def test_skip_authentication_is_not_boolean(self):
identifiers = [('cookie', AuthTktCookiePlugin('something'))]
authenticators = challengers = mdproviders = []
# Skipping authentication:
mw = make_middleware('True', None, identifiers, authenticators,
challengers, mdproviders, None, None)
self.assertEqual(mw.__class__, AuthenticationForgerMiddleware)
# With authentication:
mw = make_middleware('False', None, identifiers, authenticators,
challengers, mdproviders, None, None)
self.assertEqual(mw.__class__, PluggableAuthenticationMiddleware)
# With skip_authentication==None -> authentication enabled:
mw = make_middleware(None, None, identifiers, authenticators,
challengers, mdproviders, None, None)
self.assertEqual(mw.__class__, PluggableAuthenticationMiddleware)
def add_auth_middleware(self, app, skip_authentication):
"""
Configure authentication and authorization.
:param app: The TG2 application.
:param skip_authentication: Should authentication be skipped if
explicitly requested? (used by repoze.who-testutil)
:type skip_authentication: bool
"""
if asbool(config.get('loom.profile', False)):
log.debug('Setting up profiling middleware')
app = AccumulatingProfileMiddleware(
app,
log_filename='/home/volkmuth/profile/app.log',
cachegrind_filename='/home/volkmuth/profile/cachegrind.out.app',
discard_first_request=False,
flush_at_shutdown=True,
path='/__profile__')
parser = WhoConfig(config['here'])
parser.parse(open(config.get('who.config_file', 'who.ini')))
app = make_middleware(skip_authentication, app,
parser.identifiers,
parser.authenticators,
parser.challengers,
parser.mdproviders,
parser.request_classifier,
parser.challenge_decider,
remote_user_key=parser.remote_user_key)
#app = make_who_with_config(app, config, config.get('who.config_file','who.ini'),
# config.get('who.log_file','stdout'), config.get('who.log_level','debug'),
# skip_authentication
# )
app = ModuleMiddleware(app)
return app
def test_without_skipping_authentication(self):
identifiers = [('cookie', AuthTktCookiePlugin('something'))]
authenticators = challengers = mdproviders = []
mw = make_middleware(False, None, identifiers, authenticators,
challengers, mdproviders, None, None)
assert isinstance(mw, PluggableAuthenticationMiddleware)
# Checking the identifiers:
final_identifiers = mw.registry[IIdentifier]
self.assertEqual(1, len(final_identifiers))
assert isinstance(final_identifiers[0], AuthTktCookiePlugin)
# Checking the other plugins:
assert IAuthenticator not in mw.registry
assert IChallenger not in mw.registry
assert IMetadataProvider not in mw.registry
# Checking REMOTE_USER keys:
self.assertEqual(mw.remote_user_key, 'REMOTE_USER')
def setup_ming_auth(app, skip_authentication, **auth_args):
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
from repoze.who.plugins.friendlyform import FriendlyFormPlugin
cookie_secret = auth_args.get('cookie_secret', 'secret')
cookie_name = auth_args.get('cookie_name', 'authtkt')
form_plugin = FriendlyFormPlugin(auth_args.get('login_url', '/login'),
auth_args.get('login_handler', '/login_handler'),
auth_args['post_login_url'],
auth_args.get('logout_handler', '/logout_handler'),
auth_args['post_logout_url'],
login_counter_name=auth_args.get('login_counter_name'),
rememberer_name='cookie')
challengers = [('form', form_plugin)]
auth = MingAuthenticatorPlugin(user_class=auth_args['user_class'])
authenticators = [('mingauth', auth)]
cookie = AuthTktCookiePlugin(cookie_secret, cookie_name)
identifiers = [('cookie', cookie), ('form', form_plugin)]
provider = MingUserMDPlugin(user_class=auth_args['user_class'])
mdproviders = [('ming_user_md', provider)]
from repoze.who.plugins.testutil import make_middleware
from repoze.who.classifiers import default_request_classifier
from repoze.who.classifiers import default_challenge_decider
app = make_middleware(skip_authentication,
app,
identifiers=identifiers,
authenticators=authenticators,
challengers=challengers,
mdproviders=mdproviders,
classifier=default_request_classifier,
challenge_decider=default_challenge_decider)
return app
def test_skipping_authentication(self):
identifiers = [('cookie', AuthTktCookiePlugin('something'))]
authenticators = challengers = mdproviders = []
mw = make_middleware(True, None, identifiers, authenticators,
challengers, mdproviders, None, None)
assert isinstance(mw, AuthenticationForgerMiddleware)
# Checking the identifiers:
final_identifiers = mw.registry[IIdentifier]
self.assertEqual(2, len(final_identifiers))
assert isinstance(final_identifiers[0], AuthenticationForgerPlugin)
assert isinstance(final_identifiers[1], AuthTktCookiePlugin)
# Checking the other plugins:
auth_forger = final_identifiers[0]
self.assertEqual([auth_forger], mw.registry[IAuthenticator])
self.assertEqual([auth_forger], mw.registry[IChallenger])
assert IMetadataProvider not in mw.registry
# Checking REMOTE_USER keys:
self.assertEqual(mw.remote_user_key, 'repoze.who.testutil.userid')
self.assertEqual(mw.actual_remote_user_key, 'REMOTE_USER')
# Finally, let's check the AuthenticationForgerPlugin in detail:
self.assertEqual(auth_forger.fake_user_key, 'REMOTE_USER')
self.assertEqual(auth_forger.remote_user_key,
'repoze.who.testutil.userid')
def setup_auth(app, group_adapters=None, permission_adapters=None, **who_args):
"""
Setup :mod:`repoze.who` with :mod:`repoze.what` support.
:param app: The WSGI application object.
:param group_adapters: The group source adapters to be used.
:type group_adapters: dict
:param permission_adapters: The permission source adapters to be used.
:type permission_adapters: dict
:param who_args: Authentication-related keyword arguments to be passed to
:mod:`repoze.who`.
:return: The WSGI application with authentication and authorization
middleware.
.. tip::
If you are looking for an easier way to get started, you may want to
use :mod:`the quickstart plugin <repoze.what.plugins.quickstart>` and
its :func:`setup_sql_auth()
<repoze.what.plugins.quickstart.setup_sql_auth>` function.
You must define the ``group_adapters`` and ``permission_adapters``
keyword arguments if you want to use the groups/permissions-based
authorization pattern.
Additional keyword arguments will be passed to
:func:`repoze.who.plugins.testutil.make_middleware` -- and
among those keyword arguments, you *must* define at least the identifier(s),
authenticator(s) and challenger(s) to be used. For example::
from repoze.who.plugins.basicauth import BasicAuthPlugin
from repoze.who.plugins.htpasswd import HTPasswdPlugin, crypt_check
from repoze.what.middleware import setup_auth
from repoze.what.plugins.xml import XMLGroupsAdapter
from repoze.what.plugins.ini import INIPermissionAdapter
# Defining the group adapters; you may add as much as you need:
groups = {'all_groups': XMLGroupsAdapter('/path/to/groups.xml')}
# Defining the permission adapters; you may add as much as you need:
permissions = {'all_perms': INIPermissionAdapter('/path/to/perms.ini')}
# repoze.who identifiers; you may add as much as you need:
basicauth = BasicAuthPlugin('Private web site')
identifiers = [('basicauth', basicauth)]
# repoze.who authenticators; you may add as much as you need:
htpasswd_auth = HTPasswdPlugin('/path/to/users.htpasswd', crypt_check)
authenticators = [('htpasswd', htpasswd_auth)]
# repoze.who challengers; you may add as much as you need:
challengers = [('basicauth', basicauth)]
app_with_auth = setup_auth(
app,
groups,
permissions,
identifiers=identifiers,
authenticators=authenticators,
challengers=challengers)
.. attention::
Keep in mind that :mod:`repoze.who` must be configured `through`
:mod:`repoze.what` for authorization to work.
.. note::
If you want to skip authentication while testing your application,
you should pass the ``skip_authentication`` keyword argument with a
value that evaluates to ``True``.
.. versionchanged:: 1.0.5
:class:`repoze.who.middleware.PluggableAuthenticationMiddleware`
replaced with :func:`repoze.who.plugins.testutil.make_middleware`
internally.
"""
authorization = AuthorizationMetadata(group_adapters,
permission_adapters)
if 'mdproviders' not in who_args:
who_args['mdproviders'] = []
who_args['mdproviders'].append(('authorization_md', authorization))
if 'classifier' not in who_args:
who_args['classifier'] = default_request_classifier
if 'challenge_decider' not in who_args:
who_args['challenge_decider'] = default_challenge_decider
auth_log = os.environ.get('AUTH_LOG', '') == '1'
if auth_log:
import sys
who_args['log_stream'] = sys.stdout
skip_authn = who_args.pop('skip_authentication', False)
middleware = make_middleware(skip_authn, app, **who_args)
return middleware
def setup_auth(app, group_adapters=None, permission_adapters=None, **who_args):
"""
Setup :mod:`repoze.who` with :mod:`repoze.what` support.
:param app: The WSGI application object.
:param group_adapters: The group source adapters to be used.
:type group_adapters: dict
:param permission_adapters: The permission source adapters to be used.
:type permission_adapters: dict
:param who_args: Authentication-related keyword arguments to be passed to
:mod:`repoze.who`.
:return: The WSGI application with authentication and authorization
middleware.
.. tip::
If you are looking for an easier way to get started, you may want to
use :mod:`the quickstart plugin <repoze.what.plugins.quickstart>` and
its :func:`setup_sql_auth()
<repoze.what.plugins.quickstart.setup_sql_auth>` function.
You must define the ``group_adapters`` and ``permission_adapters``
keyword arguments if you want to use the groups/permissions-based
authorization pattern.
Additional keyword arguments will be passed to
:func:`repoze.who.plugins.testutil.make_middleware` -- and
among those keyword arguments, you *must* define at least the identifier(s),
authenticator(s) and challenger(s) to be used. For example::
from repoze.who.plugins.basicauth import BasicAuthPlugin
from repoze.who.plugins.htpasswd import HTPasswdPlugin, crypt_check
from repoze.what.middleware import setup_auth
from repoze.what.plugins.xml import XMLGroupsAdapter
from repoze.what.plugins.ini import INIPermissionAdapter
# Defining the group adapters; you may add as much as you need:
groups = {'all_groups': XMLGroupsAdapter('/path/to/groups.xml')}
# Defining the permission adapters; you may add as much as you need:
permissions = {'all_perms': INIPermissionAdapter('/path/to/perms.ini')}
# repoze.who identifiers; you may add as much as you need:
basicauth = BasicAuthPlugin('Private web site')
identifiers = [('basicauth', basicauth)]
# repoze.who authenticators; you may add as much as you need:
htpasswd_auth = HTPasswdPlugin('/path/to/users.htpasswd', crypt_check)
authenticators = [('htpasswd', htpasswd_auth)]
# repoze.who challengers; you may add as much as you need:
challengers = [('basicauth', basicauth)]
app_with_auth = setup_auth(
app,
groups,
permissions,
identifiers=identifiers,
authenticators=authenticators,
challengers=challengers)
.. attention::
Keep in mind that :mod:`repoze.who` must be configured `through`
:mod:`repoze.what` for authorization to work.
.. note::
If you want to skip authentication while testing your application,
you should pass the ``skip_authentication`` keyword argument with a
value that evaluates to ``True``.
.. versionchanged:: 1.0.5
:class:`repoze.who.middleware.PluggableAuthenticationMiddleware`
replaced with :func:`repoze.who.plugins.testutil.make_middleware`
internally.
"""
authorization = AuthorizationMetadata(group_adapters, permission_adapters)
if 'mdproviders' not in who_args:
who_args['mdproviders'] = []
who_args['mdproviders'].append(('authorization_md', authorization))
if 'classifier' not in who_args:
who_args['classifier'] = default_request_classifier
if 'challenge_decider' not in who_args:
who_args['challenge_decider'] = default_challenge_decider
auth_log = os.environ.get('AUTH_LOG', '') == '1'
if auth_log:
import sys
who_args['log_stream'] = sys.stdout
skip_authn = who_args.pop('skip_authentication', False)
middleware = make_middleware(skip_authn, app, **who_args)
return middleware
