Initial commit

aiohttp_security/__init__.py

@@ -0,0 +1,10 @@
+__version__ = '0.1.0'
+
+
+from .abc import AbstractIdentityPolicy, AbstractAuthorizationPolicy
+from .api import remember, forget, setup, authorized_userid, permits
+
+
+__all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
+           'remember', 'forget', 'authorized_userid',
+           'permits', 'setup')

aiohttp_security/abc.py

@@ -0,0 +1,50 @@
+import abc
+import asyncio
+
+# see http://plope.com/pyramid_auth_design_api_postmortem
+
+
+class AbstractIdentityPolicy(metaclass=abc.ABCMeta):
+
+    @asyncio.coroutine
+    @abc.abstractmethod
+    def identify(self, request):
+        """ Return the claimed identity of the user associated request or
+        ``None`` if no identity can be found associated with the request."""
+        pass
+
+    @asyncio.coroutine
+    @abc.abstractmethod
+    def remember(self, request, identity, **kwargs):
+        """Remember identity.
+
+        Return MultiDict with headers on this request's response.
+
+        An individual identity policy and its consumers can decide on
+        the composition and meaning of **kw.
+        """
+        pass
+
+    @asyncio.coroutine
+    @abc.abstractmethod
+    def forget(self, request):
+        """ Modify request.response which can be used to 'forget' the
+        current identity on subsequent requests."""
+        pass
+
+
+class AbstractAuthorizationPolicy(metaclass=abc.ABCMeta):
+
+    @asyncio.coroutine
+    @abc.abstractmethod
+    def permits(self, identity, permission, context=None):
+        """ Return True if the identity is allowed the permission in the
+        current context, else return False"""
+        pass
+
+    @asyncio.coroutine
+    @abc.abstractmethod
+    def authorized_userid(self, identity):
+        """ Return the user_id of the user identified by the identity
+        or 'None' if no user exists related to the identity """
+        pass

aiohttp_security/api.py

@@ -0,0 +1,46 @@
+import asyncio
+from aiohttp_security.abc import (AbstractIdentityPolicy,
+                                  AbstractAuthorizationPolicy)
+
+IDENTITY_KEY = 'aiohttp_security_identity_policy'
+AUTZ_KEY = 'aiohttp_security_autz_policy'
+
+
+@asyncio.coroutine
+def remember(request, identity, **kwargs):
+    identity_policy = request.app[IDENTITY_KEY]
+    headers = yield from identity_policy.remember(request, identity, **kwargs)
+    return headers
+
+
+@asyncio.coroutine
+def forget(request):
+    identity_policy = request.app[IDENTITY_KEY]
+    headers = yield from identity_policy.forget(request)
+    return headers
+
+
+@asyncio.coroutine
+def authorized_userid(request):
+    identity_policy = request.app[IDENTITY_KEY]
+    autz_policy = request.app[AUTZ_KEY]
+    identity = yield from identity_policy.identify(request)
+    user_id = yield from autz_policy.authorized_userid(identity)
+    return user_id
+
+
+@asyncio.coroutine
+def permits(request, permission, context=None):
+    identity_policy = request.app[IDENTITY_KEY]
+    autz_policy = request.app[AUTZ_KEY]
+    identity = yield from identity_policy.identify(request)
+    access = yield from autz_policy.permits(identity, permission, context)
+    return access
+
+
+def setup(app, identity_policy, auth_policy):
+    assert isinstance(identity_policy, AbstractIdentityPolicy), identity_policy
+    assert isinstance(auth_policy, AbstractAuthorizationPolicy), auth_policy
+
+    app[IDENTITY_KEY] = identity_policy
+    app[AUTZ_KEY] = auth_policy

aiohttp_security/cookies_identity.py

@@ -0,0 +1,40 @@
+import asyncio
+import http.cookies
+
+from aiohttp import hdrs, CIMultiDict
+
+from .abc import AbstractIdentityPolicy
+
+
+class CookiesIdentityPolicy(AbstractIdentityPolicy):
+
+    def __init__(self):
+        self._cookie_name = 'AIOHTTP_SECURITY'
+        self._max_age = 30 * 24 * 3600
+
+    @asyncio.coroutine
+    def identify(self, request):
+        identity = request.cookies.get(self._cookie_name)
+        return identity
+
+    @asyncio.coroutine
+    def remember(self, request, identity, **kwargs):
+        cookies = http.cookies.SimpleCookie()
+        max_age = kwargs.pop('max_age', self._max_age)
+        cookies[self._cookie_name] = identity
+        cookie = cookies[self._cookie_name]
+        cookie['max-age'] = max_age
+        cookie.update(kwargs)
+
+        value = cookie.output(header='')[1:]
+        result = CIMultiDict({hdrs.SET_COOKIE: value})
+        return result
+
+    @asyncio.coroutine
+    def forget(self, request):
+        cookies = http.cookies.SimpleCookie()
+        cookies[self._cookie_name] = ''
+        cookie = cookies[self._cookie_name]
+        value = cookie.output(header='')[1:]
+        result = CIMultiDict({hdrs.SET_COOKIE: value})
+        return result

aiohttp_security/examples/__init__.py

@@ -0,0 +1 @@
+#

aiohttp_security/examples/dict_auth.py

@@ -0,0 +1,21 @@
+import asyncio
+
+from aiohttp_security.authorization import AbstractAuthorizationPolicy
+
+
+class DictionaryAuthorizationPolicy(AbstractAuthorizationPolicy):
+    def __init__(self, data):
+        self.data = data
+
+    @asyncio.coroutine
+    def permits(self, identity, permission, context=None):
+        record = self.data.get(identity)
+        if record is not None:
+            # TODO: implement actual permission checker
+            if permission in record:
+                return True
+        return False
+
+    @asyncio.coroutine
+    def authorized_user_id(self, identity):
+        return identity if identity in self.data else None