{ "info": { "author": "Morepath developers", "author_email": "morepath@googlegroups.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Environment :: Web Environment", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Topic :: Internet :: WWW/HTTP :: WSGI", "Topic :: Software Development :: Libraries :: Application Frameworks" ], "description": "more.basicauth: HTTP Basic Authentication integration for Morepath\n==================================================================\n\nOverview\n--------\n\nThis is a Morepath_ authentication extension for HTTP Basic Authentication.\nIt was originally part of Morepath, but since basic auth is almost always what\nyou don't want we decide to move it to a separate extension.\n\nSome Pros and Cons:\n\n* This argues against basic auth:\n http://adrianotto.com/2013/02/why-http-basic-auth-is-bad\n* But this argues *for* basic auth:\n https://www.rdegges.com/2015/why-i-love-basic-auth\n\nAlternative authentication extensions for morepath are:\n\n* `more.jwtauth`_:\n A token based authentication sytem using JSON Web Token (JWT).\n* `more.isdangerous`_:\n A cookie based identity policy using isdangerous.\n\n.. _Morepath: http://morepath.readthedocs.org\n.. _more.jwtauth: https://github.com/morepath/more.jwtauth\n.. _more.isdangerous: https://github.com/morepath/more.itsdangerous\n\n\nIntroduction\n------------\n\nBasic authentication is special in a number of ways:\n\n* The HTTP response status that triggers basic auth is Unauthorized\n (401), not the default Forbidden (403). This needs to be sent back\n to the browser each time login fails, so that the browser asks the\n user for a username and a password.\n\n* The username and password combination is sent to the server by the\n browser automatically; there is no need to set some type of cookie\n on the response. Therefore ``remember_identity`` does nothing.\n\n* With basic auth, there is no universal way for a web application to\n trigger a log out. Therefore ``forget_identity`` does nothing\n either.\n\nTo trigger a ``401`` status when time Morepath raises a ``403`` status,\nwe can use an exception view, something like this::\n\n from webob.exc import HTTPForbidden\n\n @App.view(model=HTTPForbidden)\n def make_unauthorized(self, request):\n @request.after\n def set_status_code(response):\n response.status_code = 401\n return \"Unauthorized\"\n\nFor the login code, as ``remember_identity`` is not an option,\nyou can just check the password::\n\n # check whether user has password, using password hash and database\n if not user_has_password(username, password):\n return \"Sorry, login failed\" # or something more fancy\n\nNote that ``user_has_password`` stands in for whatever method you use\nto check a user's password; it's not part of Morepath.\n\n\nUsage\n-----\n\nHere a full example for a basic setup::\n\n import morepath\n from more.basicauth import BasicAuthIdentityPolicy\n from webob.exc import HTTPForbidden\n\n\n class App(morepath.App):\n pass\n\n\n @App.identity_policy()\n def get_identity_policy():\n return BasicAuthIdentityPolicy()\n\n\n @App.verify_identity()\n def verify_identity(identity):\n # Do the password validation.\n return user_has_password(identity.username, identity.password)\n\n\n @App.view(model=HTTPForbidden)\n def make_unauthorized(self, request):\n @request.after\n def set_status_code(response):\n response.status_code = 401\n\n return \"Unauthorized\"\n\n\nThe login form could look like::\n\n from webob.exc import HTTPProxyAuthenticationRequired\n\n\n class Login(object):\n pass\n\n\n @App.path(model=Login, path='login')\n def get_login():\n return Login()\n\n\n @App.view(model=Login, request_method='POST')\n def login(self, request):\n username = request.POST['username']\n password = request.POST['password']\n\n # Do the password validation.\n if not user_has_password(username, password):\n raise HTTPProxyAuthenticationRequired('Invalid username/password')\n\n return \"You're logged in.\" # or something more fancy\n\n\nRequirements\n------------\n\n- Python (2.7, 3.3, 3.4, 3.5)\n- morepath (>= 0.16.1)\n\n\nDeveloping more.basicauth\n=========================\n\nInstall more.basicauth for development\n--------------------------------------\n\n.. highlight:: console\n\nClone more.basicauth from github::\n\n $ git clone git@github.com:morepath/more.basicauth.git\n\nIf this doesn't work and you get an error 'Permission denied (publickey)',\nyou need to upload your ssh public key to github_.\n\nThen go to the more.basicauth directory::\n\n $ cd more.basicauth\n\nMake sure you have virtualenv_ installed.\n\nCreate a new virtualenv for Python 3 inside the more.basicauth directory::\n\n $ virtualenv -p python3 env/py3\n\nActivate the virtualenv::\n\n $ source env/py3/bin/activate\n\nMake sure you have recent setuptools and pip installed::\n\n $ pip install -U setuptools pip\n\nInstall the various dependencies and development tools from\ndevelop_requirements.txt::\n\n $ pip install -Ur develop_requirements.txt\n\nFor upgrading the requirements just run the command again.\n\nIf you want to test more.basicauth with Python 2.7 as well you can create a\nsecond virtualenv for it::\n\n $ virtualenv -p python2.7 env/py27\n\nYou can then activate it::\n\n $ source env/py27/bin/activate\n\nThen uprade setuptools and pip and install the develop requirements as\ndescribed above.\n\n.. note::\n\n The following commands work only if you have the virtualenv activated.\n\nRunning the tests\n-----------------\n\nYou can run the tests using `py.test`_::\n\n $ py.test\n\nTo generate test coverage information as HTML do::\n\n $ py.test --cov --cov-report html\n\nYou can then point your web browser to the ``htmlcov/index.html`` file\nin the project directory and click on modules to see detailed coverage\ninformation.\n\n.. _`py.test`: http://pytest.org/latest/\n\nVarious checking tools\n----------------------\n\nflake8_ is a tool that can do various checks for common Python\nmistakes using pyflakes_, check for PEP8_ style compliance and\ncan do `cyclomatic complexity`_ checking. To do pyflakes and pep8\nchecking do::\n\n $ flake8 more.basicauth\n\nTo also show cyclomatic complexity, use this command::\n\n $ flake8 --max-complexity=10 more.basicauth\n\nTox\n---\n\nWith tox you can test Morepath under different Python environments.\n\nWe have Travis continuous integration installed on Morepath's github\nrepository and it runs the same tox tests after each checkin.\n\nFirst you should install all Python versions which you want to\ntest. The versions which are not installed will be skipped. You should\nat least install Python 3.5 which is required by flake8, coverage and\ndoctests and Python 2.7 for testing Morepath with Python 2.\n\nOne tool you can use to install multiple versions of Python is pyenv_.\n\nTo find out which test environments are defined for Morepath in tox.ini run::\n\n $ tox -l\n\nYou can run all tox tests with::\n\n $ tox\n\nYou can also specify a test environment to run e.g.::\n\n $ tox -e py35\n $ tox -e pep8\n $ tox -e coverage\n\n\n.. _github: https://help.github.com/articles/generating-an-ssh-key\n.. _virtualenv: https://pypi.python.org/pypi/virtualenv\n.. _flake8: https://pypi.python.org/pypi/flake8\n.. _pyflakes: https://pypi.python.org/pypi/pyflakes\n.. _pep8: http://www.python.org/dev/peps/pep-0008/\n.. _`cyclomatic complexity`: https://en.wikipedia.org/wiki/Cyclomatic_complexity\n.. _pyenv: https://github.com/yyuu/pyenv\n\n\nCHANGES\n*******\n\n0.4 (2016-10-21)\n================\n\n- We now use virtualenv and pip instead of buildout to set up the\n development environment. A development section has been\n added to the README accordingly.\n\n\n0.3 (2016-07-20)\n================\n\n- Upgrade to Morepath 0.15.\n- Add testenv for Python 3.5 and make it the default test environment.\n- Change author to \"Morepath developers\".\n- Clean up classifiers.\n\n\n0.2 (2016-04-25)\n================\n\n- Upgrade to Morepath 0.14.\n- Some minor improvements to the buildout setup workflow.\n\n\n0.1 (2016-04-16)\n================\n\n- Extract Basic Auth from Morepath.\n- Return NO_IDENTITY instead of None, if user cannot identify.\n- Replace class 'app' with 'App' in tests.\n- Add a login test.\n- Enhance documentation.", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/morepath/more.basicauth", "keywords": "morepath basicauth identity authentication", "license": "BSD", "maintainer": "", "maintainer_email": "", "name": "more.basicauth", "package_url": "https://pypi.org/project/more.basicauth/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/more.basicauth/", "project_urls": { "Homepage": "https://github.com/morepath/more.basicauth" }, "release_url": "https://pypi.org/project/more.basicauth/0.4/", "requires_dist": [ "morepath (>=0.16.1)", "pytest-cov; extra == 'coverage'", "flake8; extra == 'pep8'", "pytest (>=2.9.1); extra == 'test'", "pytest-remove-stale-bytecode; extra == 'test'", "WebTest (>=2.0.14); extra == 'test'" ], "requires_python": "", "summary": "Basic Auth Identity Policy for Morepath", "version": "0.4" }, "last_serial": 2414064, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "97730b0ee9c9c56dbf7426455a8eaf20", "sha256": "6a90095416599ba5faeca36d28b135d4370708133cf0df2addb1c73d69cc7171" }, "downloads": -1, "filename": "more.basicauth-0.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "97730b0ee9c9c56dbf7426455a8eaf20", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 9139, "upload_time": "2016-04-16T14:44:58", "url": "https://files.pythonhosted.org/packages/52/72/fbd4813aa4d03c96a6c323a5b1f93c67579bc337133056e06d56423fd91c/more.basicauth-0.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "0e29abd0d1b88fa2f42ef67c0005dcde", "sha256": "2e64de5e2290e7016037891e2b452aa0f32d7929e08f98a559cf0e365a2a00c8" }, "downloads": -1, "filename": "more.basicauth-0.1.tar.gz", "has_sig": false, "md5_digest": "0e29abd0d1b88fa2f42ef67c0005dcde", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10872, "upload_time": "2016-04-16T14:55:33", "url": "https://files.pythonhosted.org/packages/40/e7/9cdbec5e08f75453f11e34ff18f04a5fd5f4b122fbb81c60c9534e9f9fdc/more.basicauth-0.1.tar.gz" } ], "0.2": [ { "comment_text": "", "digests": { "md5": "d301c2567ec1885ad342f214145d5546", "sha256": "9a3d42059f7a566303b60c16e137b4bd69093115a2cbeb18716f1ae1d6963bc1" }, "downloads": -1, "filename": "more.basicauth-0.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "d301c2567ec1885ad342f214145d5546", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 9367, "upload_time": "2016-04-25T19:32:42", "url": "https://files.pythonhosted.org/packages/bb/c0/793cde6b26b939cdde8e98c10a755415b8949f93521d3f2264ef75e76259/more.basicauth-0.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "fd609f5a9ffcab2b2824d2d4efc415a9", "sha256": "20f325ce4475deeafd42262b7a902fd8cfa4ff6461dd01802af7f716850b906d" }, "downloads": -1, "filename": "more.basicauth-0.2.tar.gz", "has_sig": false, "md5_digest": "fd609f5a9ffcab2b2824d2d4efc415a9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9741, "upload_time": "2016-04-25T19:33:07", "url": "https://files.pythonhosted.org/packages/c0/c7/fb6197d01553a2b455f8717be45ac183746ad818a950637d995045c423b4/more.basicauth-0.2.tar.gz" } ], "0.3": [ { "comment_text": "", "digests": { "md5": "36029ca0f827d93cc3735977174669ce", "sha256": "0a09c2e84bc69ded2d56ef9792940e2c6b59a0471670146335aa17398e1d4c1d" }, "downloads": -1, "filename": "more.basicauth-0.3-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "36029ca0f827d93cc3735977174669ce", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 9361, "upload_time": "2016-07-20T19:52:47", "url": "https://files.pythonhosted.org/packages/93/ac/17e61ae1d790d83b8326c7ddeaf197df4347a601fdd0f13996f64771a69d/more.basicauth-0.3-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7508d43e5fb3817fc9bb1d01e2713712", "sha256": "961482a6122789d15205338a7a39f24633456bfbf25b09a6e43013a177faf865" }, "downloads": -1, "filename": "more.basicauth-0.3.tar.gz", "has_sig": false, "md5_digest": "7508d43e5fb3817fc9bb1d01e2713712", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9713, "upload_time": "2016-07-20T19:52:51", "url": "https://files.pythonhosted.org/packages/4b/2c/2546ef4c3660e6bf196f7953b60ed95b1d111e56ec45adc68fa285161c78/more.basicauth-0.3.tar.gz" } ], "0.4": [ { "comment_text": "", "digests": { "md5": "e7c6fa4a7bc9adb9b6ce418ec6b46bfb", "sha256": "02e90a24d28b4239dfce9af6006724ed7e37b53745832afd13e2132d93ac3612" }, "downloads": -1, "filename": "more.basicauth-0.4-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "e7c6fa4a7bc9adb9b6ce418ec6b46bfb", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 12066, "upload_time": "2016-10-20T22:47:01", "url": "https://files.pythonhosted.org/packages/8d/93/2370d7ca6a6261bd6824a6d9385a6323c581ccf4f403c39b6b98be85e72a/more.basicauth-0.4-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "17f64a02d4454eeaa1ab78c09315aefc", "sha256": "5b3832e2c385e9775a7ed08b8909376e6e19213754bdd73ec6c3cd64551ff112" }, "downloads": -1, "filename": "more.basicauth-0.4.tar.gz", "has_sig": false, "md5_digest": "17f64a02d4454eeaa1ab78c09315aefc", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8796, "upload_time": "2016-10-20T22:47:07", "url": "https://files.pythonhosted.org/packages/22/0c/3b4621c63d1571be1de7d47a0b06defb3c5661f1c51a22e201acaf9be068/more.basicauth-0.4.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "e7c6fa4a7bc9adb9b6ce418ec6b46bfb", "sha256": "02e90a24d28b4239dfce9af6006724ed7e37b53745832afd13e2132d93ac3612" }, "downloads": -1, "filename": "more.basicauth-0.4-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "e7c6fa4a7bc9adb9b6ce418ec6b46bfb", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 12066, "upload_time": "2016-10-20T22:47:01", "url": "https://files.pythonhosted.org/packages/8d/93/2370d7ca6a6261bd6824a6d9385a6323c581ccf4f403c39b6b98be85e72a/more.basicauth-0.4-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "17f64a02d4454eeaa1ab78c09315aefc", "sha256": "5b3832e2c385e9775a7ed08b8909376e6e19213754bdd73ec6c3cd64551ff112" }, "downloads": -1, "filename": "more.basicauth-0.4.tar.gz", "has_sig": false, "md5_digest": "17f64a02d4454eeaa1ab78c09315aefc", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8796, "upload_time": "2016-10-20T22:47:07", "url": "https://files.pythonhosted.org/packages/22/0c/3b4621c63d1571be1de7d47a0b06defb3c5661f1c51a22e201acaf9be068/more.basicauth-0.4.tar.gz" } ] }