class AuthenticationPolicy(object): def __init__(self): self.session_policy = SessionAuthenticationPolicy( callback=util.groupfinder) self.token_policy = TokenAuthenticationPolicy( callback=util.groupfinder) def authenticated_userid(self, request): if _is_api_request(request): return self.token_policy.authenticated_userid(request) return self.session_policy.authenticated_userid(request) def unauthenticated_userid(self, request): if _is_api_request(request): return self.token_policy.unauthenticated_userid(request) return self.session_policy.unauthenticated_userid(request) def effective_principals(self, request): if _is_api_request(request): return self.token_policy.effective_principals(request) return self.session_policy.effective_principals(request) def remember(self, request, userid, **kw): if _is_api_request(request): return self.token_policy.remember(request, userid, **kw) return self.session_policy.remember(request, userid, **kw) def forget(self, request): if _is_api_request(request): return self.token_policy.forget(request) return self.session_policy.forget(request)
class AuthenticationPolicy(object): def __init__(self): self.session_policy = SessionAuthenticationPolicy(callback=util.groupfinder) self.token_policy = TokenAuthenticationPolicy(callback=util.groupfinder) def authenticated_userid(self, request): if _is_api_request(request): return self.token_policy.authenticated_userid(request) return self.session_policy.authenticated_userid(request) def unauthenticated_userid(self, request): if _is_api_request(request): return self.token_policy.unauthenticated_userid(request) return self.session_policy.unauthenticated_userid(request) def effective_principals(self, request): if _is_api_request(request): return self.token_policy.effective_principals(request) return self.session_policy.effective_principals(request) def remember(self, request, userid, **kw): if _is_api_request(request): return self.token_policy.remember(request, userid, **kw) return self.session_policy.remember(request, userid, **kw) def forget(self, request): if _is_api_request(request): return self.token_policy.forget(request) return self.session_policy.forget(request)
def __init__( self, prefix='auth.', callback=None, debug=False, default_username=None, ): SessionAuthenticationPolicy.__init__( self, prefix=prefix, callback=callback, debug=debug, ) self.default_username = default_username
def includeme(config): # pragma: no cover settings = config.registry.settings YEAR = 86400 * 365 config.add_directive('add_mgmt_view', add_mgmt_view, action_wrap=False) config.add_static_view('deformstatic', 'deform:static', cache_max_age=YEAR) config.add_static_view('sdistatic', 'substanced.sdi:static', cache_max_age=YEAR) # b/c alias for template lookups config.override_asset(to_override='substanced.sdi:templates/', override_with='substanced.sdi.views:templates/') manage_prefix = settings.get('substanced.manage_prefix', '/manage') manage_pattern = manage_prefix + '*traverse' config.add_route(MANAGE_ROUTE_NAME, manage_pattern) config.add_request_method(mgmt_path) config.add_request_method(mgmt_url) config.add_request_method(get_user, name='user', reify=True) config.add_request_method(FlashUndo, name='flash_with_undo', reify=True) config.include('deform_bootstrap') secret = settings.get('substanced.secret') if secret is None: raise ConfigurationError( 'You must set a substanced.secret key in your .ini file') session_factory = UnencryptedCookieSessionFactoryConfig(secret) config.set_session_factory(session_factory) from ..principal import groupfinder authn_policy = SessionAuthenticationPolicy(callback=groupfinder) authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.add_permission('sdi.edit-properties') # used by property machinery
def includeme(config): # pragma: no cover config.add_view_predicate('check_csrf', _CheckCSRFTokenPredicate) config.add_view_predicate('physical_path', _PhysicalPathPredicate) config.add_directive('add_mgmt_view', add_mgmt_view, action_wrap=False) YEAR = 86400 * 365 config.add_static_view('deformstatic', 'deform:static', cache_max_age=YEAR) config.add_static_view('sdistatic', 'substanced.sdi:static', cache_max_age=YEAR) settings = config.registry.settings manage_prefix = settings.get('substanced.manage_prefix', '/manage') manage_pattern = manage_prefix + '*traverse' config.add_route(MANAGE_ROUTE_NAME, manage_pattern) config.add_request_method(mgmt_path) config.add_request_method(mgmt_url) config.add_request_method(get_user, name='user', reify=True) config.include('deform_bootstrap') secret = config.registry.settings.get('substanced.secret') if secret is None: raise ConfigurationError( 'You must set a substanced.secret key in your .ini file') session_factory = UnencryptedCookieSessionFactoryConfig(secret) config.set_session_factory(session_factory) from ..principal import groupfinder authn_policy = SessionAuthenticationPolicy(callback=groupfinder) authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.add_permission('sdi.edit-properties') # used by property machinery config.scan('.')
def main(global_config, **settings): settings.setdefault('tm.manager_hook', 'pyramid_tm.explicit_manager') config = Configurator( settings=settings, authentication_policy=SessionAuthenticationPolicy(), authorization_policy=ACLAuthorizationPolicy(), ) config.set_csrf_storage_policy(SessionCSRFStoragePolicy()) config.include("pyramid_tm") config.include("pyramid_retry") config.include("pyramid_jinja2") config.include("redis_sessions") config.include(".views") # Configure Jinja2 config.add_jinja2_search_path("{{ cookiecutter.repo_name }}:templates") # Set up the database engine = engine_from_config(settings, 'sqlalchemy.') session_factory = sessionmaker(bind=engine) config.registry['db_factory'] = session_factory config.add_request_method(db, 'db', reify=True) config.add_request_method(user, 'user', reify=True) return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ const.update_cache_values() cnf = ciocconfig.get_config(const._config_file) get_session_settings(cnf, settings) settings['mako.imports'] = ['from markupsafe import escape_silent'] settings['mako.default_filters'] = ['escape_silent'] authn_policy = SessionAuthenticationPolicy(callback=groupfinder) authz_policy = ACLAuthorizationPolicy() config = Configurator( settings=settings, root_factory=RootFactory, default_permission='public', request_factory='featuredb.lib.request.CommunityManagerRequest', authentication_policy=authn_policy, authorization_policy=authz_policy) config.include('pyramid_redis_sessions') config.add_route('enhancement', 'enhancement/{id:\d+}') config.add_route('enhancementupdate', 'enhancement/{action}') config.add_route('search_index', '/') config.add_route('search_results', 'results') config.add_route('report', 'report') config.add_route('suggestions', 'suggestions') config.add_route('suggestion_delete', 'suggestions/delete') config.add_route('concerns', 'concerns') # config.add_route('priority', 'priority') config.add_route('login', 'login') config.add_route('logout', 'logout') config.add_route('pwreset', 'pwreset') config.add_route('register', 'register') config.add_route('priority', 'priority') config.add_route('suggest', 'suggest') config.add_route('account', 'account') config.add_static_view('static', 'featuredb:static', cache_max_age=3600, permission=NO_PERMISSION_REQUIRED) config.add_static_view('/', 'featuredb:static', cache_max_age=3600, permission=NO_PERMISSION_REQUIRED) config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) session_factory = UnencryptedCookieSessionFactoryConfig( settings['session.secret']) authn_policy = SessionAuthenticationPolicy() authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, root_factory=RootFactory, authentication_policy=authn_policy, authorization_policy=authz_policy, session_factory=session_factory) config.include('pyramid_chameleon') config.add_static_view('static', 'quizr:static') config.include(addroutes) config.scan() return config.make_wsgi_app()
def app(spec: str, permission: str) -> Router: """Prepare a Pyramid app.""" with Configurator() as config: config.include("pyramid_openapi3") # Setup security config.set_default_permission("view") config.set_session_factory( UnencryptedCookieSessionFactoryConfig("itsaseekreet")) config.set_authentication_policy(SessionAuthenticationPolicy()) config.set_authorization_policy(ACLAuthorizationPolicy()) config.set_root_factory(get_default_context) config.pyramid_openapi3_spec( spec, route="/api/v1/openapi.yaml", route_name="api_spec", permission=permission, ) config.pyramid_openapi3_add_explorer( route="/api/v1/", route_name="api_explorer", permission=permission, ) config.add_route("foo", "/foo") return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application.""" my_session_factory = SignedCookieSessionFactory('itsaseekreet', timeout=None) my_authentication_policy = SessionAuthenticationPolicy(callback=groupfinder, debug=False) my_authorization_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings) config.set_root_factory(Root) config.set_session_factory(my_session_factory) config.set_authentication_policy(my_authentication_policy) config.set_authorization_policy(my_authorization_policy) # add mongo db config.add_subscriber(add_mongo_db, NewRequest) # add cors headers config.add_subscriber(add_cors_headers_response_callback, NewRequest) # add csrf token header config.add_subscriber(add_csrf_token_header, NewRequest) # add toaster notification header config.add_subscriber(add_toaster_notification_header, NewRequest) # override default json renderer config.add_renderer('json', MongoJSONRenderer) config.add_route('options', '/*foo', request_method='OPTIONS') # matches any path OPTIONS method config.add_route('login', '/login') config.add_route('logout', '/logout') config.add_route('auth', '/auth') config.add_route('search', '/search') config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) # pyramid_beaker add-on session_factory = session_factory_from_settings(settings) authn_policy = SessionAuthenticationPolicy() authz_policy = ACLAuthorizationPolicy() Base.metadata.bind = engine config = Configurator( settings=settings, root_factory=RootFactory, authentication_policy=authn_policy, authorization_policy=authz_policy, session_factory=session_factory, ) config.add_static_view('static', 'static', cache_max_age=3600) # config.add_subscriber(add_renderer_globals, BeforeRender) # mako settings for file extension .html config.add_renderer(".html", "pyramid.mako_templating.renderer_factory") config.include(addroutes) config.scan() return config.make_wsgi_app()
def includeme(config): # Set authentication policy. authn_policy = SessionAuthenticationPolicy() config.set_authentication_policy(authn_policy) # Create authentication plugin registry and add it to the pyramid registry. authn_registry = AuthenticationPluginRegistry(config.get_settings()) config.add_directive('add_authn_plugin', authn_registry.add_authn_plugin) config.registry.registerUtility(authn_registry) # Create authentication traversal root resource. authn_root_resource = root_factory() config.add_directive('add_authn_resource', authn_root_resource.add_authn_resource) # Add the authentication traversal route. config.add_route('auth_home', ADMIN_PREFIX + '/auth*traverse', factory=root_factory) # Add the authentication settings root views. config.add_view('rhodecode.authentication.views.AuthSettingsView', attr='index', request_method='GET', route_name='auth_home', context=AuthnRootResource) config.add_view('rhodecode.authentication.views.AuthSettingsView', attr='auth_settings', request_method='POST', route_name='auth_home', context=AuthnRootResource) # Auto discover authentication plugins and include their configuration. _discover_plugins(config) _discover_legacy_plugins(config)
def includeme(config: Configurator) -> None: """Config updates related to authentication/authorization.""" # make all views require "view" permission unless specifically overridden config.set_default_permission('view') # replace the default root factory with a custom one to more easily support # the default permission config.set_root_factory(DefaultRootFactory) # Set the authorization policy to a custom one that always returns a # "denied" result if the user isn't logged in. When overall site access is # no longer being restricted, the AuthorizedOnlyPolicy class can just be # replaced with the standard ACLAuthorizationPolicy config.set_authorization_policy(AuthorizedOnlyPolicy()) config.set_authentication_policy( SessionAuthenticationPolicy(callback=auth_callback)) # enable CSRF checking globally by default config.set_default_csrf_options(require_csrf=True) # make the logged-in User object available as request.user config.add_request_method(get_authenticated_user, 'user', reify=True) # add has_any_permission method for easily checking multiple permissions config.add_request_method(has_any_permission, 'has_any_permission')
def create_app(global_config, **settings): config = configure(settings=settings) config.add_request_method(features.Client, name='feature', reify=True) config.set_authorization_policy(ACLAuthorizationPolicy()) policy = MultiAuthenticationPolicy([ TokenAuthenticationPolicy(callback=groupfinder), SessionAuthenticationPolicy(callback=groupfinder), ]) config.set_authentication_policy(policy) config.include('h.auth') config.include('h.sentry') config.include('h.stats') # We have to include models and db to set up sqlalchemy metadata. config.include('h.models') config.include('h.db') config.include('h.api.db') # We have to include search to set up the `request.es` property. config.include('h.api.search') config.include('h.streamer') return config.make_wsgi_app()
def get_configurator(settings, enable_auth=True): connection_debug = asbool(settings.get('connection.debug')) boto.set_stream_logger( 'boto', level=(logging.DEBUG if connection_debug else logging.CRITICAL)) ensure_session_keys(settings) check_types() config = Configurator(root_factory=SiteRootFactory, settings=settings) if enable_auth: authn_policy = SessionAuthenticationPolicy(callback=groupfinder) authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.set_default_permission('view') config.add_request_method(User.get_auth_user, 'user', reify=True) cache_duration = int(settings.get('static.cache.duration', 43200)) config.add_static_view(name='static/' + __version__, path='static', cache_max_age=cache_duration) config.add_layout('eucaconsole.layout.MasterLayout', 'eucaconsole.layout:templates/master_layout.pt') for route in urls: config.add_route(route.name, route.pattern) setup_tweens(config) setup_exts(config) config.scan() return config
def set_auth_policies(config): from models.user import groupfinder # set up authentication and authorization authn_policy = SessionAuthenticationPolicy(callback=groupfinder) authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy)
def includeme(config): authn_policy = SessionAuthenticationPolicy() authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.add_route('login', '/login', factory=Auth) config.add_route('logout', '/logout', factory=Auth)
def add_authorization(config): """ Configure authorization and authentification. :param config: a ``pyramid.config.Configurator`` object """ authorization_policy = ACLAuthorizationPolicy() authentication_policy = SessionAuthenticationPolicy(callback=groupfinder) config.set_authentication_policy(authentication_policy) config.set_authorization_policy(authorization_policy)
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ from storlever.lib.lock import set_lock_factory_from_name from storlever.lib.security import AclRootFactory from storlever.lib.utils import CustomJSONEncoder from pyramid.config import Configurator from pyramid.renderers import JSON from pyramid.session import UnencryptedCookieSessionFactoryConfig from pyramid.authentication import SessionAuthenticationPolicy from pyramid.authorization import ACLAuthorizationPolicy storlever_session_factory = UnencryptedCookieSessionFactoryConfig( 'storlever201308') storlever_authn_policy = SessionAuthenticationPolicy() storlever_authz_policy = ACLAuthorizationPolicy() config = Configurator(session_factory=storlever_session_factory, root_factory=AclRootFactory, authentication_policy=storlever_authn_policy, authorization_policy=storlever_authz_policy, settings=settings) config.add_static_view('static', 'static', cache_max_age=3600) # get user-specific config from setting json_indent = settings.get("json.indent") if json_indent is not None: json_indent = int(json_indent) # get lock factory if (settings.get("lock.module") is not None) and \ (settings.get("lock.factory") is not None): set_lock_factory_from_name(settings.get("lock.module"), settings.get("lock.factory")) # make JSON as the default renderer config.add_renderer( None, JSON(indent=json_indent, check_circular=True, cls=CustomJSONEncoder)) # route and view configuration of REST API version 1 can be found in module storlever.rest # check storlever.rest.__init__.py for more detail config.include('storlever.rest', route_prefix='storlever/api/v1') # route and view configuration of Web UI can be found in module storlever.web # check storlever.web.__init__.py for more detail config.include('storlever.web') # loads all the extensions with entry point group "storlever.extenstions" launch_extensions(config) return config.make_wsgi_app()
def configure_authentication(self): """Set up authentication and authorization policies. """ import pyramid.tweens from pyramid.authorization import ACLAuthorizationPolicy from pyramid.authentication import SessionAuthenticationPolicy from pyramid_jwt import create_jwt_authentication_policy from pyramid_multiauth import MultiAuthenticationPolicy from elixr2.web.auth.principals import ( resolve_principals as get_principals, get_request_user ) from .api.security import jwt_principals_finder authz_policy = ACLAuthorizationPolicy() ses_authn_policy = SessionAuthenticationPolicy(callback=get_principals) jwt_authn_policy = create_jwt_authentication_policy(self.config, callback=jwt_principals_finder) multi_auth_args = [jwt_authn_policy, ses_authn_policy] authn_policy = MultiAuthenticationPolicy(multi_auth_args) self.config.set_authentication_policy(authn_policy) self.config.set_authorization_policy(authz_policy) # We need to carefully be above TM view, but below exc view so that # internal server error page doesn't trigger session authentication # that accesses the database self.config.add_tween( "elixr2.web.auth.tweens.SessionInvalidationTweenFactory", under="pyramid_tm.tm_tween_factory") # # TODO: Grab incoming auth details changed events # from websauna.system.auth import subscribers # self.config.scan(subscribers) # Experimental support for transaction aware properties try: from pyramid_tm.reify import transaction_aware_reify self.config.add_request_method( callable=transaction_aware_reify(self.config, get_request_user), name="user", property=True, reify=False) except ImportError: self.config.add_request_method(get_request_user, 'user', reify=True) ## request method for jwt def create_jwt_token(request, principal, expiration=None, **claims): return jwt_authn_policy.create_token(principal, expiration, **claims) def jwt_claims(request): return jwt_authn_policy.get_claims(request) self.config.add_request_method(create_jwt_token, 'create_jwt_token') self.config.add_request_method(jwt_claims, 'jwt_claims', reify=True)
def simple_config() -> Configurator: """Prepare the base configuration needed for the Pyramid app.""" with Configurator() as config: config.include("pyramid_openapi3") # Setup security config.set_default_permission("view") config.set_session_factory(SignedCookieSessionFactory("itsaseekreet")) config.set_authentication_policy(SessionAuthenticationPolicy()) config.set_authorization_policy(ACLAuthorizationPolicy()) config.set_root_factory(get_default_context) yield config
def includeme(config): reg = config.registry authn_policy = SessionAuthenticationPolicy() authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) reg.registerUtility(authenticate_user, IUserAuthenticator) config.add_request_method(get_authenticated_user, name='authenticated_user', property=True, reify=True)
def configure(self): super(Portal, self).configure() self.configure_zca() mimetypes.add_type('application/font-woff', '.woff') mimetypes.add_type('application/x-font-ttf', '.ttf') registry = pyramid.registry.Registry( bases=(zope.component.getGlobalSiteManager(),)) if self.settings.get('sentry.dsn', None): version = sw.allotmentclub.version.__version__ sentry_sdk.init( release=f"sw-allotmentclub-backend@{version}", dsn=self.settings['sentry.dsn'], integrations=[PyramidIntegration(), SqlalchemyIntegration()]) self.config = config = pyramid.config.Configurator( settings=self.settings, registry=registry) config.setup_registry(settings=self.settings) config.include('pyramid_beaker') config.include('pyramid_exclog') config.include('pyramid_tm') if self.testing: config.include('pyramid_mailer.testing') elif config.registry.settings.get('mail.enable') == 'false': config.include('sw.allotmentclub.printmailer') else: config.include('sw.allotmentclub.logmailer') # self.add_csrf_check() config.add_renderer( 'json', risclog.sqlalchemy.serializer.json_renderer_factory( serializer=json_serializer)) config.set_default_permission('view') config.set_authentication_policy(SessionAuthenticationPolicy()) config.set_authorization_policy(ACLAuthorizationPolicy()) config.set_root_factory( sw.allotmentclub.browser.auth.get_default_context) config.add_request_method( sw.allotmentclub.browser.auth.get_user, 'user', property=True) self.add_routes() config.scan(package=sw.allotmentclub.browser, ignore=sw.allotmentclub.SCAN_IGNORE_TESTS)
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ logging.basicConfig(level=logging.DEBUG) authn_policy = SessionAuthenticationPolicy() authz_policy = ACLAuthorizationPolicy() session_factory = UnencryptedCookieSessionFactoryConfig( settings['session.secret']) config = Configurator(settings=settings, authentication_policy=authn_policy, authorization_policy=authz_policy, session_factory=session_factory) # our session maker object to be set up on request engine = engine_from_config(settings, prefix='sqlalchemy.') config.registry.settings['dbmaker'] = sessionmaker(bind=engine) config.include('pyramid_chameleon') config.add_static_view('static', 'static', cache_max_age=3600) routes = [ ('resume', '/about/resume'), ('logout', '/logout'), ('home', '/'), ('view_files', '/files'), ('view_file', '/files/view/{filename}'), ('manage_file', '/files/manage/{filename}'), ('delete_file', '/files/delete/{filename}'), ('share_file', '/files/share/{filename}'), ('unshare_file', '/files/unshare/{filename}/{unshare_user}'), ('user', '/users/{userid}'), ('toggle_sharability', '/users/{userid}/toggle_sharability'), ('register', '/register'), ('verify', '/verify/{token}'), ('send_verify', '/verify'), ('login', '/login'), ('about', '/about'), ('keys', '/keys'), ('export_key', '/keys/export/{key}'), ('delete_key', '/keys/delete/{key}'), ] create_routes(config, routes) config.scan() return config.make_wsgi_app()
def includeme(config: Configurator): """ Setup authentication/authorization. - Make user object on request object as ``user`` - Store authenticated user in session - Use ACL authorization (__acl__ in context) """ from pyramid.authentication import SessionAuthenticationPolicy from pyramid.authorization import ACLAuthorizationPolicy config.add_request_method(_get_user, 'user', reify=True) authn_policy = SessionAuthenticationPolicy(callback=_groupfinder) authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.add_route('login', '/login') config.add_route('logout', '/logout')
def includeme(config): """ For inclusion by Pyramid. """ config.add_request_method(get_user, str('user'), reify=True) config.add_request_method(get_acls, str('acls'), reify=True) settings = config.registry.settings authn_policy = SessionAuthenticationPolicy() authz_policy = ACLAuthorizationPolicy() config.set_authorization_policy(authz_policy) config.set_authentication_policy(authn_policy) config.add_subscriber(_new_response, NewResponse) config.add_subscriber(_auth_to_db, ContextFound)
def prepare_config(**settings): """ Prepare the configuration object to setup the main application elements """ session_factory = get_session_factory(settings) set_cache_regions_from_settings(settings) auth_policy = SessionAuthenticationPolicy(callback=get_groups) acl_policy = ACLAuthorizationPolicy() config = Configurator( settings=settings, authentication_policy=auth_policy, authorization_policy=acl_policy, session_factory=session_factory, ) config.begin() config.commit() return config
def factory(global_config, **settings): """Call with settings to create and return a WSGI application.""" # Bind the SQLAlchemy model classes to the database specified in the # ``settings`` provided. engine = engine_from_config(settings, 'sqlalchemy.') Session.configure(bind=engine) # Initialise the ``Configurator`` with the ``settings`` provided. authn_policy = SessionAuthenticationPolicy(callback=group_finder, debug=True) authz_policy = ACLAuthorizationPolicy() kwargs = { 'authentication_policy': authn_policy, 'authorization_policy': authz_policy, 'default_permission': 'view', 'settings': settings, 'root_factory': Trunk } config = Configurator(**kwargs) config.include('pyramid_beaker') config.include('pyramid_tm') config.include('pyramid_weblayer') config.set_session_factory(session_factory_from_settings(settings)) # Expose routes. config.add_route('index', '/') config.add_route('login', '/login') config.add_route('logout', '/logout') config.add_route('foo', '/foo') # Add ``is_authenticated`` and ``user`` properties to the request. #config.set_request_property(get_is_authenticated, 'is_authenticated', reify=True) #config.set_request_property(get_user, 'user', reify=True) # Configure a custom 404 that first tries to append a slash to the URL. #not_found = AppendSlashNotFoundViewFactory(not_found_view) #config.add_view(not_found, context='pyramid.httpexceptions.HTTPNotFound') # Run a venusian scan to pick up the declerative configuration. config.scan() # Return a configured WSGI application. return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine set_cache_regions_from_settings(settings) config = Configurator(settings=settings, root_factory='.resources.Root') authentication_policy = SessionAuthenticationPolicy() authorization_policy = ACLAuthorizationPolicy() config.set_default_csrf_options(require_csrf=True) config.set_authentication_policy(authentication_policy) config.set_authorization_policy(authorization_policy) config.add_forbidden_view(redirect_login) config.include('pyramid_chameleon') config.include("pyramid_beaker") config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('home', '/') config.add_route('login', '/login') config.add_route('contact', '/contact') config.add_route('logout', '/logout') config.add_route('register', '/register') config.add_route('recover', '/recover') config.add_route('reset_password', '/recover/{key}') config.add_route('shows', '/shows') config.add_route('banners', '/banners/{show_id}') config.add_route('search', '/search') config.add_route('profile', '/profile') config.add_route('settings_feed', '/settings/feeds') config.add_route('settings_pw', '/settings/password') config.add_route('settings_token', '/settings/token') config.add_route('episodes', '/episodes') config.add_route('feed', '/atom/{user}/{token}') config.add_route("feeds", "/feeds") config.add_route('ical', '/ical/{user}/{token}') config.add_route('html', '/episodes/{user}/{token}') config.add_route('subscribe', '/subscribe') config.add_route('unsubscribe', '/unsubscribe') config.add_route('setup', '/setup') # TODO remove this config.scan() return config.make_wsgi_app()
def setup_auth(config): """ Used to set up minimal authentication/authorization parameters. """ config.add_route('saml2-login', '/saml2/login/') config.add_route('saml2-logout', '/saml2/logout/') settings = config.registry.settings extra_authn_policy = {} if 'groups_callback' in settings: extra_authn_policy['callback'] = settings['groups_callback'] authn_policy = SessionAuthenticationPolicy(prefix='session', **extra_authn_policy) authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) return config
def main(global_config, **settings): session_factory = session_factory_from_settings(settings) boto.config.load_credential_file(settings['boto_cfg']) if not boto.config.has_section('Credentials'): boto.config.add_section('Credentials') #boto.config.set('Credentials','aws_access_key_id',credentials['Access Key Id']) #boto.config.set('Credentials','aws_secret_key',credentials['Secret Access Key']) #boto.config.set('Credentials','username',credentials['User Name']) authn_policy = SessionAuthenticationPolicy() authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, root_factory=RootFactory, authentication_policy=authn_policy, authorization_policy=authz_policy, session_factory=session_factory) config.add_renderer('jsonp', JSONP(param_name='callback', indent=4)) config.add_route('home', '/') config.add_route('hello', '/hello') #config.add_view(home, route_name='home') config.add_route('view_data', '/data') config.add_route('edit_data', '/data/edit') config.add_route('export_data', '/data/export') config.add_route('authorized', '/authorized') #config.add_view(authorized, route_name='authorized') config.add_route('login', '/login') config.add_route('auth', '/auth/{provider_name}') config.add_route('logout', '/logout') config.add_route('is_locked', '/is_locked') config.add_route('unlock', '/unlock') config.add_static_view('client', 'aap:static/web-aap', cache_max_age=0) config.add_static_view('app', 'aap:static/web-aap/app', cache_max_age=0) config.scan() return config.make_wsgi_app()
def init_auth(config): def user(request): if request.authenticated_userid: return User(request.registry.hubclient, request.session[USER_DATA_SESSION_KEY]) return None def verify_user_in_session(user_id, request): user_data = request.session.get(USER_DATA_SESSION_KEY, None) if user_data is not None and user_data['uuid'] == user_id: return (user_id, ) return None authn_policy = SessionAuthenticationPolicy(callback=verify_user_in_session) authz_policy = ACLAuthorizationPolicy() config.set_authorization_policy(authz_policy) config.set_authentication_policy(authn_policy) config.add_request_method(user, reify=True)
def __init__(self): self.session_policy = SessionAuthenticationPolicy(callback=util.groupfinder) self.token_policy = TokenAuthenticationPolicy(callback=util.groupfinder)
def __init__(self, reissue_time: int, debug: bool = False): SessionAuthenticationPolicy.__init__(self, debug=debug, callback=None) self._reissue_time = reissue_time self.callback = None