def load_form_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.method.form',
):
app = RequireEnvironKey(
app,
'paste.auth_tkt.set_user',
missing_error=(
'Missing the key %(key)s from the environ. '
'Have you added the cookie method after the form method?'))
template_conf = strip_base(auth_conf, 'template.')
if template_conf:
template_ = get_template(template_conf, prefix=prefix + 'template.')
else:
template_ = template
authenticate_conf = strip_base(auth_conf, 'authenticate.')
app, authfunc, users = get_authenticate_function(app,
authenticate_conf,
prefix=prefix +
'authenticate.',
format='basic')
charset = auth_conf.get('charset')
return app, {
'authfunc': authfunc,
'template': template_,
'charset': charset
}, None
def load_form_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.method.form',
):
app = RequireEnvironKey(
app,
'paste.auth_tkt.set_user',
missing_error=(
'Missing the key %(key)s from the environ. '
'Have you added the cookie method after the form method?'
)
)
template_conf = strip_base(auth_conf, 'template.')
if template_conf:
template_ = get_template(template_conf, prefix=prefix+'template.')
else:
template_ = template
authenticate_conf = strip_base(auth_conf, 'authenticate.')
app, authfunc, users = get_authenticate_function(
app,
authenticate_conf,
prefix=prefix+'authenticate.',
format='basic'
)
charset=auth_conf.get('charset')
method =auth_conf.get('method', 'post')
if method.lower() not in ['get','post']:
raise Exception('Form method should be GET or POST, not %s'%method)
return app, {'authfunc':authfunc, 'template':template_, 'charset':charset, 'method':method}, None
def load_cookie_config(app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.cookie.'):
badcookie_conf = strip_base(auth_conf, 'badcookie.')
template_conf = strip_base(badcookie_conf, 'template.')
if template_conf:
template_ = get_template(template_conf,
prefix=prefix + 'badcookiepage.template.')
else:
template_ = template
user_setter_params = {
'params': strip_base(auth_conf, 'params.'),
'ticket_class': AuthKitTicket,
'badcookiepage': asbool(badcookie_conf.get('page', True)),
'badcookietemplate': template_,
}
for k, v in auth_conf.items():
if not (k.startswith('params.') or k.startswith('badcookie.')):
user_setter_params[k] = v
if not user_setter_params.has_key('secret'):
raise AuthKitConfigError('No cookie secret specified under %r' %
(prefix + 'secret'))
if user_setter_params.has_key('signout'):
raise AuthKitConfigError(
'The authkit.cookie.signout option should now be named signoutpath'
)
return app, None, user_setter_params
def load_cookie_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.cookie.'
):
badcookie_conf = strip_base(auth_conf, 'badcookie.')
template_conf = strip_base(badcookie_conf, 'template.')
if template_conf:
template_ = get_template(template_conf, prefix=prefix+'badcookiepage.template.')
else:
template_ = template
user_setter_params = {
'params': strip_base(auth_conf, 'params.'),
'ticket_class':AuthKitTicket,
'badcookiepage': asbool(badcookie_conf.get('page', True)),
'badcookietemplate': template_,
}
for k,v in auth_conf.items():
if not (k.startswith('params.') or k.startswith('badcookie.')):
user_setter_params[k] = v
if not user_setter_params.has_key('secret'):
raise AuthKitConfigError(
'No cookie secret specified under %r'%(prefix+'secret')
)
if user_setter_params.has_key('signout'):
raise AuthKitConfigError(
'The authkit.cookie.signout option should now be named signoutpath'
)
return app, None, user_setter_params
def load_openid_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.openid',
):
global template
template_ = template
template_conf = strip_base(auth_conf, 'template.')
if template_conf:
template_ = get_template(template_conf, prefix=prefix+'template.')
urltouser = auth_conf.get('urltouser', None)
if isinstance(urltouser, str):
urltouser = eval_import(urltouser)
for option in ['store.type', 'store.config', 'path.signedin']:
if not auth_conf.has_key(option):
raise AuthKitConfigError(
'Missing the config key %s%s'%(prefix, option)
)
user_setter_params={
'store_type': auth_conf['store.type'],
'store_config': auth_conf['store.config'],
'baseurl': auth_conf.get('baseurl',''),
'path_signedin': auth_conf['path.signedin'],
'path_process': auth_conf.get('path.process','/process'),
'template': template_,
'urltouser': urltouser,
'charset': auth_conf.get('charset'),
'openid_form_fieldname': auth_conf.get('openid_form_fieldname'),
'force_redirect': auth_conf.get('force_redirect'),
'sreg_required': auth_conf.get('sreg.required'),
'sreg_optional': auth_conf.get('sreg.optional'),
'sreg_policyurl': auth_conf.get('sreg.policyurl'),
'session_middleware': auth_conf.get('session.middleware','beaker.session'),
}
# Add an Attribute Exchange configuration items
user_setter_params.update(_load_ax_config(auth_conf))
auth_handler_params={
'template':user_setter_params['template'],
'path_verify':auth_conf.get('path.verify', '/verify'),
'baseurl':user_setter_params['baseurl'],
'charset':user_setter_params['charset'],
'force_redirect': auth_conf.get('force_redirect', False),
'openid_form_fieldname': auth_conf.get('openid_form_fieldname', None),
}
# The following lines were suggested in #59 but I don't know
# why they are needed because you shouldn't be using the
# user management API.
# authenticate_conf = strip_base(auth_conf, 'authenticate.')
# app, authfunc, users = get_authenticate_function(
# app,
# authenticate_conf,
# prefix=prefix+'authenticate.',
# format='basic'
# )
return app, auth_handler_params, user_setter_params
def make_multi_middleware(app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.'):
# Load the configurations and any associated middleware
app, oid_auth_params, oid_user_params = load_openid_config(
app, strip_base(auth_conf, 'openid.'))
app, form_auth_params, form_user_params = load_form_config(
app, strip_base(auth_conf, 'form.'))
app, cookie_auth_params, cookie_user_params = load_cookie_config(
app, strip_base(auth_conf, 'cookie.'))
app, basic_auth_params, basic_user_params = load_basic_config(
app, strip_base(auth_conf, 'basic.'))
app, digest_auth_params, digest_user_params = load_digest_config(
app, strip_base(auth_conf, 'digest.'))
# The cookie plugin doesn't provide an AuthHandler so no config
assert cookie_auth_params == None
# The form plugin doesn't provide a UserSetter (it uses cookie)
assert form_user_params == None
# Setup the MultiHandler to switch between authentication methods
# based on the value of environ['authkit.authhandler'] if a 401 is
# raised
app = MultiHandler(app)
app.add_method('openid', OpenIDAuthHandler, **oid_auth_params)
app.add_checker('openid', EnvironKeyAuthSwitcher('openid'))
app.add_method('basic', BasicAuthHandler, **basic_auth_params)
app.add_checker('basic', EnvironKeyAuthSwitcher('basic'))
app.add_method('digest', DigestAuthHandler, **digest_auth_params)
app.add_checker('digest', EnvironKeyAuthSwitcher('digest'))
app.add_method('form', FormAuthHandler, **form_auth_params)
app.add_checker('form', Default())
# Add the user setters to set REMOTE_USER on each request once the
# user is signed on.
app = DigestUserSetter(app, **digest_user_params)
app = BasicUserSetter(app, **basic_user_params)
# OpenID relies on cookie so needs to be set up first
app = OpenIDUserSetter(app, **oid_user_params)
app = CookieUserSetter(app, **cookie_user_params)
return app
def make_multi_middleware(app, auth_conf, app_conf=None, global_conf=None,
prefix='authkit.'):
# Load the configurations and any associated middleware
app, oid_auth_params, oid_user_params = load_openid_config(
app, strip_base(auth_conf, 'openid.'))
app, form_auth_params, form_user_params = load_form_config(
app, strip_base(auth_conf, 'form.'))
app, cookie_auth_params, cookie_user_params = load_cookie_config(
app, strip_base(auth_conf, 'cookie.'))
app, basic_auth_params, basic_user_params = load_basic_config(
app, strip_base(auth_conf, 'basic.'))
app, digest_auth_params, digest_user_params = load_digest_config(
app, strip_base(auth_conf, 'digest.'))
# The cookie plugin doesn't provide an AuthHandler so no config
assert cookie_auth_params == None
# The form plugin doesn't provide a UserSetter (it uses cookie)
assert form_user_params == None
# Setup the MultiHandler to switch between authentication methods
# based on the value of environ['authkit.authhandler'] if a 401 is
# raised
app = MultiHandler(app)
app.add_method('openid', OpenIDAuthHandler, **oid_auth_params)
app.add_checker('openid', EnvironKeyAuthSwitcher('openid'))
app.add_method('basic', BasicAuthHandler, **basic_auth_params)
app.add_checker('basic', EnvironKeyAuthSwitcher('basic'))
app.add_method('digest', DigestAuthHandler, **digest_auth_params)
app.add_checker('digest', EnvironKeyAuthSwitcher('digest'))
app.add_method('form', FormAuthHandler, **form_auth_params)
app.add_checker('form', Default())
# Add the user setters to set REMOTE_USER on each request once the
# user is signed on.
app = DigestUserSetter(app, **digest_user_params)
app = BasicUserSetter(app, **basic_user_params)
# OpenID relies on cookie so needs to be set up first
app = OpenIDUserSetter(app, **oid_user_params)
app = CookieUserSetter(app, **cookie_user_params)
return app
def load_form_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.method.form',
):
app = RequireEnvironKey(
app,
'paste.auth_tkt.set_user',
missing_error=(
'Missing the key %(key)s from the environ. '
'Have you added the cookie method after the form method?'))
template_conf = strip_base(auth_conf, 'template.')
if template_conf:
template_ = get_template(template_conf, prefix=prefix + 'template.')
else:
template_ = template
authenticate_conf = strip_base(auth_conf, 'authenticate.')
app, authfunc, users = get_authenticate_function(app,
authenticate_conf,
prefix=prefix +
'authenticate.',
format='basic')
charset = auth_conf.get('charset')
method = auth_conf.get('method', 'post')
action = auth_conf.get('action')
user_data = auth_conf.get('userdata')
if method.lower() not in ['get', 'post']:
raise Exception('Form method should be GET or POST, not %s' % method)
return app, {
'authfunc': authfunc,
'template': template_,
'charset': charset,
'method': method,
'action': action,
'user_data': user_data or None,
}, None
def load_google_config(app, auth_conf, app_conf, global_conf, prefix):
authenticate_conf = strip_base(auth_conf, "authenticate.")
app, authfunc, users = get_authenticate_function(
app, authenticate_conf, prefix=prefix + "authenticate.", format="basic"
)
auth_handler_params = {"authfunc": authfunc}
user_setter_params = {
"signout_path": auth_conf.get("signoutpath", None),
"admin_role": auth_conf.get("adminrole", None),
}
return app, auth_handler_params, user_setter_params
def load_basic_config(app, auth_conf, app_conf=None, global_conf=None, prefix="authkit.basic"):
auth_handler_params = {}
user_setter_params = {}
authenticate_conf = strip_base(auth_conf, "authenticate.")
app, authfunc, users = get_authenticate_function(
app, authenticate_conf, prefix=prefix + "authenticate.", format="basic"
)
realm = auth_conf.get("realm", "AuthKit")
auth_handler_params["realm"] = realm
auth_handler_params["authfunc"] = authfunc
user_setter_params["realm"] = realm
user_setter_params["authfunc"] = authfunc
user_setter_params["users"] = users
return app, auth_handler_params, user_setter_params
def load_openid_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.openid',
):
global template
template_ = template
template_conf = strip_base(auth_conf, 'template.')
if template_conf:
template_ = get_template(template_conf, prefix=prefix + 'template.')
urltouser = auth_conf.get('urltouser', None)
if isinstance(urltouser, str):
urltouser = eval_import(urltouser)
for option in ['store.type', 'store.config', 'path.signedin']:
if not auth_conf.has_key(option):
raise AuthKitConfigError('Missing the config key %s%s' %
(prefix, option))
user_setter_params = {
'store_type': auth_conf['store.type'],
'store_config': auth_conf['store.config'],
'baseurl': auth_conf.get('baseurl', ''),
'path_signedin': auth_conf['path.signedin'],
'path_process': auth_conf.get('path.process', '/process'),
'template': template_,
'urltouser': urltouser,
'charset': auth_conf.get('charset'),
'sreg_required': auth_conf.get('sreg.required'),
'sreg_optional': auth_conf.get('sreg.optional'),
'sreg_policyurl': auth_conf.get('sreg.policyurl'),
# XXX This need to actually be configurable, not hard coded
'session_secret': 'asdasd',
'session_key': 'authkit_openid',
'session_middleware': 'beaker.session',
}
if user_setter_params['session_middleware'] == 'beaker.session':
if not user_setter_params['session_secret']:
raise AuthKitConfigError('No session_secret set')
auth_handler_params = {
'template': user_setter_params['template'],
'path_verify': auth_conf.get('path.verify', '/verify'),
'baseurl': user_setter_params['baseurl'],
'charset': user_setter_params['charset'],
}
return app, auth_handler_params, user_setter_params
def load_openid_config(app, auth_conf, app_conf=None, global_conf=None, prefix="authkit.openid"):
global template
template_ = template
template_conf = strip_base(auth_conf, "template.")
if template_conf:
template_ = get_template(template_conf, prefix=prefix + "template.")
urltouser = auth_conf.get("urltouser", None)
if isinstance(urltouser, str):
urltouser = eval_import(urltouser)
for option in ["store.type", "store.config", "path.signedin"]:
if not auth_conf.has_key(option):
raise AuthKitConfigError("Missing the config key %s%s" % (prefix, option))
user_setter_params = {
"store_type": auth_conf["store.type"],
"store_config": auth_conf["store.config"],
"baseurl": auth_conf.get("baseurl", ""),
"path_signedin": auth_conf["path.signedin"],
"path_process": auth_conf.get("path.process", "/process"),
"template": template_,
"urltouser": urltouser,
"charset": auth_conf.get("charset"),
"sreg_required": auth_conf.get("sreg.required"),
"sreg_optional": auth_conf.get("sreg.optional"),
"sreg_policyurl": auth_conf.get("sreg.policyurl"),
"session_middleware": auth_conf.get("session.middleware", "beaker.session"),
}
auth_handler_params = {
"template": user_setter_params["template"],
"path_verify": auth_conf.get("path.verify", "/verify"),
"baseurl": user_setter_params["baseurl"],
"charset": user_setter_params["charset"],
}
# The following lines were suggested in #59 but I don't know
# why they are needed because you shouldn't be using the
# user management API.
# authenticate_conf = strip_base(auth_conf, 'authenticate.')
# app, authfunc, users = get_authenticate_function(
# app,
# authenticate_conf,
# prefix=prefix+'authenticate.',
# format='basic'
# )
return app, auth_handler_params, user_setter_params
def load_openid_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.openid',
):
global template
template_ = template
template_conf = strip_base(auth_conf, 'template.')
if template_conf:
template_ = get_template(template_conf, prefix=prefix+'template.')
urltouser = auth_conf.get('urltouser', None)
if isinstance(urltouser, str):
urltouser = eval_import(urltouser)
for option in ['store.type', 'store.config', 'path.signedin']:
if not auth_conf.has_key(option):
raise AuthKitConfigError(
'Missing the config key %s%s'%(prefix, option)
)
user_setter_params={
'store_type': auth_conf['store.type'],
'store_config': auth_conf['store.config'],
'baseurl': auth_conf.get('baseurl',''),
'path_signedin': auth_conf['path.signedin'],
'path_process': auth_conf.get('path.process','/process'),
'template': template_,
'urltouser': urltouser,
'charset': auth_conf.get('charset'),
'sreg_required': auth_conf.get('sreg.required'),
'sreg_optional': auth_conf.get('sreg.optional'),
'sreg_policyurl': auth_conf.get('sreg.policyurl'),
'session_middleware': 'beaker.session',
}
auth_handler_params={
'template':user_setter_params['template'],
'path_verify':auth_conf.get('path.verify', '/verify'),
'baseurl':user_setter_params['baseurl'],
'charset':user_setter_params['charset'],
}
return app, auth_handler_params, user_setter_params
def load_cookie_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.cookie.'
):
user_setter_params = {
'params': strip_base(auth_conf, 'params.'),
'ticket_class':AuthKitTicket,
}
for k,v in auth_conf.items():
if not k.startswith('params.'):
user_setter_params[k] = v
if not user_setter_params.has_key('secret'):
raise AuthKitConfigError(
'No cookie secret specified under %r'%(prefix+'secret')
)
if user_setter_params.has_key('signout'):
raise AuthKitConfigError(
'The authkit.cookie.signout option should now be named signoutpath'
)
return app, None, user_setter_params
def load_cookie_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.cookie.'
):
user_setter_params = {
'params': strip_base(auth_conf, 'params.'),
'ticket_class':AuthKitTicket,
}
for k,v in auth_conf.items():
if not k.startswith('params.'):
user_setter_params[k] = v
if not user_setter_params.has_key('secret'):
raise AuthKitConfigError(
'No cookie secret specified under %r'%(prefix+'secret')
)
if user_setter_params.has_key('signout'):
raise AuthKitConfigError(
'The authkit.cookie.signout option should now be named signoutpath'
)
return app, None, user_setter_params
def load_basic_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.basic',
):
auth_handler_params = {}
user_setter_params = {}
authenticate_conf = strip_base(auth_conf, 'authenticate.')
app, authfunc, users = get_authenticate_function(app,
authenticate_conf,
prefix=prefix +
'authenticate.',
format='basic')
realm = auth_conf.get('realm', 'AuthKit')
auth_handler_params['realm'] = realm
auth_handler_params['authfunc'] = authfunc
user_setter_params['realm'] = realm
user_setter_params['authfunc'] = authfunc
user_setter_params['users'] = users
return app, auth_handler_params, user_setter_params
def load_digest_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.digest',
):
auth_handler_params = {}
user_setter_params = {}
authenticate_conf = strip_base(auth_conf, 'authenticate.')
app, authfunc, users = get_authenticate_function(
app,
authenticate_conf,
prefix=prefix+'authenticate.',
format='digest'
)
realm = auth_conf.get('realm', 'AuthKit')
auth_handler_params['realm'] = realm
auth_handler_params['authfunc'] = authfunc
user_setter_params['realm'] = realm
user_setter_params['authfunc'] = authfunc
user_setter_params['users'] = users
return app, auth_handler_params, user_setter_params
def load_openid_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.openid',
):
global template
template_ = template
template_conf = strip_base(auth_conf, 'template.')
if template_conf:
template_ = get_template(template_conf, prefix=prefix + 'template.')
urltouser = auth_conf.get('urltouser', None)
if isinstance(urltouser, str):
urltouser = eval_import(urltouser)
for option in ['store.type', 'store.config', 'path.signedin']:
if not auth_conf.has_key(option):
raise AuthKitConfigError('Missing the config key %s%s' %
(prefix, option))
user_setter_params = {
'store_type':
auth_conf['store.type'],
'store_config':
auth_conf['store.config'],
'baseurl':
auth_conf.get('baseurl', ''),
'path_signedin':
auth_conf['path.signedin'],
'path_process':
auth_conf.get('path.process', '/process'),
'template':
template_,
'urltouser':
urltouser,
'charset':
auth_conf.get('charset'),
'sreg_required':
auth_conf.get('sreg.required'),
'sreg_optional':
auth_conf.get('sreg.optional'),
'sreg_policyurl':
auth_conf.get('sreg.policyurl'),
'session_middleware':
auth_conf.get('session.middleware', 'beaker.session'),
}
# Add an Attribute Exchange configuration items
user_setter_params.update(_load_ax_config(auth_conf))
auth_handler_params = {
'template': user_setter_params['template'],
'path_verify': auth_conf.get('path.verify', '/verify'),
'baseurl': user_setter_params['baseurl'],
'charset': user_setter_params['charset'],
}
# The following lines were suggested in #59 but I don't know
# why they are needed because you shouldn't be using the
# user management API.
# authenticate_conf = strip_base(auth_conf, 'authenticate.')
# app, authfunc, users = get_authenticate_function(
# app,
# authenticate_conf,
# prefix=prefix+'authenticate.',
# format='basic'
# )
return app, auth_handler_params, user_setter_params
