def _get_principal(self, app: FlaskUnchained) -> Principal: """ Get an initialized instance of Flask Principal's. :class:~flask_principal.Principal`. """ principal = Principal(app, use_sessions=False) principal.identity_loader(self._identity_loader) return principal
def _get_principal(app): p = Principal(app, use_sessions=False) p.identity_loader(_identity_loader) return p
def _get_principal(app): p = Principal(app, use_sessions=False) p.identity_loader(_identity_loader) return p
class Auth(object): """Auth extension.""" _extension_name = 'carafe.auth' def __init__(self, app=None, provider=None): self.principal = Principal(use_sessions=False) self.require = PermissionFactory() self.app = app if self.app: # pragma: no cover self.init_app(app, provider) def init_app(self, app, provider=None): """Initialize app.""" app.config.setdefault('CARAFE_AUTH_ENABLED', True) app.config.setdefault('CARAFE_AUTH_SESSION_ID_KEY', 'user_id') app.config.setdefault('CARAFE_AUTH_IDENTITY_ID_KEY', 'id') app.config.setdefault('CARAFE_AUTH_IDENTITY_ROLES_KEY', 'roles') if not app.config['CARAFE_AUTH_ENABLED']: # pragma: no cover return if not hasattr(app, 'extensions'): # pragma: no cover app.extensions = {} app.extensions[self._extension_name] = {'provider': provider} # NOTE: Instead of having principal use it's session loader, we'll use # ours. self.principal.init_app(app) self.principal.identity_loader(self.session_identity_loader) identity_loaded.connect_via(app)(self.on_identity_loaded) @property def session_id_key(self): """Property access to config's CARAFE_AUTH_SESSION_ID_KEY.""" return current_app.config['CARAFE_AUTH_SESSION_ID_KEY'] @property def identity_id_key(self): """Property access to config's CARAFE_AUTH_IDENTITY_ID_KEY.""" return current_app.config['CARAFE_AUTH_IDENTITY_ID_KEY'] @property def identity_roles_key(self): """Property access to config's CARAFE_AUTH_IDENTITY_ROLES_KEY.""" return current_app.config['CARAFE_AUTH_IDENTITY_ROLES_KEY'] @property def user_id(self): """Property access to logged in user id.""" return session.get(self.session_id_key) @property def provider(self): """Property access to auth provider instance.""" return current_app.extensions[self._extension_name]['provider'] def session_identity_loader(self): """Fetch user id from session using config's auth id key""" if self.session_id_key in session: identity = Identity(session[self.session_id_key]) else: identity = None return identity def on_identity_loaded(self, app, identity): # pylint: disable=unused-argument """Called if session_identity_loader() returns an identity (i.e. not None). """ # Whatever is returned is used for our identity. Potentially, provider # may return a different user than original identity (e.g. app provides # way for admin users to access site using a different user account) if self.provider: ident = self.provider.identify(identity) else: ident = {self.identity_id_key: None} if self.user_id and not ident: # session has an user_id but the ident return is empty # user possibly deleted or inactivated in another process self.logout() # provide auth (whether user is not anonymous) if ident.get(self.identity_id_key): identity.provides.add(login_need) # provide roles for role in ident.get(self.identity_roles_key, []): identity.provides.add(RoleNeed(role)) def send_identity_changed(self, user_id): """Send identity changed event.""" if user_id is None: identity = AnonymousIdentity() else: identity = Identity(user_id) identity_changed.send(current_app._get_current_object(), identity=identity) def login(self, user_id, propagate=True): """Call after user has been authenticated for login.""" if session.get(self.session_id_key) != user_id: session[self.session_id_key] = user_id if propagate: self.send_identity_changed(user_id) def logout(self, propagate=True): """Call to log user out.""" if session.get(self.session_id_key): del session[self.session_id_key] if propagate: self.send_identity_changed(None)