| Name | authorization-hero JSON |
| Version |
0.1.1
JSON |
| download |
| home_page | |
| Summary | Authorization in Flask |
| upload_time | 2024-02-12 20:48:42 |
| maintainer | |
| docs_url | None |
| author | DukeOfRI |
| requires_python | >=3.11,<4.0 |
| license | MIT |
| keywords |
flask
authorization
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
<p>
<img src="https://github.com/DukeOfRI/authorization-hero/actions/workflows/pipeline.yml/badge.svg" alt="Build" />
<img src="https://img.shields.io/badge/code%20style-black-000000.svg" alt="Code style: black" />
</p>
# Authorization-hero
Add authorization to your Flask application in 1 line per endpoint!
This package can be used to efficiently handle authorization in a Flask application. It is fully decoupled from
authentication. Therefore, you can use any authentication method you want (Azure AD, username/password, etc.).
Authorization is checked each time an endpoint is requested. It is up to the developer to implement a method
to identify the user (authentication) and load user authorizations. One is free to cache authentication data or reload
it upon each request. It is up to the developer to find a good tradeoff between security (always reload) and
performance (cache).
- This package fully supports Role-based access control (**RBAC**). This authorization method is mostly used in
enterprise settings.
- The package also supports Attribute-based access control (**ABAC**) which is an extension of RBAC, but also includes
other attributes.
- For example, one could check that a user is part of a certain group AND is over 18.
- One could check that a user is part of a certain group AND only allow access to an endpoint during working hours.
- One could only allow access to an endpoint when the user has been registered for more than 1 month.
Python 3.11 and Pyton 3.12 are supported.
FastAPI support will be added in a future release.
# Installation
The package can be installed using pip. Simply run the command below.
```pip install authorization-hero```
# How to use
To incorporate authorization into your codebase, start by importing the `Authorizer` class. Next, create two functions:
one to load the user and another to be executed when an endpoint is forbidden for a user.
Now, create a function to handle your authorization logic. This function should take the user as its only input
argument.
For each endpoint in your application, add a decorator to check whether the user has a certain permission.
```python
from flask import Flask, abort
from authorization_hero import Authorizer
def flask_forbidden():
abort(403, "Forbidden: you do not have access to this resource")
def load_user() -> dict:
"""Business logic for authentication goes here"""
return {"name": "Joe Example", "permissions": ["view", "edit"]}
def user_can_view(user: dict) -> bool:
return 'view' in user["permissions"]
app = Flask(__name__)
authorizer = Authorizer(load_user, flask_forbidden)
@app.route("/")
@authorizer.requires_permission(user_can_view)
def hello_world():
return "<p>Hello World!</p>"
```
The order of the wrappers matters!
> **NOTE:** The wrapper indicating the Flask route must come <u>**before**</u> the wrapper for authorization.
> Otherwise, authorization will not be executed. So, use the order below.
>
> ```python
> @app.route("/")
> @authorizer.requires_permission(user_can_view)
> def hello_world():
> return "<p>Hello World!</p>"
> ```
# Additional requirements
To initialize the `Authorizer` class, two input parameters are required: `identity_loader` and `on_forbidden`. Both
must be functions and must adhere to the following conditions:
- The `identity_loader` function must have no input parameters and should return user data.
- The `on_forbidden` function must have no input parameters.
- Each authorization function must take exactly one input parameter, which should be the return value of the
`identity_loader` function.
- Each authorization function must return a boolean value indicating whether an endpoint is allowed or forbidden for the
user.
The package is tested and adheres to the _black_ code style.
Have a look at the test suite for more suggestions on how to use this package.
Raw data
{
"_id": null,
"home_page": "",
"name": "authorization-hero",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.11,<4.0",
"maintainer_email": "",
"keywords": "flask,authorization",
"author": "DukeOfRI",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/52/54/74a3d2e9124969971d330dbb6b47173b3abc8a54379e51abf4cbaee5284d/authorization_hero-0.1.1.tar.gz",
"platform": null,
"description": "<p>\n <img src=\"https://github.com/DukeOfRI/authorization-hero/actions/workflows/pipeline.yml/badge.svg\" alt=\"Build\" />\n <img src=\"https://img.shields.io/badge/code%20style-black-000000.svg\" alt=\"Code style: black\" />\n</p>\n\n# Authorization-hero\n\nAdd authorization to your Flask application in 1 line per endpoint!\n\nThis package can be used to efficiently handle authorization in a Flask application. It is fully decoupled from\nauthentication. Therefore, you can use any authentication method you want (Azure AD, username/password, etc.).\n\nAuthorization is checked each time an endpoint is requested. It is up to the developer to implement a method\nto identify the user (authentication) and load user authorizations. One is free to cache authentication data or reload\nit upon each request. It is up to the developer to find a good tradeoff between security (always reload) and\nperformance (cache).\n\n- This package fully supports Role-based access control (**RBAC**). This authorization method is mostly used in\n enterprise settings.\n- The package also supports Attribute-based access control (**ABAC**) which is an extension of RBAC, but also includes\n other attributes.\n - For example, one could check that a user is part of a certain group AND is over 18.\n - One could check that a user is part of a certain group AND only allow access to an endpoint during working hours.\n - One could only allow access to an endpoint when the user has been registered for more than 1 month.\n\nPython 3.11 and Pyton 3.12 are supported.\n\nFastAPI support will be added in a future release.\n\n# Installation\n\nThe package can be installed using pip. Simply run the command below.\n\n```pip install authorization-hero```\n\n# How to use\n\nTo incorporate authorization into your codebase, start by importing the `Authorizer` class. Next, create two functions:\none to load the user and another to be executed when an endpoint is forbidden for a user.\n\nNow, create a function to handle your authorization logic. This function should take the user as its only input\nargument.\n\nFor each endpoint in your application, add a decorator to check whether the user has a certain permission.\n\n```python\nfrom flask import Flask, abort\n\nfrom authorization_hero import Authorizer\n\n\ndef flask_forbidden():\n abort(403, \"Forbidden: you do not have access to this resource\")\n\n\ndef load_user() -> dict:\n \"\"\"Business logic for authentication goes here\"\"\"\n return {\"name\": \"Joe Example\", \"permissions\": [\"view\", \"edit\"]}\n\n\ndef user_can_view(user: dict) -> bool:\n return 'view' in user[\"permissions\"]\n\n\napp = Flask(__name__)\nauthorizer = Authorizer(load_user, flask_forbidden)\n\n\n@app.route(\"/\")\n@authorizer.requires_permission(user_can_view)\ndef hello_world():\n return \"<p>Hello World!</p>\"\n```\n\nThe order of the wrappers matters!\n\n> **NOTE:** The wrapper indicating the Flask route must come <u>**before**</u> the wrapper for authorization.\n> Otherwise, authorization will not be executed. So, use the order below.\n>\n> ```python\n> @app.route(\"/\")\n> @authorizer.requires_permission(user_can_view)\n> def hello_world():\n> return \"<p>Hello World!</p>\"\n> ```\n\n# Additional requirements\n\nTo initialize the `Authorizer` class, two input parameters are required: `identity_loader` and `on_forbidden`. Both\nmust be functions and must adhere to the following conditions:\n\n- The `identity_loader` function must have no input parameters and should return user data.\n- The `on_forbidden` function must have no input parameters.\n- Each authorization function must take exactly one input parameter, which should be the return value of the\n `identity_loader` function.\n- Each authorization function must return a boolean value indicating whether an endpoint is allowed or forbidden for the\n user.\n\nThe package is tested and adheres to the _black_ code style.\nHave a look at the test suite for more suggestions on how to use this package.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Authorization in Flask",
"version": "0.1.1",
"project_urls": null,
"split_keywords": [
"flask",
"authorization"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "1a92e39c00bdf0d760635ffe9f2028080010a009c97f738960c8bd50a615df76",
"md5": "cc03ae2ffd53030da7e7251b1fed402f",
"sha256": "214a77cf6458b5aa029e0f2c7117dc3b3474b1b035e7ff1603c3e5ee665a8a08"
},
"downloads": -1,
"filename": "authorization_hero-0.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "cc03ae2ffd53030da7e7251b1fed402f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.11,<4.0",
"size": 4114,
"upload_time": "2024-02-12T20:48:41",
"upload_time_iso_8601": "2024-02-12T20:48:41.144584Z",
"url": "https://files.pythonhosted.org/packages/1a/92/e39c00bdf0d760635ffe9f2028080010a009c97f738960c8bd50a615df76/authorization_hero-0.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "525474a3d2e9124969971d330dbb6b47173b3abc8a54379e51abf4cbaee5284d",
"md5": "fe55fe45cb19202f5f10a0e3f0466fc2",
"sha256": "975af8a83321cb760ed1109ce0f9ebff285db72b760bd2f40e56d6ebd94fc894"
},
"downloads": -1,
"filename": "authorization_hero-0.1.1.tar.gz",
"has_sig": false,
"md5_digest": "fe55fe45cb19202f5f10a0e3f0466fc2",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.11,<4.0",
"size": 3745,
"upload_time": "2024-02-12T20:48:42",
"upload_time_iso_8601": "2024-02-12T20:48:42.160650Z",
"url": "https://files.pythonhosted.org/packages/52/54/74a3d2e9124969971d330dbb6b47173b3abc8a54379e51abf4cbaee5284d/authorization_hero-0.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-02-12 20:48:42",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "authorization-hero"
}
