def test_acl_deleted(self, factories, pyramid_request): """ Nobody -- not even the owner -- should have any permissions on a deleted annotation. """ policy = ACLAuthorizationPolicy() ann = factories.Annotation(userid='saoirse', deleted=True) res = AnnotationResource(pyramid_request, ann) for perm in ['read', 'admin', 'update', 'delete']: assert not policy.permits(res, ['saiorse'], perm)
def test_acl_deleted(self, factories, group_service, links_service): """ Nobody -- not even the owner -- should have any permissions on a deleted annotation. """ policy = ACLAuthorizationPolicy() ann = factories.Annotation(userid="saoirse", deleted=True) res = AnnotationContext(ann, group_service, links_service) for perm in ["read", "admin", "update", "delete", "moderate"]: assert not policy.permits(res, ["saiorse"], perm)
def test_acl_shared_admin_perms(self, factories, group_service, links_service): """ Shared annotation contexts should still only give admin/update/delete permissions to the owner. """ policy = ACLAuthorizationPolicy() ann = factories.Annotation(shared=False, userid="saoirse") res = AnnotationContext(ann, group_service, links_service) for perm in ["admin", "update", "delete"]: assert policy.permits(res, ["saoirse"], perm) assert not policy.permits(res, ["someoneelse"], perm)
def test_acl_shared_admin_perms(self, factories, pyramid_request): """ Shared annotation resources should still only give admin/update/delete permissions to the owner. """ policy = ACLAuthorizationPolicy() ann = factories.Annotation(shared=False, userid='saoirse') res = AnnotationResource(pyramid_request, ann) for perm in ['admin', 'update', 'delete']: assert policy.permits(res, ['saoirse'], perm) assert not policy.permits(res, ['someoneelse'], perm)
def permits(self, context, principals, permission): """map users and groups to their roles !""" for p in self.get_contextual_principals(context): if not p in principals: principals.append(p) acl = BACLAuthorizationPolicy.permits(self, context, principals, permission) #if 'ACLDenied' == acl.__class__.__name__: # import pdb;pdb.set_trace() return acl
class ACLAuthorizationPolicyWithLocalRoles(object): # FIXME: document this # Basically it uses the standard Pyramid ACLAuthorizationPolicy # and adds support for our local roles. implements(IAuthorizationPolicy) def __init__(self): self.acl_policy = ACLAuthorizationPolicy() def permits(self, context, principals, permission): #log.debug("permits(context=%s, principals=%s, permission=%s)" % (repr(context), repr(principals), repr(permission))) try: local_roles = context._get_merged_local_roles() except AttributeError: local_roles = None if local_roles: expanded_principals = set(principals) for p in principals: roles = local_roles.get(p) if roles: expanded_principals.update(roles) #log.debug("in permits - local_roles=%s expanded_principals=%s" % (repr(local_roles), repr(expanded_principals))) principals = expanded_principals return self.acl_policy.permits(context, principals, permission) def principals_allowed_by_permission(self, context, permission): #log.debug("principals_allowed_by_permission(context=%s, permission=%s)" % (repr(context), repr(permission))) allowed = self.acl_policy.principals_allowed_by_permission(context, permission) try: local_roles = context._get_merged_local_roles() except AttributeError: local_roles = None if local_roles: principals_by_role = _invert_local_roles(local_roles) expanded_allowed = set(allowed) for r in allowed: principals = principals_by_role.get(r) if principals: expanded_allowed.update(principals) #log.debug("in principals_allowed_by_permission - local_roles=%s allowed=%s expanded_allowed=%s" % (repr(local_roles), repr(allowed), repr(expanded_allowed))) allowed = expanded_allowed return allowed
class BaseACLTest(unittest.TestCase): """ Base test for anything checking ACLs """ def setUp(self): self.request = DummyRequest() self.request.userid = None self.auth = ACLAuthorizationPolicy() def allowed(self, context, perm): """ Get all allowed principals from a context or an ACL """ if not hasattr(context, '__acl__'): acl = context context = MagicMock() context.__acl__ = acl context.__parent__ = None return self.auth.principals_allowed_by_permission(context, perm) def assert_allowed(self, context, perm, principals): """ Assert that only a particular set of principals has access """ allowed = self.allowed(context, perm) self.assertEqual(allowed, set(principals))
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine authentication_policy = AuthTktAuthenticationPolicy('somesecret') authorization_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, authentication_policy=authentication_policy, authorization_policy=authorization_policy) config.include('pyramid_jinja2') config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('home', '/') config.add_route('blog', '/blog/{id:\d+}/{slug}') config.add_route('blog_action', '/blog/{action}', factory='blog_app.security.BlogRecordFactory') config.add_route('auth', '/sign/{action}') config.include('.routes') config.include('.models') config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ zodb_uri = settings.get('zodb_uri') if zodb_uri is None: raise ValueError("No 'zodb_uri' in application configuration.") finder = PersistentApplicationFinder(zodb_uri, appmaker) def get_root(request): return finder(request.environ) authentication_policy = AuthTktAuthenticationPolicy('vof5934d', callback=groupfinder) authorization_policy = ACLAuthorizationPolicy() config = Configurator(root_factory=get_root, settings=settings, authentication_policy=authentication_policy, authorization_policy=authorization_policy) config.add_static_view('static', 'spionistoserver:static') config.scan('spionistoserver') return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ authn_policy = OAuth2AuthenticationPolicy() authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, root_factory='werewolf.app.resource.RootResource', default_permission='authenticated') config.include('pyramid_jinja2') config.add_renderer(".html", "pyramid_jinja2.renderer_factory") config.add_renderer('json', "werewolf.app.renderer.json_renderer") config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) add_static_view(config, 'bower_components') add_static_view(config, 'css') add_static_view(config, 'scripts') add_static_view(config, 'static', '') config.add_route('layout', '/') config.add_route('api_user', '/api/v1/user') config.add_route('api_user_nickname_update', '/api/v1/user/nickname/update') config.add_route('api_auth_token', '/api/v1/auth/token') config.add_route('api_village_list', '/api/v1/village/list') config.add_route('api_village_detail', '/api/v1/village/{identity}') config.add_route('api_village_join', '/api/v1/village/join') config.add_route('socketio', '/socket.io/*remaining') config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ initialize_sql(settings) authn_policy = AuthTktAuthenticationPolicy( settings.get('auth.secret'), callback=UserMgr.auth_groupfinder) authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, root_factory='bookie.RootFactory', authentication_policy=authn_policy, authorization_policy=authz_policy) config.set_request_factory(RequestWithUserAttribute) import bookie.bcelery.celeryapp bookie.bcelery.celeryapp.load_config(settings) config = build_routes(config) config.add_static_view('static', 'bookie:static') config.scan('bookie.views') return config.make_wsgi_app()
def main(global_config, **settings): config = Configurator(settings=settings, root_factory='tutorial.models.Root') config.include('pyramid_chameleon') # Security policies authn_policy = AuthTktAuthenticationPolicy('sosecret', callback=groupfinder, hashalg='sha512') authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.add_route('wiki_view', '/') config.add_route('login', '/login') config.add_route('logout', '/logout') config.add_route('wikipage_add', '/add') config.add_route('wikipage_view', '/{uid}') config.add_route('wikipage_edit', '/{uid}/edit') config.add_route('wikipage_delete', '/{uid}/delete') config.add_static_view(name='static', path='tutorial:static') config.add_static_view('deform_static', 'deform:static/') config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ authn_policy = AuthTktAuthenticationPolicy( 'todo: replacethiswithasecretstring!', callback=groupFinder, hashalg='sha512') authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings) config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.include('pyramid_chameleon') config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('home', '/') config.add_route('login', '/login') config.add_route('logout', '/logout') config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a WSGI application. """ config = Configurator(settings=settings) config.set_session_factory(session_factory_from_settings(settings)) #authentication/authorization config.set_authentication_policy(AuthTktAuthenticationPolicy('seekrit')) config.set_authorization_policy(ACLAuthorizationPolicy()) config.set_root_factory(RootFactory) #beaker config.include('pyramid_beaker') #jinja2 config.include('pyramid_jinja2') config.add_renderer('.html', 'pyramid_jinja2.renderer_factory') #views config.add_static_view('static', 'triage:static') config.scan('triage.views') config.scan('triage.subscribers') #routes config.include('triage.routes.routes') #mongoengine mongoengine.connect(settings['mongodb.db_name'], host=settings['mongodb.host']) config.registry.settings['projects'] = app_settings.PROJECTS config.registry.settings['default_project'] = app_settings.DEFAULT_PROJECT app = config.make_wsgi_app() return app
def includeme(config): """Allow developers to use ``config.include('pyramid_bimt')``.""" if 'development.ini' in ' '.join(sys.argv).lower(): config.registry.settings['bimt.mode'] = Modes.development.name elif 'testing.ini' in ' '.join(sys.argv).lower(): config.registry.settings['bimt.mode'] = Modes.testing.name elif 'production.ini' in ' '.join(sys.argv).lower(): config.registry.settings['bimt.mode'] = Modes.production.name else: config.registry.settings['bimt.mode'] = Modes.unknown.name logger.warning('Unknown mode of operation: {}'.format(' '.join( sys.argv).lower())) check_required_settings(config) # Setup the DB session and such config.include('pyramid_tm') config.include('pyramid_basemodel') config.include('pyramid_fanstatic') # Add support for encrypted session cookies config.include('pyramid_beaker') # Setup authentication and authorization policies. authentication_policy = AuthTktAuthenticationPolicy( secret=config.registry.settings['authtkt.secret'], hashalg='sha512', callback=groupfinder, ) authorization_policy = ACLAuthorizationPolicy() config.set_authorization_policy(authorization_policy) config.set_authentication_policy(authentication_policy) configure(config, config.registry.settings)
def configure_authentication(self): """Set up authentication and authorization policies. For more information see Pyramid auth documentation. """ from websauna.system.auth.principals import resolve_principals from websauna.system.auth.authentication import get_request_user from pyramid.authorization import ACLAuthorizationPolicy from websauna.system.auth.policy import SessionAuthenticationPolicy authn_policy = SessionAuthenticationPolicy(callback=resolve_principals) authz_policy = ACLAuthorizationPolicy() self.config.set_authentication_policy(authn_policy) self.config.set_authorization_policy(authz_policy) # We need to carefully be above TM view, but below exc view so that internal server error page doesn't trigger session authentication that accesses the database self.config.add_tween( "websauna.system.auth.tweens.SessionInvalidationTweenFactory", under="pyramid_tm.tm_tween_factory") # Grab incoming auth details changed events from websauna.system.auth import subscribers self.config.scan(subscribers) # Experimental support for transaction aware properties try: from pyramid_tm.reify import transaction_aware_reify self.config.add_request_method(callable=transaction_aware_reify( self.config, get_request_user), name="user", property=True, reify=False) except ImportError: self.config.add_request_method(get_request_user, 'user', reify=True)
def main(global_config, **settings): """Return a Pyramid WSGI application.""" if 'DATABASE_URL' in os.environ: settings['sqlalchemy.url'] = os.environ.get('DATABASE_URL') engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine secret = os.environ.get('dsfkljfvjkvnadssvjkbavhfdlbvhfdlv', 'vndjkvbndlv') authentication_policy = AuthTktAuthenticationPolicy(secret) authorization_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, authentication_policy=authentication_policy, authorization_policy=authorization_policy, root_factory=BaseFactory) config.include('pyramid_jinja2') config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('index_route', '/') config.add_route('new_route', '/add') config.add_route('entry_route', '/entries/{id:\d+}') config.add_route('edit_route', '/entries/{id:\d+}/edit') config.add_route('login', '/login') config.add_route('logout', '/logout') config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine authn_policy = AuthTktAuthenticationPolicy('sosecret', callback=groupfinder, hashalg='sha512') authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, root_factory='tutorial.models.RootFactory') config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.include('pyramid_chameleon') config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('view_wiki', '/') config.add_route('login', '/login') config.add_route('logout', '/logout') config.add_route('view_page', '/{pagename}') config.add_route('add_page', '/add_page/{pagename}') config.add_route('edit_page', '/{pagename}/edit_page') config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine session_factory = session_factory_from_settings(settings) authn_policy = AuthTktAuthenticationPolicy( 'sosecret', callback=groupfinder, hashalg='sha512') authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, root_factory='geogallery.models.models.RootFactory') config.set_request_property(get_user, str('user'), reify=True) config.include('bag.web.pyramid.flash_msg') config.set_session_factory(session_factory) config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.add_static_view('static', 'static', cache_max_age=3600) # Adding the static resources from Deform config.add_static_view('deform_static', 'deform:static', cache_max_age=3600) config.add_static_view('deform_bootstrap_static', 'deform_bootstrap:static', cache_max_age=3600) config.add_route('home', '/') config.add_route('login', '/login') config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ # setup database settings = setup_database(global_config, **settings) config = Configurator( settings=settings, request_factory=APIRequest, authentication_policy=AuthenticationPolicy(), authorization_policy=ACLAuthorizationPolicy(), default_permission='view', ) # add basic authentication parsing config.add_tween('.api.auth.basic_auth_tween_factory') # add access-control-allow-origin header setting config.add_tween('.api.allow_origin.allow_origin_tween_factory') # provides table entity to json renderers config.include('.renderers') # provides api views config.include('.api') config.scan(ignore=b'billy.tests') return config.make_wsgi_app()
def setUpClass(cls): cls.config = testing.setUp() cls.config.add_renderer('jsonp', JSONP(param_name='callback')) cls.config.include("cornice") cls.authz_policy = ACLAuthorizationPolicy() cls.authn_policy = AuthenticationPolicy( 'openprocurement/archivarius/core/tests/auth.ini', __name__) cls.config.set_authorization_policy(cls.authz_policy) cls.config.set_authentication_policy(cls.authn_policy) cls.config.registry.db = MagicMock() cls.config.registry.db.save.return_value = [ '', '1-{}'.format(uuid.uuid4().hex) ] cls.config.registry.server_id = uuid.uuid4().hex cls.config.registry.docservice_key = MagicMock() cls.config.context = munchify(tender.serialize.return_value) cls.config.registry.docservice_key.vk = 'a' * 32 cls.config.add_subscriber(add_logging_context, NewRequest) cls.config.add_subscriber(MagicMock(), ContextFound) cls.config.add_subscriber(MagicMock(), NewRequest) cls.config.add_subscriber(MagicMock(), BeforeRender) cls.config.scan("openprocurement.archivarius.core.tests.utils") cls.app = TestApp(CatchErrors(cls.config.make_wsgi_app()))
def includeme(config): config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('home', '/') config.add_route('recepts', '/recepts') config.add_route('collection', '/collection') config.add_route('recept_view', '/recepts/{id:\w+}') config.add_route('create_recept', '/create-recept') authn_policy = AuthTktAuthenticationPolicy('seekrit', hashalg='sha512') authz_policy = ACLAuthorizationPolicy() # config = Configurator(root_factory=HelloFactory) config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) print('kek') config.add_route('hello', '/hello/{name}') config.add_view(hello_world, route_name='hello', permission='view') # login form config.add_route('login', '/login') config.add_route('logout', '/logout') config.add_view(login, route_name='login') config.add_view(logout, route_name='logout')
def main(global_settings, **settings): authn_policy = AuthTktAuthenticationPolicy(settings['auth.secret'], ) authz_policy = ACLAuthorizationPolicy() config = Configurator( settings=settings, authentication_policy=authn_policy, authorization_policy=authz_policy, ) config.add_route('home', '/') config.add_route('login', '/login') config.add_route('logout', '/logout') config.add_route('users', '/users') config.add_route('user', '/user/{login}') config.add_route('pages', '/pages') config.add_route('create_page', '/create_page') config.add_route('page', '/page/{title}') config.add_route('edit_page', '/page/{title}/edit') config.scan(__name__) return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ session_factory = session_factory_from_settings(settings) config = Configurator( root_factory=root_factory, session_factory=session_factory, settings=settings, ) config.add_static_view('static', 'static', cache_max_age=3600) config.include('ticketing.setup') config.include('ticketing.mainviews') config.include('ticketing.raven') config.include('ticketing.profile') config.include('ticketing.boxoffice') config.include('ticketing.queue') config.include('ticketing.manage', route_prefix="/admin") config.include('ticketing.checkin') config.add_renderer('api_renderer', 'ticketing.api.api_renderer.APIRenderer') config.include('ticketing.api') config.add_route("admin_catch", "/admin") # Add authentication policies authentication_policy = AuthTktAuthenticationPolicy('ticketing', callback=checkGroups, hashalg='sha512') authorization_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authentication_policy) config.set_authorization_policy(authorization_policy) config.set_default_permission("public") # Scan for views config.scan() return config.make_wsgi_app()
def main(global_config, **settings): engine = engine_from_config(settings, prefix='sqlalchemy.') authn_policy = AuthTktAuthenticationPolicy(settings['auth.secret'], hashalg='sha512') authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, authentication_policy=authn_policy, authorization_policy=authz_policy) config.include('pyramid_chameleon') config.add_static_view('public', 'tdf:public') # Routes config.add_route('index', '/') config.add_route('login', '/login') config.add_route('logout', '/logout') # View Plugin config.scan('.app.views.index_view') config.scan('.app.views.authentication_view') return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ # Update the settings with the current app root path settings['app_root'] = abspath(dirname(dirname(__file__))) initialize_sql(settings) authn_policy = AuthTktAuthenticationPolicy( settings.get('auth.secret'), callback=UserMgr.auth_groupfinder) authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, root_factory='bookie.RootFactory', authentication_policy=authn_policy, authorization_policy=authz_policy) config.set_request_factory(RequestWithUserAttribute) config = build_routes(config) config.add_static_view('static', 'bookie:static') config.scan('bookie.views') return config.make_wsgi_app()
def main(global_config, **settings): """This function returns a Pyramid WSGI application.""" engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine authn_policy = AuthTktAuthenticationPolicy( secret='sosecret', callback=group_finder, hashalg='sha512', ) authz_policy = ACLAuthorizationPolicy() config = Configurator( settings=settings, session_factory=my_session_factory, root_factory='okarchive.models.RootFactory', ) config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.add_static_view('static', 'static', cache_max_age=3600) config.add_static_view('deform', 'deform:static', cache_max_age=3600) config.include('pyramid_chameleon') config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application.""" authn_policy = AuthTktAuthenticationPolicy(secret=settings['auth_secret'], callback=groupfinder, secure=False, include_ip=False, hashalg='sha512', wild_domain=False) authz_policy = ACLAuthorizationPolicy() session_factory = UnencryptedCookieSessionFactoryConfig( settings['cookie_secret']) config = Configurator(settings=settings, root_factory=RootFactory, authentication_policy=authn_policy, authorization_policy=authz_policy, session_factory=session_factory) config.add_request_method(get_user, 'user', reify=True) config.add_static_view('data', path=STORAGE_PATH, cache_max_age=3600) config.add_static_view('images', path='/tmp/octopi_images/', cache_max_age=3600) config.add_static_view('static', 'static', cache_max_age=3600) config.include(set_routes) config.scan() return config.make_wsgi_app()
def main(global_config, **settings): config = Configurator(settings=settings, root_factory=RootFactory) config.include('pyramid_ldap3') config.include('pyramid_chameleon') config.set_authentication_policy( AuthTktAuthenticationPolicy('seekr1t', callback=groupfinder)) config.set_authorization_policy(ACLAuthorizationPolicy()) config.ldap_setup('ldap://localhost', bind='CN=ldap user,CN=Users,DC=example,DC=com', passwd='ld@pu5er') config.ldap_set_login_query('CN=Users,DC=example,DC=com', '(sAMAccountName=%(login)s)', scope=ldap3.SUBTREE, cache_period=0) config.ldap_set_groups_query( 'CN=Users,DC=example,DC=com', # '(member:1.2.840.113556.1.4.1941:=%(userdn)s)', '(&(objectCategory=group)(member=%(userdn)s))', cache_period=60) config.add_route('sampleapp.root', '/') config.add_route('sampleapp.login', '/login') config.add_route('sampleapp.logout', '/logout') config.scan('.views') return config.make_wsgi_app()
def main(self, global_config, **settings): config = global_config config.add_settings(settings) self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) authz_policy = ACLAuthorizationPolicy() config.set_authorization_policy(authz_policy) authn_policy = AuthTktAuthenticationPolicy('secret') config.set_authentication_policy(authn_policy) session_factory = session_factory_from_settings(settings) config.set_session_factory(session_factory) config.registry.registerUtility(DBSession, IDBSession) config.include('hiero') app = config.make_wsgi_app() return app
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ settings['mako.directories'] = 'osmtm:templates' engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine authn_policy = AuthTktAuthenticationPolicy(secret='super_secret') authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, authentication_policy=authn_policy, authorization_policy=authz_policy) session_factory = UnencryptedCookieSessionFactoryConfig('itsasecret') config.set_session_factory(session_factory) config.include('pyjade.ext.pyramid') config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('home', '/') config.add_route('login', '/login') config.add_route('logout', '/logout') config.add_route('oauth_callback', '/oauth_callback') config.add_route('project_new', '/project/new') config.add_route('project', '/project/{project}') config.add_route('project_edit', '/project/{project}/edit') config.add_route('project_partition', '/project/{project}/partition') config.add_route('project_mapnik', '/project/{project}/{z}/{x}/{y}.{format}') config.add_route('task_xhr', '/task/{id}', xhr=True) config.add_renderer('mapnik', MapnikRendererFactory) config.scan() return config.make_wsgi_app()
def main(): """ This function returns a Pyramid WSGI application. """ settings = { 'sqlalchemy.url': 'postgresql://localhost:5432/weather_test' } config = Configurator(settings=settings) config.include('pyramid_jwt') config.include('pyramid_restful') config.set_root_factory(RootACL) config.set_authorization_policy(ACLAuthorizationPolicy()) config.set_jwt_authentication_policy( 'superseekretseekrit', auth_type='Bearer', callback=add_role_principals, ) config.include('weather_api.models') config.include('weather_api.routes') config.scan() return config.make_wsgi_app()
def setUp(self): self.request = DummyRequest() self.request.userid = None self.auth = ACLAuthorizationPolicy()
def authz_policy(self): return ACLAuthorizationPolicy()
def get_app(self): self.time_start = time.time() secret = 'itsasecreet' # XXX self.my_session_factory = SignedCookieSessionFactory(secret + 'sign') self.root_factory = MCDPResourceRoot config = Configurator(root_factory=self.root_factory, settings=self.settings) config.set_session_factory(self.my_session_factory) # config.include('pyramid_debugtoolbar') authn_policy = AuthTktAuthenticationPolicy(secret + 'authn', hashalg='sha512', callback=groupfinder) authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.set_default_permission(Privileges.ACCESS) config.add_renderer('jsonp', JSONP(param_name='callback')) config.add_static_view(name='static', path='static', cache_max_age=3600) config.include('pyramid_jinja2') AppStatus.config(self, config) AppVisualization.config(self, config) AppQR.config(self, config) AppSolver.config(self, config) AppInteractive.config(self, config) AppEditorFancyGeneric.config(self, config) WebAppImages.config(self, config) AppLogin.config(self, config) AppSolver2.config(self, config) config.add_view(self.view_dummy, context=ResourceAbout, renderer='about.jinja2') config.add_view(self.view_index, context=MCDPResourceRoot, renderer='index.jinja2') config.add_view(self.view_dummy, context=ResourceLibraries, renderer='list_libraries.jinja2') config.add_view(self.view_dummy, context=ResourceRepos, renderer='repos.jinja2') config.add_view(self.view_dummy, context=ResourceLibraryInteractive, renderer='empty.jinja2') config.add_view(self.view_dummy, context=ResourceLibrary, renderer='library_index.jinja2', permission=Privileges.READ) config.add_view(self.view_dummy, context=ResourceThings, renderer='library_index.jinja2', permission=Privileges.READ) # same as above config.add_view(self.view_dummy, context=ResourceRepo, renderer='shelves_index.jinja2') config.add_view(self.view_dummy, context=ResourceShelves, renderer='shelves_index.jinja2') # same as above config.add_view(self.view_dummy, context=ResourceAllShelves, renderer='shelves_index.jinja2') # same as above config.add_view(self.view_changes, context=ResourceChanges, renderer='changes.jinja2') config.add_view(self.view_tree, context=ResourceTree, renderer='tree.jinja2') config.add_view(self.view_not_found_generic, context=ResourceNotFoundGeneric, renderer='not_found_generic.jinja2', permission=NO_PERMISSION_REQUIRED) config.add_view(self.view_shelf_library_new, context=ResourceLibrariesNewLibname, permission=Privileges.WRITE) config.add_view(self.view_shelf, context=ResourceShelf, renderer='shelf.jinja2', permission=Privileges.DISCOVER) config.add_view(self.view_shelves_subscribe, context=ResourceShelvesShelfSubscribe, permission=Privileges.SUBSCRIBE) config.add_view(self.view_shelves_unsubscribe, context=ResourceShelvesShelfUnsubscribe, permission=Privileges.SUBSCRIBE) config.add_view(self.view_library_doc, context=ResourceLibraryDocRender, renderer='library_doc.jinja2', permission=Privileges.READ) config.add_view(self.view_library_doc_not_found, context=ResourceLibraryDocNotFound, renderer='library_doc_not_found.jinja2', permission=Privileges.READ) config.add_view(self.view_library_asset_not_found, context=ResourceLibraryAssetNotFound, renderer='asset_not_found.jinja2', permission=Privileges.READ) config.add_view(self.view_library_asset, context=ResourceLibraryAsset, permission=Privileges.READ) config.add_view(self.view_refresh_library, context=ResourceLibraryRefresh, permission=Privileges.READ) config.add_view(self.view_refresh, context=ResourceRefresh) config.add_view(self.view_users, context=ResourceListUsers, renderer='users.jinja2', permission=Privileges.VIEW_USER_LIST) config.add_view(self.view_users_user, context=ResourceListUsersUser, renderer='user_page.jinja2', permission=Privileges.VIEW_USER_PROFILE_PUBLIC) config.add_view(self.view_impersonate, context=ResourceUserImpersonate, permission=Privileges.IMPERSONATE_USER) config.add_view(self.view_exception, context=Exception, renderer='exception.jinja2') config.add_view(self.exit, context=ResourceExit, renderer='json', permission=NO_PERMISSION_REQUIRED) config.add_view(self.view_exceptions_occurred_json, context=ResourceExceptionsJSON, renderer='json', permission=NO_PERMISSION_REQUIRED) config.add_view(self.view_exceptions_occurred, context=ResourceExceptionsFormatted, renderer='exceptions_formatted.jinja2', permission=NO_PERMISSION_REQUIRED) config.add_view(self.view_dummy, context=ResourceShelfNotFound, renderer='shelf_not_found.jinja2') config.add_view(self.view_dummy, context=ResourceShelfForbidden, renderer='shelf_forbidden.jinja2') config.add_view(self.view_dummy, context=ResourceShelfInactive, renderer='shelf_inactive.jinja2') config.add_view(self.view_resource_not_found, context=ResourceRepoNotFound, renderer='repo_not_found.jinja2') config.add_view(self.view_thing_delete, context=ResourceThingDelete) config.add_view(self.view_thing_rename, context=ResourceThingRename) config.add_view(self.view_thing, context=ResourceThing) config.add_view(self.view_picture, context=ResourceUserPicture) config.add_view(self.view_search, http_cache=0, context=ResourceSearchPage, renderer='search.jinja2') config.add_view(self.view_search_query, http_cache=0, context=ResourceSearchPageQuery, renderer='json') config.add_view(self.view_confirm_bind, http_cache=0, context=ResourceConfirmBind, renderer='confirm_bind.jinja2', permission=NO_PERMISSION_REQUIRED) config.add_view(self.view_confirm_bind_bind, http_cache=0, context=ResourceConfirmBindBind, renderer='confirm_bind_bind.jinja2', permission=NO_PERMISSION_REQUIRED) config.add_view(self.view_confirm_creation_similar, http_cache=0, context=ResourceConfirmCreationSimilar, renderer='confirm_creation_similar.jinja2', permission=NO_PERMISSION_REQUIRED) config.add_view(self.view_confirm_creation, http_cache=0, context=ResourceConfirmCreation, renderer='confirm_creation.jinja2', permission=NO_PERMISSION_REQUIRED) config.add_view(self.view_confirm_creation_create, http_cache=0, context=ResourceConfirmCreationCreate, renderer='confirm_creation_create.jinja2', permission=NO_PERMISSION_REQUIRED) config.add_view(self.view_db_view, http_cache=0, context=ResourceDBView, renderer='db_view.jinja2') config.add_view(serve_robots, context=ResourceRobots, permission=NO_PERMISSION_REQUIRED) config.add_notfound_view(self.view_not_found, renderer='404.jinja2') config.scan() config.add_view(self.view_authomatic, context=ResourceAuthomaticProvider, permission=NO_PERMISSION_REQUIRED) self.get_authomatic_config() app = config.make_wsgi_app() return app
def aclauthorizationpolicy(_context): policy = ACLAuthorizationPolicy() # authorization policies must be registered eagerly so they can be # found by the view registration machinery config = with_context(_context) config.set_authorization_policy(policy)
def policy(self, pyramid_config): """Set up a fake authentication policy with a real ACL authorization policy.""" policy = ACLAuthorizationPolicy() pyramid_config.testing_securitypolicy(None) pyramid_config.set_authorization_policy(policy)
def get_configurator(settings, enable_auth=True): settings.update(REQUIRED_CONFIG) check_config(settings) connection_debug = asbool(settings.get('connection.debug')) boto.set_stream_logger( 'boto', level=(logging.DEBUG if connection_debug else logging.CRITICAL)) ensure_session_keys(settings) check_types() config = Configurator(root_factory=SiteRootFactory, settings=settings) if enable_auth: authn_policy = SessionAuthenticationPolicy(callback=groupfinder) authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.set_default_permission('view') config.add_request_method(User.get_auth_user, 'user', reify=True) config.add_subscriber(escape_braces, BeforeRender) cache_duration = int(settings.get('static.cache.duration', 43200)) config.add_static_view(name='static/' + __version__, path='static', cache_max_age=cache_duration) config.add_layout('eucaconsole.layout.MasterLayout', 'eucaconsole.layout:templates/master_layout.pt') route_dir = '/var/run/eucaconsole' if not os.path.exists(route_dir): route_dir = os.path.join(os.getcwd(), 'run') write_routes_json(route_dir) config.add_static_view(name='static/json', path=route_dir, cache_max_age=cache_duration) locale_dir = os.path.join(os.getcwd(), 'locale') # use local locale directory over system one if not os.path.exists(locale_dir) and os.path.exists('/usr/share/locale'): locale_dir = '/usr/share/locale' config.add_translation_dirs(locale_dir) config.set_locale_negotiator(custom_locale_negotiator) for route in urls: config.add_route(route.name, route.pattern) setup_tweens(config, settings) config.scan('.views') if not boto.config.has_section('Boto'): boto.config.add_section('Boto') boto.config.set('Boto', 'num_retries', settings.get('connection.retries', '2')) memory_cache = settings.get('cache.memory') memory_cache_url = settings.get('cache.memory.url') username = settings.get('cache.username', None) password = settings.get('cache.password', None) short_term.configure( memory_cache, expiration_time=int(settings.get('cache.short_term.expire')), arguments={ 'url': [memory_cache_url], 'binary': True, 'min_compress_len': 1024, 'behaviors': { "tcp_nodelay": True, "ketama": True }, 'username': username, 'password': password }, ) default_term.configure( memory_cache, expiration_time=int(settings.get('cache.default_term.expire')), arguments={ 'url': [memory_cache_url], 'binary': True, 'min_compress_len': 1024, 'behaviors': { "tcp_nodelay": True, "ketama": True }, 'username': username, 'password': password }, ) long_term.configure( memory_cache, expiration_time=int(settings.get('cache.long_term.expire')), arguments={ 'url': [memory_cache_url], 'binary': True, 'min_compress_len': 1024, 'behaviors': { "tcp_nodelay": True, "ketama": True }, 'username': username, 'password': password }, ) extra_long_term.configure( memory_cache, expiration_time=int(settings.get('cache.extra_long_term.expire')), arguments={ 'url': [memory_cache_url], 'binary': True, 'min_compress_len': 1024, 'behaviors': { "tcp_nodelay": True, "ketama": True }, 'username': username, 'password': password }, ) return config
def __init__(self): self.acl_policy = ACLAuthorizationPolicy()