aiohttp-security/aiohttp_security/api.py

133 lines
4.2 KiB
Python
Raw Normal View History

2015-07-08 17:30:24 +00:00
import asyncio
import functools
2016-05-13 01:40:57 +00:00
from aiohttp import web
2016-05-13 01:40:57 +00:00
2015-07-08 17:30:24 +00:00
from aiohttp_security.abc import (AbstractIdentityPolicy,
AbstractAuthorizationPolicy)
IDENTITY_KEY = 'aiohttp_security_identity_policy'
AUTZ_KEY = 'aiohttp_security_autz_policy'
def authorize(required=True, redirect_url=None, permission=None):
def wrapper(f):
@asyncio.coroutine
@functools.wraps(f)
def wrapped(*args, **kwargs):
# assuming first argument is request
assert isinstance(args[0], web.Request)
request = args[0]
2016-05-13 01:40:57 +00:00
# check if coroutine
if asyncio.iscoroutinefunction(f):
coro = f
else:
coro = asyncio.coroutine(f)
2016-05-13 01:40:57 +00:00
# get identity
identity = yield from authorized_userid(request)
kwargs['identity'] = identity
2016-05-13 01:40:57 +00:00
if required:
# check identity
if not identity:
return web.HTTPFound(redirect_url) if redirect_url \
else web.HTTPForbidden(reason='not authenticated')
# check permission
allowed = yield from permits(request, permission)
if permission and not allowed:
return web.HTTPForbidden(reason='unauthorized')
return (yield from coro(*args, **kwargs))
2016-05-13 01:40:57 +00:00
return wrapped
2016-05-13 01:40:57 +00:00
return wrapper
2015-07-08 17:30:24 +00:00
@asyncio.coroutine
def remember(request, response, identity, **kwargs):
2015-10-29 08:31:24 +00:00
"""Remember identity into response.
2015-10-29 13:34:38 +00:00
The action is performed by identity_policy.remember()
Usually the idenity is stored in user cookies homehow but may be
pushed into custom header also.
2015-10-29 08:31:24 +00:00
"""
assert isinstance(identity, str), identity
2015-11-20 11:39:10 +00:00
assert identity
identity_policy = request.app.get(IDENTITY_KEY)
if identity_policy is None:
text = ("Security subsystem is not initialized, "
"call aiohttp_security.setup(...) first")
# in order to see meaningful exception message both: on console
# output and rendered page we add same message to *reason* and
# *text* arguments.
raise web.HTTPInternalServerError(reason=text, text=text)
yield from identity_policy.remember(request, response, identity, **kwargs)
2015-07-08 17:30:24 +00:00
@asyncio.coroutine
def forget(request, response):
"""Forget previously remembered identity.
2015-11-02 20:28:10 +00:00
2015-10-29 13:34:38 +00:00
Usually it clears cookie or server-side storage to forget user
session.
"""
identity_policy = request.app.get(IDENTITY_KEY)
if identity_policy is None:
text = ("Security subsystem is not initialized, "
"call aiohttp_security.setup(...) first")
# in order to see meaningful exception message both: on console
# output and rendered page we add same message to *reason* and
# *text* arguments.
raise web.HTTPInternalServerError(reason=text, text=text)
yield from identity_policy.forget(request, response)
2015-07-08 17:30:24 +00:00
@asyncio.coroutine
def authorized_userid(request):
identity_policy = request.app.get(IDENTITY_KEY)
if identity_policy is None:
return None
identity = yield from identity_policy.identify(request)
return identity
2016-05-13 01:40:57 +00:00
'''
2015-07-08 17:30:24 +00:00
@asyncio.coroutine
def authorized_userid(request):
identity_policy = request.app.get(IDENTITY_KEY)
autz_policy = request.app.get(AUTZ_KEY)
if identity_policy is None or autz_policy is None:
return None
2015-07-08 17:30:24 +00:00
identity = yield from identity_policy.identify(request)
2015-11-20 11:39:10 +00:00
if identity is None:
return None # non-registered user has None user_id
2015-07-08 17:30:24 +00:00
user_id = yield from autz_policy.authorized_userid(identity)
return user_id
'''
2015-07-08 17:30:24 +00:00
@asyncio.coroutine
def permits(request, permission, context=None):
2015-11-10 23:30:41 +00:00
assert isinstance(permission, str), permission
2015-11-20 11:39:10 +00:00
assert permission
autz_policy = request.app.get(AUTZ_KEY)
2016-05-13 01:40:57 +00:00
if autz_policy is None:
return True
identity = yield from authorized_userid(request)
2015-07-08 17:30:24 +00:00
access = yield from autz_policy.permits(identity, permission, context)
return access
2015-09-06 05:12:18 +00:00
def setup(app, identity_policy, autz_policy):
2015-07-08 17:30:24 +00:00
assert isinstance(identity_policy, AbstractIdentityPolicy), identity_policy
2015-09-06 05:12:18 +00:00
assert isinstance(autz_policy, AbstractAuthorizationPolicy), autz_policy
2015-07-08 17:30:24 +00:00
app[IDENTITY_KEY] = identity_policy
2015-09-06 05:12:18 +00:00
app[AUTZ_KEY] = autz_policy