def _add_middleware(self, conf, app): """ Configure authentication and authorization. """ # Start with the current configured authentication options. # Depending on the auth backend a new auth_args dictionary # can replace this one later on. auth_backend = conf['auth_backend'] if auth_backend not in self.SUPPORTED_AUTH_BACKENDS: return app auth_args = get_partial_dict('sa_auth', conf) # Removing keywords not used by repoze.who: auth_args.pop('password_encryption_method', None) # Removing authmetadata as is not used by repoze.who: tgauthmetadata = auth_args.pop('authmetadata', None) try: pos = auth_args['authenticators'].index(('default', None)) except KeyError: # Didn't specify authenticators, setup default one pos = None except ValueError: # Specified authenticators and default is not in there # so we want to skip default TG auth configuration. pos = -1 if pos is None or pos >= 0: if getattr(tgauthmetadata, 'authenticate', None) is not None: from tg.configuration.auth import create_default_authenticator auth_args, tgauth = create_default_authenticator(tgauthmetadata, **auth_args) authenticator = ('tgappauth', tgauth) elif auth_backend == "sqlalchemy": # pragma: no cover warnings.warn('sqlauth is deprecated, you should add authenticate method ' 'to your authmetadata instance in app_cfg', DeprecationWarning, 2) from tg.configuration.sqla.auth import create_default_authenticator auth_args, sqlauth = create_default_authenticator(**auth_args) authenticator = ('sqlauth', sqlauth) elif auth_backend == "ming": # pragma: no cover warnings.warn('mingauth is deprecated, you should add authenticate method ' 'to your authmetadata instance in app_cfg', DeprecationWarning, 2) from tg.configuration.mongo.auth import create_default_authenticator auth_args, mingauth = create_default_authenticator(**auth_args) authenticator = ('mingauth', mingauth) else: authenticator = None if authenticator is not None: if pos is None: auth_args['authenticators'] = [authenticator] else: # We make a copy so that we don't modify the original one. auth_args['authenticators'] = auth_args['authenticators'] auth_args['authenticators'][pos] = authenticator from tg.configuration.auth import setup_auth app = setup_auth(app, skip_authentication=conf['skip_authentication'], **auth_args) return app
def make_app(controller_klass, environ=None, with_errors=False, config_options=None): """Creates a ``TestApp`` instance.""" authmetadata = TestAuthMetadata() config_options = config_options or {} config_options.setdefault('sa_auth', {}) sa_auth = config_options['sa_auth'] sa_auth.update({'authmetadata': authmetadata}) app = base_make_app(controller_klass, environ or {}, config_options, with_errors).app # Setting repoze.who up: from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin cookie = AuthTktCookiePlugin('secret', 'authtkt') identifiers = [('cookie', cookie)] app = setup_auth(app, identifiers=identifiers, skip_authentication=True, authenticators=[], challengers=[]) # As setup_auth with skip_authentication sets empty authenticators always # we must manually append it after creating the middleware. app.api_factory.authenticators.append(('cookie', cookie)) return TestApp(app)
def make_app(controller_klass, environ={}, with_errors=False): """Creates a ``TestApp`` instance.""" # The basic middleware: app = TGApp(config=default_config) app.controller_classes['root'] = ControllerWrap(controller_klass) app = FakeRoutes(app) if with_errors: app = ErrorHandler(app, {}, debug=False) app = StatusCodeRedirect(app, [403, 404, 500]) app = RegistryManager(app) app = SessionMiddleware(app, {}, data_dir=session_dir) app = CacheMiddleware(app, {}, data_dir=os.path.join(data_dir, 'cache')) # Setting repoze.who up: from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin cookie = AuthTktCookiePlugin('secret', 'authtkt') identifiers = [('cookie', cookie)] app = setup_auth(app, TestAuthMetadata(), identifiers=identifiers, skip_authentication=True, authenticators=[], challengers=[]) # As setup_auth with skip_authentication sets empty authenticators always # we must manually append it after creating the middleware. app.api_factory.authenticators.append(('cookie', cookie)) return TestApp(app)
def make_app(controller_klass, environ={}, with_errors=False): """Creates a ``TestApp`` instance.""" # The basic middleware: app = TGApp(config=default_config) app.controller_classes['root'] = ControllerWrap(controller_klass) app = FakeRoutes(app) if with_errors: app = ErrorHandler(app, {}, debug=False) app = StatusCodeRedirect(app, [403, 404, 500]) app = RegistryManager(app) app = SessionMiddleware(app, {}, data_dir=session_dir) app = CacheMiddleware(app, {}, data_dir=os.path.join(data_dir, 'cache')) # Setting repoze.who up: from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin cookie = AuthTktCookiePlugin('secret', 'authtkt') identifiers = [('cookie', cookie)] app = setup_auth(app, TGAuthMetadata(), identifiers=identifiers, skip_authentication=True, authenticators=[], challengers=[]) return TestApp(app)
def make_app(controller_klass, environ={}, with_errors=False, config_options=None): """Creates a ``TestApp`` instance.""" authmetadata = TestAuthMetadata() config_options = config_options or {} config_options.setdefault('sa_auth', {}) sa_auth = config_options['sa_auth'] sa_auth.update({ 'authmetadata': authmetadata }) app = base_make_app(controller_klass, environ, config_options, with_errors).app # Setting repoze.who up: from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin cookie = AuthTktCookiePlugin('secret', 'authtkt') identifiers = [('cookie', cookie)] app = setup_auth(app, identifiers=identifiers, skip_authentication=True, authenticators=[], challengers=[]) # As setup_auth with skip_authentication sets empty authenticators always # we must manually append it after creating the middleware. app.api_factory.authenticators.append(('cookie', cookie)) return TestApp(app)
def make_app(controller_klass, environ={}, with_errors=False): """Creates a ``TestApp`` instance.""" # The basic middleware: app = ControllerWrap(controller_klass) app = SetupCacheGlobal(app, environ, setup_cache=True, setup_session=True) if with_errors: app = ErrorHandler(app, {}, debug=False) app = StatusCodeRedirect(app, [403, 404, 500]) app = RegistryManager(app) app = SessionMiddleware(app, {}, data_dir=session_dir) app = CacheMiddleware(app, {}, data_dir=os.path.join(data_dir, 'cache')) # Setting repoze.who up: cookie = AuthTktCookiePlugin('secret', 'authtkt') identifiers = [('cookie', cookie)] app = setup_auth(app, TGAuthMetadata(), identifiers=identifiers, skip_authentication=True, authenticators=[], challengers=[]) app = httpexceptions.make_middleware(app) return TestApp(app)
def add_auth_middleware(self, app, skip_authentication): """ Configure authentication and authorization. :param app: The TG2 application. :param skip_authentication: Should authentication be skipped if explicitly requested? (used by repoze.who-testutil) :type skip_authentication: bool """ # Configuring auth logging: if 'log_stream' not in self.sa_auth: self.sa_auth['log_stream'] = logging.getLogger('auth') # Removing keywords not used by repoze.who: auth_args = copy(self.sa_auth) if 'sa_auth' in config: auth_args.update(config.sa_auth) if 'password_encryption_method' in auth_args: del auth_args['password_encryption_method'] if not skip_authentication: if not 'cookie_secret' in auth_args.keys(): msg = "base_config.sa_auth.cookie_secret is required "\ "you must define it in app_cfg.py or set "\ "sa_auth.cookie_secret in development.ini" raise TGConfigError(msg) if 'authmetadata' not in auth_args: #authmetadata not provided, fallback to old authentication setup if self.auth_backend == "sqlalchemy": from repoze.what.plugins.quickstart import setup_sql_auth app = setup_sql_auth(app, skip_authentication=skip_authentication, **auth_args) elif self.auth_backend == "ming": from tgming import setup_ming_auth app = setup_ming_auth(app, skip_authentication=skip_authentication, **auth_args) else: try: pos = auth_args['authenticators'].index(('default', None)) except KeyError: pos = None except ValueError: pos = -1 if pos is None or pos >= 0: if self.auth_backend == "sqlalchemy": from tg.configuration.sqla.auth import create_default_authenticator auth_args, sqlauth = create_default_authenticator(**auth_args) authenticator = ('sqlauth', sqlauth) elif self.auth_backend == "ming": from tg.configuration.mongo.auth import create_default_authenticator auth_args, mingauth = create_default_authenticator(**auth_args) authenticator = ('mingauth', mingauth) else: authenticator = None if authenticator: if pos is None: auth_args['authenticators'] = [authenticator] else: auth_args['authenticators'][pos] = authenticator from tg.configuration.auth import setup_auth app = setup_auth(app, skip_authentication=skip_authentication, **auth_args) return app
def _add_middleware(self, conf, app): """ Configure authentication and authorization. """ # Start with the current configured authentication options. # Depending on the auth backend a new auth_args dictionary # can replace this one later on. auth_backend = conf['auth_backend'] if auth_backend not in self.SUPPORTED_AUTH_BACKENDS: return app auth_args = get_partial_dict('sa_auth', conf) # Removing keywords not used by repoze.who: auth_args.pop('password_encryption_method', None) # Removing authmetadata as is not used by repoze.who: tgauthmetadata = auth_args.pop('authmetadata', None) try: pos = auth_args['authenticators'].index(('default', None)) except KeyError: # Didn't specify authenticators, setup default one pos = None except ValueError: # Specified authenticators and default is not in there # so we want to skip default TG auth configuration. pos = -1 if pos is None or pos >= 0: if getattr(tgauthmetadata, 'authenticate', None) is not None: from tg.configuration.auth import create_default_authenticator auth_args, tgauth = create_default_authenticator( tgauthmetadata, **auth_args) authenticator = ('tgappauth', tgauth) elif auth_backend == "sqlalchemy": warnings.warn( 'sqlauth is deprecated, you should add authenticate method ' 'to your authmetadata instance in app_cfg', DeprecationWarning, 2) from tg.configuration.sqla.auth import create_default_authenticator auth_args, sqlauth = create_default_authenticator(**auth_args) authenticator = ('sqlauth', sqlauth) elif auth_backend == "ming": warnings.warn( 'mingauth is deprecated, you should add authenticate method ' 'to your authmetadata instance in app_cfg', DeprecationWarning, 2) from tg.configuration.mongo.auth import create_default_authenticator auth_args, mingauth = create_default_authenticator(**auth_args) authenticator = ('mingauth', mingauth) else: authenticator = None if authenticator is not None: if pos is None: auth_args['authenticators'] = [authenticator] else: # We make a copy so that we don't modify the original one. auth_args['authenticators'] = auth_args['authenticators'] auth_args['authenticators'][pos] = authenticator from tg.configuration.auth import setup_auth app = setup_auth(app, skip_authentication=conf['skip_authentication'], **auth_args) return app