{ "info": { "author": "Darin Gordon", "author_email": "dkcdkg@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Topic :: Security", "Topic :: Software Development :: Libraries :: Application Frameworks", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "![yosai_logo](/doc/docs/img/yosai_logo_with_title.png)\n\n\n# A Security Framework for Python Applications\n\n## Project web site: http://yosaiproject.github.io/yosai\n\n\n# What is Yosai\n\nYosai is a \"security framework\" that features authentication, authorization, and session\nmanagement from a common, intuitive API.\n\n![authc_authz_sess](/doc/docs/img/authc_authz_sess.png)\n\nYosai is based on Apache Shiro, written in Java and widely used today.\n\n\n# Yosai is a Framework\n\n![framework](/doc/docs/img/yosai_framework.png)\n\nIt is a framework that is is designed in such a way that it can be used to secure\na variety of python applications, not just web applications. This is accomplished\nby completely decoupling security-related services from the rest of an application\nand writing adapters for each specific type of client.\n\n\n# Key Features\n\n- Enables Role-Based Access Control policies through permission-level and role-level\n access control\n- Two-Factor Authentication, featuring Time-based One-Time Passwords\n- Native Support for Caching and Serialization\n- A Complete Audit Trail of Events\n- Batteries Included: Extensions Ready for Use\n- \"RunAs\" Administration Tool\n- Event-driven Processing\n- Ready for Web Integration\n\n\n## Python 3 Supported\n\nYosai requires Python 3.4 or newer. There are no plans to support python2\ndue to anticipated optimizations that require newer versions of python.\n\n\n## Installation\n\nFirst, install Yosai from PyPI using pip:\n ``pip install yosai``\n\nInstalling from PyPI, using pip, will install the project package that includes\n``yosai.core`` and ``yosai.web``, a default configuration, and project dependencies.\n\n\n## Basic Authentication: UsernamePassword\n```Python\nyosai = Yosai(env_var='YOSAI_SETTINGS')\n\nwith Yosai.context(yosai):\n current_user = Yosai.get_current_subject()\n\n authc_token = UsernamePasswordToken(username='thedude',\n credentials='letsgobowling')\n\n try:\n current_user.login(authc_token)\n except AuthenticationException:\n # insert here\n```\n\n\n## Two-Factor Authentication: UsernamePassword and TOTP\n\n### 2FA Step 1: UsernamePassword\n```Python\nyosai = Yosai(env_var='YOSAI_SETTINGS')\n\n\nwith Yosai.context(yosai):\n current_user = Yosai.get_current_subject()\n\n userpass_token = UsernamePasswordToken(username='thedude',\n credentials='letsgobowling')\n\n try:\n current_user.login(userpass_token)\n except AdditionalAuthenticationRequired: \n # communicate a two-factor token request to user \n except IncorrectCredentialsException: \n # user failed to authenticate \n```\n\n\n### 2FA Step 2: TOTP\n\n```Python\nyosai = Yosai(env_var='YOSAI_SETTINGS')\n\n\nwith Yosai.context(yosai):\n current_user = Yosai.get_current_subject()\n\n totp_token = TOTPToken(user_provided_token) \n\n try:\n current_user.login(totp_token)\n except IncorrectCredentialsException: \n # user failed to authenticate \n\n```\n\n\n## Authorization Example\n\nThe following example was created to illustrate the myriad ways that you\ncan declare an authorization policy in an application, ranging from general\nrole-level specification to very specific \"scoped\" permissions. The\nauthorization policy for this example is as follows:\n\n- Either a user with role membership \"patient\" or \"nurse\" may request a\n refill of a medical prescription\n- A user who is granted permission to write prescriptions may obtain the\n list of pending prescription refill requests\n- A user who is granted permission to write prescriptions for a specific\n patient may issue a prescription for that patient\n\n```Python\n@Yosai.requires_role(roleid_s=['patient', 'nurse'], logical_operator=any)\ndef request_prescription_refill(patient, prescription):\n ...\n\n@Yosai.requires_permission(['prescription:write'])\ndef get_prescription_refill_requests(patient):\n ...\n\n@Yosai.requires_dynamic_permission(['prescription:write:{patient.patient_id}'])\ndef issue_prescription(patient, prescription):\n ...\n\n```\n\nNote how the authorization policy is declared using yosai's authorization\ndecorators. These global decorators are associated with the yosai instance\nwhen the yosai instance is used as a context manager.\n\n```Python\n\nwith Yosai.context(yosai):\n issue_prescription(patient)\n\n for prescription in get_prescription_refill_requests(patient):\n issue_prescription(patient, prescription)\n```\n\nIf you were using Yosai with a web application, the syntax would be similar\nto that above but requires that a ``WebRegistry`` instance be passed as\nas argument to the context manager. The web integration library is further\nelaborated upon in the Web Integration section of this documentation.\n\n```Python\n\nwith WebYosai.context(yosai, web_registry):\n\t...\n```\n\nThis is just a README file. Please visit [the project web site](http://yosaiproject.github.io/yosai) to get a full overview.\n\n\n# WORD ORIGIN: Yosai\n\nIn Japanese, the word Shiro translates to \"Castle\". Yosai translates to \"Fortress\".\nLike the words, the frameworks are similar yet different.\n\n\n# Development Status\n\nYosai v0.3 was released Nov 24, 2016. \n\nThis release includes:\n1) General support for second factor authentication (2FA)\n2) A complete time-based one time password authentication solution (TOTP)\n3) Configurable rate limiting / account locking\n4) Significant refactoring / optimizatio\n\nPlease see the [release notes](https://yosaiproject.github.io/yosai/devstatus/)\nfor details about that release.\n\nv0.3 test coverage stats (ao 11/24/2016):\n\n|Name |Stmt |Miss|Cover |\n|:---------------------------------------------|:-----:|:----:|:------:|\n| yosai/core/account/account.py | 5 | 1 | 80% |\n| yosai/core/authc/authc.py | 196 | 33 | 83% |\n| yosai/core/authc/authc_settings.py | 19 | 2 | 89% |\n| yosai/core/authc/credential.py | 51 | 5 | 90% |\n| yosai/core/authc/strategy.py | 40 | 0 | 100% |\n| yosai/core/authz/authz.py | 199 | 28 | 86% |\n| yosai/core/concurrency/concurrency.py | 16 | 4 | 75% |\n| yosai/core/conf/yosaisettings.py | 59 | 7 | 88% |\n| yosai/core/event/event.py | 28 | 0 | 100% |\n| yosai/core/exceptions.py | 40 | 0 | 100% |\n| yosai/core/logging/formatters.py | 35 | 0 | 100% |\n| yosai/core/logging/slogging.py | 5 | 0 | 100% |\n| yosai/core/mgt/mgt.py | 285 | 5 | 98% |\n| yosai/core/mgt/mgt_settings.py | 37 | 2 | 95% |\n| yosai/core/realm/realm.py | 186 | 11 | 94% |\n| yosai/core/serialize/marshalling.py | 14 | 8 | 43% |\n| yosai/core/serialize/serialize.py | 24 | 0 | 100% |\n| yosai/core/serialize/serializers/cbor.py | 53 | 3 | 94% |\n| yosai/core/serialize/serializers/json.py | 56 | 41 | 27% |\n| yosai/core/serialize/serializers/msgpack.py | 49 | 29 | 41% |\n| yosai/core/session/session.py | 547 | 63 | 88% |\n| yosai/core/session/session_settings.py | 13 | 1 | 92% |\n| yosai/core/subject/identifier.py | 60 | 3 | 95% |\n| yosai/core/subject/subject.py | 451 | 22 | 95% |\n| yosai/core/utils/utils.py | 137 | 87 | 36% |\n| yosai/web/exceptions.py | 7 | 0 | 100% |\n| yosai/web/mgt/mgt.py | 74 | 1 | 99% |\n| yosai/web/registry/registry_settings.py | 5 | 0 | 100% |\n| yosai/web/session/session.py | 143 | 2 | 99% |\n| yosai/web/subject/subject.py | 162 | 4 | 98% |\n|---------------------------------------------|-----|----|------|\n\n# GROUP COMMUNICATION\nGoogle Groups Mailing List: https://groups.google.com/d/forum/yosai\n\n\n# CONTACT INFORMATION\nDarin Gordon is the author of Yosai http://www.daringordon.com\n\n\n# LICENSE\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not\nuse any portion of Yosai except in compliance with the License.\nContributors agree to license their work under the same License.\nYou may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0\n\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://yosaiproject.github.io/yosai", "keywords": "security rbac session authentication authorization", "license": "Apache License 2.0", "maintainer": "", "maintainer_email": "", "name": "yosai", "package_url": "https://pypi.org/project/yosai/", "platform": "", "project_url": "https://pypi.org/project/yosai/", "project_urls": { "Homepage": "http://yosaiproject.github.io/yosai" }, "release_url": "https://pypi.org/project/yosai/0.3.2/", "requires_dist": [ "cbor2", "PyYAML", "python-dateutil", "pytz", "PyPubSub", "argon2-cffi", "bcrypt", "passlib", "cryptography", "msgpack-python", "python-rapidjson" ], "requires_python": "", "summary": "Yosai is a powerful security framework with an intuitive api.", "version": "0.3.2" }, "last_serial": 2481097, "releases": { "0.3.2": [ { "comment_text": "", "digests": { "md5": "9c113d01a3cd66b41b47697cc0e19fe6", "sha256": "882c7c44a166b0b31a85dd2127894f41ba733ae529a48f4ea863691178b428c7" }, "downloads": -1, "filename": "yosai-0.3.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "9c113d01a3cd66b41b47697cc0e19fe6", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 126476, "upload_time": "2016-11-24T15:38:07", "url": "https://files.pythonhosted.org/packages/dd/fd/7a853856f200966a88e16771a1962e618261c63b02b55571dbd9a2fd4677/yosai-0.3.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "de36184fa1293f564585c77a68291cf6", "sha256": "063b0c94fd6172363ab820cb143ed684383dbf87c6ebe485653b723952ebca8a" }, "downloads": -1, "filename": "yosai-0.3.2.tar.gz", "has_sig": false, "md5_digest": "de36184fa1293f564585c77a68291cf6", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 88524, "upload_time": "2016-11-24T15:38:09", "url": "https://files.pythonhosted.org/packages/f4/83/cb833eb2c86bdc8a0f7fa7f6198e38d640d83bc909439113cc81eb3b4e25/yosai-0.3.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "9c113d01a3cd66b41b47697cc0e19fe6", "sha256": "882c7c44a166b0b31a85dd2127894f41ba733ae529a48f4ea863691178b428c7" }, "downloads": -1, "filename": "yosai-0.3.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "9c113d01a3cd66b41b47697cc0e19fe6", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 126476, "upload_time": "2016-11-24T15:38:07", "url": "https://files.pythonhosted.org/packages/dd/fd/7a853856f200966a88e16771a1962e618261c63b02b55571dbd9a2fd4677/yosai-0.3.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "de36184fa1293f564585c77a68291cf6", "sha256": "063b0c94fd6172363ab820cb143ed684383dbf87c6ebe485653b723952ebca8a" }, "downloads": -1, "filename": "yosai-0.3.2.tar.gz", "has_sig": false, "md5_digest": "de36184fa1293f564585c77a68291cf6", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 88524, "upload_time": "2016-11-24T15:38:09", "url": "https://files.pythonhosted.org/packages/f4/83/cb833eb2c86bdc8a0f7fa7f6198e38d640d83bc909439113cc81eb3b4e25/yosai-0.3.2.tar.gz" } ] }