def init(config_file, backend, cache_backend, host="127.0.0.1"):
values = {}
values["host"] = host
values["secret"] = core_utils.random_bytes_hex(32)
values["bucket_id_salt"] = core_utils.random_bytes_hex(32)
values["kinto_version"] = __version__
values["config_file_timestamp"] = str(strftime("%a, %d %b %Y %H:%M:%S %z"))
values.update(backend_to_values[backend])
values.update(cache_backend_to_values[cache_backend])
render_template("kinto.tpl", config_file, **values)
def init(config_file, backend, host='127.0.0.1'):
values = {}
values['host'] = host
values['secret'] = core_utils.random_bytes_hex(32)
values['kinto_version'] = __version__
values['config_file_timestamp'] = str(strftime('%a, %d %b %Y %H:%M:%S %z'))
values['storage_backend'] = 'kinto.core.storage.{}'.format(backend)
values['cache_backend'] = 'kinto.core.cache.{}'.format(backend)
values['permission_backend'] = 'kinto.core.permission.{}'.format(backend)
if backend == 'postgresql':
postgresql_url = 'postgres://*****:*****@localhost/postgres'
values['storage_url'] = postgresql_url
values['cache_url'] = postgresql_url
values['permission_url'] = postgresql_url
elif backend == 'redis':
redis_url = 'redis://localhost:6379'
values['storage_backend'] = 'kinto_redis.storage'
values['cache_backend'] = 'kinto_redis.cache'
values['permission_backend'] = 'kinto_redis.permission'
values['storage_url'] = redis_url + '/1'
values['cache_url'] = redis_url + '/2'
values['permission_url'] = redis_url + '/3'
else:
values['storage_url'] = ''
values['cache_url'] = ''
values['permission_url'] = ''
render_template('kinto.tpl', config_file, **values)
def get_app_settings(self, additional_settings=None):
"""
kinto.includes = kinto_pusher
kinto.event_listeners = pusher
kinto.event_listeners.pusher.use = kinto_pusher.listener
kinto.event_listeners.pusher.resources = <list of resource names>
kinto.event_listeners.pusher.channel = <channel-name or pattern>
pusher.app_id = <pusher-app-id>
pusher.key = <pusher-key>
pusher.secret = <pusher-secret>
"""
settings = kinto.core.DEFAULT_SETTINGS.copy()
settings["includes"] = "kinto_pusher"
settings["cache_backend"] = "kinto.core.cache.memory"
settings["cache_backend"] = "kinto.core.cache.memory"
settings["userid_hmac_secret"] = random_bytes_hex(16)
settings["event_listeners"] = "pusher"
settings["event_listeners.pusher.use"] = "kinto_pusher.listener"
settings["event_listeners.pusher.resources"] = "records"
pattern = "{bucket_id}-{collection_id}-{resource_name}"
settings["event_listeners.pusher.channel"] = pattern
settings["pusher.app_id"] = "12345"
settings["pusher.key"] = "demo-key"
settings["pusher.secret"] = "demo-secret"
if additional_settings is not None:
settings.update(additional_settings)
return settings
def init(config_file, backend):
values = {}
values['secret'] = core_utils.random_bytes_hex(32)
values['kinto_version'] = __version__
values['config_file_timestamp'] = core_utils._encoded(
strftime('%a, %d %b %Y %H:%M:%S %z'))
values['storage_backend'] = "kinto.core.storage.%s" % backend
values['cache_backend'] = "kinto.core.cache.%s" % backend
values['permission_backend'] = "kinto.core.permission.%s" % backend
if backend == 'postgresql':
postgresql_url = "postgres://*****:*****@localhost/postgres"
values['storage_url'] = postgresql_url
values['cache_url'] = postgresql_url
values['permission_url'] = postgresql_url
elif backend == 'redis':
redis_url = "redis://localhost:6379"
values['storage_backend'] = "kinto_redis.storage"
values['cache_backend'] = "kinto_redis.cache"
values['permission_backend'] = "kinto_redis.permission"
values['storage_url'] = redis_url + "/1"
values['cache_url'] = redis_url + "/2"
values['permission_url'] = redis_url + "/3"
else:
values['storage_url'] = ''
values['cache_url'] = ''
values['permission_url'] = ''
render_template("kinto.tpl", config_file, **values)
def init(config_file, backend, host='127.0.0.1'):
values = {}
values['host'] = host
values['secret'] = core_utils.random_bytes_hex(32)
values['kinto_version'] = __version__
values['config_file_timestamp'] = str(strftime('%a, %d %b %Y %H:%M:%S %z'))
values['storage_backend'] = 'kinto.core.storage.{}'.format(backend)
values['cache_backend'] = 'kinto.core.cache.{}'.format(backend)
values['permission_backend'] = 'kinto.core.permission.{}'.format(backend)
if backend == 'postgresql':
postgresql_url = 'postgres://*****:*****@localhost/postgres'
values['storage_url'] = postgresql_url
values['cache_url'] = postgresql_url
values['permission_url'] = postgresql_url
elif backend == 'redis':
redis_url = 'redis://localhost:6379'
values['storage_backend'] = 'kinto_redis.storage'
values['cache_backend'] = 'kinto_redis.cache'
values['permission_backend'] = 'kinto_redis.permission'
values['storage_url'] = redis_url + '/1'
values['cache_url'] = redis_url + '/2'
values['permission_url'] = redis_url + '/3'
else:
values['storage_url'] = ''
values['cache_url'] = ''
values['permission_url'] = ''
render_template('kinto.tpl', config_file, **values)
def get_app_settings(self, additional_settings=None):
"""
kinto.includes = kinto_pusher
kinto.event_listeners = pusher
kinto.event_listeners.pusher.use = kinto_pusher.listener
kinto.event_listeners.pusher.resources = <list of resource names>
kinto.event_listeners.pusher.channel = <channel-name or pattern>
pusher.app_id = <pusher-app-id>
pusher.key = <pusher-key>
pusher.secret = <pusher-secret>
"""
settings = kinto.core.DEFAULT_SETTINGS.copy()
settings['includes'] = 'kinto_pusher'
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['userid_hmac_secret'] = random_bytes_hex(16)
settings['event_listeners'] = "pusher"
settings['event_listeners.pusher.use'] = "kinto_pusher.listener"
settings['event_listeners.pusher.resources'] = "records"
pattern = "{bucket_id}-{collection_id}-{resource_name}"
settings['event_listeners.pusher.channel'] = pattern
settings['pusher.app_id'] = "12345"
settings['pusher.key'] = "demo-key"
settings['pusher.secret'] = "demo-secret"
if additional_settings is not None:
settings.update(additional_settings)
return settings
def get_login(request):
"""Initiates to login dance for the specified scopes and callback URI
using appropriate redirections."""
# Settings.
provider = request.matchdict["provider"]
settings_prefix = "multiauth.policy.%s." % provider
issuer = request.registry.settings[settings_prefix + "issuer"]
client_id = request.registry.settings[settings_prefix + "client_id"]
userid_field = request.registry.settings.get(settings_prefix +
"userid_field")
state_ttl = int(
request.registry.settings.get(settings_prefix + "state_ttl_seconds",
DEFAULT_STATE_TTL_SECONDS))
state_length = int(
request.registry.settings.get(settings_prefix + "state_length",
DEFAULT_STATE_LENGTH))
# Read OpenID configuration (cached by issuer)
oid_config = fetch_openid_config(issuer)
auth_endpoint = oid_config["authorization_endpoint"]
scope = request.GET["scope"]
callback = request.GET["callback"]
prompt = request.GET.get("prompt")
# Check that email scope is requested if userid field is configured as email.
if userid_field == "email" and "email" not in scope:
error_details = {
"name": "scope",
"description": "Provider %s requires 'email' scope" % provider,
}
raise_invalid(request, **error_details)
# Generate a random string as state.
# And save it until code is traded.
state = random_bytes_hex(state_length)
request.registry.cache.set("openid:state:" + state,
callback,
ttl=state_ttl)
# Redirect the client to the Identity Provider that will eventually redirect
# to the OpenID token endpoint.
token_uri = request.route_url("openid_token", provider=provider) + "?"
params = dict(client_id=client_id,
response_type="code",
scope=scope,
redirect_uri=token_uri,
state=state)
if prompt:
# The 'prompt' parameter is optional.
params["prompt"] = prompt
redirect = "{}?{}".format(auth_endpoint, urllib.parse.urlencode(params))
raise httpexceptions.HTTPTemporaryRedirect(redirect)
def get_app_settings(self, additional_settings=None):
settings = kinto.core.DEFAULT_SETTINGS.copy()
settings['includes'] = 'kinto_ldap'
settings['multiauth.policies'] = 'ldap'
authn = 'kinto_ldap.authentication.LDAPBasicAuthAuthenticationPolicy'
settings['multiauth.policy.ldap.use'] = authn
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['userid_hmac_secret'] = random_bytes_hex(16)
if additional_settings is not None:
settings.update(additional_settings)
return settings
def setUp(self):
self.policy = authentication.PortierOAuthAuthenticationPolicy()
self.backend = memory_backend.Cache(cache_prefix="", cache_max_size_bytes=5123)
self.user_hmac_secret = random_bytes_hex(16)
# Setup user
self.token = '4128913851c9c4305e43dba2a7e59baa5c2fe2b909c6b63d04668346c4fb1e7b'
self.email = '*****@*****.**'
encrypted_email = encrypt(self.email, self.token)
self.user_key = hmac_digest(self.user_hmac_secret, self.token)
print("portier:%s" % self.user_key)
self.backend.set("portier:%s" % self.user_key, encrypted_email, ttl=300)
self.request = self._build_request()
def get_app_settings(self, additional_settings=None):
settings = {**kinto.core.DEFAULT_SETTINGS}
settings['includes'] = 'kinto_portier'
settings['multiauth.policies'] = 'portier'
authn = 'kinto_portier.authentication.PortierOAuthAuthenticationPolicy'
settings['multiauth.policy.portier.use'] = authn
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['userid_hmac_secret'] = random_bytes_hex(16)
settings['portier.broker_uri'] = 'https://broker.portier.io'
if additional_settings is not None:
settings.update(additional_settings)
return settings
def get_login(request):
"""Initiates to login dance for the specified scopes and callback URI
using appropriate redirections."""
# Settings.
provider = request.matchdict['provider']
settings_prefix = 'multiauth.policy.%s.' % provider
issuer = request.registry.settings[settings_prefix + 'issuer']
client_id = request.registry.settings[settings_prefix + 'client_id']
userid_field = request.registry.settings.get(settings_prefix +
'userid_field')
state_ttl = int(
request.registry.settings.get(settings_prefix + 'state_ttl_seconds',
DEFAULT_STATE_TTL_SECONDS))
state_length = int(
request.registry.settings.get(settings_prefix + 'state_length',
DEFAULT_STATE_LENGTH))
# Read OpenID configuration (cached by issuer)
oid_config = fetch_openid_config(issuer)
auth_endpoint = oid_config['authorization_endpoint']
scope = request.GET['scope']
callback = request.GET['callback']
# Check that email scope is requested if userid field is configured as email.
if userid_field == 'email' and 'email' not in scope:
error_details = {
'name': 'scope',
'description': "Provider %s requires 'email' scope" % provider,
}
raise_invalid(request, **error_details)
# Generate a random string as state.
# And save it until code is traded.
state = random_bytes_hex(state_length)
request.registry.cache.set('openid:state:' + state,
callback,
ttl=state_ttl)
# Redirect the client to the Identity Provider that will eventually redirect
# to the OpenID token endpoint.
token_uri = request.route_url('openid_token', provider=provider) + '?'
params = dict(client_id=client_id,
response_type='code',
scope=scope,
redirect_uri=token_uri,
state=state)
redirect = '{}?{}'.format(auth_endpoint, urllib.parse.urlencode(params))
raise httpexceptions.HTTPTemporaryRedirect(redirect)
def get_app_settings(self, additional_settings=None):
settings = kinto.core.DEFAULT_SETTINGS.copy()
settings['project_name'] = 'kinto'
settings['includes'] = 'kinto_facebook'
settings['multiauth.policies'] = 'facebook'
authn = 'kinto_facebook.authentication.FacebookAuthenticationPolicy'
settings['multiauth.policy.facebook.use'] = authn
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['userid_hmac_secret'] = random_bytes_hex(16)
settings['facebook.relier.enabled'] = True
settings['facebook.webapp.authorized_domains'] = ['*.firefox.com']
if additional_settings is not None:
settings.update(additional_settings)
return settings
def get_app_settings(self, additional_settings=None):
settings = kinto.core.DEFAULT_SETTINGS.copy()
settings['includes'] = 'kinto_fxa'
settings['multiauth.policies'] = 'fxa'
authn = 'kinto_fxa.authentication.FxAOAuthAuthenticationPolicy'
settings['multiauth.policy.fxa.use'] = authn
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['userid_hmac_secret'] = random_bytes_hex(16)
settings['fxa-oauth.relier.enabled'] = True
settings['fxa-oauth.oauth_uri'] = 'https://oauth-stable.dev.lcip.org'
settings['fxa-oauth.webapp.authorized_domains'] = ['*.firefox.com', ]
if additional_settings is not None:
settings.update(additional_settings)
return settings
def get_app_settings(self, additional_settings=None):
settings = kinto.core.DEFAULT_SETTINGS.copy()
settings['includes'] = 'kinto_fxa'
settings['multiauth.policies'] = 'fxa'
authn = 'kinto_fxa.authentication.FxAOAuthAuthenticationPolicy'
settings['multiauth.policy.fxa.use'] = authn
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['cache_backend'] = 'kinto.core.cache.memory'
settings['userid_hmac_secret'] = random_bytes_hex(16)
settings['fxa-oauth.relier.enabled'] = True
settings['fxa-oauth.oauth_uri'] = 'https://oauth-stable.dev.lcip.org'
settings['fxa-oauth.webapp.authorized_domains'] = ['*.firefox.com', ]
if additional_settings is not None:
settings.update(additional_settings)
return settings
def get_login(request):
"""Initiates to login dance for the specified scopes and callback URI
using appropriate redirections."""
# Settings.
provider = request.matchdict['provider']
settings_prefix = 'multiauth.policy.%s.' % provider
issuer = request.registry.settings[settings_prefix + 'issuer']
client_id = request.registry.settings[settings_prefix + 'client_id']
userid_field = request.registry.settings.get(settings_prefix + 'userid_field')
state_ttl = int(request.registry.settings.get(settings_prefix + 'state_ttl_seconds',
DEFAULT_STATE_TTL_SECONDS))
state_length = int(request.registry.settings.get(settings_prefix + 'state_length',
DEFAULT_STATE_LENGTH))
# Read OpenID configuration (cached by issuer)
oid_config = fetch_openid_config(issuer)
auth_endpoint = oid_config['authorization_endpoint']
scope = request.GET['scope']
callback = request.GET['callback']
prompt = request.GET.get('prompt')
# Check that email scope is requested if userid field is configured as email.
if userid_field == 'email' and 'email' not in scope:
error_details = {
'name': 'scope',
'description': "Provider %s requires 'email' scope" % provider,
}
raise_invalid(request, **error_details)
# Generate a random string as state.
# And save it until code is traded.
state = random_bytes_hex(state_length)
request.registry.cache.set('openid:state:' + state, callback, ttl=state_ttl)
# Redirect the client to the Identity Provider that will eventually redirect
# to the OpenID token endpoint.
token_uri = request.route_url('openid_token', provider=provider) + '?'
params = dict(client_id=client_id, response_type='code', scope=scope,
redirect_uri=token_uri, state=state)
if prompt:
# The 'prompt' parameter is optional.
params['prompt'] = prompt
redirect = '{}?{}'.format(auth_endpoint, urllib.parse.urlencode(params))
raise httpexceptions.HTTPTemporaryRedirect(redirect)
def init(config_file, backend, cache_backend, host="127.0.0.1"):
values = {}
values["host"] = host
values["secret"] = core_utils.random_bytes_hex(32)
values["kinto_version"] = __version__
values["config_file_timestamp"] = str(strftime("%a, %d %b %Y %H:%M:%S %z"))
values["storage_backend"] = f"kinto.core.storage.{backend}"
values["cache_backend"] = f"kinto.core.cache.{cache_backend}"
values["permission_backend"] = f"kinto.core.permission.{backend}"
cache_backend_url = get_cache_backend_url(values["cache_backend"])
if backend == "postgresql":
postgresql_url = "postgresql://*****:*****@localhost/postgres"
values["storage_url"] = postgresql_url
values["cache_url"] = cache_backend_url
values["permission_url"] = postgresql_url
elif backend == "redis":
redis_url = "redis://localhost:6379"
values["storage_backend"] = "kinto_redis.storage"
values["cache_backend"] = "kinto_redis.cache"
values["permission_backend"] = "kinto_redis.permission"
values["storage_url"] = redis_url + "/1"
values["cache_url"] = cache_backend_url
values["permission_url"] = redis_url + "/3"
else:
values["storage_url"] = ""
values["cache_url"] = ""
values["permission_url"] = ""
render_template("kinto.tpl", config_file, **values)
def test_return_text_string(self):
value = random_bytes_hex(16)
self.assertIsInstance(value, six.text_type)
def test_return_right_length_string(self):
for x in range(2, 4):
value = random_bytes_hex(x)
self.assertEqual(len(value), x * 2)
def test_return_hex_string(self):
value = random_bytes_hex(16)
try:
int(value, 16)
except ValueError:
self.fail("%s is not an hexadecimal value." % value)
def test_return_text_string(self):
value = random_bytes_hex(16)
self.assertIsInstance(value, str)
def test_return_right_length_string(self):
for x in range(2, 4):
value = random_bytes_hex(x)
self.assertEqual(len(value), x * 2)
def test_return_hex_string(self):
value = random_bytes_hex(16)
try:
int(value, 16)
except ValueError:
self.fail("{} is not an hexadecimal value.".format(value))