def load_form_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.method.form', ): app = RequireEnvironKey( app, 'paste.auth_tkt.set_user', missing_error=( 'Missing the key %(key)s from the environ. ' 'Have you added the cookie method after the form method?')) template_conf = strip_base(auth_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix + 'template.') else: template_ = template authenticate_conf = strip_base(auth_conf, 'authenticate.') app, authfunc, users = get_authenticate_function(app, authenticate_conf, prefix=prefix + 'authenticate.', format='basic') charset = auth_conf.get('charset') return app, { 'authfunc': authfunc, 'template': template_, 'charset': charset }, None
def load_form_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.method.form', ): app = RequireEnvironKey( app, 'paste.auth_tkt.set_user', missing_error=( 'Missing the key %(key)s from the environ. ' 'Have you added the cookie method after the form method?' ) ) template_conf = strip_base(auth_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix+'template.') else: template_ = template authenticate_conf = strip_base(auth_conf, 'authenticate.') app, authfunc, users = get_authenticate_function( app, authenticate_conf, prefix=prefix+'authenticate.', format='basic' ) charset=auth_conf.get('charset') method =auth_conf.get('method', 'post') if method.lower() not in ['get','post']: raise Exception('Form method should be GET or POST, not %s'%method) return app, {'authfunc':authfunc, 'template':template_, 'charset':charset, 'method':method}, None
def load_cookie_config(app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.cookie.'): badcookie_conf = strip_base(auth_conf, 'badcookie.') template_conf = strip_base(badcookie_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix + 'badcookiepage.template.') else: template_ = template user_setter_params = { 'params': strip_base(auth_conf, 'params.'), 'ticket_class': AuthKitTicket, 'badcookiepage': asbool(badcookie_conf.get('page', True)), 'badcookietemplate': template_, } for k, v in auth_conf.items(): if not (k.startswith('params.') or k.startswith('badcookie.')): user_setter_params[k] = v if not user_setter_params.has_key('secret'): raise AuthKitConfigError('No cookie secret specified under %r' % (prefix + 'secret')) if user_setter_params.has_key('signout'): raise AuthKitConfigError( 'The authkit.cookie.signout option should now be named signoutpath' ) return app, None, user_setter_params
def load_cookie_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.cookie.' ): badcookie_conf = strip_base(auth_conf, 'badcookie.') template_conf = strip_base(badcookie_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix+'badcookiepage.template.') else: template_ = template user_setter_params = { 'params': strip_base(auth_conf, 'params.'), 'ticket_class':AuthKitTicket, 'badcookiepage': asbool(badcookie_conf.get('page', True)), 'badcookietemplate': template_, } for k,v in auth_conf.items(): if not (k.startswith('params.') or k.startswith('badcookie.')): user_setter_params[k] = v if not user_setter_params.has_key('secret'): raise AuthKitConfigError( 'No cookie secret specified under %r'%(prefix+'secret') ) if user_setter_params.has_key('signout'): raise AuthKitConfigError( 'The authkit.cookie.signout option should now be named signoutpath' ) return app, None, user_setter_params
def load_openid_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.openid', ): global template template_ = template template_conf = strip_base(auth_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix+'template.') urltouser = auth_conf.get('urltouser', None) if isinstance(urltouser, str): urltouser = eval_import(urltouser) for option in ['store.type', 'store.config', 'path.signedin']: if not auth_conf.has_key(option): raise AuthKitConfigError( 'Missing the config key %s%s'%(prefix, option) ) user_setter_params={ 'store_type': auth_conf['store.type'], 'store_config': auth_conf['store.config'], 'baseurl': auth_conf.get('baseurl',''), 'path_signedin': auth_conf['path.signedin'], 'path_process': auth_conf.get('path.process','/process'), 'template': template_, 'urltouser': urltouser, 'charset': auth_conf.get('charset'), 'openid_form_fieldname': auth_conf.get('openid_form_fieldname'), 'force_redirect': auth_conf.get('force_redirect'), 'sreg_required': auth_conf.get('sreg.required'), 'sreg_optional': auth_conf.get('sreg.optional'), 'sreg_policyurl': auth_conf.get('sreg.policyurl'), 'session_middleware': auth_conf.get('session.middleware','beaker.session'), } # Add an Attribute Exchange configuration items user_setter_params.update(_load_ax_config(auth_conf)) auth_handler_params={ 'template':user_setter_params['template'], 'path_verify':auth_conf.get('path.verify', '/verify'), 'baseurl':user_setter_params['baseurl'], 'charset':user_setter_params['charset'], 'force_redirect': auth_conf.get('force_redirect', False), 'openid_form_fieldname': auth_conf.get('openid_form_fieldname', None), } # The following lines were suggested in #59 but I don't know # why they are needed because you shouldn't be using the # user management API. # authenticate_conf = strip_base(auth_conf, 'authenticate.') # app, authfunc, users = get_authenticate_function( # app, # authenticate_conf, # prefix=prefix+'authenticate.', # format='basic' # ) return app, auth_handler_params, user_setter_params
def make_multi_middleware(app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.'): # Load the configurations and any associated middleware app, oid_auth_params, oid_user_params = load_openid_config( app, strip_base(auth_conf, 'openid.')) app, form_auth_params, form_user_params = load_form_config( app, strip_base(auth_conf, 'form.')) app, cookie_auth_params, cookie_user_params = load_cookie_config( app, strip_base(auth_conf, 'cookie.')) app, basic_auth_params, basic_user_params = load_basic_config( app, strip_base(auth_conf, 'basic.')) app, digest_auth_params, digest_user_params = load_digest_config( app, strip_base(auth_conf, 'digest.')) # The cookie plugin doesn't provide an AuthHandler so no config assert cookie_auth_params == None # The form plugin doesn't provide a UserSetter (it uses cookie) assert form_user_params == None # Setup the MultiHandler to switch between authentication methods # based on the value of environ['authkit.authhandler'] if a 401 is # raised app = MultiHandler(app) app.add_method('openid', OpenIDAuthHandler, **oid_auth_params) app.add_checker('openid', EnvironKeyAuthSwitcher('openid')) app.add_method('basic', BasicAuthHandler, **basic_auth_params) app.add_checker('basic', EnvironKeyAuthSwitcher('basic')) app.add_method('digest', DigestAuthHandler, **digest_auth_params) app.add_checker('digest', EnvironKeyAuthSwitcher('digest')) app.add_method('form', FormAuthHandler, **form_auth_params) app.add_checker('form', Default()) # Add the user setters to set REMOTE_USER on each request once the # user is signed on. app = DigestUserSetter(app, **digest_user_params) app = BasicUserSetter(app, **basic_user_params) # OpenID relies on cookie so needs to be set up first app = OpenIDUserSetter(app, **oid_user_params) app = CookieUserSetter(app, **cookie_user_params) return app
def load_form_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.method.form', ): app = RequireEnvironKey( app, 'paste.auth_tkt.set_user', missing_error=( 'Missing the key %(key)s from the environ. ' 'Have you added the cookie method after the form method?')) template_conf = strip_base(auth_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix + 'template.') else: template_ = template authenticate_conf = strip_base(auth_conf, 'authenticate.') app, authfunc, users = get_authenticate_function(app, authenticate_conf, prefix=prefix + 'authenticate.', format='basic') charset = auth_conf.get('charset') method = auth_conf.get('method', 'post') action = auth_conf.get('action') user_data = auth_conf.get('userdata') if method.lower() not in ['get', 'post']: raise Exception('Form method should be GET or POST, not %s' % method) return app, { 'authfunc': authfunc, 'template': template_, 'charset': charset, 'method': method, 'action': action, 'user_data': user_data or None, }, None
def load_google_config(app, auth_conf, app_conf, global_conf, prefix): authenticate_conf = strip_base(auth_conf, "authenticate.") app, authfunc, users = get_authenticate_function( app, authenticate_conf, prefix=prefix + "authenticate.", format="basic" ) auth_handler_params = {"authfunc": authfunc} user_setter_params = { "signout_path": auth_conf.get("signoutpath", None), "admin_role": auth_conf.get("adminrole", None), } return app, auth_handler_params, user_setter_params
def load_basic_config(app, auth_conf, app_conf=None, global_conf=None, prefix="authkit.basic"): auth_handler_params = {} user_setter_params = {} authenticate_conf = strip_base(auth_conf, "authenticate.") app, authfunc, users = get_authenticate_function( app, authenticate_conf, prefix=prefix + "authenticate.", format="basic" ) realm = auth_conf.get("realm", "AuthKit") auth_handler_params["realm"] = realm auth_handler_params["authfunc"] = authfunc user_setter_params["realm"] = realm user_setter_params["authfunc"] = authfunc user_setter_params["users"] = users return app, auth_handler_params, user_setter_params
def load_openid_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.openid', ): global template template_ = template template_conf = strip_base(auth_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix + 'template.') urltouser = auth_conf.get('urltouser', None) if isinstance(urltouser, str): urltouser = eval_import(urltouser) for option in ['store.type', 'store.config', 'path.signedin']: if not auth_conf.has_key(option): raise AuthKitConfigError('Missing the config key %s%s' % (prefix, option)) user_setter_params = { 'store_type': auth_conf['store.type'], 'store_config': auth_conf['store.config'], 'baseurl': auth_conf.get('baseurl', ''), 'path_signedin': auth_conf['path.signedin'], 'path_process': auth_conf.get('path.process', '/process'), 'template': template_, 'urltouser': urltouser, 'charset': auth_conf.get('charset'), 'sreg_required': auth_conf.get('sreg.required'), 'sreg_optional': auth_conf.get('sreg.optional'), 'sreg_policyurl': auth_conf.get('sreg.policyurl'), # XXX This need to actually be configurable, not hard coded 'session_secret': 'asdasd', 'session_key': 'authkit_openid', 'session_middleware': 'beaker.session', } if user_setter_params['session_middleware'] == 'beaker.session': if not user_setter_params['session_secret']: raise AuthKitConfigError('No session_secret set') auth_handler_params = { 'template': user_setter_params['template'], 'path_verify': auth_conf.get('path.verify', '/verify'), 'baseurl': user_setter_params['baseurl'], 'charset': user_setter_params['charset'], } return app, auth_handler_params, user_setter_params
def load_openid_config(app, auth_conf, app_conf=None, global_conf=None, prefix="authkit.openid"): global template template_ = template template_conf = strip_base(auth_conf, "template.") if template_conf: template_ = get_template(template_conf, prefix=prefix + "template.") urltouser = auth_conf.get("urltouser", None) if isinstance(urltouser, str): urltouser = eval_import(urltouser) for option in ["store.type", "store.config", "path.signedin"]: if not auth_conf.has_key(option): raise AuthKitConfigError("Missing the config key %s%s" % (prefix, option)) user_setter_params = { "store_type": auth_conf["store.type"], "store_config": auth_conf["store.config"], "baseurl": auth_conf.get("baseurl", ""), "path_signedin": auth_conf["path.signedin"], "path_process": auth_conf.get("path.process", "/process"), "template": template_, "urltouser": urltouser, "charset": auth_conf.get("charset"), "sreg_required": auth_conf.get("sreg.required"), "sreg_optional": auth_conf.get("sreg.optional"), "sreg_policyurl": auth_conf.get("sreg.policyurl"), "session_middleware": auth_conf.get("session.middleware", "beaker.session"), } auth_handler_params = { "template": user_setter_params["template"], "path_verify": auth_conf.get("path.verify", "/verify"), "baseurl": user_setter_params["baseurl"], "charset": user_setter_params["charset"], } # The following lines were suggested in #59 but I don't know # why they are needed because you shouldn't be using the # user management API. # authenticate_conf = strip_base(auth_conf, 'authenticate.') # app, authfunc, users = get_authenticate_function( # app, # authenticate_conf, # prefix=prefix+'authenticate.', # format='basic' # ) return app, auth_handler_params, user_setter_params
def load_openid_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.openid', ): global template template_ = template template_conf = strip_base(auth_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix+'template.') urltouser = auth_conf.get('urltouser', None) if isinstance(urltouser, str): urltouser = eval_import(urltouser) for option in ['store.type', 'store.config', 'path.signedin']: if not auth_conf.has_key(option): raise AuthKitConfigError( 'Missing the config key %s%s'%(prefix, option) ) user_setter_params={ 'store_type': auth_conf['store.type'], 'store_config': auth_conf['store.config'], 'baseurl': auth_conf.get('baseurl',''), 'path_signedin': auth_conf['path.signedin'], 'path_process': auth_conf.get('path.process','/process'), 'template': template_, 'urltouser': urltouser, 'charset': auth_conf.get('charset'), 'sreg_required': auth_conf.get('sreg.required'), 'sreg_optional': auth_conf.get('sreg.optional'), 'sreg_policyurl': auth_conf.get('sreg.policyurl'), 'session_middleware': 'beaker.session', } auth_handler_params={ 'template':user_setter_params['template'], 'path_verify':auth_conf.get('path.verify', '/verify'), 'baseurl':user_setter_params['baseurl'], 'charset':user_setter_params['charset'], } return app, auth_handler_params, user_setter_params
def load_cookie_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.cookie.' ): user_setter_params = { 'params': strip_base(auth_conf, 'params.'), 'ticket_class':AuthKitTicket, } for k,v in auth_conf.items(): if not k.startswith('params.'): user_setter_params[k] = v if not user_setter_params.has_key('secret'): raise AuthKitConfigError( 'No cookie secret specified under %r'%(prefix+'secret') ) if user_setter_params.has_key('signout'): raise AuthKitConfigError( 'The authkit.cookie.signout option should now be named signoutpath' ) return app, None, user_setter_params
def load_basic_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.basic', ): auth_handler_params = {} user_setter_params = {} authenticate_conf = strip_base(auth_conf, 'authenticate.') app, authfunc, users = get_authenticate_function(app, authenticate_conf, prefix=prefix + 'authenticate.', format='basic') realm = auth_conf.get('realm', 'AuthKit') auth_handler_params['realm'] = realm auth_handler_params['authfunc'] = authfunc user_setter_params['realm'] = realm user_setter_params['authfunc'] = authfunc user_setter_params['users'] = users return app, auth_handler_params, user_setter_params
def load_digest_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.digest', ): auth_handler_params = {} user_setter_params = {} authenticate_conf = strip_base(auth_conf, 'authenticate.') app, authfunc, users = get_authenticate_function( app, authenticate_conf, prefix=prefix+'authenticate.', format='digest' ) realm = auth_conf.get('realm', 'AuthKit') auth_handler_params['realm'] = realm auth_handler_params['authfunc'] = authfunc user_setter_params['realm'] = realm user_setter_params['authfunc'] = authfunc user_setter_params['users'] = users return app, auth_handler_params, user_setter_params
def load_openid_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.openid', ): global template template_ = template template_conf = strip_base(auth_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix + 'template.') urltouser = auth_conf.get('urltouser', None) if isinstance(urltouser, str): urltouser = eval_import(urltouser) for option in ['store.type', 'store.config', 'path.signedin']: if not auth_conf.has_key(option): raise AuthKitConfigError('Missing the config key %s%s' % (prefix, option)) user_setter_params = { 'store_type': auth_conf['store.type'], 'store_config': auth_conf['store.config'], 'baseurl': auth_conf.get('baseurl', ''), 'path_signedin': auth_conf['path.signedin'], 'path_process': auth_conf.get('path.process', '/process'), 'template': template_, 'urltouser': urltouser, 'charset': auth_conf.get('charset'), 'sreg_required': auth_conf.get('sreg.required'), 'sreg_optional': auth_conf.get('sreg.optional'), 'sreg_policyurl': auth_conf.get('sreg.policyurl'), 'session_middleware': auth_conf.get('session.middleware', 'beaker.session'), } # Add an Attribute Exchange configuration items user_setter_params.update(_load_ax_config(auth_conf)) auth_handler_params = { 'template': user_setter_params['template'], 'path_verify': auth_conf.get('path.verify', '/verify'), 'baseurl': user_setter_params['baseurl'], 'charset': user_setter_params['charset'], } # The following lines were suggested in #59 but I don't know # why they are needed because you shouldn't be using the # user management API. # authenticate_conf = strip_base(auth_conf, 'authenticate.') # app, authfunc, users = get_authenticate_function( # app, # authenticate_conf, # prefix=prefix+'authenticate.', # format='basic' # ) return app, auth_handler_params, user_setter_params