges.VIEW_USER_LIST)
config.add_view(self.view_users_user,
context=ResourceListUsersUser,
renderer='user_page.jinja2',
permission=Privileges.VIEW_USER_PROFILE_PUBLIC)
config.add_view(self.view_impersonate,
context=ResourceUserImpersonate,
permission=Privileges.IMPERSONATE_USER)
config.add_view(self.view_exception,
context=Exception,
renderer='exception.jinja2')
config.add_view(self.exit,
context=ResourceExit,
renderer='json',
permission=NO_PERMISSION_REQUIRED)
config.add_view(self.view_exceptions_occurred_json,
context=ResourceExceptionsJSON,
renderer='json',
permission=NO_PERMISSION_REQUIRED)
config.add_view(self.view_exceptions_occurred,
context=ResourceExceptionsFormatted,
renderer='exceptions_formatted.jinja2',
permission=NO_PERMISSION_REQUIRED)
config.add_view(self.view_dummy,
context=ResourceShelfNotFound,
renderer='shelf_not_found.jinja2')
config.add_view(self.view_dummy,
context=ResourceShelfForbidden,
renderer='shelf_forbidden.jinja2')
config.add_view(self.view_dummy,
context=ResourceShelfInactive,
renderer='shelf_inactive.jinja2')
config.add_view(self.view_resource_not_found,
context=ResourceRepoNotFound,
renderer='repo_not_found.jinja2')
config.add_view(self.view_thing_delete, context=ResourceThingDelete)
config.add_view(self.view_thing_rename, context=ResourceThingRename)
config.add_view(self.view_thing, context=ResourceThing)
config.add_view(self.view_picture, context=ResourceUserPicture)
config.add_view(self.view_search,
http_cache=0,
context=ResourceSearchPage,
renderer='search.jinja2')
config.add_view(self.view_search_query,
http_cache=0,
context=ResourceSearchPageQuery,
renderer='json')
config.add_view(self.view_confirm_bind,
http_cache=0,
context=ResourceConfirmBind,
renderer='confirm_bind.jinja2',
permission=NO_PERMISSION_REQUIRED)
config.add_view(self.view_confirm_bind_bind,
http_cache=0,
context=ResourceConfirmBindBind,
renderer='confirm_bind_bind.jinja2',
permission=NO_PERMISSION_REQUIRED)
config.add_view(self.view_confirm_creation_similar,
http_cache=0,
context=ResourceConfirmCreationSimilar,
renderer='confirm_creation_similar.jinja2',
permission=NO_PERMISSION_REQUIRED)
config.add_view(self.view_confirm_creation,
http_cache=0,
context=ResourceConfirmCreation,
renderer='confirm_creation.jinja2',
permission=NO_PERMISSION_REQUIRED)
config.add_view(self.view_confirm_creation_create,
http_cache=0,
context=ResourceConfirmCreationCreate,
renderer='confirm_creation_create.jinja2',
permission=NO_PERMISSION_REQUIRED)
config.add_view(self.view_db_view,
http_cache=0,
context=ResourceDBView,
renderer='db_view.jinja2')
config.add_view(serve_robots,
context=ResourceRobots,
permission=NO_PERMISSION_REQUIRED)
config.add_notfound_view(self.view_not_found, renderer='404.jinja2')
config.scan()
config.add_view(self.view_authomatic,
context=ResourceAuthomaticProvider,
permission=NO_PERMISSION_REQUIRED)
self.get_authomatic_config()
app = config.make_wsgi_app()
return app
def aclauthorizationpolicy(_context):
policy = ACLAuthorizationPolicy()
# authorization policies must be registered eagerly so they can be
# found by the view registration machinery
config = with_context(_context)
config.set_authorization_policy(policy)
def policy(self, pyramid_config):
"""Set up a fake authentication policy with a real ACL authorization policy."""
policy = ACLAuthorizationPolicy()
pyramid_config.testing_securitypolicy(None)
pyramid_config.set_authorization_policy(policy)
def get_configurator(settings, enable_auth=True):
settings.update(REQUIRED_CONFIG)
check_config(settings)
connection_debug = asbool(settings.get('connection.debug'))
boto.set_stream_logger(
'boto',
level=(logging.DEBUG if connection_debug else logging.CRITICAL))
ensure_session_keys(settings)
check_types()
config = Configurator(root_factory=SiteRootFactory, settings=settings)
if enable_auth:
authn_policy = SessionAuthenticationPolicy(callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.set_default_permission('view')
config.add_request_method(User.get_auth_user, 'user', reify=True)
config.add_subscriber(escape_braces, BeforeRender)
cache_duration = int(settings.get('static.cache.duration', 43200))
config.add_static_view(name='static/' + __version__,
path='static',
cache_max_age=cache_duration)
config.add_layout('eucaconsole.layout.MasterLayout',
'eucaconsole.layout:templates/master_layout.pt')
route_dir = '/var/run/eucaconsole'
if not os.path.exists(route_dir):
route_dir = os.path.join(os.getcwd(), 'run')
write_routes_json(route_dir)
config.add_static_view(name='static/json',
path=route_dir,
cache_max_age=cache_duration)
locale_dir = os.path.join(os.getcwd(), 'locale')
# use local locale directory over system one
if not os.path.exists(locale_dir) and os.path.exists('/usr/share/locale'):
locale_dir = '/usr/share/locale'
config.add_translation_dirs(locale_dir)
config.set_locale_negotiator(custom_locale_negotiator)
for route in urls:
config.add_route(route.name, route.pattern)
setup_tweens(config, settings)
config.scan('.views')
if not boto.config.has_section('Boto'):
boto.config.add_section('Boto')
boto.config.set('Boto', 'num_retries',
settings.get('connection.retries', '2'))
memory_cache = settings.get('cache.memory')
memory_cache_url = settings.get('cache.memory.url')
username = settings.get('cache.username', None)
password = settings.get('cache.password', None)
short_term.configure(
memory_cache,
expiration_time=int(settings.get('cache.short_term.expire')),
arguments={
'url': [memory_cache_url],
'binary': True,
'min_compress_len': 1024,
'behaviors': {
"tcp_nodelay": True,
"ketama": True
},
'username': username,
'password': password
},
)
default_term.configure(
memory_cache,
expiration_time=int(settings.get('cache.default_term.expire')),
arguments={
'url': [memory_cache_url],
'binary': True,
'min_compress_len': 1024,
'behaviors': {
"tcp_nodelay": True,
"ketama": True
},
'username': username,
'password': password
},
)
long_term.configure(
memory_cache,
expiration_time=int(settings.get('cache.long_term.expire')),
arguments={
'url': [memory_cache_url],
'binary': True,
'min_compress_len': 1024,
'behaviors': {
"tcp_nodelay": True,
"ketama": True
},
'username': username,
'password': password
},
)
extra_long_term.configure(
memory_cache,
expiration_time=int(settings.get('cache.extra_long_term.expire')),
arguments={
'url': [memory_cache_url],
'binary': True,
'min_compress_len': 1024,
'behaviors': {
"tcp_nodelay": True,
"ketama": True
},
'username': username,
'password': password
},
)
return config
def __init__(self):
self.acl_policy = ACLAuthorizationPolicy()
