pyramid-multiauth


Namepyramid-multiauth JSON
Version 1.0.1 PyPI version JSON
download
home_pagehttps://github.com/mozilla-services/pyramid_multiauth
Summarypyramid_multiauth
upload_time2021-10-28 09:12:01
maintainer
docs_urlNone
authorMozilla Services
requires_python
license
keywords web pyramid pylons authentication
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            =================
pyramid_multiauth
=================

|pypi| |ci|

.. |pypi| image:: https://img.shields.io/pypi/v/pyramid_multiauth.svg
    :target: https://pypi.python.org/pypi/pyramid_multiauth

.. |ci| image:: https://github.com/mozilla-services/pyramid_multiauth/actions/workflows/test.yml/badge.svg
    :target: https://github.com/mozilla-services/pyramid_multiauth/actions


An authentication policy for Pyramid that proxies to a stack of other
authentication policies.


Overview
========

MultiAuthenticationPolicy is a Pyramid authentication policy that proxies to
a stack of *other* IAuthenticationPolicy objects, to provide a combined auth
solution from individual pieces.  Simply pass it a list of policies that
should be tried in order::


    policies = [
        IPAuthenticationPolicy("127.0.*.*", principals=["local"])
        IPAuthenticationPolicy("192.168.*.*", principals=["trusted"])
    ]
    authn_policy = MultiAuthenticationPolicy(policies)
    config.set_authentication_policy(authn_policy)

This example uses the pyramid_ipauth module to assign effective principals
based on originating IP address of the request.  It combines two such
policies so that requests originating from "127.0.*.*" will have principal
"local" while requests originating from "192.168.*.*" will have principal
"trusted".

In general, the results from the stacked authentication policies are combined
as follows:

    * authenticated_userid:    return userid from first successful policy
    * unauthenticated_userid:  return userid from first successful policy
    * effective_principals:    return union of principals from all policies
    * remember:                return headers from all policies
    * forget:                  return headers from all policies


Deployment Settings
===================

It is also possible to specify the authentication policies as part of your
paste deployment settings.  Consider the following example::

    [app:pyramidapp]
    use = egg:mypyramidapp

    multiauth.policies = ipauth1 ipauth2 pyramid_browserid

    multiauth.policy.ipauth1.use = pyramid_ipauth.IPAuthentictionPolicy
    multiauth.policy.ipauth1.ipaddrs = 127.0.*.*
    multiauth.policy.ipauth1.principals = local

    multiauth.policy.ipauth2.use = pyramid_ipauth.IPAuthentictionPolicy
    multiauth.policy.ipauth2.ipaddrs = 192.168.*.*
    multiauth.policy.ipauth2.principals = trusted

To configure authentication from these settings, simply include the multiauth
module into your configurator::

    config.include("pyramid_multiauth")

In this example you would get a MultiAuthenticationPolicy with three stacked
auth policies.  The first two, ipauth1 and ipauth2, are defined as the name of
of a callable along with a set of keyword arguments.  The third is defined as
the name of a module, pyramid_browserid, which will be procecesed via the
standard config.include() mechanism.

The end result would be a system that authenticates users via BrowserID, and
assigns additional principal identifiers based on the originating IP address
of the request.

If necessary, the *group finder function* and the *authorization policy* can
also be specified from configuration::

    [app:pyramidapp]
    use = egg:mypyramidapp

    multiauth.authorization_policy = mypyramidapp.acl.Custom
    multiauth.groupfinder  = mypyramidapp.acl.groupfinder

    ...


MultiAuthPolicySelected Event
=============================

An event is triggered when one of the multiple policies configured is selected.

::

    from pyramid_multiauth import MultiAuthPolicySelected


    # Track policy used, for prefixing user_id and for logging.
    def on_policy_selected(event):
        print("%s (%s) authenticated %s for request %s" % (event.policy_name,
                                                           event.policy,
                                                           event.userid,
                                                           event.request))

    config.add_subscriber(on_policy_selected, MultiAuthPolicySelected)


1.0.1 (2021-10-28)
==================

**Bug Fixes**

- Fix the `ConfigurationError` about authentication and authorization conflicting
  with the default security when loading various policies via their module name.

**Internal Changes**

- Migrate CI from CircleCI to Github Actions
- Tox: add py3.7 and py3.9 support
- Remove code for Pyramid < 1.3
- Use ``assertEqual()`` in tests
- Drop support of Python 2.7


1.0.0 (2021-10-21)
==================

**Breaking Changes**

- Drop support for Pyramid 1.X (#27)

0.9.0 (2016-11-07)
==================

- Drop support for python 2.6


0.8.0 (2016-02-11)
==================

- Provide ``userid`` attribute in ``MultiAuthPolicySelected`` event.
- Always notify event when user is identified with authenticated_userid()
  (i.e. through ``effective_principals()`` with group finder callback).


0.7.0 (2016-02-09)
==================

- Add ``get_policies()`` method to retrieve the list of contained authentication
  policies and their respective names.


0.6.0 (2016-01-27)
==================

- Provide the policy name used in settings in the ``MultiAuthPolicySelected``
  event.


0.5.0 - 2015-05-19
==================

- Read authorization policy from settings if present.


0.4.0 - 2014-01-02
==================

- Make authenticated_userid None when groupfinder returns None.


0.3.2 - 2013-05-29
==================

- Fix some merge bustage; this should contain all the things that were
  *claimed* to be contained in the 0.3.1 release, but in fact were not.


0.3.1 - 2013-05-15
==================

- MultiAuthPolicySelected events now include the request object, so you
  can e.g. access the registry from the handler function.
- Fixed some edge-cases in merging effective_principals with the output
  of the groupfinder callback.


0.3.0 - 2012-11-27
==================

- Support for Python3 via source-level compatibility.
- Fire a MultiAuthPolicySelected event when a policy is successfully
  used for authentication.


0.2.0 - 2012-10-04
==================

- Add get_policy() method, which can be used to look up the loaded
  sub-policies at runtime.


0.1.2 - 2012-01-30
==================

- Update license to MPL 2.0.


0.1.1 - 2011-12-20
==================

- Compatability with Pyramid 1.3.


0.1.0 - 2011-11-11
==================

- Initial release.



            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/mozilla-services/pyramid_multiauth",
    "name": "pyramid-multiauth",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "",
    "maintainer_email": "",
    "keywords": "web pyramid pylons authentication",
    "author": "Mozilla Services",
    "author_email": "services-dev@mozilla.org",
    "download_url": "https://files.pythonhosted.org/packages/a5/79/83c05ec107584862f67552826ba37617c74b2a81bcf87f7b54bb036f2b1e/pyramid_multiauth-1.0.1.tar.gz",
    "platform": "",
    "description": "=================\npyramid_multiauth\n=================\n\n|pypi| |ci|\n\n.. |pypi| image:: https://img.shields.io/pypi/v/pyramid_multiauth.svg\n    :target: https://pypi.python.org/pypi/pyramid_multiauth\n\n.. |ci| image:: https://github.com/mozilla-services/pyramid_multiauth/actions/workflows/test.yml/badge.svg\n    :target: https://github.com/mozilla-services/pyramid_multiauth/actions\n\n\nAn authentication policy for Pyramid that proxies to a stack of other\nauthentication policies.\n\n\nOverview\n========\n\nMultiAuthenticationPolicy is a Pyramid authentication policy that proxies to\na stack of *other* IAuthenticationPolicy objects, to provide a combined auth\nsolution from individual pieces.  Simply pass it a list of policies that\nshould be tried in order::\n\n\n    policies = [\n        IPAuthenticationPolicy(\"127.0.*.*\", principals=[\"local\"])\n        IPAuthenticationPolicy(\"192.168.*.*\", principals=[\"trusted\"])\n    ]\n    authn_policy = MultiAuthenticationPolicy(policies)\n    config.set_authentication_policy(authn_policy)\n\nThis example uses the pyramid_ipauth module to assign effective principals\nbased on originating IP address of the request.  It combines two such\npolicies so that requests originating from \"127.0.*.*\" will have principal\n\"local\" while requests originating from \"192.168.*.*\" will have principal\n\"trusted\".\n\nIn general, the results from the stacked authentication policies are combined\nas follows:\n\n    * authenticated_userid:    return userid from first successful policy\n    * unauthenticated_userid:  return userid from first successful policy\n    * effective_principals:    return union of principals from all policies\n    * remember:                return headers from all policies\n    * forget:                  return headers from all policies\n\n\nDeployment Settings\n===================\n\nIt is also possible to specify the authentication policies as part of your\npaste deployment settings.  Consider the following example::\n\n    [app:pyramidapp]\n    use = egg:mypyramidapp\n\n    multiauth.policies = ipauth1 ipauth2 pyramid_browserid\n\n    multiauth.policy.ipauth1.use = pyramid_ipauth.IPAuthentictionPolicy\n    multiauth.policy.ipauth1.ipaddrs = 127.0.*.*\n    multiauth.policy.ipauth1.principals = local\n\n    multiauth.policy.ipauth2.use = pyramid_ipauth.IPAuthentictionPolicy\n    multiauth.policy.ipauth2.ipaddrs = 192.168.*.*\n    multiauth.policy.ipauth2.principals = trusted\n\nTo configure authentication from these settings, simply include the multiauth\nmodule into your configurator::\n\n    config.include(\"pyramid_multiauth\")\n\nIn this example you would get a MultiAuthenticationPolicy with three stacked\nauth policies.  The first two, ipauth1 and ipauth2, are defined as the name of\nof a callable along with a set of keyword arguments.  The third is defined as\nthe name of a module, pyramid_browserid, which will be procecesed via the\nstandard config.include() mechanism.\n\nThe end result would be a system that authenticates users via BrowserID, and\nassigns additional principal identifiers based on the originating IP address\nof the request.\n\nIf necessary, the *group finder function* and the *authorization policy* can\nalso be specified from configuration::\n\n    [app:pyramidapp]\n    use = egg:mypyramidapp\n\n    multiauth.authorization_policy = mypyramidapp.acl.Custom\n    multiauth.groupfinder  = mypyramidapp.acl.groupfinder\n\n    ...\n\n\nMultiAuthPolicySelected Event\n=============================\n\nAn event is triggered when one of the multiple policies configured is selected.\n\n::\n\n    from pyramid_multiauth import MultiAuthPolicySelected\n\n\n    # Track policy used, for prefixing user_id and for logging.\n    def on_policy_selected(event):\n        print(\"%s (%s) authenticated %s for request %s\" % (event.policy_name,\n                                                           event.policy,\n                                                           event.userid,\n                                                           event.request))\n\n    config.add_subscriber(on_policy_selected, MultiAuthPolicySelected)\n\n\n1.0.1 (2021-10-28)\n==================\n\n**Bug Fixes**\n\n- Fix the `ConfigurationError` about authentication and authorization conflicting\n  with the default security when loading various policies via their module name.\n\n**Internal Changes**\n\n- Migrate CI from CircleCI to Github Actions\n- Tox: add py3.7 and py3.9 support\n- Remove code for Pyramid < 1.3\n- Use ``assertEqual()`` in tests\n- Drop support of Python 2.7\n\n\n1.0.0 (2021-10-21)\n==================\n\n**Breaking Changes**\n\n- Drop support for Pyramid 1.X (#27)\n\n0.9.0 (2016-11-07)\n==================\n\n- Drop support for python 2.6\n\n\n0.8.0 (2016-02-11)\n==================\n\n- Provide ``userid`` attribute in ``MultiAuthPolicySelected`` event.\n- Always notify event when user is identified with authenticated_userid()\n  (i.e. through ``effective_principals()`` with group finder callback).\n\n\n0.7.0 (2016-02-09)\n==================\n\n- Add ``get_policies()`` method to retrieve the list of contained authentication\n  policies and their respective names.\n\n\n0.6.0 (2016-01-27)\n==================\n\n- Provide the policy name used in settings in the ``MultiAuthPolicySelected``\n  event.\n\n\n0.5.0 - 2015-05-19\n==================\n\n- Read authorization policy from settings if present.\n\n\n0.4.0 - 2014-01-02\n==================\n\n- Make authenticated_userid None when groupfinder returns None.\n\n\n0.3.2 - 2013-05-29\n==================\n\n- Fix some merge bustage; this should contain all the things that were\n  *claimed* to be contained in the 0.3.1 release, but in fact were not.\n\n\n0.3.1 - 2013-05-15\n==================\n\n- MultiAuthPolicySelected events now include the request object, so you\n  can e.g. access the registry from the handler function.\n- Fixed some edge-cases in merging effective_principals with the output\n  of the groupfinder callback.\n\n\n0.3.0 - 2012-11-27\n==================\n\n- Support for Python3 via source-level compatibility.\n- Fire a MultiAuthPolicySelected event when a policy is successfully\n  used for authentication.\n\n\n0.2.0 - 2012-10-04\n==================\n\n- Add get_policy() method, which can be used to look up the loaded\n  sub-policies at runtime.\n\n\n0.1.2 - 2012-01-30\n==================\n\n- Update license to MPL 2.0.\n\n\n0.1.1 - 2011-12-20\n==================\n\n- Compatability with Pyramid 1.3.\n\n\n0.1.0 - 2011-11-11\n==================\n\n- Initial release.\n\n\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "pyramid_multiauth",
    "version": "1.0.1",
    "project_urls": {
        "Homepage": "https://github.com/mozilla-services/pyramid_multiauth"
    },
    "split_keywords": [
        "web",
        "pyramid",
        "pylons",
        "authentication"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "376541e156ad63049e8b88da3d8750aad68d027921b43e044350904d79d92f9e",
                "md5": "b8490fbdc0fcfeec71231900d5a6ab45",
                "sha256": "c265258af8021094e5b98602e8bfe094eec1350eebb56473f36cd0e076910822"
            },
            "downloads": -1,
            "filename": "pyramid_multiauth-1.0.1-py2.py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "b8490fbdc0fcfeec71231900d5a6ab45",
            "packagetype": "bdist_wheel",
            "python_version": "py2.py3",
            "requires_python": null,
            "size": 16884,
            "upload_time": "2021-10-28T09:12:00",
            "upload_time_iso_8601": "2021-10-28T09:12:00.209318Z",
            "url": "https://files.pythonhosted.org/packages/37/65/41e156ad63049e8b88da3d8750aad68d027921b43e044350904d79d92f9e/pyramid_multiauth-1.0.1-py2.py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "a57983c05ec107584862f67552826ba37617c74b2a81bcf87f7b54bb036f2b1e",
                "md5": "a0dd97d5d6bd8dddda79105f865a2b45",
                "sha256": "6d8785558e1d0bbe0d0da43e296efc0fbe0de5071d1f9b1091e891f0e4ec9682"
            },
            "downloads": -1,
            "filename": "pyramid_multiauth-1.0.1.tar.gz",
            "has_sig": false,
            "md5_digest": "a0dd97d5d6bd8dddda79105f865a2b45",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 19788,
            "upload_time": "2021-10-28T09:12:01",
            "upload_time_iso_8601": "2021-10-28T09:12:01.845576Z",
            "url": "https://files.pythonhosted.org/packages/a5/79/83c05ec107584862f67552826ba37617c74b2a81bcf87f7b54bb036f2b1e/pyramid_multiauth-1.0.1.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2021-10-28 09:12:01",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "mozilla-services",
    "github_project": "pyramid_multiauth",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "tox": true,
    "lcname": "pyramid-multiauth"
}
        
Elapsed time: 0.11155s