python/aiohttp-security
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update to 0.3.0

Browse Source
This commit is contained in:
Andrew Svetlov
2018-09-06 13:06:55 +03:00
parent 097f7ecc43
commit 9b1d08c661
23 changed files with 418 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
aiohttp_security/__init__.py
View File

@@ -1,11 +1,12 @@
from .abc import AbstractAuthorizationPolicy, AbstractIdentityPolicy
from .api import (authorized_userid, forget, has_permission, is_anonymous,
login_required, permits, remember, setup)
from .api import (authorized_userid, forget, has_permission,
is_anonymous, login_required, permits, remember,
setup, check_authorized, check_permission)
from .cookies_identity import CookiesIdentityPolicy
from .session_identity import SessionIdentityPolicy
from .jwt_identity import JWTIdentityPolicy
__version__ = '0.2.0'
__version__ = '0.3.0'
__all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
@@ -13,4 +14,5 @@ __all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
'JWTIdentityPolicy',
'remember', 'forget', 'authorized_userid',
'permits', 'setup', 'is_anonymous',
'login_required', 'has_permission')
'login_required', 'has_permission',
'check_authorized', 'check_permission')

51
aiohttp_security/api.py
View File

@@ -1,4 +1,5 @@
import enum
import warnings
from aiohttp import web
from aiohttp_security.abc import (AbstractIdentityPolicy,
AbstractAuthorizationPolicy)
@@ -86,6 +87,15 @@ async def is_anonymous(request):
return False
async def check_authorized(request):
"""Checker that raises HTTPUnauthorized for anonymous users.
"""
userid = await authorized_userid(request)
if userid is None:
raise web.HTTPUnauthorized()
return userid
def login_required(fn):
"""Decorator that restrict access only for authorized users.
@@ -101,21 +111,34 @@ def login_required(fn):
"or `def handler(self, request)`.")
raise RuntimeError(msg)
userid = await authorized_userid(request)
if userid is None:
raise web.HTTPUnauthorized
ret = await fn(*args, **kwargs)
return ret
await check_authorized(request)
return await fn(*args, **kwargs)
warnings.warn("login_required decorator is deprecated, "
"use check_authorized instead",
DeprecationWarning)
return wrapped
async def check_permission(request, permission, context=None):
"""Checker that passes only to authoraised users with given permission.
If user is not authorized - raises HTTPUnauthorized,
if user is authorized and does not have permission -
raises HTTPForbidden.
"""
await check_authorized(request)
allowed = await permits(request, permission, context)
if not allowed:
raise web.HTTPForbidden()
def has_permission(
permission,
context=None,
):
"""Decorator that restrict access only for authorized users
"""Decorator that restricts access only for authorized users
with correct permissions.
If user is not authorized - raises HTTPUnauthorized,
@@ -132,18 +155,14 @@ def has_permission(
"or `def handler(self, request)`.")
raise RuntimeError(msg)
userid = await authorized_userid(request)
if userid is None:
raise web.HTTPUnauthorized
allowed = await permits(request, permission, context)
if not allowed:
raise web.HTTPForbidden
ret = await fn(*args, **kwargs)
return ret
await check_permission(request, permission, context)
return await fn(*args, **kwargs)
return wrapped
warnings.warn("has_permission decorator is deprecated, "
"use check_permission instead",
DeprecationWarning)
return wrapper

2
aiohttp_security/jwt_identity.py
View File

@@ -35,7 +35,7 @@ class JWTIdentityPolicy(AbstractIdentityPolicy):
identity = jwt.decode(token,
self.secret,
algorithm=self.algorithm)
algorithms=[self.algorithm])
return identity
async def remember(self, *args, **kwargs): # pragma: no cover