def _add_middleware(self, conf, app):
"""
Configure authentication and authorization.
"""
# Start with the current configured authentication options.
# Depending on the auth backend a new auth_args dictionary
# can replace this one later on.
auth_backend = conf['auth_backend']
if auth_backend not in self.SUPPORTED_AUTH_BACKENDS:
return app
auth_args = get_partial_dict('sa_auth', conf)
# Removing keywords not used by repoze.who:
auth_args.pop('password_encryption_method', None)
# Removing authmetadata as is not used by repoze.who:
tgauthmetadata = auth_args.pop('authmetadata', None)
try:
pos = auth_args['authenticators'].index(('default', None))
except KeyError:
# Didn't specify authenticators, setup default one
pos = None
except ValueError:
# Specified authenticators and default is not in there
# so we want to skip default TG auth configuration.
pos = -1
if pos is None or pos >= 0:
if getattr(tgauthmetadata, 'authenticate', None) is not None:
from tg.configuration.auth import create_default_authenticator
auth_args, tgauth = create_default_authenticator(tgauthmetadata, **auth_args)
authenticator = ('tgappauth', tgauth)
elif auth_backend == "sqlalchemy": # pragma: no cover
warnings.warn('sqlauth is deprecated, you should add authenticate method '
'to your authmetadata instance in app_cfg', DeprecationWarning, 2)
from tg.configuration.sqla.auth import create_default_authenticator
auth_args, sqlauth = create_default_authenticator(**auth_args)
authenticator = ('sqlauth', sqlauth)
elif auth_backend == "ming": # pragma: no cover
warnings.warn('mingauth is deprecated, you should add authenticate method '
'to your authmetadata instance in app_cfg', DeprecationWarning, 2)
from tg.configuration.mongo.auth import create_default_authenticator
auth_args, mingauth = create_default_authenticator(**auth_args)
authenticator = ('mingauth', mingauth)
else:
authenticator = None
if authenticator is not None:
if pos is None:
auth_args['authenticators'] = [authenticator]
else:
# We make a copy so that we don't modify the original one.
auth_args['authenticators'] = auth_args['authenticators']
auth_args['authenticators'][pos] = authenticator
from tg.configuration.auth import setup_auth
app = setup_auth(app, skip_authentication=conf['skip_authentication'], **auth_args)
return app
def make_app(controller_klass,
environ=None,
with_errors=False,
config_options=None):
"""Creates a ``TestApp`` instance."""
authmetadata = TestAuthMetadata()
config_options = config_options or {}
config_options.setdefault('sa_auth', {})
sa_auth = config_options['sa_auth']
sa_auth.update({'authmetadata': authmetadata})
app = base_make_app(controller_klass, environ or {}, config_options,
with_errors).app
# Setting repoze.who up:
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
cookie = AuthTktCookiePlugin('secret', 'authtkt')
identifiers = [('cookie', cookie)]
app = setup_auth(app,
identifiers=identifiers,
skip_authentication=True,
authenticators=[],
challengers=[])
# As setup_auth with skip_authentication sets empty authenticators always
# we must manually append it after creating the middleware.
app.api_factory.authenticators.append(('cookie', cookie))
return TestApp(app)
def make_app(controller_klass, environ={}, with_errors=False):
"""Creates a ``TestApp`` instance."""
# The basic middleware:
app = TGApp(config=default_config)
app.controller_classes['root'] = ControllerWrap(controller_klass)
app = FakeRoutes(app)
if with_errors:
app = ErrorHandler(app, {}, debug=False)
app = StatusCodeRedirect(app, [403, 404, 500])
app = RegistryManager(app)
app = SessionMiddleware(app, {}, data_dir=session_dir)
app = CacheMiddleware(app, {}, data_dir=os.path.join(data_dir, 'cache'))
# Setting repoze.who up:
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
cookie = AuthTktCookiePlugin('secret', 'authtkt')
identifiers = [('cookie', cookie)]
app = setup_auth(app, TestAuthMetadata(),
identifiers=identifiers, skip_authentication=True,
authenticators=[], challengers=[])
# As setup_auth with skip_authentication sets empty authenticators always
# we must manually append it after creating the middleware.
app.api_factory.authenticators.append(('cookie', cookie))
return TestApp(app)
def make_app(controller_klass, environ={}, with_errors=False):
"""Creates a ``TestApp`` instance."""
# The basic middleware:
app = TGApp(config=default_config)
app.controller_classes['root'] = ControllerWrap(controller_klass)
app = FakeRoutes(app)
if with_errors:
app = ErrorHandler(app, {}, debug=False)
app = StatusCodeRedirect(app, [403, 404, 500])
app = RegistryManager(app)
app = SessionMiddleware(app, {}, data_dir=session_dir)
app = CacheMiddleware(app, {}, data_dir=os.path.join(data_dir, 'cache'))
# Setting repoze.who up:
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
cookie = AuthTktCookiePlugin('secret', 'authtkt')
identifiers = [('cookie', cookie)]
app = setup_auth(app, TGAuthMetadata(),
identifiers=identifiers, skip_authentication=True,
authenticators=[], challengers=[])
return TestApp(app)
def make_app(controller_klass, environ={}, with_errors=False, config_options=None):
"""Creates a ``TestApp`` instance."""
authmetadata = TestAuthMetadata()
config_options = config_options or {}
config_options.setdefault('sa_auth', {})
sa_auth = config_options['sa_auth']
sa_auth.update({
'authmetadata': authmetadata
})
app = base_make_app(controller_klass, environ, config_options, with_errors).app
# Setting repoze.who up:
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
cookie = AuthTktCookiePlugin('secret', 'authtkt')
identifiers = [('cookie', cookie)]
app = setup_auth(app, identifiers=identifiers, skip_authentication=True,
authenticators=[], challengers=[])
# As setup_auth with skip_authentication sets empty authenticators always
# we must manually append it after creating the middleware.
app.api_factory.authenticators.append(('cookie', cookie))
return TestApp(app)
def make_app(controller_klass, environ={}, with_errors=False):
"""Creates a ``TestApp`` instance."""
# The basic middleware:
app = ControllerWrap(controller_klass)
app = SetupCacheGlobal(app, environ, setup_cache=True, setup_session=True)
if with_errors:
app = ErrorHandler(app, {}, debug=False)
app = StatusCodeRedirect(app, [403, 404, 500])
app = RegistryManager(app)
app = SessionMiddleware(app, {}, data_dir=session_dir)
app = CacheMiddleware(app, {}, data_dir=os.path.join(data_dir, 'cache'))
# Setting repoze.who up:
cookie = AuthTktCookiePlugin('secret', 'authtkt')
identifiers = [('cookie', cookie)]
app = setup_auth(app, TGAuthMetadata(),
identifiers=identifiers, skip_authentication=True,
authenticators=[], challengers=[])
app = httpexceptions.make_middleware(app)
return TestApp(app)
def add_auth_middleware(self, app, skip_authentication):
"""
Configure authentication and authorization.
:param app: The TG2 application.
:param skip_authentication: Should authentication be skipped if
explicitly requested? (used by repoze.who-testutil)
:type skip_authentication: bool
"""
# Configuring auth logging:
if 'log_stream' not in self.sa_auth:
self.sa_auth['log_stream'] = logging.getLogger('auth')
# Removing keywords not used by repoze.who:
auth_args = copy(self.sa_auth)
if 'sa_auth' in config:
auth_args.update(config.sa_auth)
if 'password_encryption_method' in auth_args:
del auth_args['password_encryption_method']
if not skip_authentication:
if not 'cookie_secret' in auth_args.keys():
msg = "base_config.sa_auth.cookie_secret is required "\
"you must define it in app_cfg.py or set "\
"sa_auth.cookie_secret in development.ini"
raise TGConfigError(msg)
if 'authmetadata' not in auth_args:
#authmetadata not provided, fallback to old authentication setup
if self.auth_backend == "sqlalchemy":
from repoze.what.plugins.quickstart import setup_sql_auth
app = setup_sql_auth(app, skip_authentication=skip_authentication, **auth_args)
elif self.auth_backend == "ming":
from tgming import setup_ming_auth
app = setup_ming_auth(app, skip_authentication=skip_authentication, **auth_args)
else:
try:
pos = auth_args['authenticators'].index(('default', None))
except KeyError:
pos = None
except ValueError:
pos = -1
if pos is None or pos >= 0:
if self.auth_backend == "sqlalchemy":
from tg.configuration.sqla.auth import create_default_authenticator
auth_args, sqlauth = create_default_authenticator(**auth_args)
authenticator = ('sqlauth', sqlauth)
elif self.auth_backend == "ming":
from tg.configuration.mongo.auth import create_default_authenticator
auth_args, mingauth = create_default_authenticator(**auth_args)
authenticator = ('mingauth', mingauth)
else:
authenticator = None
if authenticator:
if pos is None:
auth_args['authenticators'] = [authenticator]
else:
auth_args['authenticators'][pos] = authenticator
from tg.configuration.auth import setup_auth
app = setup_auth(app, skip_authentication=skip_authentication, **auth_args)
return app
def _add_middleware(self, conf, app):
"""
Configure authentication and authorization.
"""
# Start with the current configured authentication options.
# Depending on the auth backend a new auth_args dictionary
# can replace this one later on.
auth_backend = conf['auth_backend']
if auth_backend not in self.SUPPORTED_AUTH_BACKENDS:
return app
auth_args = get_partial_dict('sa_auth', conf)
# Removing keywords not used by repoze.who:
auth_args.pop('password_encryption_method', None)
# Removing authmetadata as is not used by repoze.who:
tgauthmetadata = auth_args.pop('authmetadata', None)
try:
pos = auth_args['authenticators'].index(('default', None))
except KeyError:
# Didn't specify authenticators, setup default one
pos = None
except ValueError:
# Specified authenticators and default is not in there
# so we want to skip default TG auth configuration.
pos = -1
if pos is None or pos >= 0:
if getattr(tgauthmetadata, 'authenticate', None) is not None:
from tg.configuration.auth import create_default_authenticator
auth_args, tgauth = create_default_authenticator(
tgauthmetadata, **auth_args)
authenticator = ('tgappauth', tgauth)
elif auth_backend == "sqlalchemy":
warnings.warn(
'sqlauth is deprecated, you should add authenticate method '
'to your authmetadata instance in app_cfg',
DeprecationWarning, 2)
from tg.configuration.sqla.auth import create_default_authenticator
auth_args, sqlauth = create_default_authenticator(**auth_args)
authenticator = ('sqlauth', sqlauth)
elif auth_backend == "ming":
warnings.warn(
'mingauth is deprecated, you should add authenticate method '
'to your authmetadata instance in app_cfg',
DeprecationWarning, 2)
from tg.configuration.mongo.auth import create_default_authenticator
auth_args, mingauth = create_default_authenticator(**auth_args)
authenticator = ('mingauth', mingauth)
else:
authenticator = None
if authenticator is not None:
if pos is None:
auth_args['authenticators'] = [authenticator]
else:
# We make a copy so that we don't modify the original one.
auth_args['authenticators'] = auth_args['authenticators']
auth_args['authenticators'][pos] = authenticator
from tg.configuration.auth import setup_auth
app = setup_auth(app,
skip_authentication=conf['skip_authentication'],
**auth_args)
return app
def add_auth_middleware(self, app, skip_authentication):
"""
Configure authentication and authorization.
:param app: The TG2 application.
:param skip_authentication: Should authentication be skipped if
explicitly requested? (used by repoze.who-testutil)
:type skip_authentication: bool
"""
# Configuring auth logging:
if 'log_stream' not in self.sa_auth:
self.sa_auth['log_stream'] = logging.getLogger('auth')
# Removing keywords not used by repoze.who:
auth_args = copy(self.sa_auth)
if 'sa_auth' in config:
auth_args.update(config.sa_auth)
if 'password_encryption_method' in auth_args:
del auth_args['password_encryption_method']
if not skip_authentication:
if not 'cookie_secret' in auth_args.keys():
msg = "base_config.sa_auth.cookie_secret is required "\
"you must define it in app_cfg.py or set "\
"sa_auth.cookie_secret in development.ini"
raise TGConfigError(msg)
if 'authmetadata' not in auth_args:
#authmetadata not provided, fallback to old authentication setup
if self.auth_backend == "sqlalchemy":
from repoze.what.plugins.quickstart import setup_sql_auth
app = setup_sql_auth(app, skip_authentication=skip_authentication, **auth_args)
elif self.auth_backend == "ming":
from tgming import setup_ming_auth
app = setup_ming_auth(app, skip_authentication=skip_authentication, **auth_args)
else:
try:
pos = auth_args['authenticators'].index(('default', None))
except KeyError:
pos = None
except ValueError:
pos = -1
if pos is None or pos >= 0:
if self.auth_backend == "sqlalchemy":
from tg.configuration.sqla.auth import create_default_authenticator
auth_args, sqlauth = create_default_authenticator(**auth_args)
authenticator = ('sqlauth', sqlauth)
elif self.auth_backend == "ming":
from tg.configuration.mongo.auth import create_default_authenticator
auth_args, mingauth = create_default_authenticator(**auth_args)
authenticator = ('mingauth', mingauth)
else:
authenticator = None
if authenticator:
if pos is None:
auth_args['authenticators'] = [authenticator]
else:
auth_args['authenticators'][pos] = authenticator
from tg.configuration.auth import setup_auth
app = setup_auth(app, skip_authentication=skip_authentication, **auth_args)
return app
