aiohttp-security/aiohttp_security/api.py

import asyncio
from aiohttp import web
from aiohttp_security.abc import (AbstractIdentityPolicy,
                                  AbstractAuthorizationPolicy)

IDENTITY_KEY = 'aiohttp_security_identity_policy'
AUTZ_KEY = 'aiohttp_security_autz_policy'


@asyncio.coroutine
def remember(request, response, identity, **kwargs):
    """Remember identity into response.

    The action is performed by identity_policy.remember()

    Usually the idenity is stored in user cookies homehow but may be
    pushed into custom header also.
    """
    assert isinstance(identity, str), identity
    assert identity
    identity_policy = request.app.get(IDENTITY_KEY)
    if identity_policy is None:
        text = ("Security subsystem is not initialized, "
                "call aiohttp_security.setup(...) first")
        # in order to see meaningful exception message both: on console
        # output and rendered page we add same message to *reason* and
        # *text* arguments.
        raise web.HTTPInternalServerError(reason=text, text=text)
    yield from identity_policy.remember(request, response, identity, **kwargs)


@asyncio.coroutine
def forget(request, response):
    """Forget previously remembered identity.

    Usually it clears cookie or server-side storage to forget user
    session.
    """
    identity_policy = request.app.get(IDENTITY_KEY)
    if identity_policy is None:
        text = ("Security subsystem is not initialized, "
                "call aiohttp_security.setup(...) first")
        # in order to see meaningful exception message both: on console
        # output and rendered page we add same message to *reason* and
        # *text* arguments.
        raise web.HTTPInternalServerError(reason=text, text=text)
    yield from identity_policy.forget(request, response)


@asyncio.coroutine
def authorized_userid(request):
    identity_policy = request.app.get(IDENTITY_KEY)
    autz_policy = request.app.get(AUTZ_KEY)
    if identity_policy is None or autz_policy is None:
        return None
    identity = yield from identity_policy.identify(request)
    if identity is None:
        return None  # non-registered user has None user_id
    user_id = yield from autz_policy.authorized_userid(identity)
    return user_id


@asyncio.coroutine
def permits(request, permission, context=None):
    assert isinstance(permission, str), permission
    assert permission
    identity_policy = request.app.get(IDENTITY_KEY)
    autz_policy = request.app.get(AUTZ_KEY)
    if identity_policy is None or autz_policy is None:
        return True
    identity = yield from identity_policy.identify(request)
    # non-registered user still may has some permissions
    access = yield from autz_policy.permits(identity, permission, context)
    return access


def setup(app, identity_policy, autz_policy):
    assert isinstance(identity_policy, AbstractIdentityPolicy), identity_policy
    assert isinstance(autz_policy, AbstractAuthorizationPolicy), autz_policy

    app[IDENTITY_KEY] = identity_policy
    app[AUTZ_KEY] = autz_policy
Initial commit 2015-07-08 17:30:24 +00:00			`import asyncio`
Add test for remember/forbid when library was not setted up 2015-08-05 10:32:49 +00:00			`from aiohttp import web`
Initial commit 2015-07-08 17:30:24 +00:00			`from aiohttp_security.abc import (AbstractIdentityPolicy,`
			`AbstractAuthorizationPolicy)`

			`IDENTITY_KEY = 'aiohttp_security_identity_policy'`
			`AUTZ_KEY = 'aiohttp_security_autz_policy'`


			`@asyncio.coroutine`
Return back to passing response parameter into remember and forget methods 2015-07-29 20:41:16 +00:00			`def remember(request, response, identity, **kwargs):`
More docs 2015-10-29 08:31:24 +00:00			`"""Remember identity into response.`

Docs 2015-10-29 13:34:38 +00:00			`The action is performed by identity_policy.remember()`

			`Usually the idenity is stored in user cookies homehow but may be`
			`pushed into custom header also.`
More docs 2015-10-29 08:31:24 +00:00			`"""`
			`assert isinstance(identity, str), identity`
Add couple assertions and short-cut 2015-11-20 11:39:10 +00:00			`assert identity`
Add test for remember/forbid when library was not setted up 2015-08-05 10:32:49 +00:00			`identity_policy = request.app.get(IDENTITY_KEY)`
			`if identity_policy is None:`
			`text = ("Security subsystem is not initialized, "`
			`"call aiohttp_security.setup(...) first")`
			`# in order to see meaningful exception message both: on console`
			`# output and rendered page we add same message to reason and`
			`# text arguments.`
			`raise web.HTTPInternalServerError(reason=text, text=text)`
Return back to passing response parameter into remember and forget methods 2015-07-29 20:41:16 +00:00			`yield from identity_policy.remember(request, response, identity, **kwargs)`
Initial commit 2015-07-08 17:30:24 +00:00

			`@asyncio.coroutine`
Return back to passing response parameter into remember and forget methods 2015-07-29 20:41:16 +00:00			`def forget(request, response):`
Merge branch 'master' of github.com:aio-libs/aiohttp_security 2015-11-02 20:29:11 +00:00			`"""Forget previously remembered identity.`
Work on documentation 2015-11-02 20:28:10 +00:00
Docs 2015-10-29 13:34:38 +00:00			`Usually it clears cookie or server-side storage to forget user`
			`session.`
			`"""`
Add test for remember/forbid when library was not setted up 2015-08-05 10:32:49 +00:00			`identity_policy = request.app.get(IDENTITY_KEY)`
			`if identity_policy is None:`
			`text = ("Security subsystem is not initialized, "`
			`"call aiohttp_security.setup(...) first")`
			`# in order to see meaningful exception message both: on console`
			`# output and rendered page we add same message to reason and`
			`# text arguments.`
			`raise web.HTTPInternalServerError(reason=text, text=text)`
Return back to passing response parameter into remember and forget methods 2015-07-29 20:41:16 +00:00			`yield from identity_policy.forget(request, response)`
Initial commit 2015-07-08 17:30:24 +00:00

			`@asyncio.coroutine`
			`def authorized_userid(request):`
Return authenticated anonymous if library was not setted up 2015-08-04 18:19:01 +00:00			`identity_policy = request.app.get(IDENTITY_KEY)`
			`autz_policy = request.app.get(AUTZ_KEY)`
			`if identity_policy is None or autz_policy is None:`
			`return None`
Initial commit 2015-07-08 17:30:24 +00:00			`identity = yield from identity_policy.identify(request)`
Add couple assertions and short-cut 2015-11-20 11:39:10 +00:00			`if identity is None:`
			`return None # non-registered user has None user_id`
Initial commit 2015-07-08 17:30:24 +00:00			`user_id = yield from autz_policy.authorized_userid(identity)`
			`return user_id`


			`@asyncio.coroutine`
			`def permits(request, permission, context=None):`
Clarify type for permission parameter 2015-11-10 23:30:41 +00:00			`assert isinstance(permission, str), permission`
Add couple assertions and short-cut 2015-11-20 11:39:10 +00:00			`assert permission`
Return authenticated anonymous if library was not setted up 2015-08-04 18:19:01 +00:00			`identity_policy = request.app.get(IDENTITY_KEY)`
			`autz_policy = request.app.get(AUTZ_KEY)`
			`if identity_policy is None or autz_policy is None:`
			`return True`
Initial commit 2015-07-08 17:30:24 +00:00			`identity = yield from identity_policy.identify(request)`
Add couple assertions and short-cut 2015-11-20 11:39:10 +00:00			`# non-registered user still may has some permissions`
Initial commit 2015-07-08 17:30:24 +00:00			`access = yield from autz_policy.permits(identity, permission, context)`
			`return access`


Update doc 2015-09-06 05:12:18 +00:00			`def setup(app, identity_policy, autz_policy):`
Initial commit 2015-07-08 17:30:24 +00:00			`assert isinstance(identity_policy, AbstractIdentityPolicy), identity_policy`
Update doc 2015-09-06 05:12:18 +00:00			`assert isinstance(autz_policy, AbstractAuthorizationPolicy), autz_policy`
Initial commit 2015-07-08 17:30:24 +00:00
			`app[IDENTITY_KEY] = identity_policy`
Update doc 2015-09-06 05:12:18 +00:00			`app[AUTZ_KEY] = autz_policy`