=================
pyramid_multiauth
=================
|pypi| |ci|
.. |pypi| image:: https://img.shields.io/pypi/v/pyramid_multiauth.svg
:target: https://pypi.python.org/pypi/pyramid_multiauth
.. |ci| image:: https://github.com/mozilla-services/pyramid_multiauth/actions/workflows/test.yml/badge.svg
:target: https://github.com/mozilla-services/pyramid_multiauth/actions
An authentication policy for Pyramid that proxies to a stack of other
authentication policies.
Overview
========
MultiAuthenticationPolicy is a Pyramid authentication policy that proxies to
a stack of *other* IAuthenticationPolicy objects, to provide a combined auth
solution from individual pieces. Simply pass it a list of policies that
should be tried in order::
policies = [
IPAuthenticationPolicy("127.0.*.*", principals=["local"])
IPAuthenticationPolicy("192.168.*.*", principals=["trusted"])
]
authn_policy = MultiAuthenticationPolicy(policies)
config.set_authentication_policy(authn_policy)
This example uses the pyramid_ipauth module to assign effective principals
based on originating IP address of the request. It combines two such
policies so that requests originating from "127.0.*.*" will have principal
"local" while requests originating from "192.168.*.*" will have principal
"trusted".
In general, the results from the stacked authentication policies are combined
as follows:
* authenticated_userid: return userid from first successful policy
* unauthenticated_userid: return userid from first successful policy
* effective_principals: return union of principals from all policies
* remember: return headers from all policies
* forget: return headers from all policies
Deployment Settings
===================
It is also possible to specify the authentication policies as part of your
paste deployment settings. Consider the following example::
[app:pyramidapp]
use = egg:mypyramidapp
multiauth.policies = ipauth1 ipauth2 pyramid_browserid
multiauth.policy.ipauth1.use = pyramid_ipauth.IPAuthentictionPolicy
multiauth.policy.ipauth1.ipaddrs = 127.0.*.*
multiauth.policy.ipauth1.principals = local
multiauth.policy.ipauth2.use = pyramid_ipauth.IPAuthentictionPolicy
multiauth.policy.ipauth2.ipaddrs = 192.168.*.*
multiauth.policy.ipauth2.principals = trusted
To configure authentication from these settings, simply include the multiauth
module into your configurator::
config.include("pyramid_multiauth")
In this example you would get a MultiAuthenticationPolicy with three stacked
auth policies. The first two, ipauth1 and ipauth2, are defined as the name of
of a callable along with a set of keyword arguments. The third is defined as
the name of a module, pyramid_browserid, which will be procecesed via the
standard config.include() mechanism.
The end result would be a system that authenticates users via BrowserID, and
assigns additional principal identifiers based on the originating IP address
of the request.
If necessary, the *group finder function* and the *authorization policy* can
also be specified from configuration::
[app:pyramidapp]
use = egg:mypyramidapp
multiauth.authorization_policy = mypyramidapp.acl.Custom
multiauth.groupfinder = mypyramidapp.acl.groupfinder
...
MultiAuthPolicySelected Event
=============================
An event is triggered when one of the multiple policies configured is selected.
::
from pyramid_multiauth import MultiAuthPolicySelected
# Track policy used, for prefixing user_id and for logging.
def on_policy_selected(event):
print("%s (%s) authenticated %s for request %s" % (event.policy_name,
event.policy,
event.userid,
event.request))
config.add_subscriber(on_policy_selected, MultiAuthPolicySelected)
1.0.1 (2021-10-28)
==================
**Bug Fixes**
- Fix the `ConfigurationError` about authentication and authorization conflicting
with the default security when loading various policies via their module name.
**Internal Changes**
- Migrate CI from CircleCI to Github Actions
- Tox: add py3.7 and py3.9 support
- Remove code for Pyramid < 1.3
- Use ``assertEqual()`` in tests
- Drop support of Python 2.7
1.0.0 (2021-10-21)
==================
**Breaking Changes**
- Drop support for Pyramid 1.X (#27)
0.9.0 (2016-11-07)
==================
- Drop support for python 2.6
0.8.0 (2016-02-11)
==================
- Provide ``userid`` attribute in ``MultiAuthPolicySelected`` event.
- Always notify event when user is identified with authenticated_userid()
(i.e. through ``effective_principals()`` with group finder callback).
0.7.0 (2016-02-09)
==================
- Add ``get_policies()`` method to retrieve the list of contained authentication
policies and their respective names.
0.6.0 (2016-01-27)
==================
- Provide the policy name used in settings in the ``MultiAuthPolicySelected``
event.
0.5.0 - 2015-05-19
==================
- Read authorization policy from settings if present.
0.4.0 - 2014-01-02
==================
- Make authenticated_userid None when groupfinder returns None.
0.3.2 - 2013-05-29
==================
- Fix some merge bustage; this should contain all the things that were
*claimed* to be contained in the 0.3.1 release, but in fact were not.
0.3.1 - 2013-05-15
==================
- MultiAuthPolicySelected events now include the request object, so you
can e.g. access the registry from the handler function.
- Fixed some edge-cases in merging effective_principals with the output
of the groupfinder callback.
0.3.0 - 2012-11-27
==================
- Support for Python3 via source-level compatibility.
- Fire a MultiAuthPolicySelected event when a policy is successfully
used for authentication.
0.2.0 - 2012-10-04
==================
- Add get_policy() method, which can be used to look up the loaded
sub-policies at runtime.
0.1.2 - 2012-01-30
==================
- Update license to MPL 2.0.
0.1.1 - 2011-12-20
==================
- Compatability with Pyramid 1.3.
0.1.0 - 2011-11-11
==================
- Initial release.
Raw data
{
"_id": null,
"home_page": "https://github.com/mozilla-services/pyramid_multiauth",
"name": "pyramid-multiauth",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "web pyramid pylons authentication",
"author": "Mozilla Services",
"author_email": "services-dev@mozilla.org",
"download_url": "https://files.pythonhosted.org/packages/a5/79/83c05ec107584862f67552826ba37617c74b2a81bcf87f7b54bb036f2b1e/pyramid_multiauth-1.0.1.tar.gz",
"platform": "",
"description": "=================\npyramid_multiauth\n=================\n\n|pypi| |ci|\n\n.. |pypi| image:: https://img.shields.io/pypi/v/pyramid_multiauth.svg\n :target: https://pypi.python.org/pypi/pyramid_multiauth\n\n.. |ci| image:: https://github.com/mozilla-services/pyramid_multiauth/actions/workflows/test.yml/badge.svg\n :target: https://github.com/mozilla-services/pyramid_multiauth/actions\n\n\nAn authentication policy for Pyramid that proxies to a stack of other\nauthentication policies.\n\n\nOverview\n========\n\nMultiAuthenticationPolicy is a Pyramid authentication policy that proxies to\na stack of *other* IAuthenticationPolicy objects, to provide a combined auth\nsolution from individual pieces. Simply pass it a list of policies that\nshould be tried in order::\n\n\n policies = [\n IPAuthenticationPolicy(\"127.0.*.*\", principals=[\"local\"])\n IPAuthenticationPolicy(\"192.168.*.*\", principals=[\"trusted\"])\n ]\n authn_policy = MultiAuthenticationPolicy(policies)\n config.set_authentication_policy(authn_policy)\n\nThis example uses the pyramid_ipauth module to assign effective principals\nbased on originating IP address of the request. It combines two such\npolicies so that requests originating from \"127.0.*.*\" will have principal\n\"local\" while requests originating from \"192.168.*.*\" will have principal\n\"trusted\".\n\nIn general, the results from the stacked authentication policies are combined\nas follows:\n\n * authenticated_userid: return userid from first successful policy\n * unauthenticated_userid: return userid from first successful policy\n * effective_principals: return union of principals from all policies\n * remember: return headers from all policies\n * forget: return headers from all policies\n\n\nDeployment Settings\n===================\n\nIt is also possible to specify the authentication policies as part of your\npaste deployment settings. Consider the following example::\n\n [app:pyramidapp]\n use = egg:mypyramidapp\n\n multiauth.policies = ipauth1 ipauth2 pyramid_browserid\n\n multiauth.policy.ipauth1.use = pyramid_ipauth.IPAuthentictionPolicy\n multiauth.policy.ipauth1.ipaddrs = 127.0.*.*\n multiauth.policy.ipauth1.principals = local\n\n multiauth.policy.ipauth2.use = pyramid_ipauth.IPAuthentictionPolicy\n multiauth.policy.ipauth2.ipaddrs = 192.168.*.*\n multiauth.policy.ipauth2.principals = trusted\n\nTo configure authentication from these settings, simply include the multiauth\nmodule into your configurator::\n\n config.include(\"pyramid_multiauth\")\n\nIn this example you would get a MultiAuthenticationPolicy with three stacked\nauth policies. The first two, ipauth1 and ipauth2, are defined as the name of\nof a callable along with a set of keyword arguments. The third is defined as\nthe name of a module, pyramid_browserid, which will be procecesed via the\nstandard config.include() mechanism.\n\nThe end result would be a system that authenticates users via BrowserID, and\nassigns additional principal identifiers based on the originating IP address\nof the request.\n\nIf necessary, the *group finder function* and the *authorization policy* can\nalso be specified from configuration::\n\n [app:pyramidapp]\n use = egg:mypyramidapp\n\n multiauth.authorization_policy = mypyramidapp.acl.Custom\n multiauth.groupfinder = mypyramidapp.acl.groupfinder\n\n ...\n\n\nMultiAuthPolicySelected Event\n=============================\n\nAn event is triggered when one of the multiple policies configured is selected.\n\n::\n\n from pyramid_multiauth import MultiAuthPolicySelected\n\n\n # Track policy used, for prefixing user_id and for logging.\n def on_policy_selected(event):\n print(\"%s (%s) authenticated %s for request %s\" % (event.policy_name,\n event.policy,\n event.userid,\n event.request))\n\n config.add_subscriber(on_policy_selected, MultiAuthPolicySelected)\n\n\n1.0.1 (2021-10-28)\n==================\n\n**Bug Fixes**\n\n- Fix the `ConfigurationError` about authentication and authorization conflicting\n with the default security when loading various policies via their module name.\n\n**Internal Changes**\n\n- Migrate CI from CircleCI to Github Actions\n- Tox: add py3.7 and py3.9 support\n- Remove code for Pyramid < 1.3\n- Use ``assertEqual()`` in tests\n- Drop support of Python 2.7\n\n\n1.0.0 (2021-10-21)\n==================\n\n**Breaking Changes**\n\n- Drop support for Pyramid 1.X (#27)\n\n0.9.0 (2016-11-07)\n==================\n\n- Drop support for python 2.6\n\n\n0.8.0 (2016-02-11)\n==================\n\n- Provide ``userid`` attribute in ``MultiAuthPolicySelected`` event.\n- Always notify event when user is identified with authenticated_userid()\n (i.e. through ``effective_principals()`` with group finder callback).\n\n\n0.7.0 (2016-02-09)\n==================\n\n- Add ``get_policies()`` method to retrieve the list of contained authentication\n policies and their respective names.\n\n\n0.6.0 (2016-01-27)\n==================\n\n- Provide the policy name used in settings in the ``MultiAuthPolicySelected``\n event.\n\n\n0.5.0 - 2015-05-19\n==================\n\n- Read authorization policy from settings if present.\n\n\n0.4.0 - 2014-01-02\n==================\n\n- Make authenticated_userid None when groupfinder returns None.\n\n\n0.3.2 - 2013-05-29\n==================\n\n- Fix some merge bustage; this should contain all the things that were\n *claimed* to be contained in the 0.3.1 release, but in fact were not.\n\n\n0.3.1 - 2013-05-15\n==================\n\n- MultiAuthPolicySelected events now include the request object, so you\n can e.g. access the registry from the handler function.\n- Fixed some edge-cases in merging effective_principals with the output\n of the groupfinder callback.\n\n\n0.3.0 - 2012-11-27\n==================\n\n- Support for Python3 via source-level compatibility.\n- Fire a MultiAuthPolicySelected event when a policy is successfully\n used for authentication.\n\n\n0.2.0 - 2012-10-04\n==================\n\n- Add get_policy() method, which can be used to look up the loaded\n sub-policies at runtime.\n\n\n0.1.2 - 2012-01-30\n==================\n\n- Update license to MPL 2.0.\n\n\n0.1.1 - 2011-12-20\n==================\n\n- Compatability with Pyramid 1.3.\n\n\n0.1.0 - 2011-11-11\n==================\n\n- Initial release.\n\n\n",
"bugtrack_url": null,
"license": "",
"summary": "pyramid_multiauth",
"version": "1.0.1",
"project_urls": {
"Homepage": "https://github.com/mozilla-services/pyramid_multiauth"
},
"split_keywords": [
"web",
"pyramid",
"pylons",
"authentication"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "376541e156ad63049e8b88da3d8750aad68d027921b43e044350904d79d92f9e",
"md5": "b8490fbdc0fcfeec71231900d5a6ab45",
"sha256": "c265258af8021094e5b98602e8bfe094eec1350eebb56473f36cd0e076910822"
},
"downloads": -1,
"filename": "pyramid_multiauth-1.0.1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "b8490fbdc0fcfeec71231900d5a6ab45",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 16884,
"upload_time": "2021-10-28T09:12:00",
"upload_time_iso_8601": "2021-10-28T09:12:00.209318Z",
"url": "https://files.pythonhosted.org/packages/37/65/41e156ad63049e8b88da3d8750aad68d027921b43e044350904d79d92f9e/pyramid_multiauth-1.0.1-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "a57983c05ec107584862f67552826ba37617c74b2a81bcf87f7b54bb036f2b1e",
"md5": "a0dd97d5d6bd8dddda79105f865a2b45",
"sha256": "6d8785558e1d0bbe0d0da43e296efc0fbe0de5071d1f9b1091e891f0e4ec9682"
},
"downloads": -1,
"filename": "pyramid_multiauth-1.0.1.tar.gz",
"has_sig": false,
"md5_digest": "a0dd97d5d6bd8dddda79105f865a2b45",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 19788,
"upload_time": "2021-10-28T09:12:01",
"upload_time_iso_8601": "2021-10-28T09:12:01.845576Z",
"url": "https://files.pythonhosted.org/packages/a5/79/83c05ec107584862f67552826ba37617c74b2a81bcf87f7b54bb036f2b1e/pyramid_multiauth-1.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2021-10-28 09:12:01",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "mozilla-services",
"github_project": "pyramid_multiauth",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "pyramid-multiauth"
}
JSON
