class AuthenticationPolicy(object):
def __init__(self):
self.session_policy = SessionAuthenticationPolicy(
callback=util.groupfinder)
self.token_policy = TokenAuthenticationPolicy(
callback=util.groupfinder)
def authenticated_userid(self, request):
if _is_api_request(request):
return self.token_policy.authenticated_userid(request)
return self.session_policy.authenticated_userid(request)
def unauthenticated_userid(self, request):
if _is_api_request(request):
return self.token_policy.unauthenticated_userid(request)
return self.session_policy.unauthenticated_userid(request)
def effective_principals(self, request):
if _is_api_request(request):
return self.token_policy.effective_principals(request)
return self.session_policy.effective_principals(request)
def remember(self, request, userid, **kw):
if _is_api_request(request):
return self.token_policy.remember(request, userid, **kw)
return self.session_policy.remember(request, userid, **kw)
def forget(self, request):
if _is_api_request(request):
return self.token_policy.forget(request)
return self.session_policy.forget(request)
class AuthenticationPolicy(object):
def __init__(self):
self.session_policy = SessionAuthenticationPolicy(callback=util.groupfinder)
self.token_policy = TokenAuthenticationPolicy(callback=util.groupfinder)
def authenticated_userid(self, request):
if _is_api_request(request):
return self.token_policy.authenticated_userid(request)
return self.session_policy.authenticated_userid(request)
def unauthenticated_userid(self, request):
if _is_api_request(request):
return self.token_policy.unauthenticated_userid(request)
return self.session_policy.unauthenticated_userid(request)
def effective_principals(self, request):
if _is_api_request(request):
return self.token_policy.effective_principals(request)
return self.session_policy.effective_principals(request)
def remember(self, request, userid, **kw):
if _is_api_request(request):
return self.token_policy.remember(request, userid, **kw)
return self.session_policy.remember(request, userid, **kw)
def forget(self, request):
if _is_api_request(request):
return self.token_policy.forget(request)
return self.session_policy.forget(request)
def __init__(
self,
prefix='auth.',
callback=None,
debug=False,
default_username=None,
):
SessionAuthenticationPolicy.__init__(
self,
prefix=prefix,
callback=callback,
debug=debug,
)
self.default_username = default_username
def includeme(config): # pragma: no cover
settings = config.registry.settings
YEAR = 86400 * 365
config.add_directive('add_mgmt_view', add_mgmt_view, action_wrap=False)
config.add_static_view('deformstatic', 'deform:static', cache_max_age=YEAR)
config.add_static_view('sdistatic',
'substanced.sdi:static',
cache_max_age=YEAR)
# b/c alias for template lookups
config.override_asset(to_override='substanced.sdi:templates/',
override_with='substanced.sdi.views:templates/')
manage_prefix = settings.get('substanced.manage_prefix', '/manage')
manage_pattern = manage_prefix + '*traverse'
config.add_route(MANAGE_ROUTE_NAME, manage_pattern)
config.add_request_method(mgmt_path)
config.add_request_method(mgmt_url)
config.add_request_method(get_user, name='user', reify=True)
config.add_request_method(FlashUndo, name='flash_with_undo', reify=True)
config.include('deform_bootstrap')
secret = settings.get('substanced.secret')
if secret is None:
raise ConfigurationError(
'You must set a substanced.secret key in your .ini file')
session_factory = UnencryptedCookieSessionFactoryConfig(secret)
config.set_session_factory(session_factory)
from ..principal import groupfinder
authn_policy = SessionAuthenticationPolicy(callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_permission('sdi.edit-properties') # used by property machinery
def includeme(config): # pragma: no cover
config.add_view_predicate('check_csrf', _CheckCSRFTokenPredicate)
config.add_view_predicate('physical_path', _PhysicalPathPredicate)
config.add_directive('add_mgmt_view', add_mgmt_view, action_wrap=False)
YEAR = 86400 * 365
config.add_static_view('deformstatic', 'deform:static', cache_max_age=YEAR)
config.add_static_view('sdistatic', 'substanced.sdi:static',
cache_max_age=YEAR)
settings = config.registry.settings
manage_prefix = settings.get('substanced.manage_prefix', '/manage')
manage_pattern = manage_prefix + '*traverse'
config.add_route(MANAGE_ROUTE_NAME, manage_pattern)
config.add_request_method(mgmt_path)
config.add_request_method(mgmt_url)
config.add_request_method(get_user, name='user', reify=True)
config.include('deform_bootstrap')
secret = config.registry.settings.get('substanced.secret')
if secret is None:
raise ConfigurationError(
'You must set a substanced.secret key in your .ini file')
session_factory = UnencryptedCookieSessionFactoryConfig(secret)
config.set_session_factory(session_factory)
from ..principal import groupfinder
authn_policy = SessionAuthenticationPolicy(callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_permission('sdi.edit-properties') # used by property machinery
config.scan('.')
def main(global_config, **settings):
settings.setdefault('tm.manager_hook', 'pyramid_tm.explicit_manager')
config = Configurator(
settings=settings,
authentication_policy=SessionAuthenticationPolicy(),
authorization_policy=ACLAuthorizationPolicy(),
)
config.set_csrf_storage_policy(SessionCSRFStoragePolicy())
config.include("pyramid_tm")
config.include("pyramid_retry")
config.include("pyramid_jinja2")
config.include("redis_sessions")
config.include(".views")
# Configure Jinja2
config.add_jinja2_search_path("{{ cookiecutter.repo_name }}:templates")
# Set up the database
engine = engine_from_config(settings, 'sqlalchemy.')
session_factory = sessionmaker(bind=engine)
config.registry['db_factory'] = session_factory
config.add_request_method(db, 'db', reify=True)
config.add_request_method(user, 'user', reify=True)
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
const.update_cache_values()
cnf = ciocconfig.get_config(const._config_file)
get_session_settings(cnf, settings)
settings['mako.imports'] = ['from markupsafe import escape_silent']
settings['mako.default_filters'] = ['escape_silent']
authn_policy = SessionAuthenticationPolicy(callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()
config = Configurator(
settings=settings,
root_factory=RootFactory,
default_permission='public',
request_factory='featuredb.lib.request.CommunityManagerRequest',
authentication_policy=authn_policy,
authorization_policy=authz_policy)
config.include('pyramid_redis_sessions')
config.add_route('enhancement', 'enhancement/{id:\d+}')
config.add_route('enhancementupdate', 'enhancement/{action}')
config.add_route('search_index', '/')
config.add_route('search_results', 'results')
config.add_route('report', 'report')
config.add_route('suggestions', 'suggestions')
config.add_route('suggestion_delete', 'suggestions/delete')
config.add_route('concerns', 'concerns')
# config.add_route('priority', 'priority')
config.add_route('login', 'login')
config.add_route('logout', 'logout')
config.add_route('pwreset', 'pwreset')
config.add_route('register', 'register')
config.add_route('priority', 'priority')
config.add_route('suggest', 'suggest')
config.add_route('account', 'account')
config.add_static_view('static',
'featuredb:static',
cache_max_age=3600,
permission=NO_PERMISSION_REQUIRED)
config.add_static_view('/',
'featuredb:static',
cache_max_age=3600,
permission=NO_PERMISSION_REQUIRED)
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
"""
This function returns a Pyramid WSGI application.
"""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
session_factory = UnencryptedCookieSessionFactoryConfig(
settings['session.secret'])
authn_policy = SessionAuthenticationPolicy()
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
root_factory=RootFactory,
authentication_policy=authn_policy,
authorization_policy=authz_policy,
session_factory=session_factory)
config.include('pyramid_chameleon')
config.add_static_view('static', 'quizr:static')
config.include(addroutes)
config.scan()
return config.make_wsgi_app()
def app(spec: str, permission: str) -> Router:
"""Prepare a Pyramid app."""
with Configurator() as config:
config.include("pyramid_openapi3")
# Setup security
config.set_default_permission("view")
config.set_session_factory(
UnencryptedCookieSessionFactoryConfig("itsaseekreet"))
config.set_authentication_policy(SessionAuthenticationPolicy())
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_root_factory(get_default_context)
config.pyramid_openapi3_spec(
spec,
route="/api/v1/openapi.yaml",
route_name="api_spec",
permission=permission,
)
config.pyramid_openapi3_add_explorer(
route="/api/v1/",
route_name="api_explorer",
permission=permission,
)
config.add_route("foo", "/foo")
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application."""
my_session_factory = SignedCookieSessionFactory('itsaseekreet', timeout=None)
my_authentication_policy = SessionAuthenticationPolicy(callback=groupfinder, debug=False)
my_authorization_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings)
config.set_root_factory(Root)
config.set_session_factory(my_session_factory)
config.set_authentication_policy(my_authentication_policy)
config.set_authorization_policy(my_authorization_policy)
# add mongo db
config.add_subscriber(add_mongo_db, NewRequest)
# add cors headers
config.add_subscriber(add_cors_headers_response_callback, NewRequest)
# add csrf token header
config.add_subscriber(add_csrf_token_header, NewRequest)
# add toaster notification header
config.add_subscriber(add_toaster_notification_header, NewRequest)
# override default json renderer
config.add_renderer('json', MongoJSONRenderer)
config.add_route('options', '/*foo', request_method='OPTIONS') # matches any path OPTIONS method
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('auth', '/auth')
config.add_route('search', '/search')
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
# pyramid_beaker add-on
session_factory = session_factory_from_settings(settings)
authn_policy = SessionAuthenticationPolicy()
authz_policy = ACLAuthorizationPolicy()
Base.metadata.bind = engine
config = Configurator(
settings=settings,
root_factory=RootFactory,
authentication_policy=authn_policy,
authorization_policy=authz_policy,
session_factory=session_factory,
)
config.add_static_view('static', 'static', cache_max_age=3600)
# config.add_subscriber(add_renderer_globals, BeforeRender)
# mako settings for file extension .html
config.add_renderer(".html", "pyramid.mako_templating.renderer_factory")
config.include(addroutes)
config.scan()
return config.make_wsgi_app()
def includeme(config):
# Set authentication policy.
authn_policy = SessionAuthenticationPolicy()
config.set_authentication_policy(authn_policy)
# Create authentication plugin registry and add it to the pyramid registry.
authn_registry = AuthenticationPluginRegistry(config.get_settings())
config.add_directive('add_authn_plugin', authn_registry.add_authn_plugin)
config.registry.registerUtility(authn_registry)
# Create authentication traversal root resource.
authn_root_resource = root_factory()
config.add_directive('add_authn_resource',
authn_root_resource.add_authn_resource)
# Add the authentication traversal route.
config.add_route('auth_home',
ADMIN_PREFIX + '/auth*traverse',
factory=root_factory)
# Add the authentication settings root views.
config.add_view('rhodecode.authentication.views.AuthSettingsView',
attr='index',
request_method='GET',
route_name='auth_home',
context=AuthnRootResource)
config.add_view('rhodecode.authentication.views.AuthSettingsView',
attr='auth_settings',
request_method='POST',
route_name='auth_home',
context=AuthnRootResource)
# Auto discover authentication plugins and include their configuration.
_discover_plugins(config)
_discover_legacy_plugins(config)
def includeme(config: Configurator) -> None:
"""Config updates related to authentication/authorization."""
# make all views require "view" permission unless specifically overridden
config.set_default_permission('view')
# replace the default root factory with a custom one to more easily support
# the default permission
config.set_root_factory(DefaultRootFactory)
# Set the authorization policy to a custom one that always returns a
# "denied" result if the user isn't logged in. When overall site access is
# no longer being restricted, the AuthorizedOnlyPolicy class can just be
# replaced with the standard ACLAuthorizationPolicy
config.set_authorization_policy(AuthorizedOnlyPolicy())
config.set_authentication_policy(
SessionAuthenticationPolicy(callback=auth_callback))
# enable CSRF checking globally by default
config.set_default_csrf_options(require_csrf=True)
# make the logged-in User object available as request.user
config.add_request_method(get_authenticated_user, 'user', reify=True)
# add has_any_permission method for easily checking multiple permissions
config.add_request_method(has_any_permission, 'has_any_permission')
def create_app(global_config, **settings):
config = configure(settings=settings)
config.add_request_method(features.Client, name='feature', reify=True)
config.set_authorization_policy(ACLAuthorizationPolicy())
policy = MultiAuthenticationPolicy([
TokenAuthenticationPolicy(callback=groupfinder),
SessionAuthenticationPolicy(callback=groupfinder),
])
config.set_authentication_policy(policy)
config.include('h.auth')
config.include('h.sentry')
config.include('h.stats')
# We have to include models and db to set up sqlalchemy metadata.
config.include('h.models')
config.include('h.db')
config.include('h.api.db')
# We have to include search to set up the `request.es` property.
config.include('h.api.search')
config.include('h.streamer')
return config.make_wsgi_app()
def get_configurator(settings, enable_auth=True):
connection_debug = asbool(settings.get('connection.debug'))
boto.set_stream_logger(
'boto',
level=(logging.DEBUG if connection_debug else logging.CRITICAL))
ensure_session_keys(settings)
check_types()
config = Configurator(root_factory=SiteRootFactory, settings=settings)
if enable_auth:
authn_policy = SessionAuthenticationPolicy(callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.set_default_permission('view')
config.add_request_method(User.get_auth_user, 'user', reify=True)
cache_duration = int(settings.get('static.cache.duration', 43200))
config.add_static_view(name='static/' + __version__,
path='static',
cache_max_age=cache_duration)
config.add_layout('eucaconsole.layout.MasterLayout',
'eucaconsole.layout:templates/master_layout.pt')
for route in urls:
config.add_route(route.name, route.pattern)
setup_tweens(config)
setup_exts(config)
config.scan()
return config
def set_auth_policies(config):
from models.user import groupfinder
# set up authentication and authorization
authn_policy = SessionAuthenticationPolicy(callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
def includeme(config):
authn_policy = SessionAuthenticationPolicy()
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_route('login', '/login', factory=Auth)
config.add_route('logout', '/logout', factory=Auth)
def add_authorization(config):
""" Configure authorization and authentification.
:param config: a ``pyramid.config.Configurator`` object
"""
authorization_policy = ACLAuthorizationPolicy()
authentication_policy = SessionAuthenticationPolicy(callback=groupfinder)
config.set_authentication_policy(authentication_policy)
config.set_authorization_policy(authorization_policy)
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
from storlever.lib.lock import set_lock_factory_from_name
from storlever.lib.security import AclRootFactory
from storlever.lib.utils import CustomJSONEncoder
from pyramid.config import Configurator
from pyramid.renderers import JSON
from pyramid.session import UnencryptedCookieSessionFactoryConfig
from pyramid.authentication import SessionAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
storlever_session_factory = UnencryptedCookieSessionFactoryConfig(
'storlever201308')
storlever_authn_policy = SessionAuthenticationPolicy()
storlever_authz_policy = ACLAuthorizationPolicy()
config = Configurator(session_factory=storlever_session_factory,
root_factory=AclRootFactory,
authentication_policy=storlever_authn_policy,
authorization_policy=storlever_authz_policy,
settings=settings)
config.add_static_view('static', 'static', cache_max_age=3600)
# get user-specific config from setting
json_indent = settings.get("json.indent")
if json_indent is not None:
json_indent = int(json_indent)
# get lock factory
if (settings.get("lock.module") is not None) and \
(settings.get("lock.factory") is not None):
set_lock_factory_from_name(settings.get("lock.module"),
settings.get("lock.factory"))
# make JSON as the default renderer
config.add_renderer(
None,
JSON(indent=json_indent, check_circular=True, cls=CustomJSONEncoder))
# route and view configuration of REST API version 1 can be found in module storlever.rest
# check storlever.rest.__init__.py for more detail
config.include('storlever.rest', route_prefix='storlever/api/v1')
# route and view configuration of Web UI can be found in module storlever.web
# check storlever.web.__init__.py for more detail
config.include('storlever.web')
# loads all the extensions with entry point group "storlever.extenstions"
launch_extensions(config)
return config.make_wsgi_app()
def configure_authentication(self):
"""Set up authentication and authorization policies.
"""
import pyramid.tweens
from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.authentication import SessionAuthenticationPolicy
from pyramid_jwt import create_jwt_authentication_policy
from pyramid_multiauth import MultiAuthenticationPolicy
from elixr2.web.auth.principals import (
resolve_principals as get_principals,
get_request_user
)
from .api.security import jwt_principals_finder
authz_policy = ACLAuthorizationPolicy()
ses_authn_policy = SessionAuthenticationPolicy(callback=get_principals)
jwt_authn_policy = create_jwt_authentication_policy(self.config,
callback=jwt_principals_finder)
multi_auth_args = [jwt_authn_policy, ses_authn_policy]
authn_policy = MultiAuthenticationPolicy(multi_auth_args)
self.config.set_authentication_policy(authn_policy)
self.config.set_authorization_policy(authz_policy)
# We need to carefully be above TM view, but below exc view so that
# internal server error page doesn't trigger session authentication
# that accesses the database
self.config.add_tween(
"elixr2.web.auth.tweens.SessionInvalidationTweenFactory",
under="pyramid_tm.tm_tween_factory")
# # TODO: Grab incoming auth details changed events
# from websauna.system.auth import subscribers
# self.config.scan(subscribers)
# Experimental support for transaction aware properties
try:
from pyramid_tm.reify import transaction_aware_reify
self.config.add_request_method(
callable=transaction_aware_reify(self.config, get_request_user),
name="user", property=True, reify=False)
except ImportError:
self.config.add_request_method(get_request_user, 'user', reify=True)
## request method for jwt
def create_jwt_token(request, principal, expiration=None, **claims):
return jwt_authn_policy.create_token(principal, expiration, **claims)
def jwt_claims(request):
return jwt_authn_policy.get_claims(request)
self.config.add_request_method(create_jwt_token, 'create_jwt_token')
self.config.add_request_method(jwt_claims, 'jwt_claims', reify=True)
def simple_config() -> Configurator:
"""Prepare the base configuration needed for the Pyramid app."""
with Configurator() as config:
config.include("pyramid_openapi3")
# Setup security
config.set_default_permission("view")
config.set_session_factory(SignedCookieSessionFactory("itsaseekreet"))
config.set_authentication_policy(SessionAuthenticationPolicy())
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_root_factory(get_default_context)
yield config
def includeme(config):
reg = config.registry
authn_policy = SessionAuthenticationPolicy()
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
reg.registerUtility(authenticate_user, IUserAuthenticator)
config.add_request_method(get_authenticated_user,
name='authenticated_user',
property=True,
reify=True)
def configure(self):
super(Portal, self).configure()
self.configure_zca()
mimetypes.add_type('application/font-woff', '.woff')
mimetypes.add_type('application/x-font-ttf', '.ttf')
registry = pyramid.registry.Registry(
bases=(zope.component.getGlobalSiteManager(),))
if self.settings.get('sentry.dsn', None):
version = sw.allotmentclub.version.__version__
sentry_sdk.init(
release=f"sw-allotmentclub-backend@{version}",
dsn=self.settings['sentry.dsn'],
integrations=[PyramidIntegration(), SqlalchemyIntegration()])
self.config = config = pyramid.config.Configurator(
settings=self.settings,
registry=registry)
config.setup_registry(settings=self.settings)
config.include('pyramid_beaker')
config.include('pyramid_exclog')
config.include('pyramid_tm')
if self.testing:
config.include('pyramid_mailer.testing')
elif config.registry.settings.get('mail.enable') == 'false':
config.include('sw.allotmentclub.printmailer')
else:
config.include('sw.allotmentclub.logmailer')
# self.add_csrf_check()
config.add_renderer(
'json', risclog.sqlalchemy.serializer.json_renderer_factory(
serializer=json_serializer))
config.set_default_permission('view')
config.set_authentication_policy(SessionAuthenticationPolicy())
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_root_factory(
sw.allotmentclub.browser.auth.get_default_context)
config.add_request_method(
sw.allotmentclub.browser.auth.get_user, 'user', property=True)
self.add_routes()
config.scan(package=sw.allotmentclub.browser,
ignore=sw.allotmentclub.SCAN_IGNORE_TESTS)
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
logging.basicConfig(level=logging.DEBUG)
authn_policy = SessionAuthenticationPolicy()
authz_policy = ACLAuthorizationPolicy()
session_factory = UnencryptedCookieSessionFactoryConfig(
settings['session.secret'])
config = Configurator(settings=settings,
authentication_policy=authn_policy,
authorization_policy=authz_policy,
session_factory=session_factory)
# our session maker object to be set up on request
engine = engine_from_config(settings, prefix='sqlalchemy.')
config.registry.settings['dbmaker'] = sessionmaker(bind=engine)
config.include('pyramid_chameleon')
config.add_static_view('static', 'static', cache_max_age=3600)
routes = [
('resume', '/about/resume'),
('logout', '/logout'),
('home', '/'),
('view_files', '/files'),
('view_file', '/files/view/{filename}'),
('manage_file', '/files/manage/{filename}'),
('delete_file', '/files/delete/{filename}'),
('share_file', '/files/share/{filename}'),
('unshare_file', '/files/unshare/{filename}/{unshare_user}'),
('user', '/users/{userid}'),
('toggle_sharability', '/users/{userid}/toggle_sharability'),
('register', '/register'),
('verify', '/verify/{token}'),
('send_verify', '/verify'),
('login', '/login'),
('about', '/about'),
('keys', '/keys'),
('export_key', '/keys/export/{key}'),
('delete_key', '/keys/delete/{key}'),
]
create_routes(config, routes)
config.scan()
return config.make_wsgi_app()
def includeme(config: Configurator):
""" Setup authentication/authorization.
- Make user object on request object as ``user``
- Store authenticated user in session
- Use ACL authorization (__acl__ in context)
"""
from pyramid.authentication import SessionAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
config.add_request_method(_get_user, 'user', reify=True)
authn_policy = SessionAuthenticationPolicy(callback=_groupfinder)
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_route('login', '/login')
config.add_route('logout', '/logout')
def includeme(config):
"""
For inclusion by Pyramid.
"""
config.add_request_method(get_user, str('user'), reify=True)
config.add_request_method(get_acls, str('acls'), reify=True)
settings = config.registry.settings
authn_policy = SessionAuthenticationPolicy()
authz_policy = ACLAuthorizationPolicy()
config.set_authorization_policy(authz_policy)
config.set_authentication_policy(authn_policy)
config.add_subscriber(_new_response, NewResponse)
config.add_subscriber(_auth_to_db, ContextFound)
def prepare_config(**settings):
"""
Prepare the configuration object to setup the main application elements
"""
session_factory = get_session_factory(settings)
set_cache_regions_from_settings(settings)
auth_policy = SessionAuthenticationPolicy(callback=get_groups)
acl_policy = ACLAuthorizationPolicy()
config = Configurator(
settings=settings,
authentication_policy=auth_policy,
authorization_policy=acl_policy,
session_factory=session_factory,
)
config.begin()
config.commit()
return config
def factory(global_config, **settings):
"""Call with settings to create and return a WSGI application."""
# Bind the SQLAlchemy model classes to the database specified in the
# ``settings`` provided.
engine = engine_from_config(settings, 'sqlalchemy.')
Session.configure(bind=engine)
# Initialise the ``Configurator`` with the ``settings`` provided.
authn_policy = SessionAuthenticationPolicy(callback=group_finder,
debug=True)
authz_policy = ACLAuthorizationPolicy()
kwargs = {
'authentication_policy': authn_policy,
'authorization_policy': authz_policy,
'default_permission': 'view',
'settings': settings,
'root_factory': Trunk
}
config = Configurator(**kwargs)
config.include('pyramid_beaker')
config.include('pyramid_tm')
config.include('pyramid_weblayer')
config.set_session_factory(session_factory_from_settings(settings))
# Expose routes.
config.add_route('index', '/')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('foo', '/foo')
# Add ``is_authenticated`` and ``user`` properties to the request.
#config.set_request_property(get_is_authenticated, 'is_authenticated', reify=True)
#config.set_request_property(get_user, 'user', reify=True)
# Configure a custom 404 that first tries to append a slash to the URL.
#not_found = AppendSlashNotFoundViewFactory(not_found_view)
#config.add_view(not_found, context='pyramid.httpexceptions.HTTPNotFound')
# Run a venusian scan to pick up the declerative configuration.
config.scan()
# Return a configured WSGI application.
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
set_cache_regions_from_settings(settings)
config = Configurator(settings=settings, root_factory='.resources.Root')
authentication_policy = SessionAuthenticationPolicy()
authorization_policy = ACLAuthorizationPolicy()
config.set_default_csrf_options(require_csrf=True)
config.set_authentication_policy(authentication_policy)
config.set_authorization_policy(authorization_policy)
config.add_forbidden_view(redirect_login)
config.include('pyramid_chameleon')
config.include("pyramid_beaker")
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('login', '/login')
config.add_route('contact', '/contact')
config.add_route('logout', '/logout')
config.add_route('register', '/register')
config.add_route('recover', '/recover')
config.add_route('reset_password', '/recover/{key}')
config.add_route('shows', '/shows')
config.add_route('banners', '/banners/{show_id}')
config.add_route('search', '/search')
config.add_route('profile', '/profile')
config.add_route('settings_feed', '/settings/feeds')
config.add_route('settings_pw', '/settings/password')
config.add_route('settings_token', '/settings/token')
config.add_route('episodes', '/episodes')
config.add_route('feed', '/atom/{user}/{token}')
config.add_route("feeds", "/feeds")
config.add_route('ical', '/ical/{user}/{token}')
config.add_route('html', '/episodes/{user}/{token}')
config.add_route('subscribe', '/subscribe')
config.add_route('unsubscribe', '/unsubscribe')
config.add_route('setup', '/setup') # TODO remove this
config.scan()
return config.make_wsgi_app()
def setup_auth(config):
"""
Used to set up minimal authentication/authorization parameters.
"""
config.add_route('saml2-login', '/saml2/login/')
config.add_route('saml2-logout', '/saml2/logout/')
settings = config.registry.settings
extra_authn_policy = {}
if 'groups_callback' in settings:
extra_authn_policy['callback'] = settings['groups_callback']
authn_policy = SessionAuthenticationPolicy(prefix='session', **extra_authn_policy)
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
return config
def main(global_config, **settings):
session_factory = session_factory_from_settings(settings)
boto.config.load_credential_file(settings['boto_cfg'])
if not boto.config.has_section('Credentials'):
boto.config.add_section('Credentials')
#boto.config.set('Credentials','aws_access_key_id',credentials['Access Key Id'])
#boto.config.set('Credentials','aws_secret_key',credentials['Secret Access Key'])
#boto.config.set('Credentials','username',credentials['User Name'])
authn_policy = SessionAuthenticationPolicy()
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
root_factory=RootFactory,
authentication_policy=authn_policy,
authorization_policy=authz_policy,
session_factory=session_factory)
config.add_renderer('jsonp', JSONP(param_name='callback', indent=4))
config.add_route('home', '/')
config.add_route('hello', '/hello')
#config.add_view(home, route_name='home')
config.add_route('view_data', '/data')
config.add_route('edit_data', '/data/edit')
config.add_route('export_data', '/data/export')
config.add_route('authorized', '/authorized')
#config.add_view(authorized, route_name='authorized')
config.add_route('login', '/login')
config.add_route('auth', '/auth/{provider_name}')
config.add_route('logout', '/logout')
config.add_route('is_locked', '/is_locked')
config.add_route('unlock', '/unlock')
config.add_static_view('client', 'aap:static/web-aap', cache_max_age=0)
config.add_static_view('app', 'aap:static/web-aap/app', cache_max_age=0)
config.scan()
return config.make_wsgi_app()
def init_auth(config):
def user(request):
if request.authenticated_userid:
return User(request.registry.hubclient,
request.session[USER_DATA_SESSION_KEY])
return None
def verify_user_in_session(user_id, request):
user_data = request.session.get(USER_DATA_SESSION_KEY, None)
if user_data is not None and user_data['uuid'] == user_id:
return (user_id, )
return None
authn_policy = SessionAuthenticationPolicy(callback=verify_user_in_session)
authz_policy = ACLAuthorizationPolicy()
config.set_authorization_policy(authz_policy)
config.set_authentication_policy(authn_policy)
config.add_request_method(user, reify=True)
def __init__(self):
self.session_policy = SessionAuthenticationPolicy(callback=util.groupfinder)
self.token_policy = TokenAuthenticationPolicy(callback=util.groupfinder)
def __init__(self, reissue_time: int, debug: bool = False):
SessionAuthenticationPolicy.__init__(self, debug=debug, callback=None)
self._reissue_time = reissue_time
self.callback = None
