diff options
| author | Michael Merickel <michael@merickel.org> | 2019-12-29 23:29:48 -0600 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2019-12-29 23:33:51 -0600 |
| commit | bd8f73be18f8f54daff34debd976a4b81be886aa (patch) | |
| tree | b300830496794c1cbed52063eef4a228fcb2511c /docs/quick_tutorial/authorization | |
| parent | ce48c934046f470f8c32ec98666f484f482f32f0 (diff) | |
| download | pyramid-bd8f73be18f8f54daff34debd976a4b81be886aa.tar.gz pyramid-bd8f73be18f8f54daff34debd976a4b81be886aa.tar.bz2 pyramid-bd8f73be18f8f54daff34debd976a4b81be886aa.zip | |
update authentication and authorization chapters of the quick_tutorial to use the new ISecurityPolicy
Diffstat (limited to 'docs/quick_tutorial/authorization')
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/__init__.py | 18 | ||||
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/security.py | 41 |
2 files changed, 45 insertions, 14 deletions
diff --git a/docs/quick_tutorial/authorization/tutorial/__init__.py b/docs/quick_tutorial/authorization/tutorial/__init__.py index 8f7ab8277..255bb35ac 100644 --- a/docs/quick_tutorial/authorization/tutorial/__init__.py +++ b/docs/quick_tutorial/authorization/tutorial/__init__.py @@ -1,8 +1,6 @@ -from pyramid.authentication import AuthTktAuthenticationPolicy -from pyramid.authorization import ACLAuthorizationPolicy from pyramid.config import Configurator -from .security import groupfinder +from .security import SecurityPolicy def main(global_config, **settings): @@ -10,17 +8,15 @@ def main(global_config, **settings): root_factory='.resources.Root') config.include('pyramid_chameleon') - # Security policies - authn_policy = AuthTktAuthenticationPolicy( - settings['tutorial.secret'], callback=groupfinder, - hashalg='sha512') - authz_policy = ACLAuthorizationPolicy() - config.set_authentication_policy(authn_policy) - config.set_authorization_policy(authz_policy) + config.set_security_policy( + SecurityPolicy( + secret=settings['tutorial.secret'], + ), + ) config.add_route('home', '/') config.add_route('hello', '/howdy') config.add_route('login', '/login') config.add_route('logout', '/logout') config.scan('.views') - return config.make_wsgi_app()
\ No newline at end of file + return config.make_wsgi_app() diff --git a/docs/quick_tutorial/authorization/tutorial/security.py b/docs/quick_tutorial/authorization/tutorial/security.py index e585e2642..a968f680d 100644 --- a/docs/quick_tutorial/authorization/tutorial/security.py +++ b/docs/quick_tutorial/authorization/tutorial/security.py @@ -1,4 +1,7 @@ import bcrypt +from pyramid.authentication import AuthTktCookieHelper +from pyramid.authorization import ACLHelper +from pyramid.security import Authenticated, Everyone def hash_password(pw): @@ -15,6 +18,38 @@ USERS = {'editor': hash_password('editor'), GROUPS = {'editor': ['group:editors']} -def groupfinder(userid, request): - if userid in USERS: - return GROUPS.get(userid, [])
\ No newline at end of file +class SecurityPolicy: + def __init__(self, secret): + self.authtkt = AuthTktCookieHelper( + secret=secret, + hashalg='sha512', + ) + self.acl = ACLHelper() + + def identify(self, request): + identity = self.authtkt.identify(request) + if identity is not None and identity['userid'] in USERS: + return identity + + def authenticated_userid(self, request): + identity = self.identify(request) + if identity is not None: + return identity['userid'] + + def remember(self, request, userid, **kw): + return self.authtkt.remember(request, userid, **kw) + + def forget(self, request, **kw): + return self.authtkt.forget(request, **kw) + + def permits(self, request, context, permission): + principals = self.effective_principals(request) + return self.acl.permits(context, principals, permission) + + def effective_principals(self, request): + principals = [Everyone] + userid = self.authenticated_userid(request) + if userid is not None: + principals += [Authenticated, 'u:' + userid] + principals += GROUPS.get(userid, []) + return principals |