def __init__(self, openid_provider, check_certificate=True, **kwargs): unknown = [] self.permissions = {} for group in kwargs: self.permissions[group] = [] for perm in kwargs[group]: if perm in Authz.knownActions: self.permissions[group].append(perm) else: unknown.append(perm) self.openid_provider = openid_provider self.sessions = SessionManager() self.init_childs = False if not check_certificate: setDefaultFetcher(Urllib2Fetcher()) # This makes us get self.master as per baseweb.py:472 self.auth = self # This makes the login form be a link self.useHttpHeader = True self.httpLoginUrl = '/_openid_start/' if unknown != []: raise ValueError('Unknown authorization action(s) ' + ', '.join(unknown))
def __init__(self, url, client_id, client_secret, root_uri, **kwargs): unknown = [] self.permissions = {} for group in kwargs: self.permissions[group] = [] for perm in kwargs[group]: if perm in Authz.knownActions: self.permissions[group].append(perm) else: unknown.append(perm) self.url = url self.client_id = client_id self.client_secret = client_secret self.root_uri = root_uri self.sessions = SessionManager() self.init_childs = False # This makes us get self.master as per baseweb.py:472 self.auth = self # This makes the login form be a link self.useHttpHeader = True self.httpLoginUrl = '/_github_oauth2_handler' if unknown != []: raise ValueError('Unknown authorization action(s) ' + ', '.join(unknown))
def __init__(self, default_action=False, auth=None, useHttpHeader=False, httpLoginUrl=False, view=True, **kwargs): self.auth = auth if auth: assert IAuth.providedBy(auth) self.useHttpHeader = useHttpHeader self.httpLoginUrl = httpLoginUrl self.config = dict((a, default_action) for a in self.knownActions) self.config['view'] = view for act in self.knownActions: if act in kwargs: self.config[act] = kwargs[act] del kwargs[act] self.sessions = SessionManager() if kwargs: raise ValueError("unknown authorization action(s) " + ", ".join(kwargs.keys()))
def __init__(self, url, client_id, client_secret, root_uri, **kwargs): unknown = [] self.permissions = {} for group in kwargs: self.permissions[group] = [] for perm in kwargs[group]: if perm in Authz.knownActions: self.permissions[group].append(perm) else: unknown.append(perm) self.url = url self.client_id = client_id self.client_secret = client_secret self.root_uri = root_uri self.sessions = SessionManager() self.init_childs = False # This makes us get self.master as per baseweb.py:472 self.auth = self # This makes the login form be a link self.useHttpHeader = True self.httpLoginUrl = "/_google_oauth2_handler" if unknown != []: raise ValueError("Unknown authorization action(s) " + ", ".join(unknown))
def __init__(self, default_action=False, auth=None, useHttpHeader=False, httpLoginUrl=False, **kwargs): self.auth = auth if auth: assert IAuth.providedBy(auth) self.useHttpHeader = useHttpHeader if httpLoginUrl: self.httpLoginUrl = httpLoginUrl elif auth is not None: self.httpLoginUrl = auth.getLoginUrl() else: self.httpLoginUrl = None self.config = dict( (a, default_action) for a in self.knownActions ) for act in self.knownActions: if act in kwargs: self.config[act] = kwargs[act] del kwargs[act] self.sessions = SessionManager() if kwargs: raise ValueError("unknown authorization action(s) " + ", ".join(kwargs.keys()))
def __init__(self, openid_provider, check_certificate=True, **kwargs): unknown = [] self.permissions = {} for group in kwargs: # Work around the limitations of python identifiers: # python identifiers don't support dashes, while unix group names do # This is admittedly a hack, but if you have a better way: a PR is welcome group = group.replace('_DASH_', '-') self.permissions[group] = [] for perm in kwargs[group]: if perm in Authz.knownActions: self.permissions[group].append(perm) else: unknown.append(perm) self.openid_provider = openid_provider self.sessions = SessionManager() self.init_childs = False if not check_certificate: setDefaultFetcher(Urllib2Fetcher()) # This makes us get self.master as per baseweb.py:472 self.auth = self # This makes the login form be a link self.useHttpHeader = True if unknown != []: raise ValueError('Unknown authorization action(s) ' + ', '.join(unknown))
class OpenIDHandle(object): def __init__(self, root_url): self.root_url = root_url self.isLeaf = True self.sessions = SessionManager() def flatten_args(self, request): # Flatten args (twisted returns arrays). Just always take first args = {} for arg in request.args: args[arg] = request.args.get(arg)[0] return args def render(self, request): session = {} return_to = self.root_url + '_openid_handle/' oidconsumer = consumer.Consumer(session, None) info = oidconsumer.complete(self.flatten_args(request), return_to) display_identifier = info.getDisplayIdentifier() if info.status == consumer.FAILURE and display_identifier: return 'OpenID Error: %s' % display_identifier elif info.status == consumer.CANCEL: return 'Cancelled' elif info.status == consumer.SUCCESS: # Success happened! sreg_resp = sreg.SRegResponse.fromSuccessResponse(info) teams_resp = teams.TeamsResponse.fromSuccessResponse(info) user = {'fullName': '', 'userName': '', 'email': '', 'groups': []} if not sreg_resp: return 'No sreg?' user['userName'] = sreg_resp.get('nickname') user['fullName'] = sreg_resp.get('fullname') user['email'] = sreg_resp.get('email') if teams_resp: user['groups'] = frozenset(teams_resp.teams) cookie, s = self.sessions.new(user['userName'], user) request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(), path="/") request.received_cookies = {COOKIE_KEY: cookie} request.redirect(self.root_url) return 'DONE' else: return 'Strange state: %s' % info.status try: request.finish() except RuntimeError: # this occurs when the client has already disconnected; ignore # it (see #2027) log.msg("http client disconnected before results were sent")
class Authz(object): """Decide who can do what.""" knownActions = [ # If you add a new action here, be sure to also update the documentation # at docs/manual/cfg-statustargets.rst. 'view', 'gracefulShutdown', 'forceBuild', 'forceAllBuilds', 'pingBuilder', 'stopBuild', 'stopAllBuilds', 'cancelPendingBuild', 'cancelAllPendingBuilds', 'stopChange', 'cleanShutdown', 'showUsersPage', 'pauseSlave', ] def __init__(self, default_action=False, auth=None, useHttpHeader=False, httpLoginUrl=False, view=True, **kwargs): self.auth = auth if auth: assert IAuth.providedBy(auth) self.useHttpHeader = useHttpHeader self.httpLoginUrl = httpLoginUrl self.config = dict( (a, default_action) for a in self.knownActions ) self.config['view'] = view for act in self.knownActions: if act in kwargs: self.config[act] = kwargs[act] del kwargs[act] self.sessions = SessionManager() if kwargs: raise ValueError("unknown authorization action(s) " + ", ".join(kwargs.keys())) def session(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] return self.sessions.get(cookie) return None def authenticated(self, request): if self.useHttpHeader: return request.getUser() != '' return self.session(request) != None def getUserInfo(self, user): if self.useHttpHeader: return dict(userName=user, fullName=user, email=user, groups=[ user ]) s = self.sessions.getUser(user) if s: return s.infos def getUsername(self, request): """Get the userid of the user""" if self.useHttpHeader: return request.getUser() s = self.session(request) if s: return s.user return request.args.get("username", ["<unknown>"])[0] def getUsernameHTML(self, request): """Get the user formatted in html (with possible link to email)""" if self.useHttpHeader: return request.getUser() s = self.session(request) if s: return s.userInfosHTML() return "not authenticated?!" def getUsernameFull(self, request): """Get the full username as fullname <email>""" if self.useHttpHeader: return request.getUser() s = self.session(request) if s: return "%(fullName)s <%(email)s>" % (s.infos) else: return request.args.get("username", ["<unknown>"])[0] def getPassword(self, request): if self.useHttpHeader: return request.getPassword() return request.args.get("passwd", ["<no-password>"])[0] def advertiseAction(self, action, request): """Should the web interface even show the form for ACTION?""" if action not in self.knownActions: raise KeyError("unknown action") cfg = self.config.get(action, False) if cfg: if cfg == 'auth' or callable(cfg): return self.authenticated(request) return cfg def actionAllowed(self, action, request, *args): """Is this ACTION allowed, given this http REQUEST?""" if action not in self.knownActions: raise KeyError("unknown action") cfg = self.config.get(action, False) if cfg: if cfg == 'auth' or callable(cfg): if not self.auth: return defer.succeed(False) def check_authenticate(res): if callable(cfg) and not cfg(self.getUsername(request), *args): return False return True # retain old behaviour, if people have scripts # without cookie support passwd = self.getPassword(request) if self.authenticated(request): return defer.succeed(check_authenticate(None)) elif passwd != "<no-password>": def check_login(cookie): ret = False if type(cookie) is str: ret = check_authenticate(None) self.sessions.remove(cookie) return ret d = self.login(request) d.addBoth(check_login) return d else: return defer.succeed(False) return defer.succeed(cfg) def login(self, request): """Login one user, and return session cookie""" if self.authenticated(request): return defer.succeed(False) user = request.args.get("username", ["<unknown>"])[0] passwd = request.args.get("passwd", ["<no-password>"])[0] if user == "<unknown>" or passwd == "<no-password>": return defer.succeed(False) if not self.auth: return defer.succeed(False) d = defer.maybeDeferred(self.auth.authenticate, user, passwd) def check_authenticate(res): if res: cookie, s = self.sessions.new(user, self.auth.getUserInfo(user)) request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(),path="/") request.received_cookies = {COOKIE_KEY:cookie} return cookie else: return False d.addBoth(check_authenticate) return d def logout(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] self.sessions.remove(cookie)
class GoogleOAuth2AuthZ(object): """Decide who can do what.""" def __init__(self, url, client_id, client_secret, root_uri, **kwargs): unknown = [] self.permissions = {} for group in kwargs: self.permissions[group] = [] for perm in kwargs[group]: if perm in Authz.knownActions: self.permissions[group].append(perm) else: unknown.append(perm) self.url = url self.client_id = client_id self.client_secret = client_secret self.root_uri = root_uri self.sessions = SessionManager() self.init_childs = False # This makes us get self.master as per baseweb.py:472 self.auth = self # This makes the login form be a link self.useHttpHeader = True self.httpLoginUrl = "/_google_oauth2_handler" if unknown != []: raise ValueError("Unknown authorization action(s) " + ", ".join(unknown)) def session(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] return self.sessions.get(cookie) return None def authenticated(self, request): return self.session(request) is not None def getUserInfo(self, user): s = self.sessions.getUser(user) if s: return s.infos return None def getUsername(self, request): """Get the userid of the user""" s = self.session(request) if s: return s.user return "<unknown>" def getUsernameHTML(self, request): """Get the user formatted in html (with possible link to email)""" s = self.session(request) if s: return s.userInfosHTML() return "not authenticated?!" def getUsernameFull(self, request): """Get the full username as fullname <email>""" s = self.session(request) if s: return "%(fullName)s <%(email)s>" % (s.infos) else: return request.args.get("username", ["<unknown>"])[0] def create_childs(self, request): # We need to create the childs with this workaround # because we won't get the site information prior # to handling the very first request if not self.init_childs: self.init_childs = True request.site.resource.putChild("_google_oauth2_handler", GoogleOAuth2Handler(self)) def shouldAllowAction(self, action, request): self.create_childs(request) if action in self.permissions.get("all", []): return True s = self.getUsername(request) if s and not s == "<unknown>": if action in self.permissions.get("authenticated", []): return True return False def advertiseAction(self, action, request): """Should the web interface even show the form for ACTION?""" if action not in Authz.knownActions: raise KeyError("unknown action") return self.shouldAllowAction(action, request) def actionAllowed(self, action, request, *_): """Is this ACTION allowed, given this http REQUEST?""" if action not in Authz.knownActions: raise KeyError("unknown action") return defer.succeed(self.shouldAllowAction(action, request)) def logout(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] self.sessions.remove(cookie) def getLoginURL(self): oauth_params = { "redirect_uri": self.root_uri + "_google_oauth2_handler", "client_id": self.client_id, "response_type": "code", "scope": INFOSCOPE, "access_type": "offline", } return "%s?%s" % (AUTHURI, urlencode(oauth_params))
class GithubOAuth2AuthZ(object): """Decide who can do what.""" def __init__(self, url, client_id, client_secret, root_uri, **kwargs): unknown = [] self.permissions = {} for group in kwargs: self.permissions[group] = [] for perm in kwargs[group]: if perm in Authz.knownActions: self.permissions[group].append(perm) else: unknown.append(perm) self.url = url self.client_id = client_id self.client_secret = client_secret self.root_uri = root_uri self.sessions = SessionManager() self.init_childs = False # This makes us get self.master as per baseweb.py:472 self.auth = self # This makes the login form be a link self.useHttpHeader = True self.httpLoginUrl = '/_github_oauth2_handler' if unknown != []: raise ValueError('Unknown authorization action(s) ' + ', '.join(unknown)) def session(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] return self.sessions.get(cookie) return None def authenticated(self, request): return self.session(request) is not None def getUserInfo(self, user): s = self.sessions.getUser(user) if s: return s.infos return None def getUsername(self, request): """Get the userid of the user""" s = self.session(request) if s: return s.user return '<unknown>' def getUsernameHTML(self, request): """Get the user formatted in html (with possible link to email)""" s = self.session(request) if s: return s.userInfosHTML() return "not authenticated?!" def getUsernameFull(self, request): """Get the full username as fullname <email>""" s = self.session(request) if s: return "%(fullName)s <%(email)s>" % (s.infos) else: return request.args.get("username", ["<unknown>"])[0] def create_childs(self, request): # We need to create the childs with this workaround # because we won't get the site information prior # to handling the very first request if not self.init_childs: self.init_childs = True request.site.resource.putChild('_github_oauth2_handler', GithubOAuth2Handler(self)) def shouldAllowAction(self, action, request): self.create_childs(request) if action in self.permissions.get('all', []): return True s = self.getUsername(request) if s and not s == '<unknown>': if action in self.permissions.get('authenticated', []): return True return False def advertiseAction(self, action, request): """Should the web interface even show the form for ACTION?""" if action not in Authz.knownActions: raise KeyError("unknown action") return self.shouldAllowAction(action, request) def actionAllowed(self, action, request, *_): """Is this ACTION allowed, given this http REQUEST?""" if action not in Authz.knownActions: raise KeyError("unknown action") return defer.succeed(self.shouldAllowAction(action, request)) def logout(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] self.sessions.remove(cookie) def getLoginURL(self): oauth_params = {'redirect_uri': self.root_uri + '_github_oauth2_handler', 'client_id': self.client_id, 'response_type': 'code', 'access_type': 'offline' } return "%s?%s" % (AUTHURI, urlencode(oauth_params))
class Authz(object): """Decide who can do what.""" knownActions = [ # If you add a new action here, be sure to also update the documentation # at docs/cfg-statustargets.texinfo 'gracefulShutdown', 'forceBuild', 'forceAllBuilds', 'pingBuilder', 'stopBuild', 'stopAllBuilds', 'cancelPendingBuild', 'stopChange', 'cleanShutdown', 'showUsersPage', ] def __init__(self, default_action=False, auth=None, useHttpHeader=False, httpLoginUrl=False, **kwargs): self.auth = auth if auth: assert IAuth.providedBy(auth) self.useHttpHeader = useHttpHeader self.httpLoginUrl = httpLoginUrl self.config = dict((a, default_action) for a in self.knownActions) for act in self.knownActions: if act in kwargs: self.config[act] = kwargs[act] del kwargs[act] self.sessions = SessionManager() if kwargs: raise ValueError("unknown authorization action(s) " + ", ".join(kwargs.keys())) def session(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] return self.sessions.get(cookie) return None def authenticated(self, request): if self.useHttpHeader: return request.getUser() != '' return self.session(request) != None def getUserInfo(self, user): if self.useHttpHeader: return dict(userName=user, fullName=user, email=user, groups=[user]) s = self.sessions.getUser(user) if s: return s.infos def getUsername(self, request): """Get the userid of the user""" if self.useHttpHeader: return request.getUser() s = self.session(request) if s: return s.user return request.args.get("username", ["<unknown>"])[0] def getUsernameHTML(self, request): """Get the user formatated in html (with possible link to email)""" if self.useHttpHeader: return request.getUser() s = self.session(request) if s: return s.userInfosHTML() return "not authenticated?!" def getUsernameFull(self, request): """Get the full username as fullname <email>""" if self.useHttpHeader: return request.getUser() s = self.session(request) if s: return "%(fullName)s <%(email)s>" % (s.infos) else: return request.args.get("username", ["<unknown>"])[0] def getPassword(self, request): if self.useHttpHeader: return request.getPassword() return request.args.get("passwd", ["<no-password>"])[0] def advertiseAction(self, action, request): """Should the web interface even show the form for ACTION?""" if action not in self.knownActions: raise KeyError("unknown action") cfg = self.config.get(action, False) if cfg: if cfg == 'auth' or callable(cfg): return self.authenticated(request) return cfg def actionAllowed(self, action, request, *args): """Is this ACTION allowed, given this http REQUEST?""" if action not in self.knownActions: raise KeyError("unknown action") cfg = self.config.get(action, False) if cfg: if cfg == 'auth' or callable(cfg): if not self.auth: return defer.succeed(False) def check_authenticate(res): if callable(cfg) and not cfg(self.getUsername(request), * args): return False return True # retain old behaviour, if people have scripts # without cookie support passwd = self.getPassword(request) if self.authenticated(request): return defer.succeed(check_authenticate(None)) elif passwd != "<no-password>": def check_login(cookie): ret = False if type(cookie) is str: ret = check_authenticate(None) self.sessions.remove(cookie) return ret d = self.login(request) d.addBoth(check_login) return d else: return defer.succeed(False) return defer.succeed(cfg) def login(self, request): """Login one user, and return session cookie""" if self.authenticated(request): return defer.succeed(False) user = request.args.get("username", ["<unknown>"])[0] passwd = request.args.get("passwd", ["<no-password>"])[0] if user == "<unknown>" or passwd == "<no-password>": return defer.succeed(False) if not self.auth: return defer.succeed(False) d = defer.maybeDeferred(self.auth.authenticate, user, passwd) def check_authenticate(res): if res: cookie, s = self.sessions.new(user, self.auth.getUserInfo(user)) request.addCookie(COOKIE_KEY, cookie, s.getExpiration(), path="/") request.received_cookies = {COOKIE_KEY: cookie} return cookie else: return False d.addBoth(check_authenticate) return d def logout(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] self.sessions.remove(cookie)
def __init__(self, root_url): self.root_url = root_url self.isLeaf = True self.sessions = SessionManager()
class OpenIDAuthz(object): """Decide who can do what.""" def __init__(self, openid_provider, check_certificate=True, **kwargs): unknown = [] self.permissions = {} for group in kwargs: # Work around the limitations of python identifiers: # python identifiers don't support dashes, while unix group names do # This is admittedly a hack, but if you have a better way: a PR is welcome group = group.replace('_DASH_', '-') self.permissions[group] = [] for perm in kwargs[group]: if perm in Authz.knownActions: self.permissions[group].append(perm) else: unknown.append(perm) self.openid_provider = openid_provider self.sessions = SessionManager() self.init_childs = False if not check_certificate: setDefaultFetcher(Urllib2Fetcher()) # This makes us get self.master as per baseweb.py:472 self.auth = self # This makes the login form be a link self.useHttpHeader = True if unknown != []: raise ValueError('Unknown authorization action(s) ' + ', '.join(unknown)) def session(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] return self.sessions.get(cookie) return None def authenticated(self, request): return self.session(request) is not None def getUserInfo(self, user): s = self.sessions.getUser(user) if s: return s.infos return None def getUsername(self, request): """Get the userid of the user""" s = self.session(request) if s: return s.user return '<unknown>' def getUsernameHTML(self, request): """Get the user formatted in html (with possible link to email)""" s = self.session(request) if s: return s.userInfosHTML().decode('UTF-8') return "not authenticated?!" def getUsernameFull(self, request): """Get the full username as fullname <email>""" s = self.session(request) if s: return "%(fullName)s <%(email)s>" % (s.infos) else: return request.args.get("username", ["<unknown>"])[0] def getPassword(self, request): return '<no-password>' def create_childs(self, request): # We need to create the childs with this workaround # because we won't get the site information prior # to handling the very first request if not self.init_childs: self.init_childs = True status = request.site.buildbot_service.master.status root = status.getBuildbotURL() self.httpLoginUrl = '%s/_openid_start/' % root request.site.resource.putChild('_openid_start', OpenIDStart(self.permissions.keys(), self.openid_provider, root)) request.site.resource.putChild('_openid_handle', OpenIDHandle(root)) def shouldAllowAction(self, action, request): self.create_childs(request) if action in self.permissions.get('_all_', []): return True s = self.sessions.getUser(request) if s: if action in self.permissions.get('_authenticated_', []): return True for group in s.infos['groups']: if action in self.permissions.get(group, []): return True return False def advertiseAction(self, action, request): """Should the web interface even show the form for ACTION?""" if action not in Authz.knownActions: raise KeyError("unknown action") return self.shouldAllowAction(action, request) def actionAllowed(self, action, request, *args): """Is this ACTION allowed, given this http REQUEST?""" if action not in Authz.knownActions: raise KeyError("unknown action") return defer.succeed(self.shouldAllowAction(action, request)) def logout(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] self.sessions.remove(cookie)
class OpenIDAuthz(object): """Decide who can do what.""" def __init__(self, openid_provider, check_certificate=True, **kwargs): unknown = [] self.permissions = {} for group in kwargs: self.permissions[group] = [] for perm in kwargs[group]: if perm in Authz.knownActions: self.permissions[group].append(perm) else: unknown.append(perm) self.openid_provider = openid_provider self.sessions = SessionManager() self.init_childs = False if not check_certificate: setDefaultFetcher(Urllib2Fetcher()) # This makes us get self.master as per baseweb.py:472 self.auth = self # This makes the login form be a link self.useHttpHeader = True self.httpLoginUrl = '/_openid_start/' if unknown != []: raise ValueError('Unknown authorization action(s) ' + ', '.join(unknown)) def session(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] return self.sessions.get(cookie) return None def authenticated(self, request): return self.session(request) is not None def getUserInfo(self, user): s = self.sessions.getUser(user) if s: return s.infos return None def getUsername(self, request): """Get the userid of the user""" s = self.session(request) if s: return s.user return '<unknown>' def getUsernameHTML(self, request): """Get the user formatted in html (with possible link to email)""" s = self.session(request) if s: return s.userInfosHTML() return "not authenticated?!" def getUsernameFull(self, request): """Get the full username as fullname <email>""" s = self.session(request) if s: return "%(fullName)s <%(email)s>" % (s.infos) else: return request.args.get("username", ["<unknown>"])[0] def getPassword(self, request): return '<no-password>' def create_childs(self, request): # We need to create the childs with this workaround # because we won't get the site information prior # to handling the very first request if not self.init_childs: self.init_childs = True status = request.site.buildbot_service.master.status root = status.getBuildbotURL() request.site.resource.putChild('_openid_start', OpenIDStart(self.permissions.keys(), self.openid_provider, root)) request.site.resource.putChild('_openid_handle', OpenIDHandle(root)) def shouldAllowAction(self, action, request): self.create_childs(request) if action in self.permissions.get('_all_', []): return True s = self.sessions.getUser(request) if s: if action in self.permissions.get('_authenticated_', []): return True for group in s.infos['groups']: if action in self.permissions.get(group, []): return True return False def advertiseAction(self, action, request): """Should the web interface even show the form for ACTION?""" if action not in Authz.knownActions: raise KeyError("unknown action") return self.shouldAllowAction(action, request) def actionAllowed(self, action, request, *args): """Is this ACTION allowed, given this http REQUEST?""" if action not in Authz.knownActions: raise KeyError("unknown action") return defer.succeed(self.shouldAllowAction(action, request)) def logout(self, request): if COOKIE_KEY in request.received_cookies: cookie = request.received_cookies[COOKIE_KEY] self.sessions.remove(cookie)