{ "info": { "author": "Ian Bicking", "author_email": "ianb@openplans.org", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Framework :: Paste", "License :: OSI Approved :: MIT License", "Topic :: Internet :: WWW/HTTP :: WSGI", "Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware" ], "description": "Introduction\n------------\n\nMany debugging tools provide through-the-web functionality that is\nprivate, important to secure, and orthogonal to any other\nauthentication on the system. DevAuth is a tool to provide a single\nway to restrict access to these tools.\n\nDevAuth is only an authentication system, it does not itself provide\nany tools. It is *only* intended for developers, and is not an\nauthentication system that is usable in general-purpose applications.\n\nThis is written for `the wsgi.org developer_auth spec\n`_.\n\nAuthentication\n--------------\n\nThere are two means of authentication that DevAuth uses:\nusername/password authentication, and IP-based restrictions. Ideally\nyou would use both of these for higher security. It may also be\nreasonable to use an IP restriction of 127.0.0.1 for local\ndevelopment.\n\nUsername/password authentication can be done with a function that\nchecks the username and password (like ``valid_login =\npassword_checker(username, password)``), or with an Apache\nhtpasswd-style file.\n\nIP based authentication uses ``deny`` and ``allow``. If you give IP\naddresses that are denied, these are entirely rejected; if you give IP\naddresses that are allowed, then only requests from these IP addresses\nare allowed. ``deny`` takes precedence over ``allow``. These can be\nlists of IP addresses (with commas), `IP masks\n`_ (like\n``192.168.0.0/24``) or ranges like ``192.168.1<->3`` (meaning\n192.168.{1-3}.*).\n\nAny change in the developer's IP address will require re-login.\nLogins may expire (if so configured) and require re-login.\n\nUsage/Configuration\n-------------------\n\nThe basic usage of DevAuth is like::\n\n from devauth import DevAuth\n\n app = ... instantiate main app ...\n wrapped_app = DevAuth(app, ...configuration...)\n\nThe configuration is keyword arguments:\n\n``allow``:\n The allowed IP addresses. This can be a string or a list of\n strings. See `Authentication`_ for the allowed formats. This\n defaults to ``\"127.0.0.1\"``, i.e., only local access is allowed.\n None means allow any IP address. Note both\n ``environ['REMOTE_ADDR']`` and ``environ['HTTP_X_FORWARDED_FOR']``\n are checked, and both must pass.\n\n``deny``:\n Similar to ``allow``, except any requests from IP addresses\n matching these IP addresses will not be allowed to login.\n\n``password_file``:\n This is a filename, the location of a password file as generated\n by `htpasswd\n `_. You\n can create this file like::\n\n $ htpasswd -s devauth.htpasswd username\n New password: \n Re-type new password: \n Adding password for user username\n\n You must use the argument ``-c`` to first create the file (without\n it an entry will be appended). ``-s`` hashes your password with\n SHA; any hash supported by htpasswd will work, but SHA is better\n than the default.\n\n``password_checker``:\n This is a function to check the username and password. A very\n simple implementation might be::\n\n def password_checker(username, password):\n return username == 'admin' and password='topsecret'\n\n``secret_file``, ``secret``:\n DevAuth uses a server-side secret to sign the login cookies. You\n can keep this secret in a file or provide it directly. If you\n give it a filename and the file doesn't exist, a file will be\n created with a randomly generated secret (it is advantageous to\n keep it in a file because it will persist over restarts, so\n developers won't have to re-login).\n\n The default is to keep the secret in ``$TMP/devauth.txt``, where\n ``$TMP`` is replaced with the appropriate system temporary\n directory.\n\n``logger``:\n A `logging `_ logger\n instance, or the name of a logger. If not given a logger is\n created with the name ``DevAuth``. This logs logins, failed\n logins, problems with signed keys, etc.\n\n``expiration``:\n The number of minutes the login is valid for (None means no\n expiration). This is counted from the time of login, so even if\n you maintain activity the login will still expire.\n\n``login_mountpoint``:\n This is the URL where the login will take place, it defaults to\n ``/.devauth``. Then the login is at ``/.devauth/login`` and the\n logout is at ``/.devauth/logout``. Only these two URLs are\n intercepted, so you can still have things at other URLs like\n ``/.devauth/logs`` (if you do this, you'll probably replace\n ``/.devauth`` with something specific to your application).\n\nPaste Deploy Configuration\n--------------------------\n\nYou can use this with `Paste Deploy configuration\n`_ (as used in Pylons and Repoze). It\nlooks something like::\n\n [filter:devauth]\n use = egg:DevAuth\n allow = 127.0.0.1\n 192.168.0.0/16\n # Toby's computer:\n # (I hate him so much!)\n deny = 192.168.0.23\n # File created with htpasswd:\n password_file = %(here)s/developers.htpasswd\n # Login expires after 1 hour:\n # So Toby can't hijack my session by using my computer.\n # (I hate him so much!)\n expiration = 60\n # You'll login in at /.devauth/login (the default):\n login_mountpoint = /.devauth\n\n [app:myapp]\n blah blah blah\n\n [pipeline:main]\n pipeline = devauth myapp\n\nFor Tool Developers\n-------------------\n\nIf you want to check if a developer is logged in, look for\n``environ['x-wsgiorg.developer_user']``. This key will have the\nusername as a value. If the page is for developers only, then return\n``403 Forbidden``.", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://devauth.openplans.org", "keywords": "wsgi debug tool", "license": "MIT", "maintainer": null, "maintainer_email": null, "name": "DevAuth", "package_url": "https://pypi.org/project/DevAuth/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/DevAuth/", "project_urls": { "Download": "UNKNOWN", "Homepage": "http://devauth.openplans.org" }, "release_url": "https://pypi.org/project/DevAuth/0.1.2/", "requires_dist": null, "requires_python": null, "summary": "Authentication for developer access to applications", "version": "0.1.2" }, "last_serial": 784094, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "03feb9508e4ec572854d7f4adff7ff8b", "sha256": "c51718d8b1e04550c205b31bd362e32537541e448848257784803571cdbbf46a" }, "downloads": -1, "filename": "DevAuth-0.1.tar.gz", "has_sig": false, "md5_digest": "03feb9508e4ec572854d7f4adff7ff8b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14810, "upload_time": "2009-07-14T00:49:44", "url": "https://files.pythonhosted.org/packages/a3/ca/0970f6d0c33e21dcb2c6465e9b12c2ec31017fda1fb3d3f9c7a35245f86f/DevAuth-0.1.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "c2a6e56b7f621779c7b868589b15e6b5", "sha256": "3329af091397f3fc285930d3a6ec59bd5501095de0163ea519450f74e9fdeb4e" }, "downloads": -1, "filename": "DevAuth-0.1.1.tar.gz", "has_sig": false, "md5_digest": "c2a6e56b7f621779c7b868589b15e6b5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13290, "upload_time": "2010-09-23T19:27:26", "url": "https://files.pythonhosted.org/packages/21/db/f96292277365237b99b60d668eefb36d83d7530c8b23cc0556a8680549c7/DevAuth-0.1.1.tar.gz" } ], "0.1.2": [ { "comment_text": "", "digests": { "md5": "d9382f8c0d161042c0d7b9cad5b7e22a", "sha256": "c348a6c2b8b690208bceb53dd33bdca441502293b58a1b48530a84071e60a1a3" }, "downloads": -1, "filename": "DevAuth-0.1.2.tar.gz", "has_sig": false, "md5_digest": "d9382f8c0d161042c0d7b9cad5b7e22a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13381, "upload_time": "2010-09-23T19:51:14", "url": "https://files.pythonhosted.org/packages/0e/36/888371b004ae7f1ad24b4a3ecd69508dd40c1a00a5eb6cac239f922071c0/DevAuth-0.1.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "d9382f8c0d161042c0d7b9cad5b7e22a", "sha256": "c348a6c2b8b690208bceb53dd33bdca441502293b58a1b48530a84071e60a1a3" }, "downloads": -1, "filename": "DevAuth-0.1.2.tar.gz", "has_sig": false, "md5_digest": "d9382f8c0d161042c0d7b9cad5b7e22a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13381, "upload_time": "2010-09-23T19:51:14", "url": "https://files.pythonhosted.org/packages/0e/36/888371b004ae7f1ad24b4a3ecd69508dd40c1a00a5eb6cac239f922071c0/DevAuth-0.1.2.tar.gz" } ] }