Merge branch 'master' of github.com:aio-libs/aiohttp_security
This commit is contained in:
commit
a77702c799
|
@ -1,10 +1,13 @@
|
||||||
from .abc import AbstractIdentityPolicy, AbstractAuthorizationPolicy
|
from .abc import AbstractIdentityPolicy, AbstractAuthorizationPolicy
|
||||||
from .api import remember, forget, setup, authorized_userid, permits
|
from .api import remember, forget, setup, authorized_userid, permits
|
||||||
|
from .cookies_identity import CookiesIdentityPolicy
|
||||||
|
from .session_identity import SessionIdentityPolicy
|
||||||
|
|
||||||
|
|
||||||
__version__ = '0.1.0'
|
__version__ = '0.1.0'
|
||||||
|
|
||||||
|
|
||||||
__all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
|
__all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
|
||||||
|
'CookiesIdentityPolicy', 'SessionIdentityPolicy',
|
||||||
'remember', 'forget', 'authorized_userid',
|
'remember', 'forget', 'authorized_userid',
|
||||||
'permits', 'setup')
|
'permits', 'setup')
|
||||||
|
|
|
@ -7,12 +7,12 @@ from . import db
|
||||||
|
|
||||||
|
|
||||||
class DBAuthorizationPolicy(AbstractAuthorizationPolicy):
|
class DBAuthorizationPolicy(AbstractAuthorizationPolicy):
|
||||||
def __init__(self, db_pool):
|
def __init__(self, dbengine):
|
||||||
self.db_pool = db_pool
|
self.dbengine = dbengine
|
||||||
|
|
||||||
@asyncio.coroutine
|
@asyncio.coroutine
|
||||||
def authorized_user_id(self, identity):
|
def authorized_user_id(self, identity):
|
||||||
with (yield from self.db_pool) as conn:
|
with (yield from self.dbengine) as conn:
|
||||||
where = [db.users.c.login == identity,
|
where = [db.users.c.login == identity,
|
||||||
not db.users.c.disabled]
|
not db.users.c.disabled]
|
||||||
query = db.users.count().where(sa.and_(*where))
|
query = db.users.count().where(sa.and_(*where))
|
||||||
|
@ -24,7 +24,7 @@ class DBAuthorizationPolicy(AbstractAuthorizationPolicy):
|
||||||
|
|
||||||
@asyncio.coroutine
|
@asyncio.coroutine
|
||||||
def permits(self, identity, permission, context=None):
|
def permits(self, identity, permission, context=None):
|
||||||
with (yield from self.db_pool) as conn:
|
with (yield from self.dbengine) as conn:
|
||||||
where = [db.users.c.login == identity,
|
where = [db.users.c.login == identity,
|
||||||
not db.users.c.disabled]
|
not db.users.c.disabled]
|
||||||
record = self.data.get(identity)
|
record = self.data.get(identity)
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
import asyncio
|
||||||
|
|
||||||
|
from aiohttp import web
|
||||||
|
from aiohttp_session import setup as setup_session
|
||||||
|
from aiohttp_session.redis_storage import RedisStorage
|
||||||
|
from aiohttp_security import setup as setup_security
|
||||||
|
from aiohttp_security import SessionIdentityPolicy
|
||||||
|
from aiopg.sa import create_engine
|
||||||
|
from aioredis import create_pool
|
||||||
|
|
||||||
|
|
||||||
|
from demo.db_auth import DBAuthorizationPolicy
|
||||||
|
|
||||||
|
|
||||||
|
@asyncio.coroutine
|
||||||
|
def init(loop):
|
||||||
|
redis_pool = yield from create_pool(('localhost', 6379))
|
||||||
|
dbengine = yield from create_engine(user='aiohttp_security',
|
||||||
|
password='aiohttp_security',
|
||||||
|
database='aiohttp_security',
|
||||||
|
host='127.0.0.1')
|
||||||
|
app = web.Application(loop=loop)
|
||||||
|
setup_session(app, RedisStorage(redis_pool))
|
||||||
|
setup_security(app,
|
||||||
|
SessionIdentityPolicy(),
|
||||||
|
DBAuthorizationPolicy(dbengine))
|
||||||
|
|
||||||
|
app.add_route()
|
||||||
|
|
||||||
|
handler = app.make_handler()
|
||||||
|
srv = yield from loop.create_server(handler, '127.0.0.1', 8080)
|
||||||
|
print("Server started at http://127.0.0.1:8080")
|
||||||
|
return srv, handler
|
||||||
|
|
||||||
|
|
||||||
|
@asyncio.coroutine
|
||||||
|
def finalize(loop, srv, handler):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
loop = asyncio.get_event_loop()
|
||||||
|
srv, handler = loop.run_until_complete(init(loop))
|
||||||
|
try:
|
||||||
|
loop.run_forever()
|
||||||
|
except KeyboardInterrupt:
|
||||||
|
loop.run_until_complete((finalize(loop)))
|
|
@ -8,17 +8,28 @@
|
||||||
.. currentmodule:: aiohttp_security
|
.. currentmodule:: aiohttp_security
|
||||||
.. highlight:: python
|
.. highlight:: python
|
||||||
|
|
||||||
The library is build on top of two policies: :term:`authentication`
|
|
||||||
and :term:`authorization` and public API.
|
|
||||||
|
|
||||||
API is policy agnostic, all client code should not call policy code
|
First of all, what is *aiohttp_security* about?
|
||||||
directly but use API only.
|
|
||||||
|
It is a set of public API functions and standard for implementation details.
|
||||||
|
|
||||||
|
API is implementation agnostic, all client code should not call policy
|
||||||
|
code (see below) directly but use API only.
|
||||||
|
|
||||||
Via API application can remember/forget user in local session
|
Via API application can remember/forget user in local session
|
||||||
(:func:`remember`/:func:`forget`), retrieve :term:`userid`
|
(:func:`remember`/:func:`forget`), retrieve :term:`userid`
|
||||||
(:func:`authorized_userid`) and check :term:`permission` for
|
(:func:`authorized_userid`) and check :term:`permission` for
|
||||||
remembered user (:func:`permits`).
|
remembered user (:func:`permits`).
|
||||||
|
|
||||||
|
The library internals are built on top of two policies:
|
||||||
|
:term:`authentication` and :term:`authorization`. There are abstract
|
||||||
|
base classes for both concepts as well as several implementations
|
||||||
|
shipped with the library. End user is free to build own implemetations
|
||||||
|
if needed.
|
||||||
|
|
||||||
|
Public API
|
||||||
|
==========
|
||||||
|
|
||||||
|
|
||||||
Authentication
|
Authentication
|
||||||
==============
|
==============
|
||||||
|
|
Loading…
Reference in New Issue