diff options
| author | Michael Merickel <michael@merickel.org> | 2020-01-16 10:09:45 -0600 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2020-01-16 10:09:45 -0600 |
| commit | a7f61dc1ae95ffddacccfb583fa7a8f6d294f4b9 (patch) | |
| tree | 8aca99052f7086bcb37609b516d7a11902377d71 /docs/quick_tutorial/authorization | |
| parent | eb7046c8eeb8c9b598260ae8c8976187a8f84953 (diff) | |
| parent | 9c153e1250e00faa06003c10c3a26886489e6210 (diff) | |
| download | pyramid-a7f61dc1ae95ffddacccfb583fa7a8f6d294f4b9.tar.gz pyramid-a7f61dc1ae95ffddacccfb583fa7a8f6d294f4b9.tar.bz2 pyramid-a7f61dc1ae95ffddacccfb583fa7a8f6d294f4b9.zip | |
Merge branch 'master' into move-acl-security-to-authorization
Diffstat (limited to 'docs/quick_tutorial/authorization')
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/__init__.py | 18 | ||||
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/security.py | 38 |
2 files changed, 42 insertions, 14 deletions
diff --git a/docs/quick_tutorial/authorization/tutorial/__init__.py b/docs/quick_tutorial/authorization/tutorial/__init__.py index 8f7ab8277..255bb35ac 100644 --- a/docs/quick_tutorial/authorization/tutorial/__init__.py +++ b/docs/quick_tutorial/authorization/tutorial/__init__.py @@ -1,8 +1,6 @@ -from pyramid.authentication import AuthTktAuthenticationPolicy -from pyramid.authorization import ACLAuthorizationPolicy from pyramid.config import Configurator -from .security import groupfinder +from .security import SecurityPolicy def main(global_config, **settings): @@ -10,17 +8,15 @@ def main(global_config, **settings): root_factory='.resources.Root') config.include('pyramid_chameleon') - # Security policies - authn_policy = AuthTktAuthenticationPolicy( - settings['tutorial.secret'], callback=groupfinder, - hashalg='sha512') - authz_policy = ACLAuthorizationPolicy() - config.set_authentication_policy(authn_policy) - config.set_authorization_policy(authz_policy) + config.set_security_policy( + SecurityPolicy( + secret=settings['tutorial.secret'], + ), + ) config.add_route('home', '/') config.add_route('hello', '/howdy') config.add_route('login', '/login') config.add_route('logout', '/logout') config.scan('.views') - return config.make_wsgi_app()
\ No newline at end of file + return config.make_wsgi_app() diff --git a/docs/quick_tutorial/authorization/tutorial/security.py b/docs/quick_tutorial/authorization/tutorial/security.py index e585e2642..5b3e04a5f 100644 --- a/docs/quick_tutorial/authorization/tutorial/security.py +++ b/docs/quick_tutorial/authorization/tutorial/security.py @@ -1,4 +1,7 @@ import bcrypt +from pyramid.authentication import AuthTktCookieHelper +from pyramid.authorization import ACLHelper +from pyramid.security import Authenticated, Everyone def hash_password(pw): @@ -15,6 +18,35 @@ USERS = {'editor': hash_password('editor'), GROUPS = {'editor': ['group:editors']} -def groupfinder(userid, request): - if userid in USERS: - return GROUPS.get(userid, [])
\ No newline at end of file +class SecurityPolicy: + def __init__(self, secret): + self.authtkt = AuthTktCookieHelper(secret=secret) + self.acl = ACLHelper() + + def authenticated_identity(self, request): + identity = self.authtkt.identify(request) + if identity is not None and identity['userid'] in USERS: + return identity + + def authenticated_userid(self, request): + identity = self.authenticated_identity(request) + if identity is not None: + return identity['userid'] + + def remember(self, request, userid, **kw): + return self.authtkt.remember(request, userid, **kw) + + def forget(self, request, **kw): + return self.authtkt.forget(request, **kw) + + def permits(self, request, context, permission): + principals = self.effective_principals(request) + return self.acl.permits(context, principals, permission) + + def effective_principals(self, request): + principals = [Everyone] + userid = self.authenticated_userid(request) + if userid is not None: + principals += [Authenticated, 'u:' + userid] + principals += GROUPS.get(userid, []) + return principals |