Пример #1
0
def _base_plugin_maker(user_class=None, dbsession=None):
    """
    Turn ``userclass`` and ``dbsession`` into Python objects.
    
    """

    if user_class is None:
        raise ValueError("user_class must not be None")
    if dbsession is None:
        raise ValueError("dbsession must not be None")
    return resolveDotted(user_class), resolveDotted(dbsession)
Пример #2
0
def _base_plugin_maker(user_class=None, dbsession=None):
    """
    Turn ``userclass`` and ``dbsession`` into Python objects.
    
    """
    
    if user_class is None:
        raise ValueError('user_class must not be None')
    if dbsession is None:
        raise ValueError('dbsession must not be None')
    return resolveDotted(user_class), resolveDotted(dbsession)
def make_identification_plugin(
    fb_connect_field="fb_connect",
    db_session=None,
    user_class=None,
    fb_user_class=None,
    session_name=None,
    login_handler_path=None,
    logout_handler_paths=None,
    login_form_url=None,
    error_field='error',
    logged_in_url=None,
    logged_out_url=None,
    came_from_field='came_from',
    rememberer_name=None,
    md_provider_name='facebook_connect_md',
    fields='',
):
    if login_form_url is None:
        raise ValueError("login_form_url needs to be given")
    if rememberer_name is None:
        raise ValueError("rememberer_name needs to be given")
    if login_handler_path is None:
        raise ValueError("login_handler_path needs to be given")
    if logout_handler_paths is None:
        raise ValueError("logout_handler_paths needs to be given")
    if session_name is None:
        raise ValueError("session_name needs to be given")
    if logged_in_url is None:
        raise ValueError("logged_in_url needs to be given")
    if logged_out_url is None:
        raise ValueError("logged_out_url needs to be given")

    fields = [attr.strip(',') for attr in fields.split()] or None

    plugin = FacebookConnectIdentificationPlugin(
        fb_connect_field=fb_connect_field,
        error_field=error_field,
        db_session=resolveDotted(db_session),
        user_class=resolveDotted(user_class),
        fb_user_class=resolveDotted(fb_user_class),
        session_name=session_name,
        login_form_url=login_form_url,
        login_handler_path=login_handler_path,
        logout_handler_paths=logout_handler_paths,
        logged_in_url=logged_in_url,
        logged_out_url=logged_out_url,
        came_from_field=came_from_field,
        rememberer_name=rememberer_name,
        md_provider_name=md_provider_name,
        fields=fields,
    )
    return plugin
Пример #4
0
def make_authenticator_plugin(query=None, conn_factory=None,
                              compare_fn=None, **kw):
    from repoze.who.utils import resolveDotted
    if query is None:
        raise ValueError('query must be specified')
    if conn_factory is None:
        raise ValueError('conn_factory must be specified')
    try:
        conn_factory = resolveDotted(conn_factory)(**kw)
    except Exception as why:
        raise ValueError('conn_factory could not be resolved: %s' % why)
    if compare_fn is not None:
        compare_fn = resolveDotted(compare_fn)
    return SQLAuthenticatorPlugin(query, conn_factory, compare_fn)
Пример #5
0
def make_smtp_authenticator(dbsession, asm, dommodel, dam):
    "return smtp authenticator"
    for param in [('dbsession', dbsession),
                ('asm', asm),
                ('dommodel', dommodel),
                ('dam', dam)]:
        check_param(param[0], param[1])
    session = resolveDotted(dbsession)
    authmodel = resolveDotted(asm)
    dmodel = resolveDotted(dommodel)
    damodel = resolveDotted(dam)

    authenticator = BaruwaSMTPAuthPlugin(session, authmodel, dmodel, damodel)

    return authenticator
def _load_from_callable(name, kwds, converters={}):
    """Load a plugin argument from dotted python name of callable.

    This function is a helper to load and possibly instanciate an argument
    to the plugin.  It grabs the value from the dotted python name found in
    kwds[name].  If this is a callable, it it looks for arguments of the form
    kwds[name_*] and calls the object with them.
    """
    # See if we actually have the named object.
    dotted_name = kwds.pop(name, None)
    if dotted_name is None:
        return None
    obj = resolveDotted(dotted_name)
    # Extract any arguments for the callable.
    obj_kwds = {}
    prefix = name + "_"
    for key in kwds.keys():
        if key.startswith(prefix):
            obj_kwds[key[len(prefix):]] = kwds.pop(key)
    # To any type conversion on the arguments.
    for key, value in obj_kwds.iteritems():
        converter = converters.get(key)
        if converter is not None:
            obj_kwds[key] = converter(value)
    # Call it if callable.
    if callable(obj):
        obj = obj(**obj_kwds)
    elif obj_kwds:
        raise ValueError("arguments provided for non-callable %r" % (name,))
    return obj
Пример #7
0
def _load_object_from_kwds(name, kwds):
    """Load a plugin argument as an object created from the given kwds.

    This function is a helper to load and possibly instanciate an argument
    to the plugin.  It grabs the value from the dotted python name found in
    kwds[name].  If this is a callable, it looks for arguments of the form
    kwds[name_*] and calls it with them to instanciate an object.
    """
    # See if we actually have the named object.
    dotted_name = kwds.pop(name, None)
    if dotted_name is None:
        return None
    obj = resolveDotted(dotted_name)
    # Extract any arguments for the callable.
    obj_kwds = {}
    prefix = name + "_"
    for key in kwds.keys():
        if key.startswith(prefix):
            obj_kwds[key[len(prefix):]] = kwds.pop(key)
    # Call it if callable.
    if callable(obj):
        obj = obj(**obj_kwds)
    elif obj_kwds:
        raise ValueError("arguments provided for non-callable %r" % (name,))
    return obj
Пример #8
0
def _load_function_from_kwds(name, kwds):
    """Load a plugin argument as a function created from the given kwds.

    This function is a helper to load and possibly curry a callable argument
    to the plugin.  It grabs the value from the dotted python name found in
    kwds[name] and checks that it is a callable.  It looks for arguments of
    the form  kwds[name_*] and curries them into the function as additional
    keyword argument before returning.
    """
    # See if we actually have the named object.
    dotted_name = kwds.pop(name, None)
    if dotted_name is None:
        return None
    func = resolveDotted(dotted_name)
    # Check that it's a callable.
    if not callable(func):
        raise ValueError("Argument %r must be callable" % (name,))
    # Curry in any keyword arguments.
    func_kwds = {}
    prefix = name + "_"
    for key in kwds.keys():
        if key.startswith(prefix):
            func_kwds[key[len(prefix):]] = kwds.pop(key)
    # Return the original function if not currying anything.
    # This is both more effient and better for unit testing.
    if func_kwds:
        func = functools.partial(func, **func_kwds)
    return func
Пример #9
0
def make_metadata_plugin(name=None, query=None, conn_factory=None,
                         filter=None, **kw):
    from repoze.who.utils import resolveDotted
    if name is None:
        raise ValueError('name must be specified')
    if query is None:
        raise ValueError('query must be specified')
    if conn_factory is None:
        raise ValueError('conn_factory must be specified')
    try:
        conn_factory = resolveDotted(conn_factory)(**kw)
    except Exception as why:
        raise ValueError('conn_factory could not be resolved: %s' % why)
    if filter is not None:
        filter = resolveDotted(filter)
    return SQLMetadataProviderPlugin(name, query, conn_factory, filter)
Пример #10
0
def make_plugin(secret=None,
                secretfile=None,
                cookie_name='auth_tkt',
                secure=False,
                include_ip=False,
                timeout=None,
                reissue_time=None,
                userid_checker=None,
               ):
    from repoze.who.utils import resolveDotted
    if (secret is None and secretfile is None):
        raise ValueError("One of 'secret' or 'secretfile' must not be None.")
    if (secret is not None and secretfile is not None):
        raise ValueError("Specify only one of 'secret' or 'secretfile'.")
    if secretfile:
        secretfile = os.path.abspath(os.path.expanduser(secretfile))
        if not os.path.exists(secretfile):
            raise ValueError("No such 'secretfile': %s" % secretfile)
        with open(secretfile) as f:
            secret = f.read().strip()
    if timeout:
        timeout = int(timeout)
    if reissue_time:
        reissue_time = int(reissue_time)
    if userid_checker is not None:
        userid_checker = resolveDotted(userid_checker)
    plugin = AuthTktCookiePlugin(secret,
                                 cookie_name,
                                 _bool(secure),
                                 _bool(include_ip),
                                 timeout,
                                 reissue_time,
                                 userid_checker,
                                 )
    return plugin
Пример #11
0
def make_authenticator_plugin(query=None,
                              conn_factory=None,
                              compare_fn=None,
                              **kw):
    """
    Differs from repoze.who.plugins.sql.make_authenticator_plugin only in that
    kw is passed to SQLAuthenticatorPlugin.
    @type query: basestring
    @param query: SQL query to return the username and p
    @type conn_factory: function
    @param conn_factory: database connection factory
    @type compare_fn: function
    @param compare_fn: function to compare supplied and stored passwords
    @type kw: dict
    @param kw: additional configuration options that are passed to the
    SQLAuthenticatorPlugin constructor
    """
    from repoze.who.utils import resolveDotted
    if query is None:
        raise ValueError('query must be specified')
    if conn_factory is None:
        raise ValueError('conn_factory must be specified')
    try:
        conn_factory = resolveDotted(conn_factory)(**kw)
    except Exception, why:
        raise ValueError('conn_factory could not be resolved: %s' % why)
Пример #12
0
def make_smtp_authenticator(dbsession, authsettingsmodel, domainmodel,
                            domainaliasmodel):
    "return smtp authenticator"
    for param in [('dbsession', dbsession),
                ('authsettingsmodel', authsettingsmodel),
                ('domainmodel', domainmodel),
                ('domainaliasmodel', domainaliasmodel)]:
        check_param(param[0], param[1])
    session = resolveDotted(dbsession)
    authmodel = resolveDotted(authsettingsmodel)
    dmodel = resolveDotted(domainmodel)
    damodel = resolveDotted(domainaliasmodel)

    authenticator = BaruwaSMTPAuthPlugin(session, authmodel, dmodel, damodel)

    return authenticator
Пример #13
0
def make_plugin(filename=None, check_fn=None):
    if filename is None:
        raise ValueError('filename must be specified')
    if check_fn is None:
        raise ValueError('check_fn must be specified')
    check = resolveDotted(check_fn)
    return HTPasswdPlugin(filename, check)
Пример #14
0
def _load_from_callable(name, kwds, converters={}):
    """Load a plugin argument from dotted python name of callable.

    This function is a helper to load and possibly instanciate an argument
    to the plugin.  It grabs the value from the dotted python name found in
    kwds[name].  If this is a callable, it it looks for arguments of the form
    kwds[name_*] and calls the object with them.
    """
    # See if we actually have the named object.
    dotted_name = kwds.pop(name, None)
    if dotted_name is None:
        return None
    obj = resolveDotted(dotted_name)
    # Extract any arguments for the callable.
    obj_kwds = {}
    prefix = name + "_"
    for key in kwds.keys():
        if key.startswith(prefix):
            obj_kwds[key[len(prefix):]] = kwds.pop(key)
    # To any type conversion on the arguments.
    for key, value in obj_kwds.iteritems():
        converter = converters.get(key)
        if converter is not None:
            obj_kwds[key] = converter(value)
    # Call it if callable.
    if callable(obj):
        obj = obj(**obj_kwds)
    elif obj_kwds:
        raise ValueError("arguments provided for non-callable %r" % (name, ))
    return obj
Пример #15
0
def make_plugin(filename=None, check_fn=None):
	if filename is None:
		raise ValueError('filename must be specified')
	if check_fn is None:
		raise ValueError('check_fn must be specified')
	check = resolveDotted(check_fn)
	return HTPasswdPlugin(filename, check)
Пример #16
0
def make_plugin(secret=None,
                secretfile=None,
                cookie_name='auth_tkt',
                secure=False,
                include_ip=False,
                timeout=None,
                reissue_time=None,
                userid_checker=None,
               ):
    from repoze.who.utils import resolveDotted
    if (secret is None and secretfile is None):
        raise ValueError("One of 'secret' or 'secretfile' must not be None.")
    if (secret is not None and secretfile is not None):
        raise ValueError("Specify only one of 'secret' or 'secretfile'.")
    if secretfile:
        secretfile = os.path.abspath(os.path.expanduser(secretfile))
        if not os.path.exists(secretfile):
            raise ValueError("No such 'secretfile': %s" % secretfile)
        with open(secretfile) as f:
            secret = f.read().strip()
    if timeout:
        timeout = int(timeout)
    if reissue_time:
        reissue_time = int(reissue_time)
    if userid_checker is not None:
        userid_checker = resolveDotted(userid_checker)
    plugin = AuthTktCookiePlugin(secret,
                                 cookie_name,
                                 _bool(secure),
                                 _bool(include_ip),
                                 timeout,
                                 reissue_time,
                                 userid_checker,
                                 )
    return plugin
Пример #17
0
def make_plugin(secret=None,
                secretfile=None,
                cookie_name='auth_tkt',
                secure=False,
                include_ip=False,
                timeout=None,
                reissue_time=None,
                userid_checker=None):
    from repoze.who.utils import resolveDotted

    # ckan specifics:
    # Get secret from beaker setting if necessary
    if secret is None or secret == u'somesecret':
        secret = config[u'beaker.session.secret']
    # Session timeout and reissue time for auth cookie
    if timeout is None and config.get(u'who.timeout'):
        timeout = config.get(u'who.timeout')
    if reissue_time is None and config.get(u'who.reissue_time'):
        reissue_time = config.get(u'who.reissue_time')
    if timeout is not None and reissue_time is None:
        reissue_time = int(math.ceil(int(timeout) * 0.1))
    # Set httponly based on config value. Default is True
    httponly = _bool(config.get(u'who.httponly', True))
    # Set secure based on config value. Default is False
    secure = _bool(config.get(u'who.secure', False))
    # Set samesite based on config value. Default is lax
    samesite = config.get(u'who.samesite', 'lax').lower()
    if samesite == 'none' and not secure:
        raise ValueError(
            'SameSite=None requires the Secure attribute,'
            'please set who.secure=True')

    # back to repoze boilerplate
    if (secret is None and secretfile is None):
        raise ValueError(u"One of 'secret' or 'secretfile' must not be None.")
    if (secret is not None and secretfile is not None):
        raise ValueError(u"Specify only one of 'secret' or 'secretfile'.")
    if secretfile:
        secretfile = os.path.abspath(os.path.expanduser(secretfile))
        if not os.path.exists(secretfile):
            raise ValueError(u"No such 'secretfile': %s" % secretfile)
        secret = open(secretfile).read().strip()
    if timeout:
        timeout = int(timeout)
    if reissue_time:
        reissue_time = int(reissue_time)
    if userid_checker is not None:
        userid_checker = resolveDotted(userid_checker)
    plugin = CkanAuthTktCookiePlugin(httponly,
                                     samesite,
                                     secret,
                                     cookie_name,
                                     secure,
                                     _bool(include_ip),
                                     timeout,
                                     reissue_time,
                                     userid_checker)
    return plugin
Пример #18
0
def make_plugin(audiences,
                rememberer_name=None,
                postback_url=None,
                assertion_field=None,
                came_from_field=None,
                csrf_field=None,
                csrf_cookie_name=None,
                challenge_body=None,
                verifier=None,
                check_https=None,
                check_referer=None,
                **kwds):
    """Make a BrowserIDPlugin using values from a .ini config file.

    This is a helper function for loading a BrowserIDPlugin via the
    repoze.who .ini config file system. It converts its arguments from
    strings to the appropriate type then passes them on to the plugin.
    """
    if not audiences:
        audiences = None
    elif isinstance(audiences, basestring):
        audiences = audiences.split()
    if isinstance(challenge_body, basestring):
        try:
            challenge_body = resolveDotted(challenge_body)
        except (ValueError, ImportError):
            with open(challenge_body, "rb") as f:
                challenge_body = f.read()
    if isinstance(verifier, basestring):
        verifier = resolveDotted(verifier)
        if callable(verifier):
            verifier_kwds = {}
            for key, value in kwds.iteritems():
                if key.startswith("verifier_"):
                    verifier_kwds[key[len("verifier_"):]] = value
            verifier = verifier(**verifier_kwds)
    if isinstance(check_https, basestring):
        check_https = str2bool(check_https)
    if isinstance(check_referer, basestring):
        check_referer = str2bool(check_referer)
    plugin = BrowserIDPlugin(audiences, rememberer_name, postback_url,
                             assertion_field, came_from_field, csrf_field,
                             csrf_cookie_name, challenge_body, verifier,
                             check_https, check_referer)
    return plugin
 def from_settings(cls, settings, prefix="who."):
     """Create a new WhoAuthenticationPolicy from app settings dict."""
     api_factory = api_factory_from_settings(settings, prefix)
     callback = settings.get(prefix + "callback")
     if callback is not None:
         callback = resolveDotted(callback)
         if callback is not None:
             assert callable(callback)
     return cls(api_factory, callback)
Пример #20
0
 def from_settings(cls, settings, prefix="who."):
     """Create a new WhoAuthenticationPolicy from app settings dict."""
     api_factory = api_factory_from_settings(settings, prefix)
     callback = settings.get(prefix + "callback")
     if callback is not None:
         callback = resolveDotted(callback)
         if callback is not None:
             assert callable(callback)
     return cls(api_factory, callback)
Пример #21
0
def _base_plugin_maker(user_class=None):
    """
    Turn ``userclass`` into Python object.
    
    """
    
    if user_class is None:
        raise ValueError('user_class must not be None')
    return resolveDotted(user_class)
Пример #22
0
def resolveRegistrationForm():
    custom_schema = request.environ["fi.infigo.account"].config["registration"].get("schema", None)
    if custom_schema:
        from repoze.who.utils import resolveDotted
        klass = resolveDotted(custom_schema)
        
        return klass()
        
    return RegistrationForm()
Пример #23
0
def make_rad_authenticator(dbsession, rsm, asm, dommodel, dam):
    "return radius authenticator"
    for param in [('dbsession', dbsession),
                ('rsm', rsm),
                ('asm', asm),
                ('dommodel', dommodel),
                ('dam', dam)]:
        check_param(param[0], param[1])
    session = resolveDotted(dbsession)
    radmodel = resolveDotted(rsm)
    authmodel = resolveDotted(asm)
    dmodel = resolveDotted(dommodel)
    damodel = resolveDotted(dam)

    authenticator = BaruwaRadiusAuthPlugin(session, radmodel,
                                        authmodel, dmodel,
                                        damodel)

    return authenticator
Пример #24
0
def make_rad_authenticator(dbsession, radsettingsmodel, authsettingsmodel,
                           domainmodel, domainaliasmodel):
    "return radius authenticator"
    for param in [('dbsession', dbsession),
                  ('radsettingsmodel', radsettingsmodel),
                  ('authsettingsmodel', authsettingsmodel),
                  ('domainmodel', domainmodel),
                  ('domainaliasmodel', domainaliasmodel)]:
        check_param(param[0], param[1])
    session = resolveDotted(dbsession)
    radmodel = resolveDotted(radsettingsmodel)
    authmodel = resolveDotted(authsettingsmodel)
    dmodel = resolveDotted(domainmodel)
    damodel = resolveDotted(domainaliasmodel)

    authenticator = BaruwaRadiusAuthPlugin(session, radmodel, authmodel,
                                           dmodel, damodel)

    return authenticator
Пример #25
0
def make_rad_authenticator(dbsession, radsettingsmodel, authsettingsmodel,
                            domainmodel, domainaliasmodel):
    "return radius authenticator"
    for param in [('dbsession', dbsession),
                ('radsettingsmodel', radsettingsmodel),
                ('authsettingsmodel', authsettingsmodel),
                ('domainmodel', domainmodel),
                ('domainaliasmodel', domainaliasmodel)]:
        check_param(param[0], param[1])
    session = resolveDotted(dbsession)
    radmodel = resolveDotted(radsettingsmodel)
    authmodel = resolveDotted(authsettingsmodel)
    dmodel = resolveDotted(domainmodel)
    damodel = resolveDotted(domainaliasmodel)

    authenticator = BaruwaRadiusAuthPlugin(session, radmodel,
                                        authmodel, dmodel,
                                        damodel)

    return authenticator
Пример #26
0
	def from_settings(cls, settings, prefix="who."):
		"""Create a new WhoAuthenticationPolicy from app settings dict."""
		log.debug('from_settings: START')
		api_factory = api_factory_from_settings(settings, prefix)
		log.debug('from_settings -- API_FACTORY: %s ' % api_factory)
		callback = settings.get(prefix + "callback")
		if callback is not None:
			callback = resolveDotted(callback)
			if callback is not None:
				assert callable(callback)
		return cls(api_factory, callback)
Пример #27
0
def make_sa_authenticator(user_class=None, dbsession=None, 
                          user_name_translation=None, 
                          validate_password_translation=None):
    """Setup an SQLAlchemy authenticator"""
    
    if user_class is None:
        raise ValueError('user_class must not be None')
    if dbsession is None:
        raise ValueError('user_class must not be None')
    user_model = resolveDotted(user_class)
    dbsession_object = resolveDotted(dbsession)
    
    authenticator = SQLAlchemyAuthenticatorPlugin(user_model, dbsession_object)
    
    if user_name_translation:
        authenticator.translations['user_name'] = user_name_translation
    if validate_password_translation:
        authenticator.translations['validate_password'] = \
            validate_password_translation
    
    return authenticator
Пример #28
0
def make_sa_authenticator(user_class=None,
                          dbsession=None,
                          user_name_translation=None,
                          validate_password_translation=None):
    """Setup an SQLAlchemy authenticator"""

    if user_class is None:
        raise ValueError('user_class must not be None')
    if dbsession is None:
        raise ValueError('user_class must not be None')
    user_model = resolveDotted(user_class)
    dbsession_object = resolveDotted(dbsession)

    authenticator = SQLAlchemyAuthenticatorPlugin(user_model, dbsession_object)

    if user_name_translation:
        authenticator.translations['user_name'] = user_name_translation
    if validate_password_translation:
        authenticator.translations['validate_password'] = \
            validate_password_translation

    return authenticator
def make_plugin(postback_url=None, came_from_field=None, challenge_body=None,
                rememberer_name=None, verifier_url=None, urlopen=None,
                audience=None):
    """Make a BrowserIDPlugin using values from a .ini config file.

    This is a helper function for loading a BrowserIDPlugin via the
    repoze.who .ini config file system. It converts its arguments from
    strings to the appropriate type then passes them on to the plugin.
    """
    if isinstance(challenge_body, basestring):
        try:
            challenge_body = resolveDotted(challenge_body)
        except (ValueError, ImportError):
            with open(challenge_body, "rb") as f:
                challenge_body = f.read()
    if isinstance(urlopen, basestring):
        urlopen = resolveDotted(urlopen)
        if urlopen is not None:
            assert callable(urlopen)
    plugin = BrowserIDPlugin(postback_url, came_from_field, challenge_body,
                             rememberer_name, verifier_url, urlopen, audience)
    return plugin
Пример #30
0
def make_plugin(secret=None,
                secretfile=None,
                cookie_name='auth_tkt',
                secure=False,
                include_ip=False,
                timeout=None,
                reissue_time=None,
                userid_checker=None):
    from repoze.who.utils import resolveDotted

    # ckan specifics:
    # Get secret from beaker setting if necessary
    if secret is None or secret == 'somesecret':
        secret = config['beaker.session.secret']
    # Session timeout and reissue time for auth cookie
    if timeout is None and config.get('who.timeout'):
        timeout = config.get('who.timeout')
    if reissue_time is None and config.get('who.reissue_time'):
        reissue_time = config.get('who.reissue_time')
    if timeout is not None and reissue_time is None:
        reissue_time = int(math.ceil(int(timeout) * 0.1))
    # Set httponly based on config value. Default is True
    httponly = config.get('who.httponly', True)
    # Set secure based on config value. Default is False
    secure = config.get('who.secure', False)

    # back to repoze boilerplate
    if (secret is None and secretfile is None):
        raise ValueError("One of 'secret' or 'secretfile' must not be None.")
    if (secret is not None and secretfile is not None):
        raise ValueError("Specify only one of 'secret' or 'secretfile'.")
    if secretfile:
        secretfile = os.path.abspath(os.path.expanduser(secretfile))
        if not os.path.exists(secretfile):
            raise ValueError("No such 'secretfile': %s" % secretfile)
        secret = open(secretfile).read().strip()
    if timeout:
        timeout = int(timeout)
    if reissue_time:
        reissue_time = int(reissue_time)
    if userid_checker is not None:
        userid_checker = resolveDotted(userid_checker)
    plugin = CkanAuthTktCookiePlugin(_bool(httponly),
                                     secret,
                                     cookie_name,
                                     _bool(secure),
                                     _bool(include_ip),
                                     timeout,
                                     reissue_time,
                                     userid_checker)
    return plugin
Пример #31
0
    def make_plugin(plugin_cls, **kwargs):
        '''Instantiate a plugin

       Example configuration:

       [plugin:modeled_user]
       use = repoze.who.plugins.sqla.user:make_plugin
       user_cls = helloworld.model:User
       session_factory = helloworld.model:Session
       login_attribute = email

       '''

        user_cls = resolveDotted(kwargs['user_cls'])
        verifyClass(IUserPassword, user_cls, tentative=True)

        session_factory = resolveDotted(kwargs['session_factory'])
        if not callable(session_factory):
            raise ValueError('The session factory should be callable!')

        login_attribute = kwargs.get('login_attribute')

        return plugin_cls(user_cls, session_factory, login_attribute)
Пример #32
0
    def make_plugin(plugin_cls, **kwargs):
       '''Instantiate a plugin

       Example configuration:

       [plugin:modeled_user]
       use = repoze.who.plugins.sqla.user:make_plugin
       user_cls = helloworld.model:User
       session_factory = helloworld.model:Session
       login_attribute = email

       '''
        
       user_cls = resolveDotted(kwargs['user_cls'])
       verifyClass(IUserPassword, user_cls, tentative=True)

       session_factory = resolveDotted(kwargs['session_factory'])
       if not callable(session_factory):
           raise ValueError('The session factory should be callable!')

       login_attribute = kwargs.get('login_attribute')
       
       return plugin_cls(user_cls, session_factory, login_attribute)
Пример #33
0
def make_plugin(realm='', nonce_manager=None, domain=None, qop=None,
                get_password=None, get_pwdhash=None):
    """Make a DigestAuthPlugin using values from a .ini config file.

    This is a helper function for loading a DigestAuthPlugin via the
    repoze.who .ini config file system.  It converts its arguments from
    strings to the appropriate type then passes them on to the plugin.
    """
    if isinstance(nonce_manager, basestring):
        nonce_manager = resolveDotted(nonce_manager)
        if callable(nonce_manager):
            nonce_manager = nonce_manager()
    if isinstance(get_password, basestring):
        get_password = resolveDotted(get_password)
        if get_password is not None:
            assert callable(get_password)
    if isinstance(get_pwdhash, basestring):
        get_pwdhash = resolveDotted(get_pwdhash)
        if get_pwdhash is not None:
            assert callable(get_pwdhash)
    plugin = DigestAuthPlugin(realm, nonce_manager, domain, qop,
                              get_password, get_pwdhash)
    return plugin
def make_plugin(audiences, rememberer_name=None, postback_url=None,
                assertion_field=None, came_from_field=None, csrf_field=None,
                csrf_cookie_name=None, challenge_body=None, verifier=None,
                check_https=None, check_referer=None, **kwds):
    """Make a BrowserIDPlugin using values from a .ini config file.

    This is a helper function for loading a BrowserIDPlugin via the
    repoze.who .ini config file system. It converts its arguments from
    strings to the appropriate type then passes them on to the plugin.
    """
    if not audiences:
        audiences = None
    elif isinstance(audiences, basestring):
        audiences = audiences.split()
    if isinstance(challenge_body, basestring):
        try:
            challenge_body = resolveDotted(challenge_body)
        except (ValueError, ImportError):
            with open(challenge_body, "rb") as f:
                challenge_body = f.read()
    if isinstance(verifier, basestring):
        verifier = resolveDotted(verifier)
        if callable(verifier):
            verifier_kwds = {}
            for key, value in kwds.iteritems():
                if key.startswith("verifier_"):
                    verifier_kwds[key[len("verifier_"):]] = value
            verifier = verifier(**verifier_kwds)
    if isinstance(check_https, basestring):
        check_https = str2bool(check_https)
    if isinstance(check_referer, basestring):
        check_referer = str2bool(check_referer)
    plugin = BrowserIDPlugin(audiences, rememberer_name, postback_url,
                             assertion_field, came_from_field, csrf_field,
                             csrf_cookie_name, challenge_body, verifier,
                             check_https, check_referer)
    return plugin
Пример #35
0
def find_plugin_translations(translations={}):
    """
    Process global translations for :mod:`repoze.who`/:mod:`repoze.what`
    SQLAlchemy plugins.
    
    :param translations: The translation dictionary.
    :type translations: dict
    :return: The respective translations for the group and permission adapters,
        the authenticator and the MD provider.
    :rtype: dict
    
    """

    group_adapter = {}
    permission_adapter = {}
    authenticator = {}
    mdprovider = {}

    if 'validate_password' in translations:
        authenticator['validate_password'] = translations['validate_password']
    if 'dummy_validate_password' in translations:
        authenticator['dummy_validate_password'] = \
            resolveDotted(translations['dummy_validate_password'])
    if 'user_name' in translations:
        group_adapter['item_name'] = translations['user_name']
        authenticator['user_name'] = translations['user_name']
        mdprovider['user_name'] = translations['user_name']
    if 'users' in translations:
        group_adapter['items'] = translations['users']
    if 'group_name' in translations:
        group_adapter['section_name'] = translations['group_name']
        permission_adapter['item_name'] = translations['group_name']
    if 'groups' in translations:
        group_adapter['sections'] = translations['groups']
        permission_adapter['items'] = translations['groups']
    if 'permission_name' in translations:
        permission_adapter['section_name'] = translations['permission_name']
    if 'permissions' in translations:
        permission_adapter['sections'] = translations['permissions']

    final_translations = {
        'group_adapter': group_adapter,
        'permission_adapter': permission_adapter,
        'authenticator': authenticator,
        'mdprovider': mdprovider
    }
    return final_translations
def find_plugin_translations(translations={}):
    """
    Process global translations for :mod:`repoze.who`/:mod:`repoze.what`
    SQLAlchemy plugins.
    
    :param translations: The translation dictionary.
    :type translations: dict
    :return: The respective translations for the group and permission adapters,
        the authenticator and the MD provider.
    :rtype: dict
    
    """
    
    group_adapter = {}
    permission_adapter = {}
    authenticator = {}
    mdprovider = {}
    
    if 'validate_password' in translations:
        authenticator['validate_password'] = translations['validate_password']
    if 'dummy_validate_password' in translations:
        authenticator['dummy_validate_password'] = \
            resolveDotted(translations['dummy_validate_password'])
    if 'user_name' in translations:
        group_adapter['item_name'] = translations['user_name']
        authenticator['user_name'] = translations['user_name']
        mdprovider['user_name'] = translations['user_name']
    if 'users' in translations:
        group_adapter['items'] = translations['users']
    if 'group_name' in translations:
        group_adapter['section_name'] = translations['group_name']
        permission_adapter['item_name'] = translations['group_name']
    if 'groups' in translations:
        group_adapter['sections'] = translations['groups']
        permission_adapter['items'] = translations['groups']
    if 'permission_name' in translations:
        permission_adapter['section_name'] = translations['permission_name']
    if 'permissions' in translations:
        permission_adapter['sections'] = translations['permissions']
        
    final_translations = {
        'group_adapter': group_adapter,
        'permission_adapter': permission_adapter,
        'authenticator': authenticator,
        'mdprovider': mdprovider}
    return final_translations
Пример #37
0
def make_plugin(
    secret=None,
    secretfile=None,
    cookie_name='auth_tkt',
    secure=False,
    include_ip=False,
    timeout=None,
    reissue_time=None,
    userid_checker=None,
    digest_algo=auth_tkt.DEFAULT_DIGEST,
):
    from repoze.who.utils import resolveDotted
    if (secret is None and secretfile is None):
        raise ValueError("One of 'secret' or 'secretfile' must not be None.")
    if (secret is not None and secretfile is not None):
        raise ValueError("Specify only one of 'secret' or 'secretfile'.")
    if secretfile:
        secretfile = os.path.abspath(os.path.expanduser(secretfile))
        if not os.path.exists(secretfile):
            raise ValueError("No such 'secretfile': %s" % secretfile)
        with open(secretfile) as f:
            secret = f.read().strip()
    if timeout:
        timeout = int(timeout)
    if reissue_time:
        reissue_time = int(reissue_time)
    if userid_checker is not None:
        userid_checker = resolveDotted(userid_checker)
    if isinstance(digest_algo, str):
        try:
            digest_algo = getattr(hashlib, digest_algo)
        except AttributeError:
            raise ValueError("No such 'digest_algo': %s" % digest_algo)

    plugin = AuthTktCookiePlugin(
        secret,
        cookie_name,
        _bool(secure),
        _bool(include_ip),
        timeout,
        reissue_time,
        userid_checker,
        digest_algo,
    )
    return plugin
 def test_it(self):
     # --- Setting it up ---
     dummy_fn = 'tests.fixture.model:dummy_validate_password' 
     translations = {
         'validate_password': '******',
         'user_name': 'member_name',
         'users': 'members',
         'group_name': 'team_name',
         'groups': 'teams',
         'permission_name': 'perm_name',
         'permissions': 'perms',
         'dummy_validate_password': dummy_fn
         }
     plugin_translations = find_plugin_translations(translations)
     # --- Testing it ---
     # Group translations
     group_translations = {
         'item_name': translations['user_name'],
         'items': translations['users'],
         'section_name': translations['group_name'],
         'sections': translations['groups'],
         }
     self.assertEqual(group_translations, 
                      plugin_translations['group_adapter'])
     # Permission translations
     perm_translations = {
         'item_name': translations['group_name'],
         'items': translations['groups'],
         'section_name': translations['permission_name'],
         'sections': translations['permissions'],
         }
     self.assertEqual(perm_translations, 
                      plugin_translations['permission_adapter'])
     # Authenticator translations
     auth_translations = {
         'user_name': translations['user_name'],
         'validate_password': translations['validate_password'],
         'dummy_validate_password': resolveDotted(dummy_fn)
         }
     self.assertEqual(auth_translations, 
                      plugin_translations['authenticator'])
     # MD Provider translations
     md_translations = {'user_name': translations['user_name']}
     self.assertEqual(md_translations, 
                      plugin_translations['mdprovider'])
Пример #39
0
def make_plugin(secret=None,
                secretfile=None,
                cookie_name='auth_tkt',
                secure=False,
                include_ip=False,
                timeout=None,
                reissue_time=None,
                userid_checker=None,
                digest_algo=auth_tkt.DEFAULT_DIGEST,
               ):
    from repoze.who.utils import resolveDotted
    if (secret is None and secretfile is None):
        raise ValueError("One of 'secret' or 'secretfile' must not be None.")
    if (secret is not None and secretfile is not None):
        raise ValueError("Specify only one of 'secret' or 'secretfile'.")
    if secretfile:
        secretfile = os.path.abspath(os.path.expanduser(secretfile))
        if not os.path.exists(secretfile):
            raise ValueError("No such 'secretfile': %s" % secretfile)
        with open(secretfile) as f:
            secret = f.read().strip()
    if timeout:
        timeout = int(timeout)
    if reissue_time:
        reissue_time = int(reissue_time)
    if userid_checker is not None:
        userid_checker = resolveDotted(userid_checker)
    if isinstance(digest_algo, str):
        try:
            digest_algo = getattr(hashlib, digest_algo)
        except AttributeError:
            raise ValueError("No such 'digest_algo': %s" % digest_algo)

    plugin = AuthTktCookiePlugin(secret,
                                 cookie_name,
                                 _bool(secure),
                                 _bool(include_ip),
                                 timeout,
                                 reissue_time,
                                 userid_checker,
                                 digest_algo,
                                 )
    return plugin
Пример #40
0
def make_plugin(
    serv_url,
    secret=None,
    secretfile=None,
    cookie_name='auth_tkt',
    secure=False,
    include_ip=True,
    timeout=None,
    reissue_time=None,
    userid_checker=None,
):
    '''
    Build the identifier plugin
    '''

    if (secret is None and secretfile is None):
        raise ValueError("One of 'secret' or 'secretfile' must not be None.")
    if (secret is not None and secretfile is not None):
        raise ValueError("Specify only one of 'secret' or 'secretfile'.")
    if secretfile:
        secretfile = os.path.abspath(os.path.expanduser(secretfile))
        if not os.path.exists(secretfile):
            raise ValueError("No such 'secretfile': %s" % secretfile)
        secret = open(secretfile).read().strip()
    if timeout:
        timeout = int(timeout)
    if reissue_time:
        reissue_time = int(reissue_time)
    if userid_checker is not None:
        userid_checker = resolveDotted(userid_checker)
    plugin = CustomCookiePlugin(
        secret,
        serv_url,
        cookie_name,
        _bool(secure),
        _bool(include_ip),
        timeout,
        reissue_time,
        userid_checker,
    )
    return plugin
Пример #41
0
def make_plugin(serv_url,
                secret=None,
                secretfile=None,
                cookie_name='auth_tkt',
                secure=False,
                include_ip=True,
                timeout=None,
                reissue_time=None,
                userid_checker=None,
               ):
    '''
    Build the identifier plugin
    '''
   
    if (secret is None and secretfile is None):
        raise ValueError("One of 'secret' or 'secretfile' must not be None.")
    if (secret is not None and secretfile is not None):
        raise ValueError("Specify only one of 'secret' or 'secretfile'.")
    if secretfile:
        secretfile = os.path.abspath(os.path.expanduser(secretfile))
        if not os.path.exists(secretfile):
            raise ValueError("No such 'secretfile': %s" % secretfile)
        secret = open(secretfile).read().strip()
    if timeout:
        timeout = int(timeout)
    if reissue_time:
        reissue_time = int(reissue_time)
    if userid_checker is not None:
        userid_checker = resolveDotted(userid_checker)
    plugin = CustomCookiePlugin(secret, serv_url,
                                 cookie_name,
                                 _bool(secure),
                                 _bool(include_ip),
                                 timeout,
                                 reissue_time,
                                 userid_checker,
                                 )
    return plugin
Пример #42
0
def make_authenticator_plugin(query=None, conn_factory=None,
                              compare_fn=None, **kw):
    """
    Differs from repoze.who.plugins.sql.make_authenticator_plugin only in that
    kw is passed to SQLAuthenticatorPlugin.
    @type query: basestring
    @param query: SQL query to return the username and p
    @type conn_factory: function
    @param conn_factory: database connection factory
    @type compare_fn: function
    @param compare_fn: function to compare supplied and stored passwords
    @type kw: dict
    @param kw: additional configuration options that are passed to the
    SQLAuthenticatorPlugin constructor
    """
    from repoze.who.utils import resolveDotted
    if query is None:
        raise ValueError('query must be specified')
    if conn_factory is None:
        raise ValueError('conn_factory must be specified')
    try:
        conn_factory = resolveDotted(conn_factory)(**kw)
    except Exception, why:
        raise ValueError('conn_factory could not be resolved: %s' % why)
Пример #43
0
    def authenticate(self, environ, identity):
        "Authenticate identity"
        try:
            if check_failed_logins(environ):
                raise TypeError

            login = identity['login']
            username, domain = login.split('@')
            ldapsettings = self.dbsession.query(self.ldapsettingsmodel,
                            self.authsettingsmodel.address,
                            self.authsettingsmodel.port,
                            self.authsettingsmodel.split_address,
                            self.domainmodel.name)\
                            .join(self.authsettingsmodel)\
                            .join(self.domainmodel)\
                            .filter(self.authsettingsmodel.enabled == True)\
                            .filter(self.domainmodel.status == True)\
                            .filter(or_(self.domainmodel.name == domain,
                                func._(and_(\
                                self.domainmodel.id == self.alias.domain_id,
                                self.alias.name == domain,
                                self.alias.status == True)
                                )
                            )).all()
            (settings, address, port, split_address,
             domain_name) = ldapsettings[0]

            ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 5)
            ldap_uri = make_ldap_uri(address, port)
            ldap_connection = make_ldap_connection(ldap_uri)

            kwargs = dict(naming_attribute=settings.nameattribute,
                          returned_id=self.returned_id,
                          bind_dn=settings.binddn,
                          bind_pass=settings.bindpw,
                          start_tls=settings.usetls)

            if domain != domain_name:
                # override alias domain
                domain = domain_name

            if settings.usesearch:
                ldap_module = 'LDAPSearchAuthenticatorPlugin'
                # build_search_filters(kwargs, settings.search_scope,
                #                     settings.searchfilter, domain,
                #                     login, username)
                kwargs['search_scope'] = settings.search_scope
                if settings.searchfilter != '':
                    params = []
                    domaindn = ','.join(
                        ['dc=' + part for part in domain.split('.')])
                    mapping = {
                        '%n': login,
                        '%u': username,
                        '%d': domain,
                        '%D': domaindn
                    }
                    searchfilter = escape_filter_chars(settings.searchfilter)
                    for key in ['%n', '%u', '%d', '%D']:
                        for _ in xrange(searchfilter.count(key)):
                            searchfilter = searchfilter.replace(key, '%s', 1)
                            params.append(mapping[key])
                    searchfilter = filter_format(searchfilter, params)
                    kwargs['filterstr'] = searchfilter
            else:
                ldap_module = 'LDAPAuthenticatorPlugin'

            if split_address:
                identity['login'] = username
            else:
                # use main domain name not alias reset above
                identity['login'] = "******" % (username, domain)

            auth = resolveDotted('repoze.who.plugins.ldap:%s' % ldap_module)
            ldap_auth = auth(ldap_connection, settings.basedn, **kwargs)
            userid = ldap_auth.authenticate(environ, identity)
            fulladdr = "%s@%s" % (username, domain)
            return userid if userid is None or '@' in userid else fulladdr
        except (KeyError, TypeError, ValueError, AttributeError, NoResultFound,
                IndexError, ldap.LDAPError):
            return None
Пример #44
0
def make_authenticator_plugin(query=None,
                              conn_factory=None,
                              compare_fn=None,
                              **kw):
    from repoze.who.utils import resolveDotted
    if query is None:
        raise ValueError('query must be specified')
    if conn_factory is None:
        raise ValueError('conn_factory must be specified')
    try:
        conn_factory = resolveDotted(conn_factory)(**kw)
    except Exception, why:
        raise ValueError('conn_factory could not be resolved: %s' % why)
    if compare_fn is not None:
        compare_fn = resolveDotted(compare_fn)
    return SQLAuthenticatorPlugin(query, conn_factory, compare_fn)


def make_metadata_plugin(name=None,
                         query=None,
                         conn_factory=None,
                         filter=None,
                         **kw):
    from repoze.who.utils import resolveDotted
    if name is None:
        raise ValueError('name must be specified')
    if query is None:
        raise ValueError('query must be specified')
    if conn_factory is None:
        raise ValueError('conn_factory must be specified')
Пример #45
0
        del identity['__userid']
        identity[self.name] =  result

def make_authenticator_plugin(query=None, conn_factory=None,
                              compare_fn=None, **kw):
    from repoze.who.utils import resolveDotted
    if query is None:
        raise ValueError('query must be specified')
    if conn_factory is None:
        raise ValueError('conn_factory must be specified')
    try:
        conn_factory = resolveDotted(conn_factory)(**kw)
    except Exception, why:
        raise ValueError('conn_factory could not be resolved: %s' % why)
    if compare_fn is not None:
        compare_fn = resolveDotted(compare_fn)
    return SQLAuthenticatorPlugin(query, conn_factory, compare_fn)

def make_metadata_plugin(name=None, query=None, conn_factory=None,
                         filter=None, **kw):
    from repoze.who.utils import resolveDotted
    if name is None:
        raise ValueError('name must be specified')
    if query is None:
        raise ValueError('query must be specified')
    if conn_factory is None:
        raise ValueError('conn_factory must be specified')
    try:
        conn_factory = resolveDotted(conn_factory)(**kw)
    except Exception, why:
        raise ValueError('conn_factory could not be resolved: %s' % why)
Пример #46
0
def make_authenticator_plugin(query=None,
                              conn_factory=None,
                              compare_fn=None,
                              **kw):
    """
    Differs from repoze.who.plugins.sql.make_authenticator_plugin only in that
    kw is passed to SQLAuthenticatorPlugin.
    @type query: basestring
    @param query: SQL query to return the username and p
    @type conn_factory: function
    @param conn_factory: database connection factory
    @type compare_fn: function
    @param compare_fn: function to compare supplied and stored passwords
    @type kw: dict
    @param kw: additional configuration options that are passed to the
    SQLAuthenticatorPlugin constructor
    """
    from repoze.who.utils import resolveDotted
    if query is None:
        raise ValueError('query must be specified')
    if conn_factory is None:
        raise ValueError('conn_factory must be specified')
    try:
        conn_factory = resolveDotted(conn_factory)(**kw)
    except Exception, why:
        raise ValueError('conn_factory could not be resolved: %s' % why)
    if compare_fn is not None:
        compare_fn = resolveDotted(compare_fn)
    return SQLAuthenticatorPlugin(query, conn_factory, compare_fn, **kw)
Пример #47
0
    def authenticate(self, environ, identity):
        "Authenticate identity"
        try:
            if check_failed_logins(environ):
                raise TypeError

            login = identity['login']
            username, domain = login.split('@')
            ldapsettings = self.dbsession.query(self.ldapsettingsmodel,
                            self.authsettingsmodel.address,
                            self.authsettingsmodel.port,
                            self.authsettingsmodel.split_address,
                            self.domainmodel.name)\
                            .join(self.authsettingsmodel)\
                            .join(self.domainmodel)\
                            .filter(self.authsettingsmodel.enabled == True)\
                            .filter(self.domainmodel.status == True)\
                            .filter(or_(self.domainmodel.name == domain,
                                func._(and_(\
                                self.domainmodel.id == self.alias.domain_id,
                                self.alias.name == domain,
                                self.alias.status == True)
                                )
                            )).all()
            (settings,
            address,
            port,
            split_address,
            domain_name) = ldapsettings[0]

            ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 5)
            ldap_uri = make_ldap_uri(address, port)
            ldap_connection = make_ldap_connection(ldap_uri)

            kwargs = dict(naming_attribute=settings.nameattribute,
                        returned_id=self.returned_id,
                        bind_dn=settings.binddn,
                        bind_pass=settings.bindpw,
                        start_tls=settings.usetls)

            if domain != domain_name:
                # override alias domain
                domain = domain_name

            if settings.usesearch:
                ldap_module = 'LDAPSearchAuthenticatorPlugin'
                # build_search_filters(kwargs, settings.search_scope,
                #                     settings.searchfilter, domain,
                #                     login, username)
                kwargs['search_scope'] = settings.search_scope
                if settings.searchfilter != '':
                    params = []
                    domaindn = ','.join(['dc=' + part
                                        for part in domain.split('.')])
                    mapping = {
                                '%n':login,
                                '%u':username,
                                '%d':domain,
                                '%D': domaindn
                                }
                    searchfilter = escape_filter_chars(settings.searchfilter)
                    for key in ['%n', '%u', '%d', '%D']:
                        for _ in xrange(searchfilter.count(key)):
                            searchfilter = searchfilter.replace(key, '%s', 1)
                            params.append(mapping[key])
                    searchfilter = filter_format(searchfilter, params)
                    kwargs['filterstr'] = searchfilter
            else:
                ldap_module = 'LDAPAuthenticatorPlugin'

            if split_address:
                identity['login'] = username
            else:
                # use main domain name not alias reset above
                identity['login'] = "******" % (username, domain)

            auth = resolveDotted('repoze.who.plugins.ldap:%s' % ldap_module)
            ldap_auth = auth(ldap_connection, settings.basedn, **kwargs)
            userid = ldap_auth.authenticate(environ, identity)
            fulladdr = "%s@%s" % (username, domain)
            return userid if userid is None or '@' in userid else fulladdr
        except (KeyError, TypeError, ValueError, AttributeError,
                NoResultFound, IndexError, ldap.LDAPError):
            return None
Пример #48
0
    def _check_auth(self, app, options):
        """
        Check that the ``app`` is secured with Repoze auth using the expected
        ``options``.
        
        """
        # === Checking the most important part: The form plugin's settings.
        main_identifier = app.name_registry.get("main_identifier")
        challenger = app.name_registry['form']

        if options['form_identifies']:
            assert main_identifier == challenger, "The form identifies too"

        if options.get("form_plugin"):
            # A custom form was set:
            self.assertEqual(form_plugin, main_identifier)
        else:
            # The default form plugin must have been used:
            self._in_registry(app, "form", FriendlyFormPlugin)
            # Checking that its options are correct:
            self.assertEqual(challenger.login_form_url, options['login_url'])
            self.assertEqual(challenger.login_handler_path,
                             options['login_handler'])
            self.assertEqual(challenger.post_login_url,
                             options['post_login_url'])
            self.assertEqual(challenger.logout_handler_path,
                             options['logout_handler'])
            self.assertEqual(challenger.post_logout_url,
                             options['post_logout_url'])
            self.assertEqual(challenger.login_counter_name,
                             options['login_counter_name'])
            self.assertEqual(challenger.charset, options['charset'])

        # === Checking the authenticator:
        self._in_registry(app, "sqlauth", SQLAlchemyAuthenticatorPlugin)
        authenticator = app.name_registry['sqlauth']
        self.assertEqual(authenticator.user_class, options['user_class'])
        self.assertEqual(authenticator.translations['user_name'],
                         options['translations']['user_name'])
        self.assertEqual(authenticator.translations['validate_password'],
                         options['translations']['validate_password'])
        dummy_fn = options['translations']['dummy_validate_password']
        if dummy_fn is not None:
            dummy_fn = resolveDotted(dummy_fn)
        self.assertEqual(authenticator.translations['dummy_validate_password'],
                         dummy_fn)
        self.assertEqual(authenticator.dbsession, options['dbsession'])

        # === Checking the metadata provider:
        self._in_registry(app, "sql_user_md", SQLAlchemyUserMDPlugin)
        mdprovider = app.name_registry['sql_user_md']
        self.assertEqual(mdprovider.user_class, options['user_class'])
        self.assertEqual(mdprovider.translations['user_name'],
                         options['translations']['user_name'])
        self.assertEqual(mdprovider.dbsession, options['dbsession'])

        # === Checking the cookie plugin:
        self._in_registry(app, "cookie", AuthTktCookiePlugin)
        cookie = app.name_registry['cookie']
        self.assertEqual(cookie.cookie_name, options['cookie_name'])
        self.assertEqual(cookie.secret, options['cookie_secret'])
        self.assertEqual(cookie.timeout, options['cookie_timeout'])
        self.assertEqual(cookie.reissue_time, options['cookie_reissue_time'])

        # === Checking the repoze.what settings:
        self._in_registry(app, "authorization_md", AuthorizationMetadata)
        authz_md = app.name_registry['authorization_md']
        group_adapters = authz_md.group_adapters
        permission_adapters = authz_md.permission_adapters
        if options['group_class'] and options['permission_class']:
            # The group/permission pattern is being used.
            sql_groups = group_adapters['sql_auth']
            sql_permissions = permission_adapters['sql_auth']
            # Checking all the settings in the SQLAlchemy adapters:
            self.assertEquals(sql_groups.children_class, options['user_class'])
            self.assertEquals(sql_groups.parent_class,
                              sql_permissions.children_class,
                              options['group_class'])
            self.assertEquals(sql_permissions.parent_class,
                              options['permission_class'])
            self.assertEquals(options['dbsession'], sql_groups.dbsession,
                              sql_permissions.dbsession)
            # Finally, let's check their translations:
            self.assertEqual(sql_groups.translations['items'],
                             options['translations']['users'])
            self.assertEqual(sql_groups.translations['item_name'],
                             options['translations']['user_name'])
            self.assertEquals(sql_groups.translations['sections'],
                              sql_permissions.translations['items'],
                              options['translations']['groups'])
            self.assertEquals(sql_groups.translations['section_name'],
                              sql_permissions.translations['item_name'],
                              options['translations']['group_name'])
            self.assertEqual(sql_permissions.translations['sections'],
                             options['translations']['permissions'])
            self.assertEqual(sql_permissions.translations['section_name'],
                             options['translations']['permission_name'])
        else:
            self.assertEquals(permission_adapters, group_adapters, None)
Пример #49
0
def make_sa_authenticator(user_class=None,
                          dbsession=None,
                          user_name_translation=None,
                          validate_password_translation=None,
                          dummy_validate_password_translation=None):
    """
    Configure :class:`SQLAlchemyAuthenticatorPlugin`.
    
    :param user_class: The SQLAlchemy/Elixir class for the users.
    :type user_class: str
    :param dbsession: The SQLAlchemy/Elixir session.
    :type dbsession: str
    :param user_name_translation: The translation for ``user_name``, if any.
    :type user_name_translation: str
    :param validate_password_translation: The translation for 
        ``validate_password``, if any.
    :type validate_password_translation: str
    :param dummy_validate_password_translation: The translation for
        ``dummy_validate_password``, if any.
    :type dummy_validate_password_translation: function
    :return: The authenticator.
    :rtype: SQLAlchemyAuthenticatorPlugin
    
    Example from an ``*.ini`` file::
    
        # ...
        [plugin:sa_auth]
        use = repoze.who.plugins.sa:make_sa_authenticator
        user_class = yourcoolproject.model:User
        dbsession = yourcoolproject.model:DBSession
        # ...
    
    Or, if you need translations::
    
        # ...
        [plugin:sa_auth]
        use = repoze.who.plugins.sa:make_sa_authenticator
        user_class = yourcoolproject.model:User
        dbsession = yourcoolproject.model:DBSession
        user_name_translation = username
        validate_password_translation = verify_password
        dummy_validate_password_translation = yourcoolproject.security:validate
        # ...
    
    .. versionadded:: 1.0.1
        Support for ``dummy_validate_password_translation`` was added.
    
    """

    user_model, dbsession_object = _base_plugin_maker(user_class, dbsession)

    authenticator = SQLAlchemyAuthenticatorPlugin(user_model, dbsession_object)

    if user_name_translation:
        authenticator.translations['user_name'] = user_name_translation
    if validate_password_translation:
        authenticator.translations['validate_password'] = \
            validate_password_translation
    if dummy_validate_password_translation:
        authenticator.translations['dummy_validate_password'] = \
            resolveDotted(dummy_validate_password_translation)

    return authenticator