From bd8f73be18f8f54daff34debd976a4b81be886aa Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sun, 29 Dec 2019 23:29:48 -0600 Subject: update authentication and authorization chapters of the quick_tutorial to use the new ISecurityPolicy --- .../authorization/tutorial/__init__.py | 18 ++++------ .../authorization/tutorial/security.py | 41 ++++++++++++++++++++-- 2 files changed, 45 insertions(+), 14 deletions(-) (limited to 'docs/quick_tutorial/authorization') diff --git a/docs/quick_tutorial/authorization/tutorial/__init__.py b/docs/quick_tutorial/authorization/tutorial/__init__.py index 8f7ab8277..255bb35ac 100644 --- a/docs/quick_tutorial/authorization/tutorial/__init__.py +++ b/docs/quick_tutorial/authorization/tutorial/__init__.py @@ -1,8 +1,6 @@ -from pyramid.authentication import AuthTktAuthenticationPolicy -from pyramid.authorization import ACLAuthorizationPolicy from pyramid.config import Configurator -from .security import groupfinder +from .security import SecurityPolicy def main(global_config, **settings): @@ -10,17 +8,15 @@ def main(global_config, **settings): root_factory='.resources.Root') config.include('pyramid_chameleon') - # Security policies - authn_policy = AuthTktAuthenticationPolicy( - settings['tutorial.secret'], callback=groupfinder, - hashalg='sha512') - authz_policy = ACLAuthorizationPolicy() - config.set_authentication_policy(authn_policy) - config.set_authorization_policy(authz_policy) + config.set_security_policy( + SecurityPolicy( + secret=settings['tutorial.secret'], + ), + ) config.add_route('home', '/') config.add_route('hello', '/howdy') config.add_route('login', '/login') config.add_route('logout', '/logout') config.scan('.views') - return config.make_wsgi_app() \ No newline at end of file + return config.make_wsgi_app() diff --git a/docs/quick_tutorial/authorization/tutorial/security.py b/docs/quick_tutorial/authorization/tutorial/security.py index e585e2642..a968f680d 100644 --- a/docs/quick_tutorial/authorization/tutorial/security.py +++ b/docs/quick_tutorial/authorization/tutorial/security.py @@ -1,4 +1,7 @@ import bcrypt +from pyramid.authentication import AuthTktCookieHelper +from pyramid.authorization import ACLHelper +from pyramid.security import Authenticated, Everyone def hash_password(pw): @@ -15,6 +18,38 @@ USERS = {'editor': hash_password('editor'), GROUPS = {'editor': ['group:editors']} -def groupfinder(userid, request): - if userid in USERS: - return GROUPS.get(userid, []) \ No newline at end of file +class SecurityPolicy: + def __init__(self, secret): + self.authtkt = AuthTktCookieHelper( + secret=secret, + hashalg='sha512', + ) + self.acl = ACLHelper() + + def identify(self, request): + identity = self.authtkt.identify(request) + if identity is not None and identity['userid'] in USERS: + return identity + + def authenticated_userid(self, request): + identity = self.identify(request) + if identity is not None: + return identity['userid'] + + def remember(self, request, userid, **kw): + return self.authtkt.remember(request, userid, **kw) + + def forget(self, request, **kw): + return self.authtkt.forget(request, **kw) + + def permits(self, request, context, permission): + principals = self.effective_principals(request) + return self.acl.permits(context, principals, permission) + + def effective_principals(self, request): + principals = [Everyone] + userid = self.authenticated_userid(request) + if userid is not None: + principals += [Authenticated, 'u:' + userid] + principals += GROUPS.get(userid, []) + return principals -- cgit v1.2.3 From 25439c2dbd4ff971e2a32ac96fc893de0bdcefd3 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Mon, 30 Dec 2019 13:29:25 -0600 Subject: rename identify(request) to authenticated_identity(request) --- docs/quick_tutorial/authorization/tutorial/security.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/quick_tutorial/authorization') diff --git a/docs/quick_tutorial/authorization/tutorial/security.py b/docs/quick_tutorial/authorization/tutorial/security.py index a968f680d..a004a20f2 100644 --- a/docs/quick_tutorial/authorization/tutorial/security.py +++ b/docs/quick_tutorial/authorization/tutorial/security.py @@ -26,13 +26,13 @@ class SecurityPolicy: ) self.acl = ACLHelper() - def identify(self, request): + def authenticated_identity(self, request): identity = self.authtkt.identify(request) if identity is not None and identity['userid'] in USERS: return identity def authenticated_userid(self, request): - identity = self.identify(request) + identity = self.authenticated_identity(request) if identity is not None: return identity['userid'] -- cgit v1.2.3 From 4255eecf1544731a7200ab0a24671195416601e2 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Tue, 31 Dec 2019 16:38:44 -0600 Subject: change hashalg on AuthTktCookieHelper to sha512. --- docs/quick_tutorial/authorization/tutorial/security.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'docs/quick_tutorial/authorization') diff --git a/docs/quick_tutorial/authorization/tutorial/security.py b/docs/quick_tutorial/authorization/tutorial/security.py index a004a20f2..5b3e04a5f 100644 --- a/docs/quick_tutorial/authorization/tutorial/security.py +++ b/docs/quick_tutorial/authorization/tutorial/security.py @@ -20,10 +20,7 @@ GROUPS = {'editor': ['group:editors']} class SecurityPolicy: def __init__(self, secret): - self.authtkt = AuthTktCookieHelper( - secret=secret, - hashalg='sha512', - ) + self.authtkt = AuthTktCookieHelper(secret=secret) self.acl = ACLHelper() def authenticated_identity(self, request): -- cgit v1.2.3