aiohttp-security/aiohttp_security/api.py

import asyncio
import functools

from aiohttp import web

from aiohttp_security.abc import (AbstractIdentityPolicy,
                                  AbstractAuthorizationPolicy)

IDENTITY_KEY = 'aiohttp_security_identity_policy'
AUTZ_KEY = 'aiohttp_security_autz_policy'


def authorize(required=True, redirect_url=None, permission=None):
    def wrapper(f):
        @asyncio.coroutine
        @functools.wraps(f)
        def wrapped(*args, **kwargs):
            # assuming first argument is request
            assert isinstance(args[0], web.Request)
            request = args[0]

            # check if coroutine
            if asyncio.iscoroutinefunction(f):
                coro = f
            else:
                coro = asyncio.coroutine(f)

            # get identity
            identity = yield from get_user_identity(request)
            kwargs['identity'] = identity

            if required:

                # check identity
                if not identity:
                    return web.HTTPFound(redirect_url) if redirect_url \
                        else web.HTTPForbidden(reason='not authenticated')

                # check permission
                allowed = yield from permits(request, permission)
                if permission and not allowed:
                    return web.HTTPForbidden(reason='unauthorized')

            return (yield from coro(*args, **kwargs))

        return wrapped

    return wrapper


@asyncio.coroutine
def remember(request, response, identity, **kwargs):
    """Remember identity into response.

    The action is performed by identity_policy.remember()

    Usually the idenity is stored in user cookies homehow but may be
    pushed into custom header also.
    """
    assert isinstance(identity, str), identity
    assert identity
    identity_policy = request.app.get(IDENTITY_KEY)
    if identity_policy is None:
        text = ("Security subsystem is not initialized, "
                "call aiohttp_security.setup(...) first")
        # in order to see meaningful exception message both: on console
        # output and rendered page we add same message to *reason* and
        # *text* arguments.
        raise web.HTTPInternalServerError(reason=text, text=text)
    yield from identity_policy.remember(request, response, identity, **kwargs)


@asyncio.coroutine
def forget(request, response):
    """Forget previously remembered identity.

    Usually it clears cookie or server-side storage to forget user
    session.
    """
    identity_policy = request.app.get(IDENTITY_KEY)
    if identity_policy is None:
        text = ("Security subsystem is not initialized, "
                "call aiohttp_security.setup(...) first")
        # in order to see meaningful exception message both: on console
        # output and rendered page we add same message to *reason* and
        # *text* arguments.
        raise web.HTTPInternalServerError(reason=text, text=text)
    yield from identity_policy.forget(request, response)


@asyncio.coroutine
def get_user_identity(request):
    identity_policy = request.app.get(IDENTITY_KEY)
    if identity_policy is None:
        return None
    identity = yield from identity_policy.identify(request)
    return identity


'''
@asyncio.coroutine
def authorized_userid(request):
    identity_policy = request.app.get(IDENTITY_KEY)
    autz_policy = request.app.get(AUTZ_KEY)
    if identity_policy is None or autz_policy is None:
        return None
    identity = yield from identity_policy.identify(request)
    if identity is None:
        return None  # non-registered user has None user_id
    user_id = yield from autz_policy.authorized_userid(identity)
    return user_id
'''


@asyncio.coroutine
def permits(request, permission, context=None):
    assert isinstance(permission, str), permission
    assert permission
    autz_policy = request.app.get(AUTZ_KEY)
    if autz_policy is None:
        return True
    identity = yield from get_user_identity(request)
    access = yield from autz_policy.permits(identity, permission, context)
    return access


def setup(app, identity_policy, autz_policy):
    assert isinstance(identity_policy, AbstractIdentityPolicy), identity_policy
    assert isinstance(autz_policy, AbstractAuthorizationPolicy), autz_policy

    app[IDENTITY_KEY] = identity_policy
    app[AUTZ_KEY] = autz_policy
Initial commit 2015-07-08 17:30:24 +00:00			`import asyncio`
removing authorized_userid() method and added decorator 2016-05-12 11:14:00 +00:00			`import functools`
adding decorator and demo code 2016-05-13 01:40:57 +00:00
Add test for remember/forbid when library was not setted up 2015-08-05 10:32:49 +00:00			`from aiohttp import web`
adding decorator and demo code 2016-05-13 01:40:57 +00:00
Initial commit 2015-07-08 17:30:24 +00:00			`from aiohttp_security.abc import (AbstractIdentityPolicy,`
			`AbstractAuthorizationPolicy)`

			`IDENTITY_KEY = 'aiohttp_security_identity_policy'`
			`AUTZ_KEY = 'aiohttp_security_autz_policy'`


fixed compile errors and tested decorator working 2016-05-12 11:40:48 +00:00			`def authorize(required=True, redirect_url=None, permission=None):`
removing authorized_userid() method and added decorator 2016-05-12 11:14:00 +00:00			`def wrapper(f):`
			`@asyncio.coroutine`
			`@functools.wraps(f)`
fixed compile errors and tested decorator working 2016-05-12 11:40:48 +00:00			`def wrapped(args, *kwargs):`
			`# assuming first argument is request`
			`assert isinstance(args[0], web.Request)`
			`request = args[0]`
adding decorator and demo code 2016-05-13 01:40:57 +00:00
			`# check if coroutine`
removing authorized_userid() method and added decorator 2016-05-12 11:14:00 +00:00			`if asyncio.iscoroutinefunction(f):`
			`coro = f`
			`else:`
			`coro = asyncio.coroutine(f)`
adding decorator and demo code 2016-05-13 01:40:57 +00:00
			`# get identity`
fixed compile errors and tested decorator working 2016-05-12 11:40:48 +00:00			`identity = yield from get_user_identity(request)`
			`kwargs['identity'] = identity`
adding decorator and demo code 2016-05-13 01:40:57 +00:00
			`if required:`

			`# check identity`
			`if not identity:`
			`return web.HTTPFound(redirect_url) if redirect_url \`
			`else web.HTTPForbidden(reason='not authenticated')`

			`# check permission`
			`allowed = yield from permits(request, permission)`
			`if permission and not allowed:`
			`return web.HTTPForbidden(reason='unauthorized')`

fixed compile errors and tested decorator working 2016-05-12 11:40:48 +00:00			`return (yield from coro(args, *kwargs))`
adding decorator and demo code 2016-05-13 01:40:57 +00:00
removing authorized_userid() method and added decorator 2016-05-12 11:14:00 +00:00			`return wrapped`

adding decorator and demo code 2016-05-13 01:40:57 +00:00			`return wrapper`
removing authorized_userid() method and added decorator 2016-05-12 11:14:00 +00:00

Initial commit 2015-07-08 17:30:24 +00:00			`@asyncio.coroutine`
Return back to passing response parameter into remember and forget methods 2015-07-29 20:41:16 +00:00			`def remember(request, response, identity, **kwargs):`
More docs 2015-10-29 08:31:24 +00:00			`"""Remember identity into response.`

Docs 2015-10-29 13:34:38 +00:00			`The action is performed by identity_policy.remember()`

			`Usually the idenity is stored in user cookies homehow but may be`
			`pushed into custom header also.`
More docs 2015-10-29 08:31:24 +00:00			`"""`
			`assert isinstance(identity, str), identity`
Add couple assertions and short-cut 2015-11-20 11:39:10 +00:00			`assert identity`
Add test for remember/forbid when library was not setted up 2015-08-05 10:32:49 +00:00			`identity_policy = request.app.get(IDENTITY_KEY)`
			`if identity_policy is None:`
			`text = ("Security subsystem is not initialized, "`
			`"call aiohttp_security.setup(...) first")`
			`# in order to see meaningful exception message both: on console`
			`# output and rendered page we add same message to reason and`
			`# text arguments.`
			`raise web.HTTPInternalServerError(reason=text, text=text)`
Return back to passing response parameter into remember and forget methods 2015-07-29 20:41:16 +00:00			`yield from identity_policy.remember(request, response, identity, **kwargs)`
Initial commit 2015-07-08 17:30:24 +00:00

			`@asyncio.coroutine`
Return back to passing response parameter into remember and forget methods 2015-07-29 20:41:16 +00:00			`def forget(request, response):`
Merge branch 'master' of github.com:aio-libs/aiohttp_security 2015-11-02 20:29:11 +00:00			`"""Forget previously remembered identity.`
Work on documentation 2015-11-02 20:28:10 +00:00
Docs 2015-10-29 13:34:38 +00:00			`Usually it clears cookie or server-side storage to forget user`
			`session.`
			`"""`
Add test for remember/forbid when library was not setted up 2015-08-05 10:32:49 +00:00			`identity_policy = request.app.get(IDENTITY_KEY)`
			`if identity_policy is None:`
			`text = ("Security subsystem is not initialized, "`
			`"call aiohttp_security.setup(...) first")`
			`# in order to see meaningful exception message both: on console`
			`# output and rendered page we add same message to reason and`
			`# text arguments.`
			`raise web.HTTPInternalServerError(reason=text, text=text)`
Return back to passing response parameter into remember and forget methods 2015-07-29 20:41:16 +00:00			`yield from identity_policy.forget(request, response)`
Initial commit 2015-07-08 17:30:24 +00:00

removing authorized_userid() method and added decorator 2016-05-12 11:14:00 +00:00			`@asyncio.coroutine`
			`def get_user_identity(request):`
			`identity_policy = request.app.get(IDENTITY_KEY)`
			`if identity_policy is None:`
			`return None`
			`identity = yield from identity_policy.identify(request)`
			`return identity`

adding decorator and demo code 2016-05-13 01:40:57 +00:00
removing authorized_userid() method and added decorator 2016-05-12 11:14:00 +00:00			`'''`
Initial commit 2015-07-08 17:30:24 +00:00			`@asyncio.coroutine`
			`def authorized_userid(request):`
Return authenticated anonymous if library was not setted up 2015-08-04 18:19:01 +00:00			`identity_policy = request.app.get(IDENTITY_KEY)`
			`autz_policy = request.app.get(AUTZ_KEY)`
			`if identity_policy is None or autz_policy is None:`
			`return None`
Initial commit 2015-07-08 17:30:24 +00:00			`identity = yield from identity_policy.identify(request)`
Add couple assertions and short-cut 2015-11-20 11:39:10 +00:00			`if identity is None:`
			`return None # non-registered user has None user_id`
Initial commit 2015-07-08 17:30:24 +00:00			`user_id = yield from autz_policy.authorized_userid(identity)`
			`return user_id`
removing authorized_userid() method and added decorator 2016-05-12 11:14:00 +00:00			`'''`
Initial commit 2015-07-08 17:30:24 +00:00

			`@asyncio.coroutine`
			`def permits(request, permission, context=None):`
Clarify type for permission parameter 2015-11-10 23:30:41 +00:00			`assert isinstance(permission, str), permission`
Add couple assertions and short-cut 2015-11-20 11:39:10 +00:00			`assert permission`
Return authenticated anonymous if library was not setted up 2015-08-04 18:19:01 +00:00			`autz_policy = request.app.get(AUTZ_KEY)`
adding decorator and demo code 2016-05-13 01:40:57 +00:00			`if autz_policy is None:`
			`return True`
removing authorized_userid() method and added decorator 2016-05-12 11:14:00 +00:00			`identity = yield from get_user_identity(request)`
Initial commit 2015-07-08 17:30:24 +00:00			`access = yield from autz_policy.permits(identity, permission, context)`
			`return access`


Update doc 2015-09-06 05:12:18 +00:00			`def setup(app, identity_policy, autz_policy):`
Initial commit 2015-07-08 17:30:24 +00:00			`assert isinstance(identity_policy, AbstractIdentityPolicy), identity_policy`
Update doc 2015-09-06 05:12:18 +00:00			`assert isinstance(autz_policy, AbstractAuthorizationPolicy), autz_policy`
Initial commit 2015-07-08 17:30:24 +00:00
			`app[IDENTITY_KEY] = identity_policy`
Update doc 2015-09-06 05:12:18 +00:00			`app[AUTZ_KEY] = autz_policy`