{ "info": { "author": "ilex (fork author)", "author_email": "gnarlychicken@gmx.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3 :: Only", "Topic :: Internet :: WWW/HTTP :: Session" ], "description": "aiohttp_auth_autz\n=================\n\n.. image:: https://travis-ci.org/ilex/aiohttp_auth_autz.svg?branch=master\n :target: https://travis-ci.org/ilex/aiohttp_auth_autz\n\n.. image:: https://readthedocs.org/projects/aiohttp-auth-autz/badge/?version=latest\n :target: http://aiohttp-auth-autz.readthedocs.io/en/latest/?badge=latest\n :alt: Documentation Status\n\nThis library provides authorization and authentication middleware plugins for\naiohttp servers.\n\nThese plugins are designed to be lightweight, simple, and extensible, allowing\nthe library to be reused regardless of the backend authentication mechanism.\nThis provides a familiar framework across projects.\n\nThere are three middleware plugins provided by the library. The ``auth_middleware``\nplugin provides a simple system for authenticating a users credentials, and\nensuring that the user is who they say they are.\n\nThe ``autz_middleware`` plugin provides a generic way of authorization using \ndifferent authorization policies. There is the ACL authorization policy as a\npart of the plugin.\n\nThe ``acl_middleware`` plugin provides a simple access control list authorization\nmechanism, where users are provided access to different view handlers depending\non what groups the user is a member of. It is recomended to use ``autz_middleware``\nwith ACL policy instead of this middleware.\n\nThis is a fork of `aiohttp_auth `_\nlibrary that fixes some bugs and security issues and also introduces a generic \nauthorization ``autz`` middleware with built in ACL authorization policy.\n\n\nDocumentation\n-------------\n\nhttp://aiohttp-auth-autz.readthedocs.io/\n\n\nInstall\n-------\n\nInstall ``aiohttp_auth_autz`` using ``pip``::\n\n $ pip install aiohttp_auth_autz\n\n\nGetting Started\n---------------\n\nA simple example how to use authentication and authorization middleware\nwith an aiohttp application.\n\n.. code-block:: python\n\n import asyncio\n\n from os import urandom\n\n import aiohttp_auth\n\n from aiohttp import web\n from aiohttp_auth import auth, autz\n from aiohttp_auth.auth import auth_required\n from aiohttp_auth.autz import autz_required\n from aiohttp_auth.autz.policy import acl\n from aiohttp_auth.permissions import Permission, Group\n\n db = {\n 'bob': {\n 'password': 'bob_password',\n 'groups': ['guest', 'staff']\n },\n 'alice': {\n 'password': 'alice_password',\n 'groups': ['guest']\n }\n }\n\n # global ACL context\n context = [(Permission.Allow, 'guest', {'view', }),\n (Permission.Deny, 'guest', {'edit', }),\n (Permission.Allow, 'staff', {'view', 'edit', 'admin_view'}),\n (Permission.Allow, Group.Everyone, {'view_home', })]\n\n\n # create an ACL authorization policy class\n class ACLAutzPolicy(acl.AbstractACLAutzPolicy):\n \"\"\"The concrete ACL authorization policy.\"\"\"\n\n def __init__(self, db, context=None):\n # do not forget to call parent __init__\n super().__init__(context)\n\n self.db = db\n\n async def acl_groups(self, user_identity):\n \"\"\"Return acl groups for given user identity.\n\n This method should return a sequence of groups for given user_identity.\n\n Args:\n user_identity: User identity returned by auth.get_auth.\n\n Returns:\n Sequence of acl groups for the user identity.\n \"\"\"\n # implement application specific logic here\n user = self.db.get(user_identity, None)\n if user is None:\n # return empty tuple in order to give a chance \n # to Group.Everyone\n return tuple()\n\n return user['groups']\n\n\n async def login(request):\n # http://127.0.0.1:8080/login?username=bob&password=bob_password\n user_identity = request.GET.get('username', None)\n password = request.GET.get('password', None)\n if user_identity in db and password == db[user_identity]['password']:\n # remember user identity\n await auth.remember(request, user_identity)\n return web.Response(text='Ok')\n\n raise web.HTTPUnauthorized()\n\n\n # only authenticated users can logout\n # if user is not authenticated auth_required decorator\n # will raise a web.HTTPUnauthorized\n @auth_required\n async def logout(request):\n # forget user identity\n await auth.forget(request)\n return web.Response(text='Ok')\n\n\n # user should have a group with 'admin_view' permission allowed\n # if he does not autz_required will raise a web.HTTPForbidden\n @autz_required('admin_view')\n async def admin(request):\n return web.Response(text='Admin Page')\n\n\n @autz_required('view_home')\n async def home(request):\n text = 'Home page.'\n # check if current user is permitted with 'admin_view' permission\n if await autz.permit(request, 'admin_view'):\n text += ' Admin page: http://127.0.0.1:8080/admin'\n # get current user identity\n user_identity = await auth.get_auth(request)\n if user_identity is not None:\n # user is authenticated\n text += ' Logout: http://127.0.0.1:8080/logout'\n return web.Response(text=text)\n\n\n # decorators can work with class based views\n class MyView(web.View):\n \"\"\"Class based view.\"\"\"\n\n @autz_required('view')\n async def get(self):\n # example of permit using\n if await autz.permit(self.request, 'view'):\n return web.Response(text='View Page')\n return web.Response(text='View is not permitted')\n\n\n def init_app(loop):\n app = web.Application()\n\n # Create an auth ticket mechanism that expires after 1 minute (60\n # seconds), and has a randomly generated secret. Also includes the\n # optional inclusion of the users IP address in the hash\n auth_policy = auth.CookieTktAuthentication(urandom(32), 60,\n include_ip=True)\n\n # Create an ACL authorization policy\n autz_policy = ACLAutzPolicy(db, context)\n\n # setup middlewares in aiohttp fashion\n aiohttp_auth.setup(app, auth_policy, autz_policy)\n\n app.router.add_get('/', home)\n app.router.add_get('/login', login)\n app.router.add_get('/logout', logout)\n app.router.add_get('/admin', admin)\n app.router.add_route('*', '/view', MyView)\n\n return app\n\n\n loop = asyncio.get_event_loop()\n app = init_app(loop)\n\n web.run_app(app, host='127.0.0.1', loop=loop)\n\n\nLicense\n-------\n\nThe library is licensed under a MIT license.\n\nChangelog\n=========\n\n0.2.2 (2017-04-18)\n------------------\n\n- Move to ``aiohttp`` 2.x.\n\n- Add support of middlewares decorators for ``aiohttp.web.View`` handlers.\n\n- Add ``uvloop`` as IO loop for tests.\n\n0.2.1 (2017-02-16)\n------------------\n- ``autz`` middleware:\n \n - Simplify ``acl`` authorization policy by moving permit logic into ``policy.acl.AbstractACLAutzPolicy``.\n \n - Remove ``policy.acl.AbstractACLContext`` class.\n\n - Remove ``policy.acl.NaiveACLContext`` class.\n \n - Remove ``policy.acl.ACLContext`` class.\n\n\n0.2.0 (2017-02-14)\n------------------\n\n- ``acl`` middleware:\n\n - Add ``setup`` function for ``acl`` middleware to install it in aiohttp fashion.\n\n - Fix bug in ``acl_required`` decorator.\n\n - Fix a possible security issue with ``acl`` groups. The issue is follow: the default behavior is\n to add ``user_id`` to groups for authenticated users by the acl middleware, but if \n ``user_id`` is equal to some of acl groups that user suddenly has the permissions he is not \n allowed for. So to avoid this kind of issue ``user_id`` is not added to groups any more. \n\n - Introduce ``AbstractACLGroupsCallback`` class in ``acl`` middleware to make it possible easily create \n callable object by inheriting from the abstract class and implementing ``acl_groups`` method. It\n can be useful to store additional information (such database connection etc.) within such class.\n An instance of this subclass can be used in place of ``acl_groups_callback`` parameter.\n\n- ``auth`` middleware:\n\n - Add ``setup`` function for ``auth`` middleware to install it in aiohttp fashion.\n\n - ``auth.auth_required`` raised now a ``web.HTTPUnauthorized`` instead of a ``web.HTTPForbidden``.\n\n- Introduce generic authorization middleware ``autz`` that performs authorization through the same\n interface (``autz.permit`` coroutine and ``autz_required`` decorator) but using different policies. \n Middleware has the ACL authorization as the built in policy which works in the same way as ``acl``\n middleware. Users are free to add their own custom policies or to modify ACL one.\n\n- Add global ``aiohttp_auth.setup`` function to install ``auth`` and ``autz`` middlewares at once \n in aiohttp fashion.\n\n- Add docs.\n\n- Rewrite tests using ``pytest`` and ``pytest-aiohttp``.\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/ilex/aiohttp_auth_autz", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "aiohttp_auth_autz", "package_url": "https://pypi.org/project/aiohttp_auth_autz/", "platform": "", "project_url": "https://pypi.org/project/aiohttp_auth_autz/", "project_urls": { "Homepage": "https://github.com/ilex/aiohttp_auth_autz" }, "release_url": "https://pypi.org/project/aiohttp_auth_autz/0.2.2/", "requires_dist": null, "requires_python": "", "summary": "Authorization and authentication middleware plugin for aiohttp.", "version": "0.2.2" }, "last_serial": 2810875, "releases": { "0.2.0": [ { "comment_text": "", "digests": { "md5": "cea2810574727fc7c66164858ce58b6e", "sha256": "4321483463cda3dcba4574455b7f170bd8a908d7fc727116ebeb9b4dd65ecbb3" }, "downloads": -1, "filename": "aiohttp_auth_autz-0.2.0-py3-none-any.whl", "has_sig": false, "md5_digest": "cea2810574727fc7c66164858ce58b6e", "packagetype": "bdist_wheel", "python_version": "3.5", "requires_python": null, "size": 24466, "upload_time": "2017-02-14T22:01:04", "url": "https://files.pythonhosted.org/packages/31/80/071d10e0c952339ca0e04b90673551cb4b52f19c5e52831896fbc102203b/aiohttp_auth_autz-0.2.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "47a6aa186fd13b109235e5d8a870bb60", "sha256": "ead99b7bd7e8575f8dc5e95a28cd7060c1d8335051b635c0520cc836d47de9af" }, "downloads": -1, "filename": "aiohttp_auth_autz-0.2.0.tar.gz", "has_sig": false, "md5_digest": "47a6aa186fd13b109235e5d8a870bb60", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15055, "upload_time": "2017-02-14T22:01:02", "url": "https://files.pythonhosted.org/packages/58/60/6335a1adb4b088bfcad2e7e75324348f3d260c41194f6f5af01c20cb49e0/aiohttp_auth_autz-0.2.0.tar.gz" } ], "0.2.1": [ { "comment_text": "", "digests": { "md5": "6bcc84294314e446f2e73ef8d06f90de", "sha256": "0e0d8b336f4956bd8bfff07aeb4771ad32fbd4cff56512f89a67fe3759323ac0" }, "downloads": -1, "filename": "aiohttp_auth_autz-0.2.1-py3-none-any.whl", "has_sig": false, "md5_digest": "6bcc84294314e446f2e73ef8d06f90de", "packagetype": "bdist_wheel", "python_version": "3.5", "requires_python": null, "size": 23795, "upload_time": "2017-02-16T09:13:03", "url": "https://files.pythonhosted.org/packages/2e/3e/4c6a3c12d91bbe703488f6cfda3a349f2e62530ea67ee56ccdc8f857cd2b/aiohttp_auth_autz-0.2.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c526d2388fa072b2f12ec674aa0682fe", "sha256": "ab7d28dcd2d60d4865b441afd924ce3f95c5fd67aa619fca67ff77003c882dca" }, "downloads": -1, "filename": "aiohttp_auth_autz-0.2.1.tar.gz", "has_sig": false, "md5_digest": "c526d2388fa072b2f12ec674aa0682fe", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14121, "upload_time": "2017-02-16T09:13:01", "url": "https://files.pythonhosted.org/packages/59/da/802d5577bb2824d478af31f983d0150032520825d165831f96f5ec890dd4/aiohttp_auth_autz-0.2.1.tar.gz" } ], "0.2.2": [ { "comment_text": "", "digests": { "md5": "edbd6c6978bdcedce32bfd53ab8340b8", "sha256": "922c6602d0c7ab79037aaa51479851bb89e6f34fbd112eb4eec7db5f864c4c21" }, "downloads": -1, "filename": "aiohttp_auth_autz-0.2.2-py3-none-any.whl", "has_sig": false, "md5_digest": "edbd6c6978bdcedce32bfd53ab8340b8", "packagetype": "bdist_wheel", "python_version": "3.5", "requires_python": null, "size": 24303, "upload_time": "2017-04-18T10:32:25", "url": "https://files.pythonhosted.org/packages/04/d0/51634d8758e25fe41587ecb624995ddf3c98a5a08a60466de12dfa334d48/aiohttp_auth_autz-0.2.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c9527e96af1a40ddc60c7187aa6d6816", "sha256": "e02aab24f671dde3cbfa863e71df9f83cbe8c15c4eb5114110b47856f4a0f799" }, "downloads": -1, "filename": "aiohttp_auth_autz-0.2.2.tar.gz", "has_sig": false, "md5_digest": "c9527e96af1a40ddc60c7187aa6d6816", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14470, "upload_time": "2017-04-18T10:32:23", "url": "https://files.pythonhosted.org/packages/19/50/6544b92f48c07e3af2c165e36b07167dcc5b7f1c4eec2e0c1cde998a54e3/aiohttp_auth_autz-0.2.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "edbd6c6978bdcedce32bfd53ab8340b8", "sha256": "922c6602d0c7ab79037aaa51479851bb89e6f34fbd112eb4eec7db5f864c4c21" }, "downloads": -1, "filename": "aiohttp_auth_autz-0.2.2-py3-none-any.whl", "has_sig": false, "md5_digest": "edbd6c6978bdcedce32bfd53ab8340b8", "packagetype": "bdist_wheel", "python_version": "3.5", "requires_python": null, "size": 24303, "upload_time": "2017-04-18T10:32:25", "url": "https://files.pythonhosted.org/packages/04/d0/51634d8758e25fe41587ecb624995ddf3c98a5a08a60466de12dfa334d48/aiohttp_auth_autz-0.2.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c9527e96af1a40ddc60c7187aa6d6816", "sha256": "e02aab24f671dde3cbfa863e71df9f83cbe8c15c4eb5114110b47856f4a0f799" }, "downloads": -1, "filename": "aiohttp_auth_autz-0.2.2.tar.gz", "has_sig": false, "md5_digest": "c9527e96af1a40ddc60c7187aa6d6816", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14470, "upload_time": "2017-04-18T10:32:23", "url": "https://files.pythonhosted.org/packages/19/50/6544b92f48c07e3af2c165e36b07167dcc5b7f1c4eec2e0c1cde998a54e3/aiohttp_auth_autz-0.2.2.tar.gz" } ] }