Exemplo n.º 1
0
 def test_skip_authentication_is_not_boolean(self):
     identifiers = [('cookie', AuthTktCookiePlugin('something'))]
     authenticators = challengers = mdproviders = []
     # Skipping authentication:
     mw = make_middleware('True', None, identifiers, authenticators,
                          challengers, mdproviders, None, None)
     self.assertEqual(mw.__class__, AuthenticationForgerMiddleware)
     # With authentication:
     mw = make_middleware('False', None, identifiers, authenticators,
                          challengers, mdproviders, None, None)
     self.assertEqual(mw.__class__, PluggableAuthenticationMiddleware)
     # With skip_authentication==None -> authentication enabled:
     mw = make_middleware(None, None, identifiers, authenticators,
                          challengers, mdproviders, None, None)
     self.assertEqual(mw.__class__, PluggableAuthenticationMiddleware)
Exemplo n.º 2
0
 def add_auth_middleware(self, app, skip_authentication):
     """
     Configure authentication and authorization.
     
     :param app: The TG2 application.
     :param skip_authentication: Should authentication be skipped if
         explicitly requested? (used by repoze.who-testutil)
     :type skip_authentication: bool
             
     """
     if asbool(config.get('loom.profile', False)):
         log.debug('Setting up profiling middleware')
         app = AccumulatingProfileMiddleware(
                                             app,
                                             log_filename='/home/volkmuth/profile/app.log',
                                             cachegrind_filename='/home/volkmuth/profile/cachegrind.out.app',
                                             discard_first_request=False,
                                             flush_at_shutdown=True,
                                             path='/__profile__')
     parser = WhoConfig(config['here'])
     parser.parse(open(config.get('who.config_file', 'who.ini')))
     app = make_middleware(skip_authentication, app,
                           parser.identifiers,
                           parser.authenticators,
                           parser.challengers,
                           parser.mdproviders,
                           parser.request_classifier,
                           parser.challenge_decider,
                           remote_user_key=parser.remote_user_key)
     #app = make_who_with_config(app, config, config.get('who.config_file','who.ini'),
     #                           config.get('who.log_file','stdout'), config.get('who.log_level','debug'),
     #                           skip_authentication
     #                           )
     app = ModuleMiddleware(app)
     return app
Exemplo n.º 3
0
 def test_without_skipping_authentication(self):
     identifiers = [('cookie', AuthTktCookiePlugin('something'))]
     authenticators = challengers = mdproviders = []
     mw = make_middleware(False, None, identifiers, authenticators,
                          challengers, mdproviders, None, None)
     assert isinstance(mw, PluggableAuthenticationMiddleware)
     # Checking the identifiers:
     final_identifiers = mw.registry[IIdentifier]
     self.assertEqual(1, len(final_identifiers))
     assert isinstance(final_identifiers[0], AuthTktCookiePlugin)
     # Checking the other plugins:
     assert IAuthenticator not in mw.registry
     assert IChallenger not in mw.registry
     assert IMetadataProvider not in mw.registry
     # Checking REMOTE_USER keys:
     self.assertEqual(mw.remote_user_key, 'REMOTE_USER')
Exemplo n.º 4
0
def setup_ming_auth(app, skip_authentication, **auth_args):
    from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
    from repoze.who.plugins.friendlyform import FriendlyFormPlugin

    cookie_secret = auth_args.get('cookie_secret', 'secret')
    cookie_name = auth_args.get('cookie_name', 'authtkt')

    form_plugin = FriendlyFormPlugin(auth_args.get('login_url', '/login'),
                                     auth_args.get('login_handler', '/login_handler'),
                                     auth_args['post_login_url'],
                                     auth_args.get('logout_handler', '/logout_handler'),
                                     auth_args['post_logout_url'],
                                     login_counter_name=auth_args.get('login_counter_name'),
                                     rememberer_name='cookie')

    challengers = [('form', form_plugin)]

    auth = MingAuthenticatorPlugin(user_class=auth_args['user_class'])
    authenticators = [('mingauth', auth)]

    cookie = AuthTktCookiePlugin(cookie_secret, cookie_name)
    identifiers = [('cookie', cookie), ('form', form_plugin)]

    provider = MingUserMDPlugin(user_class=auth_args['user_class'])
    mdproviders = [('ming_user_md', provider)]

    from repoze.who.plugins.testutil import make_middleware
    from repoze.who.classifiers import default_request_classifier
    from repoze.who.classifiers import default_challenge_decider

    app = make_middleware(skip_authentication,
        app,
        identifiers=identifiers,
        authenticators=authenticators,
        challengers=challengers,
        mdproviders=mdproviders,
        classifier=default_request_classifier,
        challenge_decider=default_challenge_decider)

    return app
Exemplo n.º 5
0
 def test_skipping_authentication(self):
     identifiers = [('cookie', AuthTktCookiePlugin('something'))]
     authenticators = challengers = mdproviders = []
     mw = make_middleware(True, None, identifiers, authenticators,
                          challengers, mdproviders, None, None)
     assert isinstance(mw, AuthenticationForgerMiddleware)
     # Checking the identifiers:
     final_identifiers = mw.registry[IIdentifier]
     self.assertEqual(2, len(final_identifiers))
     assert isinstance(final_identifiers[0], AuthenticationForgerPlugin)
     assert isinstance(final_identifiers[1], AuthTktCookiePlugin)
     # Checking the other plugins:
     auth_forger = final_identifiers[0]
     self.assertEqual([auth_forger], mw.registry[IAuthenticator])
     self.assertEqual([auth_forger], mw.registry[IChallenger])
     assert IMetadataProvider not in mw.registry
     # Checking REMOTE_USER keys:
     self.assertEqual(mw.remote_user_key, 'repoze.who.testutil.userid')
     self.assertEqual(mw.actual_remote_user_key, 'REMOTE_USER')
     # Finally, let's check the AuthenticationForgerPlugin in detail:
     self.assertEqual(auth_forger.fake_user_key, 'REMOTE_USER')
     self.assertEqual(auth_forger.remote_user_key,
                      'repoze.who.testutil.userid')
Exemplo n.º 6
0
def setup_auth(app, group_adapters=None, permission_adapters=None, **who_args):
    """
    Setup :mod:`repoze.who` with :mod:`repoze.what` support.
    
    :param app: The WSGI application object.
    :param group_adapters: The group source adapters to be used.
    :type group_adapters: dict
    :param permission_adapters: The permission source adapters to be used.
    :type permission_adapters: dict
    :param who_args: Authentication-related keyword arguments to be passed to
        :mod:`repoze.who`.
    :return: The WSGI application with authentication and authorization
        middleware.
    
    .. tip::
        If you are looking for an easier way to get started, you may want to
        use :mod:`the quickstart plugin <repoze.what.plugins.quickstart>` and
        its :func:`setup_sql_auth() 
        <repoze.what.plugins.quickstart.setup_sql_auth>` function.
    
    You must define the ``group_adapters`` and ``permission_adapters``
    keyword arguments if you want to use the groups/permissions-based
    authorization pattern.
    
    Additional keyword arguments will be passed to
    :func:`repoze.who.plugins.testutil.make_middleware` -- and
    among those keyword arguments, you *must* define at least the identifier(s),
    authenticator(s) and challenger(s) to be used. For example::
        
        from repoze.who.plugins.basicauth import BasicAuthPlugin
        from repoze.who.plugins.htpasswd import HTPasswdPlugin, crypt_check
        
        from repoze.what.middleware import setup_auth
        from repoze.what.plugins.xml import XMLGroupsAdapter
        from repoze.what.plugins.ini import INIPermissionAdapter

        # Defining the group adapters; you may add as much as you need:
        groups = {'all_groups': XMLGroupsAdapter('/path/to/groups.xml')}

        # Defining the permission adapters; you may add as much as you need:
        permissions = {'all_perms': INIPermissionAdapter('/path/to/perms.ini')}

        # repoze.who identifiers; you may add as much as you need:
        basicauth = BasicAuthPlugin('Private web site')
        identifiers = [('basicauth', basicauth)]

        # repoze.who authenticators; you may add as much as you need:
        htpasswd_auth = HTPasswdPlugin('/path/to/users.htpasswd', crypt_check)
        authenticators = [('htpasswd', htpasswd_auth)]

        # repoze.who challengers; you may add as much as you need:
        challengers = [('basicauth', basicauth)]

        app_with_auth = setup_auth(
            app,
            groups,
            permissions,
            identifiers=identifiers,
            authenticators=authenticators,
            challengers=challengers)
    
    .. attention::
        Keep in mind that :mod:`repoze.who` must be configured `through`
        :mod:`repoze.what` for authorization to work.
    
    .. note::
        If you want to skip authentication while testing your application,
        you should pass the ``skip_authentication`` keyword argument with a
        value that evaluates to ``True``.
    
    .. versionchanged:: 1.0.5
        :class:`repoze.who.middleware.PluggableAuthenticationMiddleware`
        replaced with :func:`repoze.who.plugins.testutil.make_middleware`
        internally.
    
    """
    authorization = AuthorizationMetadata(group_adapters,
                                          permission_adapters)
    
    if 'mdproviders' not in who_args:
        who_args['mdproviders'] = []
    
    who_args['mdproviders'].append(('authorization_md', authorization))
    
    if 'classifier' not in who_args:
        who_args['classifier'] = default_request_classifier
    
    if 'challenge_decider' not in who_args:
        who_args['challenge_decider'] = default_challenge_decider
    
    auth_log = os.environ.get('AUTH_LOG', '') == '1'
    if auth_log:
        import sys
        who_args['log_stream'] = sys.stdout
    
    skip_authn = who_args.pop('skip_authentication', False)
    middleware = make_middleware(skip_authn, app, **who_args)
    return middleware
Exemplo n.º 7
0
def setup_auth(app, group_adapters=None, permission_adapters=None, **who_args):
    """
    Setup :mod:`repoze.who` with :mod:`repoze.what` support.
    
    :param app: The WSGI application object.
    :param group_adapters: The group source adapters to be used.
    :type group_adapters: dict
    :param permission_adapters: The permission source adapters to be used.
    :type permission_adapters: dict
    :param who_args: Authentication-related keyword arguments to be passed to
        :mod:`repoze.who`.
    :return: The WSGI application with authentication and authorization
        middleware.
    
    .. tip::
        If you are looking for an easier way to get started, you may want to
        use :mod:`the quickstart plugin <repoze.what.plugins.quickstart>` and
        its :func:`setup_sql_auth() 
        <repoze.what.plugins.quickstart.setup_sql_auth>` function.
    
    You must define the ``group_adapters`` and ``permission_adapters``
    keyword arguments if you want to use the groups/permissions-based
    authorization pattern.
    
    Additional keyword arguments will be passed to
    :func:`repoze.who.plugins.testutil.make_middleware` -- and
    among those keyword arguments, you *must* define at least the identifier(s),
    authenticator(s) and challenger(s) to be used. For example::
        
        from repoze.who.plugins.basicauth import BasicAuthPlugin
        from repoze.who.plugins.htpasswd import HTPasswdPlugin, crypt_check
        
        from repoze.what.middleware import setup_auth
        from repoze.what.plugins.xml import XMLGroupsAdapter
        from repoze.what.plugins.ini import INIPermissionAdapter

        # Defining the group adapters; you may add as much as you need:
        groups = {'all_groups': XMLGroupsAdapter('/path/to/groups.xml')}

        # Defining the permission adapters; you may add as much as you need:
        permissions = {'all_perms': INIPermissionAdapter('/path/to/perms.ini')}

        # repoze.who identifiers; you may add as much as you need:
        basicauth = BasicAuthPlugin('Private web site')
        identifiers = [('basicauth', basicauth)]

        # repoze.who authenticators; you may add as much as you need:
        htpasswd_auth = HTPasswdPlugin('/path/to/users.htpasswd', crypt_check)
        authenticators = [('htpasswd', htpasswd_auth)]

        # repoze.who challengers; you may add as much as you need:
        challengers = [('basicauth', basicauth)]

        app_with_auth = setup_auth(
            app,
            groups,
            permissions,
            identifiers=identifiers,
            authenticators=authenticators,
            challengers=challengers)
    
    .. attention::
        Keep in mind that :mod:`repoze.who` must be configured `through`
        :mod:`repoze.what` for authorization to work.
    
    .. note::
        If you want to skip authentication while testing your application,
        you should pass the ``skip_authentication`` keyword argument with a
        value that evaluates to ``True``.
    
    .. versionchanged:: 1.0.5
        :class:`repoze.who.middleware.PluggableAuthenticationMiddleware`
        replaced with :func:`repoze.who.plugins.testutil.make_middleware`
        internally.
    
    """
    authorization = AuthorizationMetadata(group_adapters, permission_adapters)

    if 'mdproviders' not in who_args:
        who_args['mdproviders'] = []

    who_args['mdproviders'].append(('authorization_md', authorization))

    if 'classifier' not in who_args:
        who_args['classifier'] = default_request_classifier

    if 'challenge_decider' not in who_args:
        who_args['challenge_decider'] = default_challenge_decider

    auth_log = os.environ.get('AUTH_LOG', '') == '1'
    if auth_log:
        import sys
        who_args['log_stream'] = sys.stdout

    skip_authn = who_args.pop('skip_authentication', False)
    middleware = make_middleware(skip_authn, app, **who_args)
    return middleware