python
/
aiohttp-security
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

removing authorized_userid() method and added decorator

This commit is contained in:
Sick Yoon 2016-05-12 20:14:00 +09:00
parent fec22f971c
commit 7043b24377
2 changed files with 32 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
aiohttp_security/abc.py
View File

@ -44,13 +44,3 @@ class AbstractAuthorizationPolicy(metaclass=abc.ABCMeta):
current context, else return False. current context, else return False.
""" """
pass pass
@asyncio.coroutine
@abc.abstractmethod
def authorized_userid(self, identity):
"""Retrieve authorized user id.
Return the user_id of the user identified by the identity
or 'None' if no user exists related to the identity.
"""
pass

37
aiohttp_security/api.py
View File

@ -1,4 +1,5 @@
import asyncio import asyncio
import functools
from aiohttp import web from aiohttp import web
from aiohttp_security.abc import (AbstractIdentityPolicy, from aiohttp_security.abc import (AbstractIdentityPolicy,
AbstractAuthorizationPolicy) AbstractAuthorizationPolicy)
@ -7,6 +8,25 @@ IDENTITY_KEY = 'aiohttp_security_identity_policy'
AUTZ_KEY = 'aiohttp_security_autz_policy' AUTZ_KEY = 'aiohttp_security_autz_policy'
def authorize(required=True):
def wrapper(f):
@asyncio.coroutine
@functools.wraps(f)
def wrapped(**kwargs):
assert 'request' in kwargs
if asyncio.iscoroutinefunction(f):
coro = f
else:
coro = asyncio.coroutine(f)
identity = yield from get_user_identity(kwargs['request'])
if not identity and not required:
raise web.HTTPForbidden()
return (yield from coro(identity=identity, **kwargs))
return wrapped
return wrapper
@asyncio.coroutine @asyncio.coroutine
def remember(request, response, identity, **kwargs): def remember(request, response, identity, **kwargs):
"""Remember identity into response. """Remember identity into response.
@ -47,6 +67,16 @@ def forget(request, response):
yield from identity_policy.forget(request, response) yield from identity_policy.forget(request, response)
@asyncio.coroutine
def get_user_identity(request):
identity_policy = request.app.get(IDENTITY_KEY)
if identity_policy is None:
return None
identity = yield from identity_policy.identify(request)
return identity
authorized_userid method in AbstractAuthorizationPolicy required?
'''
@asyncio.coroutine @asyncio.coroutine
def authorized_userid(request): def authorized_userid(request):
identity_policy = request.app.get(IDENTITY_KEY) identity_policy = request.app.get(IDENTITY_KEY)
@ -58,18 +88,15 @@ def authorized_userid(request):
return None # non-registered user has None user_id return None # non-registered user has None user_id
user_id = yield from autz_policy.authorized_userid(identity) user_id = yield from autz_policy.authorized_userid(identity)
return user_id return user_id
'''
@asyncio.coroutine @asyncio.coroutine
def permits(request, permission, context=None): def permits(request, permission, context=None):
assert isinstance(permission, str), permission assert isinstance(permission, str), permission
assert permission assert permission
identity_policy = request.app.get(IDENTITY_KEY)
autz_policy = request.app.get(AUTZ_KEY) autz_policy = request.app.get(AUTZ_KEY)
if identity_policy is None or autz_policy is None: identity = yield from get_user_identity(request)
return True
identity = yield from identity_policy.identify(request)
# non-registered user still may has some permissions
access = yield from autz_policy.permits(identity, permission, context) access = yield from autz_policy.permits(identity, permission, context)
return access return access