Compare commits
86 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
aff9a6a915 | ||
|
92e6fec6f5 | ||
|
810312b508 | ||
|
|
18a04b879e | ||
|
|
cd833edb6c | ||
|
|
0694e6e084 | ||
|
|
63870d992e | ||
|
aef24fae3d | ||
|
747ec05cfb | ||
|
|
66391b9f25 | ||
|
|
a46ca6ec68 | ||
|
1a9ab6424e | ||
|
|
b0895806af | ||
|
|
dbac083096 | ||
|
|
5811ab90c8 | ||
|
|
4a0a078976 | ||
|
|
22c51b5fd0 | ||
|
|
921506c3c4 | ||
|
|
d30a158345 | ||
|
|
df198ae8d1 | ||
|
|
05a4cc03d2 | ||
|
|
bbb41dd3ad | ||
|
|
f716fb353b | ||
|
e99ce6ba23 | ||
|
|
6ebf9355fc | ||
|
|
d473f57e8e | ||
|
|
7ab68c9f6d | ||
|
|
b7dbe3ae16 | ||
|
|
1b52d4b76b | ||
|
|
5d89f5feed | ||
|
|
640ae0fe72 | ||
|
|
352d1f4526 | ||
|
|
aab14aedae | ||
|
|
6e0864d088 | ||
|
|
4de9d8f5f9 | ||
|
1009a29a63 | ||
|
|
867c8d8e07 | ||
|
|
118f1f473a | ||
|
|
d276618899 | ||
|
|
86a7733815 | ||
|
|
8432f680e4 | ||
|
|
0d2d2a1c96 | ||
|
|
d714f82319 | ||
|
|
14bd43fe4f | ||
|
|
401ebf130a | ||
|
|
c84a82d3dc | ||
|
|
08bdad3d85 | ||
|
|
d7b6a911b9 | ||
|
|
65cebd3ff0 | ||
|
|
c13d9b4c70 | ||
|
|
d591ad3caa | ||
|
|
73e55280b7 | ||
|
|
367d388cff | ||
|
|
d652f29df5 | ||
|
|
face5ddaa2 | ||
|
|
c523b4fa49 | ||
|
|
6e4355ce3c | ||
|
|
4c92553761 | ||
|
|
d76ecf59fc | ||
|
|
a990a657c4 | ||
|
|
ede5beeb41 | ||
|
|
d22d3a1d1a | ||
|
|
962e022090 | ||
|
|
4b1740a8e3 | ||
|
|
a2bf4c9c00 | ||
|
|
c4f3c06476 | ||
|
|
929468b684 | ||
|
|
7e68c44de6 | ||
|
|
7d4a4802f3 | ||
|
|
7bd5c37c8a | ||
|
|
87942913c9 | ||
|
|
69743859a1 | ||
|
|
1d596c4a3d | ||
|
|
88b8ffbf5c | ||
|
|
076c7f1d5f | ||
|
474209d945 | ||
|
|
131ee39bf6 | ||
|
|
8163d72b2d | ||
|
|
679db05664 | ||
|
|
1ace967956 | ||
|
|
67d5590439 | ||
|
|
deae9e74e1 | ||
|
|
76a6ecf86a | ||
|
|
2fc73acfb7 | ||
|
|
2202eb3faa | ||
|
|
9cd055b36e |
4
.pyup.yml
Normal file
4
.pyup.yml
Normal file
@@ -0,0 +1,4 @@
|
||||
# Label PRs with `deps-update` label
|
||||
label_prs: deps-update
|
||||
|
||||
schedule: every week
|
||||
18
.travis.yml
18
.travis.yml
@@ -1,7 +1,9 @@
|
||||
language: python
|
||||
python:
|
||||
- 3.4
|
||||
- 3.4.3
|
||||
- 3.5
|
||||
- 3.6
|
||||
- 3.7-dev
|
||||
- nightly
|
||||
|
||||
install:
|
||||
@@ -10,8 +12,7 @@ install:
|
||||
- pip install codecov
|
||||
|
||||
script:
|
||||
- flake8 aiohttp_security tests
|
||||
- coverage run --source=aiohttp_security setup.py test
|
||||
- make coverage
|
||||
|
||||
after_success:
|
||||
- codecov
|
||||
@@ -20,3 +21,14 @@ env:
|
||||
matrix:
|
||||
- PYTHONASYNCIODEBUG=x
|
||||
- PYTHONASYNCIODEBUG=
|
||||
|
||||
deploy:
|
||||
provider: pypi
|
||||
user: andrew.svetlov
|
||||
password:
|
||||
secure: "JdBvuOBA/198ognVDOY/qZpIKGXfCx47725kyJo/SpQ3nP+x0GLZb3PMQkR0jfSWWkx6Sisk3vOCYsoWclPyPzp+o4ZpfM8yAjHNFmtbr+k+XJdUEApEiWb6/Y3g7DCyY2Qa/L8IYlyABPWrrJI/nld2sKm5kmhFpR/z3HfeFtINP6Ivp34dUOkeRP6kOvCi9d6GyWnvTRnhlybAnk/Ngrroh8XrbKHdDv0zkQkshF8+pmxVzwao4C6S5ld5cFXIYZHLBA9lNC3zgvOMuFeGPUEN9vab3q77MvaiMIuTC9QjcgIhfw3gabH2u7knqfFzqqzXMaVptx5z8o1JtsxMyYt5NVBqS4NPIljpZjaoS/CASHJlRxniJiYfjvjOtFEcfGMNtZj8ZYsGR0nuP2jwzgpEHHWIs4qL0Y8h9t7pGirxCuQcnY10sr+Y+JKaZNJsugNLgbqE2aaZUye5gjDcEj9WY8kKNZXucLP7c0McJuwPqplDEO4CQouMttcKSYkA0QoETmpAFqaXCaMs3p/glOoU2ZyHSH9mXWir69yo84ymb2NlGPMTAstXlv/g/oLmLMSq7lbl6cSUnO1/wxBGlyfv5AAq/75YUaqsgYofzN5CjUgA3m6NedvbWxLUJaxVQ7nduYGEQKDvGEBmzCNv6CdVRCjQ9J1xX3XzkVheQGc="
|
||||
distributions: "sdist bdist_wheel"
|
||||
on:
|
||||
tags: true
|
||||
all_branches: true
|
||||
python: 3.6
|
||||
|
||||
10
CHANGES.txt
10
CHANGES.txt
@@ -1,2 +1,12 @@
|
||||
Changes
|
||||
=======
|
||||
|
||||
0.2.0 (2017-11-17)
|
||||
------------------
|
||||
|
||||
- Add `is_anonymous`, `login_required`, `has_permission` helpers (#114)
|
||||
|
||||
0.1.2 (2017-10-17)
|
||||
------------------
|
||||
|
||||
- Make aiohttp-session optional dependency (#107)
|
||||
|
||||
13
README.rst
13
README.rst
@@ -1,5 +1,13 @@
|
||||
aiohttp_security
|
||||
================
|
||||
.. image:: https://travis-ci.org/aio-libs/aiohttp-security.svg?branch=master
|
||||
:target: https://travis-ci.org/aio-libs/aiohttp-security
|
||||
.. image:: https://codecov.io/github/aio-libs/aiohttp-security/coverage.svg?branch=master
|
||||
:target: https://codecov.io/github/aio-libs/aiohttp-security
|
||||
.. image:: https://readthedocs.org/projects/aiohttp-security/badge/?version=latest
|
||||
:target: https://aiohttp-security.readthedocs.io/
|
||||
.. image:: https://img.shields.io/pypi/v/aiohttp-security.svg
|
||||
:target: https://pypi.python.org/pypi/aiohttp-security
|
||||
|
||||
The library provides identity and autorization for `aiohttp.web`__.
|
||||
|
||||
@@ -13,6 +21,11 @@ To install type ``pip install aiohttp_security``.
|
||||
Launch ``make doc`` and see examples or look under **demo** directory for a
|
||||
sample project.
|
||||
|
||||
Documentation
|
||||
-------------
|
||||
|
||||
https://aiohttp-security.readthedocs.io/
|
||||
|
||||
Develop
|
||||
-------
|
||||
|
||||
|
||||
@@ -1,13 +1,14 @@
|
||||
from .abc import AbstractIdentityPolicy, AbstractAuthorizationPolicy
|
||||
from .api import remember, forget, setup, authorized_userid, permits
|
||||
from .abc import AbstractAuthorizationPolicy, AbstractIdentityPolicy
|
||||
from .api import (authorized_userid, forget, has_permission, is_anonymous,
|
||||
login_required, permits, remember, setup)
|
||||
from .cookies_identity import CookiesIdentityPolicy
|
||||
from .session_identity import SessionIdentityPolicy
|
||||
|
||||
|
||||
__version__ = '0.1.1'
|
||||
__version__ = '0.2.0'
|
||||
|
||||
|
||||
__all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
|
||||
'CookiesIdentityPolicy', 'SessionIdentityPolicy',
|
||||
'remember', 'forget', 'authorized_userid',
|
||||
'permits', 'setup')
|
||||
'permits', 'setup', 'is_anonymous',
|
||||
'login_required', 'has_permission')
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
import asyncio
|
||||
import enum
|
||||
from aiohttp import web
|
||||
from aiohttp_security.abc import (AbstractIdentityPolicy,
|
||||
AbstractAuthorizationPolicy)
|
||||
from functools import wraps
|
||||
|
||||
IDENTITY_KEY = 'aiohttp_security_identity_policy'
|
||||
AUTZ_KEY = 'aiohttp_security_autz_policy'
|
||||
@@ -62,7 +64,7 @@ def authorized_userid(request):
|
||||
|
||||
@asyncio.coroutine
|
||||
def permits(request, permission, context=None):
|
||||
assert isinstance(permission, str), permission
|
||||
assert isinstance(permission, (str, enum.Enum)), permission
|
||||
assert permission
|
||||
identity_policy = request.app.get(IDENTITY_KEY)
|
||||
autz_policy = request.app.get(AUTZ_KEY)
|
||||
@@ -74,6 +76,85 @@ def permits(request, permission, context=None):
|
||||
return access
|
||||
|
||||
|
||||
@asyncio.coroutine
|
||||
def is_anonymous(request):
|
||||
"""Check if user is anonymous.
|
||||
|
||||
User is considered anonymous if there is not identity
|
||||
in request.
|
||||
"""
|
||||
identity_policy = request.app.get(IDENTITY_KEY)
|
||||
if identity_policy is None:
|
||||
return True
|
||||
identity = yield from identity_policy.identify(request)
|
||||
if identity is None:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def login_required(fn):
|
||||
"""Decorator that restrict access only for authorized users.
|
||||
|
||||
User is considered authorized if authorized_userid
|
||||
returns some value.
|
||||
"""
|
||||
@asyncio.coroutine
|
||||
@wraps(fn)
|
||||
def wrapped(*args, **kwargs):
|
||||
request = args[-1]
|
||||
if not isinstance(request, web.BaseRequest):
|
||||
msg = ("Incorrect decorator usage. "
|
||||
"Expecting `def handler(request)` "
|
||||
"or `def handler(self, request)`.")
|
||||
raise RuntimeError(msg)
|
||||
|
||||
userid = yield from authorized_userid(request)
|
||||
if userid is None:
|
||||
raise web.HTTPUnauthorized
|
||||
|
||||
ret = yield from fn(*args, **kwargs)
|
||||
return ret
|
||||
|
||||
return wrapped
|
||||
|
||||
|
||||
def has_permission(
|
||||
permission,
|
||||
context=None,
|
||||
):
|
||||
"""Decorator that restrict access only for authorized users
|
||||
with correct permissions.
|
||||
|
||||
If user is not authorized - raises HTTPUnauthorized,
|
||||
if user is authorized and does not have permission -
|
||||
raises HTTPForbidden.
|
||||
"""
|
||||
def wrapper(fn):
|
||||
@asyncio.coroutine
|
||||
@wraps(fn)
|
||||
def wrapped(*args, **kwargs):
|
||||
request = args[-1]
|
||||
if not isinstance(request, web.BaseRequest):
|
||||
msg = ("Incorrect decorator usage. "
|
||||
"Expecting `def handler(request)` "
|
||||
"or `def handler(self, request)`.")
|
||||
raise RuntimeError(msg)
|
||||
|
||||
userid = yield from authorized_userid(request)
|
||||
if userid is None:
|
||||
raise web.HTTPUnauthorized
|
||||
|
||||
allowed = yield from permits(request, permission, context)
|
||||
if not allowed:
|
||||
raise web.HTTPForbidden
|
||||
ret = yield from fn(*args, **kwargs)
|
||||
return ret
|
||||
|
||||
return wrapped
|
||||
|
||||
return wrapper
|
||||
|
||||
|
||||
def setup(app, identity_policy, autz_policy):
|
||||
assert isinstance(identity_policy, AbstractIdentityPolicy), identity_policy
|
||||
assert isinstance(autz_policy, AbstractAuthorizationPolicy), autz_policy
|
||||
|
||||
@@ -6,7 +6,11 @@ to configure aiohttp_session properly.
|
||||
|
||||
import asyncio
|
||||
|
||||
from aiohttp_session import get_session
|
||||
try:
|
||||
from aiohttp_session import get_session
|
||||
HAS_AIOHTTP_SESSION = True
|
||||
except ImportError: # pragma: no cover
|
||||
HAS_AIOHTTP_SESSION = False
|
||||
|
||||
from .abc import AbstractIdentityPolicy
|
||||
|
||||
@@ -16,6 +20,10 @@ class SessionIdentityPolicy(AbstractIdentityPolicy):
|
||||
def __init__(self, session_key='AIOHTTP_SECURITY'):
|
||||
self._session_key = session_key
|
||||
|
||||
if not HAS_AIOHTTP_SESSION: # pragma: no cover
|
||||
raise ImportError(
|
||||
'SessionIdentityPolicy requires `aiohttp_session`')
|
||||
|
||||
@asyncio.coroutine
|
||||
def identify(self, request):
|
||||
session = yield from get_session(request)
|
||||
|
||||
34
demo/dictionary_auth/authz.py
Normal file
34
demo/dictionary_auth/authz.py
Normal file
@@ -0,0 +1,34 @@
|
||||
from aiohttp_security.abc import AbstractAuthorizationPolicy
|
||||
|
||||
|
||||
class DictionaryAuthorizationPolicy(AbstractAuthorizationPolicy):
|
||||
def __init__(self, user_map):
|
||||
super().__init__()
|
||||
self.user_map = user_map
|
||||
|
||||
async def authorized_userid(self, identity):
|
||||
"""Retrieve authorized user id.
|
||||
Return the user_id of the user identified by the identity
|
||||
or 'None' if no user exists related to the identity.
|
||||
"""
|
||||
if identity in self.user_map:
|
||||
return identity
|
||||
|
||||
async def permits(self, identity, permission, context=None):
|
||||
"""Check user permissions.
|
||||
Return True if the identity is allowed the permission in the
|
||||
current context, else return False.
|
||||
"""
|
||||
# pylint: disable=unused-argument
|
||||
user = self.user_map.get(identity)
|
||||
if not user:
|
||||
return False
|
||||
return permission in user.permissions
|
||||
|
||||
|
||||
async def check_credentials(user_map, username, password):
|
||||
user = user_map.get(username)
|
||||
if not user:
|
||||
return False
|
||||
|
||||
return user.password == password
|
||||
107
demo/dictionary_auth/handlers.py
Normal file
107
demo/dictionary_auth/handlers.py
Normal file
@@ -0,0 +1,107 @@
|
||||
import asyncio
|
||||
import functools
|
||||
from textwrap import dedent
|
||||
|
||||
from aiohttp import web
|
||||
|
||||
from aiohttp_security import remember, forget, authorized_userid, permits
|
||||
|
||||
from .authz import check_credentials
|
||||
|
||||
|
||||
def require(permission):
|
||||
def wrapper(f):
|
||||
@asyncio.coroutine
|
||||
@functools.wraps(f)
|
||||
def wrapped(request):
|
||||
has_perm = yield from permits(request, permission)
|
||||
if not has_perm:
|
||||
message = 'User has no permission {}'.format(permission)
|
||||
raise web.HTTPForbidden(body=message.encode())
|
||||
return (yield from f(request))
|
||||
return wrapped
|
||||
return wrapper
|
||||
|
||||
|
||||
index_template = dedent("""
|
||||
<!doctype html>
|
||||
<head>
|
||||
</head>
|
||||
<body>
|
||||
<p>{message}</p>
|
||||
<form action="/login" method="post">
|
||||
Login:
|
||||
<input type="text" name="username">
|
||||
Password:
|
||||
<input type="password" name="password">
|
||||
<input type="submit" value="Login">
|
||||
</form>
|
||||
<a href="/logout">Logout</a>
|
||||
</body>
|
||||
""")
|
||||
|
||||
|
||||
async def index(request):
|
||||
username = await authorized_userid(request)
|
||||
if username:
|
||||
template = index_template.format(
|
||||
message='Hello, {username}!'.format(username=username))
|
||||
else:
|
||||
template = index_template.format(message='You need to login')
|
||||
return web.Response(
|
||||
text=template,
|
||||
content_type='text/html',
|
||||
)
|
||||
|
||||
|
||||
async def login(request):
|
||||
response = web.HTTPFound('/')
|
||||
form = await request.post()
|
||||
username = form.get('username')
|
||||
password = form.get('password')
|
||||
|
||||
verified = await check_credentials(request.app.user_map, username, password)
|
||||
if verified:
|
||||
await remember(request, response, username)
|
||||
return response
|
||||
|
||||
return web.HTTPUnauthorized(body='Invalid username / password combination')
|
||||
|
||||
|
||||
@require('public')
|
||||
async def logout(request):
|
||||
response = web.Response(
|
||||
text='You have been logged out',
|
||||
content_type='text/html',
|
||||
)
|
||||
await forget(request, response)
|
||||
return response
|
||||
|
||||
|
||||
@require('public')
|
||||
async def internal_page(request):
|
||||
# pylint: disable=unused-argument
|
||||
response = web.Response(
|
||||
text='This page is visible for all registered users',
|
||||
content_type='text/html',
|
||||
)
|
||||
return response
|
||||
|
||||
|
||||
@require('protected')
|
||||
async def protected_page(request):
|
||||
# pylint: disable=unused-argument
|
||||
response = web.Response(
|
||||
text='You are on protected page',
|
||||
content_type='text/html',
|
||||
)
|
||||
return response
|
||||
|
||||
|
||||
def configure_handlers(app):
|
||||
router = app.router
|
||||
router.add_get('/', index, name='index')
|
||||
router.add_post('/login', login, name='login')
|
||||
router.add_get('/logout', logout, name='logout')
|
||||
router.add_get('/public', internal_page, name='public')
|
||||
router.add_get('/protected', protected_page, name='protected')
|
||||
33
demo/dictionary_auth/main.py
Normal file
33
demo/dictionary_auth/main.py
Normal file
@@ -0,0 +1,33 @@
|
||||
import base64
|
||||
from cryptography import fernet
|
||||
from aiohttp import web
|
||||
from aiohttp_session import setup as setup_session
|
||||
from aiohttp_session.cookie_storage import EncryptedCookieStorage
|
||||
from aiohttp_security import setup as setup_security
|
||||
from aiohttp_security import SessionIdentityPolicy
|
||||
|
||||
from .authz import DictionaryAuthorizationPolicy
|
||||
from .handlers import configure_handlers
|
||||
from .users import user_map
|
||||
|
||||
|
||||
def make_app():
|
||||
app = web.Application()
|
||||
app.user_map = user_map
|
||||
configure_handlers(app)
|
||||
|
||||
# secret_key must be 32 url-safe base64-encoded bytes
|
||||
fernet_key = fernet.Fernet.generate_key()
|
||||
secret_key = base64.urlsafe_b64decode(fernet_key)
|
||||
|
||||
storage = EncryptedCookieStorage(secret_key, cookie_name='API_SESSION')
|
||||
setup_session(app, storage)
|
||||
|
||||
policy = SessionIdentityPolicy()
|
||||
setup_security(app, policy, DictionaryAuthorizationPolicy(user_map))
|
||||
|
||||
return app
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
web.run_app(make_app(), port=9000)
|
||||
10
demo/dictionary_auth/users.py
Normal file
10
demo/dictionary_auth/users.py
Normal file
@@ -0,0 +1,10 @@
|
||||
from collections import namedtuple
|
||||
|
||||
User = namedtuple('User', ['username', 'password', 'permissions'])
|
||||
|
||||
user_map = {
|
||||
user.username: user for user in [
|
||||
User('devin', 'password', ('public',)),
|
||||
User('jack', 'password', ('public', 'protected',)),
|
||||
]
|
||||
}
|
||||
@@ -142,9 +142,9 @@ html_theme_options = {
|
||||
'logo': 'aiohttp-icon-128x128.png',
|
||||
'description': 'Authorization and identity for aoihttp',
|
||||
'github_user': 'aio-libs',
|
||||
'github_repo': 'aiohttp_security',
|
||||
'github_repo': 'aiohttp-security',
|
||||
'github_button': True,
|
||||
'github_style': 'star',
|
||||
'github_type': 'star',
|
||||
'github_banner': True,
|
||||
'travis_button': True,
|
||||
'codecov_button': True,
|
||||
|
||||
@@ -12,7 +12,7 @@ the `demo source`_.
|
||||
https://github.com/aio-libs/aiohttp_security/tree/master/demo
|
||||
|
||||
.. _passlib:
|
||||
https://pythonhosted.org/passlib/
|
||||
https://passlib.readthedocs.io
|
||||
|
||||
Database
|
||||
--------
|
||||
|
||||
@@ -78,7 +78,7 @@ Public API functions
|
||||
|
||||
:param request: :class:`aiohttp.web.Request` object.
|
||||
|
||||
:param str permission: requested :term:`permission`.
|
||||
:param permission: Requested :term:`permission`. :class:`str` or :class:`enum.Enum` object.
|
||||
|
||||
:param context: additional object may be passed into
|
||||
:meth:`AbstractAuthorizationPolicy.permission`
|
||||
@@ -88,6 +88,33 @@ Public API functions
|
||||
``False`` otherwise.
|
||||
|
||||
|
||||
.. coroutinefunction:: is_anonymous(request)
|
||||
|
||||
Checks if user is anonymous user.
|
||||
|
||||
Return ``True`` if user is not remembered in request, otherwise returns ``False``.
|
||||
|
||||
:param request: :class:`aiohttp.web.Request` object.
|
||||
|
||||
|
||||
.. decorator:: login_required
|
||||
|
||||
Decorator for handlers that checks if user is authorized.
|
||||
|
||||
Raises :class:`aiohttp.web.HTTPUnauthorized` if user is not authorized.
|
||||
|
||||
|
||||
.. decorator:: has_permission(permission)
|
||||
|
||||
Decorator for handlers that checks if user is authorized
|
||||
and has correct permission.
|
||||
|
||||
Raises :class:`aiohttp.web.HTTPUnauthorized` if user is not authorized.
|
||||
Raises :class:`aiohttp.web.HTTPForbidden` if user is authorized but has no access rights.
|
||||
|
||||
:param str permission: requested :term:`permission`.
|
||||
|
||||
|
||||
.. function:: setup(app, identity_policy, autz_policy)
|
||||
|
||||
Setup :mod:`aiohttp` application with security policies.
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
-e .
|
||||
flake8
|
||||
pytest
|
||||
pytest-cov
|
||||
coverage
|
||||
sphinx
|
||||
pep257
|
||||
aiohttp_session
|
||||
aiopg[sa]
|
||||
aioredis==0.2.8
|
||||
flake8==3.5.0
|
||||
pytest==3.2.3
|
||||
pytest-cov==2.5.1
|
||||
coverage==4.4.2
|
||||
sphinx==1.6.5
|
||||
pep257==0.7.0
|
||||
aiohttp-session==1.2.0
|
||||
aiopg[sa]==0.13.1
|
||||
aioredis==0.3.5
|
||||
hiredis==0.2.0
|
||||
passlib==1.6.5
|
||||
aiohttp
|
||||
pytest-aiohttp
|
||||
passlib==1.7.1
|
||||
aiohttp==2.3.2
|
||||
pytest-aiohttp==0.1.3
|
||||
|
||||
9
setup.py
9
setup.py
@@ -27,10 +27,12 @@ with codecs.open(os.path.join(os.path.abspath(os.path.dirname(
|
||||
def read(f):
|
||||
return open(os.path.join(os.path.dirname(__file__), f)).read().strip()
|
||||
|
||||
|
||||
install_requires = ['aiohttp>=0.18']
|
||||
tests_require = install_requires + ['pytest']
|
||||
extras_require = {'session': 'aiohttp-session'}
|
||||
|
||||
|
||||
setup(name='aiohttp-security',
|
||||
version=version,
|
||||
description=("security for aiohttp.web"),
|
||||
@@ -40,9 +42,12 @@ setup(name='aiohttp-security',
|
||||
'Intended Audience :: Developers',
|
||||
'Programming Language :: Python',
|
||||
'Programming Language :: Python :: 3',
|
||||
'Programming Language :: Python :: 3.3',
|
||||
'Programming Language :: Python :: 3.4',
|
||||
'Topic :: Internet :: WWW/HTTP'],
|
||||
'Programming Language :: Python :: 3.5',
|
||||
'Programming Language :: Python :: 3.6',
|
||||
'Topic :: Internet :: WWW/HTTP',
|
||||
'Framework :: AsyncIO',
|
||||
],
|
||||
author='Andrew Svetlov',
|
||||
author_email='andrew.svetlov@gmail.com',
|
||||
url='https://github.com/aio-libs/aiohttp_security/',
|
||||
|
||||
@@ -94,14 +94,14 @@ def test_forget(loop, test_client):
|
||||
client = yield from test_client(app)
|
||||
resp = yield from client.post('/login')
|
||||
assert 200 == resp.status
|
||||
assert resp.url.endswith('/')
|
||||
assert str(resp.url).endswith('/')
|
||||
cookies = client.session.cookie_jar.filter_cookies(
|
||||
client.make_url('/'))
|
||||
assert 'Andrew' == cookies['AIOHTTP_SECURITY'].value
|
||||
yield from resp.release()
|
||||
resp = yield from client.post('/logout')
|
||||
assert 200 == resp.status
|
||||
assert resp.url.endswith('/')
|
||||
assert str(resp.url).endswith('/')
|
||||
cookies = client.session.cookie_jar.filter_cookies(
|
||||
client.make_url('/'))
|
||||
assert 'AIOHTTP_SECURITY' not in cookies
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
import asyncio
|
||||
import enum
|
||||
|
||||
from aiohttp import web
|
||||
from aiohttp_security import (remember,
|
||||
authorized_userid, permits,
|
||||
AbstractAuthorizationPolicy)
|
||||
from aiohttp_security import setup as _setup
|
||||
from aiohttp_security import (AbstractAuthorizationPolicy, authorized_userid,
|
||||
forget, has_permission, is_anonymous,
|
||||
login_required, permits, remember)
|
||||
from aiohttp_security.cookies_identity import CookiesIdentityPolicy
|
||||
|
||||
|
||||
@@ -73,7 +74,27 @@ def test_authorized_userid_not_authorized(loop, test_client):
|
||||
|
||||
|
||||
@asyncio.coroutine
|
||||
def test_permits(loop, test_client):
|
||||
def test_permits_enum_permission(loop, test_client):
|
||||
class Permission(enum.Enum):
|
||||
READ = '101'
|
||||
WRITE = '102'
|
||||
UNKNOWN = '103'
|
||||
|
||||
class Autz(AbstractAuthorizationPolicy):
|
||||
|
||||
@asyncio.coroutine
|
||||
def permits(self, identity, permission, context=None):
|
||||
if identity == 'UserID':
|
||||
return permission in {Permission.READ, Permission.WRITE}
|
||||
else:
|
||||
return False
|
||||
|
||||
@asyncio.coroutine
|
||||
def authorized_userid(self, identity):
|
||||
if identity == 'UserID':
|
||||
return 'Andrew'
|
||||
else:
|
||||
return None
|
||||
|
||||
@asyncio.coroutine
|
||||
def login(request):
|
||||
@@ -83,11 +104,11 @@ def test_permits(loop, test_client):
|
||||
|
||||
@asyncio.coroutine
|
||||
def check(request):
|
||||
ret = yield from permits(request, 'read')
|
||||
ret = yield from permits(request, Permission.READ)
|
||||
assert ret
|
||||
ret = yield from permits(request, 'write')
|
||||
ret = yield from permits(request, Permission.WRITE)
|
||||
assert ret
|
||||
ret = yield from permits(request, 'unknown')
|
||||
ret = yield from permits(request, Permission.UNKNOWN)
|
||||
assert not ret
|
||||
return web.Response()
|
||||
|
||||
@@ -121,3 +142,143 @@ def test_permits_unauthorized(loop, test_client):
|
||||
resp = yield from client.get('/')
|
||||
assert 200 == resp.status
|
||||
yield from resp.release()
|
||||
|
||||
|
||||
@asyncio.coroutine
|
||||
def test_is_anonymous(loop, test_client):
|
||||
|
||||
@asyncio.coroutine
|
||||
def index(request):
|
||||
is_anon = yield from is_anonymous(request)
|
||||
if is_anon:
|
||||
return web.HTTPUnauthorized()
|
||||
return web.HTTPOk()
|
||||
|
||||
@asyncio.coroutine
|
||||
def login(request):
|
||||
response = web.HTTPFound(location='/')
|
||||
yield from remember(request, response, 'UserID')
|
||||
return response
|
||||
|
||||
@asyncio.coroutine
|
||||
def logout(request):
|
||||
response = web.HTTPFound(location='/')
|
||||
yield from forget(request, response)
|
||||
return response
|
||||
|
||||
app = web.Application(loop=loop)
|
||||
_setup(app, CookiesIdentityPolicy(), Autz())
|
||||
app.router.add_route('GET', '/', index)
|
||||
app.router.add_route('POST', '/login', login)
|
||||
app.router.add_route('POST', '/logout', logout)
|
||||
client = yield from test_client(app)
|
||||
resp = yield from client.get('/')
|
||||
assert web.HTTPUnauthorized.status_code == resp.status
|
||||
|
||||
yield from client.post('/login')
|
||||
resp = yield from client.get('/')
|
||||
assert web.HTTPOk.status_code == resp.status
|
||||
|
||||
yield from client.post('/logout')
|
||||
resp = yield from client.get('/')
|
||||
assert web.HTTPUnauthorized.status_code == resp.status
|
||||
|
||||
|
||||
@asyncio.coroutine
|
||||
def test_login_required(loop, test_client):
|
||||
@login_required
|
||||
@asyncio.coroutine
|
||||
def index(request):
|
||||
return web.HTTPOk()
|
||||
|
||||
@asyncio.coroutine
|
||||
def login(request):
|
||||
response = web.HTTPFound(location='/')
|
||||
yield from remember(request, response, 'UserID')
|
||||
return response
|
||||
|
||||
@asyncio.coroutine
|
||||
def logout(request):
|
||||
response = web.HTTPFound(location='/')
|
||||
yield from forget(request, response)
|
||||
return response
|
||||
|
||||
app = web.Application(loop=loop)
|
||||
_setup(app, CookiesIdentityPolicy(), Autz())
|
||||
app.router.add_route('GET', '/', index)
|
||||
app.router.add_route('POST', '/login', login)
|
||||
app.router.add_route('POST', '/logout', logout)
|
||||
client = yield from test_client(app)
|
||||
resp = yield from client.get('/')
|
||||
assert web.HTTPUnauthorized.status_code == resp.status
|
||||
|
||||
yield from client.post('/login')
|
||||
resp = yield from client.get('/')
|
||||
assert web.HTTPOk.status_code == resp.status
|
||||
|
||||
yield from client.post('/logout')
|
||||
resp = yield from client.get('/')
|
||||
assert web.HTTPUnauthorized.status_code == resp.status
|
||||
|
||||
|
||||
@asyncio.coroutine
|
||||
def test_has_permission(loop, test_client):
|
||||
|
||||
@has_permission('read')
|
||||
@asyncio.coroutine
|
||||
def index_read(request):
|
||||
return web.HTTPOk()
|
||||
|
||||
@has_permission('write')
|
||||
@asyncio.coroutine
|
||||
def index_write(request):
|
||||
return web.HTTPOk()
|
||||
|
||||
@has_permission('forbid')
|
||||
@asyncio.coroutine
|
||||
def index_forbid(request):
|
||||
return web.HTTPOk()
|
||||
|
||||
@asyncio.coroutine
|
||||
def login(request):
|
||||
response = web.HTTPFound(location='/')
|
||||
yield from remember(request, response, 'UserID')
|
||||
return response
|
||||
|
||||
@asyncio.coroutine
|
||||
def logout(request):
|
||||
response = web.HTTPFound(location='/')
|
||||
yield from forget(request, response)
|
||||
return response
|
||||
|
||||
app = web.Application(loop=loop)
|
||||
_setup(app, CookiesIdentityPolicy(), Autz())
|
||||
app.router.add_route('GET', '/permission/read', index_read)
|
||||
app.router.add_route('GET', '/permission/write', index_write)
|
||||
app.router.add_route('GET', '/permission/forbid', index_forbid)
|
||||
app.router.add_route('POST', '/login', login)
|
||||
app.router.add_route('POST', '/logout', logout)
|
||||
client = yield from test_client(app)
|
||||
|
||||
resp = yield from client.get('/permission/read')
|
||||
assert web.HTTPUnauthorized.status_code == resp.status
|
||||
resp = yield from client.get('/permission/write')
|
||||
assert web.HTTPUnauthorized.status_code == resp.status
|
||||
resp = yield from client.get('/permission/forbid')
|
||||
assert web.HTTPUnauthorized.status_code == resp.status
|
||||
|
||||
yield from client.post('/login')
|
||||
resp = yield from client.get('/permission/read')
|
||||
assert web.HTTPOk.status_code == resp.status
|
||||
resp = yield from client.get('/permission/write')
|
||||
assert web.HTTPOk.status_code == resp.status
|
||||
resp = yield from client.get('/permission/forbid')
|
||||
assert web.HTTPForbidden.status_code == resp.status
|
||||
|
||||
yield from client.post('/logout')
|
||||
resp = yield from client.get('/permission/read')
|
||||
assert web.HTTPUnauthorized.status_code == resp.status
|
||||
resp = yield from client.get('/permission/write')
|
||||
assert web.HTTPUnauthorized.status_code == resp.status
|
||||
resp = yield from client.get('/permission/forbid')
|
||||
assert web.HTTPUnauthorized.status_code == resp.status
|
||||
|
||||
@@ -116,14 +116,14 @@ def test_forget(make_app, test_client):
|
||||
|
||||
resp = yield from client.post('/login')
|
||||
assert 200 == resp.status
|
||||
assert resp.url.endswith('/')
|
||||
assert str(resp.url).endswith('/')
|
||||
txt = yield from resp.text()
|
||||
assert 'Andrew' == txt
|
||||
yield from resp.release()
|
||||
|
||||
resp = yield from client.post('/logout')
|
||||
assert 200 == resp.status
|
||||
assert resp.url.endswith('/')
|
||||
assert str(resp.url).endswith('/')
|
||||
txt = yield from resp.text()
|
||||
assert '' == txt
|
||||
yield from resp.release()
|
||||
|
||||
Reference in New Issue
Block a user