From bd8f73be18f8f54daff34debd976a4b81be886aa Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sun, 29 Dec 2019 23:29:48 -0600 Subject: update authentication and authorization chapters of the quick_tutorial to use the new ISecurityPolicy --- .../authentication/tutorial/__init__.py | 18 ++++++--------- .../authentication/tutorial/security.py | 27 ++++++++++++++++++---- 2 files changed, 30 insertions(+), 15 deletions(-) (limited to 'docs/quick_tutorial/authentication/tutorial') diff --git a/docs/quick_tutorial/authentication/tutorial/__init__.py b/docs/quick_tutorial/authentication/tutorial/__init__.py index efc09e760..ec8a66a23 100644 --- a/docs/quick_tutorial/authentication/tutorial/__init__.py +++ b/docs/quick_tutorial/authentication/tutorial/__init__.py @@ -1,25 +1,21 @@ -from pyramid.authentication import AuthTktAuthenticationPolicy -from pyramid.authorization import ACLAuthorizationPolicy from pyramid.config import Configurator -from .security import groupfinder +from .security import SecurityPolicy def main(global_config, **settings): config = Configurator(settings=settings) config.include('pyramid_chameleon') - # Security policies - authn_policy = AuthTktAuthenticationPolicy( - settings['tutorial.secret'], callback=groupfinder, - hashalg='sha512') - authz_policy = ACLAuthorizationPolicy() - config.set_authentication_policy(authn_policy) - config.set_authorization_policy(authz_policy) + config.set_security_policy( + SecurityPolicy( + secret=settings['tutorial.secret'], + ), + ) config.add_route('home', '/') config.add_route('hello', '/howdy') config.add_route('login', '/login') config.add_route('logout', '/logout') config.scan('.views') - return config.make_wsgi_app() \ No newline at end of file + return config.make_wsgi_app() diff --git a/docs/quick_tutorial/authentication/tutorial/security.py b/docs/quick_tutorial/authentication/tutorial/security.py index e585e2642..acec06e7a 100644 --- a/docs/quick_tutorial/authentication/tutorial/security.py +++ b/docs/quick_tutorial/authentication/tutorial/security.py @@ -1,4 +1,5 @@ import bcrypt +from pyramid.authentication import AuthTktCookieHelper def hash_password(pw): @@ -12,9 +13,27 @@ def check_password(pw, hashed_pw): USERS = {'editor': hash_password('editor'), 'viewer': hash_password('viewer')} -GROUPS = {'editor': ['group:editors']} -def groupfinder(userid, request): - if userid in USERS: - return GROUPS.get(userid, []) \ No newline at end of file +class SecurityPolicy: + def __init__(self, secret): + self.authtkt = AuthTktCookieHelper( + secret=secret, + hashalg='sha512', + ) + + def identify(self, request): + identity = self.authtkt.identify(request) + if identity is not None and identity['userid'] in USERS: + return identity + + def authenticated_userid(self, request): + identity = self.identify(request) + if identity is not None: + return identity['userid'] + + def remember(self, request, userid, **kw): + return self.authtkt.remember(request, userid, **kw) + + def forget(self, request, **kw): + return self.authtkt.forget(request, **kw) -- cgit v1.2.3 From 25439c2dbd4ff971e2a32ac96fc893de0bdcefd3 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Mon, 30 Dec 2019 13:29:25 -0600 Subject: rename identify(request) to authenticated_identity(request) --- docs/quick_tutorial/authentication/tutorial/security.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/quick_tutorial/authentication/tutorial') diff --git a/docs/quick_tutorial/authentication/tutorial/security.py b/docs/quick_tutorial/authentication/tutorial/security.py index acec06e7a..e8d323ea7 100644 --- a/docs/quick_tutorial/authentication/tutorial/security.py +++ b/docs/quick_tutorial/authentication/tutorial/security.py @@ -22,13 +22,13 @@ class SecurityPolicy: hashalg='sha512', ) - def identify(self, request): + def authenticated_identity(self, request): identity = self.authtkt.identify(request) if identity is not None and identity['userid'] in USERS: return identity def authenticated_userid(self, request): - identity = self.identify(request) + identity = self.authenticated_identity(request) if identity is not None: return identity['userid'] -- cgit v1.2.3 From 4255eecf1544731a7200ab0a24671195416601e2 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Tue, 31 Dec 2019 16:38:44 -0600 Subject: change hashalg on AuthTktCookieHelper to sha512. --- docs/quick_tutorial/authentication/tutorial/security.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'docs/quick_tutorial/authentication/tutorial') diff --git a/docs/quick_tutorial/authentication/tutorial/security.py b/docs/quick_tutorial/authentication/tutorial/security.py index e8d323ea7..8324000ed 100644 --- a/docs/quick_tutorial/authentication/tutorial/security.py +++ b/docs/quick_tutorial/authentication/tutorial/security.py @@ -17,10 +17,7 @@ USERS = {'editor': hash_password('editor'), class SecurityPolicy: def __init__(self, secret): - self.authtkt = AuthTktCookieHelper( - secret=secret, - hashalg='sha512', - ) + self.authtkt = AuthTktCookieHelper(secret=secret) def authenticated_identity(self, request): identity = self.authtkt.identify(request) -- cgit v1.2.3