{ "info": { "author": "Johannes Dollinger", "author_email": "emulbreh@googlemail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Operating System :: POSIX :: Linux", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3" ], "description": "seamless\n========\n\nseamless provides an easy way to obtain an https session token via ssh.\nIt automates creation of user accounts and manages their *authorized_keys* as well as session token creation via forced ssh commands.\nThe authentication flow is as follows:\n\n* A client connects to `seamless-realm@seamless-host` via ssh and authenticates with a public key.\n The key is restricted to only execute the token creation command of the seamless binary.\n The seamless command returns session token that is signed with a secret specific to `seamless-realm`.\n\n .. code::\n\n $ ssh -T seamless-realm@seamless-host\n username.VgfAwA.v-xKIZh3qYawqcm2RRh4q-LPfVE\n\n* The client sends the obtained token in the HTTP *Authorization* header of its requests to `protected-app`.\n The app uses the shared secret to validate the token.\n\n .. code:: http\n\n GET / HTTP/1.1\n Host: protected-app\n Authorization: seamless username.VgfAwA.v-xKIZh3qYawqcm2RRh4q-LPfVE\n\n\nInstallation\n-------------\n\nFrom a deb package::\n\n $ wget https://github.com/emulbreh/seamless/releases/download/v0.1.0/seamless_0.1.0_amd64.deb\n $ sudo dpkg -i seamless_0.1.0_amd64.deb\n\nAs Python package::\n\n $ pip install seamless\n\n\nSetting up a seamless realm\n---------------------------\n\nA seamless realm is a user account on `seamless-host`. The creation and management of *authorized_keys* of these accounts is handled by seamless.\n\n.. code:: bash\n\n $ sudo seamless init seamless-realm\n $ sudo seamless add seamless-realm /path/to/public/key --user username\n\nA user with this public key is now able to get tokens via ssh:\n\n.. code::\n\n $ ssh -T seamless-realm@seamless-host\n username.VgfOLQ.EB6NTfXiyv7dWSKUMQJ38JXa5aw\n\nor from Python\n\n.. code:: python\n\n >>> import seamless\n >>> seamless.get_token('seamless-realm@seamless-host')\n 'username.VgfOBA.dRBDY5EUmQvhB8OnqPDWlC1tml4'\n\n\nProtecting a webservice with WSGI middleware\n---------------------------------------------\n\nseamless ships with WSGI middleware that verifies that a valid seamless token is passed via the Authorization header.\n\n.. code:: python\n\n from seamless.wsgi import SeamlessMiddleware\n \n app = ...\n\n app = SeamlessMiddleware(app, max_age=60, secret='...')\n\n\nRequests without a valid *Authorization* header will be rejected with a 401 response.\n\n\nMaking requests to such a protected app is made easy with an auth plugin for `requests`_:\n\n.. code:: python\n\n import requests\n from seamless.requests import SeamlessAuth\n \n session = requests.Session()\n session.auth = SeamlessAuth('name@seamless-host')\n\n session.get('http://protected-app/')\n\n\nThe token obtained from `seamless-host` is cached. \nIt will be be automatically refreshed when it expires, and the failing request retried.\n\n\nCaveats\n--------\n\n* If token validation is performed on a different host than token creation, clock skew may result in tokens that expire too early or too late.\n\n\n.. _requests: http://docs.python-requests.org/", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://github.com/emulbreh/seamless/", "keywords": null, "license": "BSD", "maintainer": null, "maintainer_email": null, "name": "seamless", "package_url": "https://pypi.org/project/seamless/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/seamless/", "project_urls": { "Download": "UNKNOWN", "Homepage": "http://github.com/emulbreh/seamless/" }, "release_url": "https://pypi.org/project/seamless/0.1.0/", "requires_dist": null, "requires_python": null, "summary": "UNKNOWN", "version": "0.1.0" }, "last_serial": 1740588, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "a51ec5ef87efc3c2d7446beb7cd1468b", "sha256": "30eb3f823584e477cde8d45518b74f37117e2496228a16871249ea0cfdb89268" }, "downloads": -1, "filename": "seamless-0.1.0.tar.gz", "has_sig": false, "md5_digest": "a51ec5ef87efc3c2d7446beb7cd1468b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5811, "upload_time": "2015-09-27T11:53:21", "url": "https://files.pythonhosted.org/packages/f0/d4/da811eeda397653604d49dd65fc742bbabba16a282f4b029b5c2fca47f6a/seamless-0.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "a51ec5ef87efc3c2d7446beb7cd1468b", "sha256": "30eb3f823584e477cde8d45518b74f37117e2496228a16871249ea0cfdb89268" }, "downloads": -1, "filename": "seamless-0.1.0.tar.gz", "has_sig": false, "md5_digest": "a51ec5ef87efc3c2d7446beb7cd1468b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5811, "upload_time": "2015-09-27T11:53:21", "url": "https://files.pythonhosted.org/packages/f0/d4/da811eeda397653604d49dd65fc742bbabba16a282f4b029b5c2fca47f6a/seamless-0.1.0.tar.gz" } ] }