aiohttp-security/demo/db_auth.py

import asyncio

import sqlalchemy as sa

from aiohttp_security.abc import AbstractAuthorizationPolicy
from passlib.hash import sha256_crypt

from . import db


class DBAuthorizationPolicy(AbstractAuthorizationPolicy):
    def __init__(self, dbengine):
        self.dbengine = dbengine

    @asyncio.coroutine
    def authorized_userid(self, identity):
        with (yield from self.dbengine) as conn:
            where = sa.and_(db.users.c.login == identity,
                            sa.not_(db.users.c.disabled))
            query = db.users.count().where(where)
            ret = yield from conn.scalar(query)
            if ret:
                return identity
            else:
                return None

    @asyncio.coroutine
    def permits(self, identity, permission, context=None):
        if identity is None:
            return False

        with (yield from self.dbengine) as conn:
            where = sa.and_(db.users.c.login == identity,
                            sa.not_(db.users.c.disabled))
            query = db.users.select().where(where)
            ret = yield from conn.execute(query)
            user = yield from ret.fetchone()
            if user is not None:
                user_id = user[0]
                is_superuser = user[3]
                if is_superuser:
                    return True

                where = db.permissions.c.user_id == user_id
                query = db.permissions.select().where(where)
                ret = yield from conn.execute(query)
                result = yield from ret.fetchall()
                if ret is not None:
                    for record in result:
                        if record.perm_name == permission:
                            return True

            return False


@asyncio.coroutine
def check_credentials(db_engine, username, password):
    with (yield from db_engine) as conn:
        where = sa.and_(db.users.c.login == username,
                        sa.not_(db.users.c.disabled))
        query = db.users.select().where(where)
        ret = yield from conn.execute(query)
        user = yield from ret.fetchone()
        if user is not None:
            hash = user[2]
            return sha256_crypt.verify(password, hash)
    return False
Initial commit 2015-07-08 17:30:24 +00:00			`import asyncio`
Create working demo (#5) * Add docs example and update demo source code * Fail with debug * Fix tests * Update sql scripts * Update docs * Add checking for the password * Update documentation with launch/usage example * Launch flake8 instead of pep8 and pyflakes 2016-08-30 17:38:59 +00:00
work on demo 2015-11-21 07:37:44 +00:00			`import sqlalchemy as sa`
Initial commit 2015-07-08 17:30:24 +00:00
Work on demo 2016-02-01 17:25:14 +00:00			`from aiohttp_security.abc import AbstractAuthorizationPolicy`
Create working demo (#5) * Add docs example and update demo source code * Fail with debug * Fix tests * Update sql scripts * Update docs * Add checking for the password * Update documentation with launch/usage example * Launch flake8 instead of pep8 and pyflakes 2016-08-30 17:38:59 +00:00			`from passlib.hash import sha256_crypt`
Initial commit 2015-07-08 17:30:24 +00:00
work on demo 2015-11-21 07:37:44 +00:00			`from . import db`

Initial commit 2015-07-08 17:30:24 +00:00
Work on demo 2015-11-21 06:45:08 +00:00			`class DBAuthorizationPolicy(AbstractAuthorizationPolicy):`
Work on demo 2015-11-26 18:09:00 +00:00			`def __init__(self, dbengine):`
			`self.dbengine = dbengine`
Initial commit 2015-07-08 17:30:24 +00:00
work on demo 2015-11-21 07:37:44 +00:00			`@asyncio.coroutine`
Create working demo (#5) * Add docs example and update demo source code * Fail with debug * Fix tests * Update sql scripts * Update docs * Add checking for the password * Update documentation with launch/usage example * Launch flake8 instead of pep8 and pyflakes 2016-08-30 17:38:59 +00:00			`def authorized_userid(self, identity):`
Merge branch 'master' of github.com:aio-libs/aiohttp_security 2015-11-26 18:11:49 +00:00			`with (yield from self.dbengine) as conn:`
Create working demo (#5) * Add docs example and update demo source code * Fail with debug * Fix tests * Update sql scripts * Update docs * Add checking for the password * Update documentation with launch/usage example * Launch flake8 instead of pep8 and pyflakes 2016-08-30 17:38:59 +00:00			`where = sa.and_(db.users.c.login == identity,`
			`sa.not_(db.users.c.disabled))`
			`query = db.users.count().where(where)`
work on demo 2015-11-21 07:37:44 +00:00			`ret = yield from conn.scalar(query)`
			`if ret:`
			`return identity`
			`else:`
			`return None`

Initial commit 2015-07-08 17:30:24 +00:00			`@asyncio.coroutine`
			`def permits(self, identity, permission, context=None):`
Create working demo (#5) * Add docs example and update demo source code * Fail with debug * Fix tests * Update sql scripts * Update docs * Add checking for the password * Update documentation with launch/usage example * Launch flake8 instead of pep8 and pyflakes 2016-08-30 17:38:59 +00:00			`if identity is None:`
			`return False`

Merge branch 'master' of github.com:aio-libs/aiohttp_security 2015-11-26 18:11:49 +00:00			`with (yield from self.dbengine) as conn:`
Create working demo (#5) * Add docs example and update demo source code * Fail with debug * Fix tests * Update sql scripts * Update docs * Add checking for the password * Update documentation with launch/usage example * Launch flake8 instead of pep8 and pyflakes 2016-08-30 17:38:59 +00:00			`where = sa.and_(db.users.c.login == identity,`
			`sa.not_(db.users.c.disabled))`
			`query = db.users.select().where(where)`
			`ret = yield from conn.execute(query)`
			`user = yield from ret.fetchone()`
			`if user is not None:`
			`user_id = user[0]`
			`is_superuser = user[3]`
			`if is_superuser:`
			`return True`

			`where = db.permissions.c.user_id == user_id`
			`query = db.permissions.select().where(where)`
			`ret = yield from conn.execute(query)`
			`result = yield from ret.fetchall()`
			`if ret is not None:`
			`for record in result:`
			`if record.perm_name == permission:`
			`return True`

			`return False`


			`@asyncio.coroutine`
			`def check_credentials(db_engine, username, password):`
			`with (yield from db_engine) as conn:`
			`where = sa.and_(db.users.c.login == username,`
			`sa.not_(db.users.c.disabled))`
			`query = db.users.select().where(where)`
			`ret = yield from conn.execute(query)`
			`user = yield from ret.fetchone()`
			`if user is not None:`
			`hash = user[2]`
			`return sha256_crypt.verify(password, hash)`
			`return False`