Merge branch 'master' of github.com:aio-libs/aiohttp_security

This commit is contained in:
Andrew Svetlov 2015-11-26 20:11:49 +02:00
commit a77702c799
5 changed files with 69 additions and 9 deletions

View File

@ -1,10 +1,13 @@
from .abc import AbstractIdentityPolicy, AbstractAuthorizationPolicy from .abc import AbstractIdentityPolicy, AbstractAuthorizationPolicy
from .api import remember, forget, setup, authorized_userid, permits from .api import remember, forget, setup, authorized_userid, permits
from .cookies_identity import CookiesIdentityPolicy
from .session_identity import SessionIdentityPolicy
__version__ = '0.1.0' __version__ = '0.1.0'
__all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy', __all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
'CookiesIdentityPolicy', 'SessionIdentityPolicy',
'remember', 'forget', 'authorized_userid', 'remember', 'forget', 'authorized_userid',
'permits', 'setup') 'permits', 'setup')

View File

@ -7,12 +7,12 @@ from . import db
class DBAuthorizationPolicy(AbstractAuthorizationPolicy): class DBAuthorizationPolicy(AbstractAuthorizationPolicy):
def __init__(self, db_pool): def __init__(self, dbengine):
self.db_pool = db_pool self.dbengine = dbengine
@asyncio.coroutine @asyncio.coroutine
def authorized_user_id(self, identity): def authorized_user_id(self, identity):
with (yield from self.db_pool) as conn: with (yield from self.dbengine) as conn:
where = [db.users.c.login == identity, where = [db.users.c.login == identity,
not db.users.c.disabled] not db.users.c.disabled]
query = db.users.count().where(sa.and_(*where)) query = db.users.count().where(sa.and_(*where))
@ -24,7 +24,7 @@ class DBAuthorizationPolicy(AbstractAuthorizationPolicy):
@asyncio.coroutine @asyncio.coroutine
def permits(self, identity, permission, context=None): def permits(self, identity, permission, context=None):
with (yield from self.db_pool) as conn: with (yield from self.dbengine) as conn:
where = [db.users.c.login == identity, where = [db.users.c.login == identity,
not db.users.c.disabled] not db.users.c.disabled]
record = self.data.get(identity) record = self.data.get(identity)

46
demo/main.py Normal file
View File

@ -0,0 +1,46 @@
import asyncio
from aiohttp import web
from aiohttp_session import setup as setup_session
from aiohttp_session.redis_storage import RedisStorage
from aiohttp_security import setup as setup_security
from aiohttp_security import SessionIdentityPolicy
from aiopg.sa import create_engine
from aioredis import create_pool
from demo.db_auth import DBAuthorizationPolicy
@asyncio.coroutine
def init(loop):
redis_pool = yield from create_pool(('localhost', 6379))
dbengine = yield from create_engine(user='aiohttp_security',
password='aiohttp_security',
database='aiohttp_security',
host='127.0.0.1')
app = web.Application(loop=loop)
setup_session(app, RedisStorage(redis_pool))
setup_security(app,
SessionIdentityPolicy(),
DBAuthorizationPolicy(dbengine))
app.add_route()
handler = app.make_handler()
srv = yield from loop.create_server(handler, '127.0.0.1', 8080)
print("Server started at http://127.0.0.1:8080")
return srv, handler
@asyncio.coroutine
def finalize(loop, srv, handler):
pass
loop = asyncio.get_event_loop()
srv, handler = loop.run_until_complete(init(loop))
try:
loop.run_forever()
except KeyboardInterrupt:
loop.run_until_complete((finalize(loop)))

View File

@ -8,17 +8,28 @@
.. currentmodule:: aiohttp_security .. currentmodule:: aiohttp_security
.. highlight:: python .. highlight:: python
The library is build on top of two policies: :term:`authentication`
and :term:`authorization` and public API.
API is policy agnostic, all client code should not call policy code First of all, what is *aiohttp_security* about?
directly but use API only.
It is a set of public API functions and standard for implementation details.
API is implementation agnostic, all client code should not call policy
code (see below) directly but use API only.
Via API application can remember/forget user in local session Via API application can remember/forget user in local session
(:func:`remember`/:func:`forget`), retrieve :term:`userid` (:func:`remember`/:func:`forget`), retrieve :term:`userid`
(:func:`authorized_userid`) and check :term:`permission` for (:func:`authorized_userid`) and check :term:`permission` for
remembered user (:func:`permits`). remembered user (:func:`permits`).
The library internals are built on top of two policies:
:term:`authentication` and :term:`authorization`. There are abstract
base classes for both concepts as well as several implementations
shipped with the library. End user is free to build own implemetations
if needed.
Public API
==========
Authentication Authentication
============== ==============