/shabti/templates/auth_repozewho/+package+/lib/auth/__init__.py_tmpl
Unknown | 77 lines | 68 code | 9 blank | 0 comment | 0 complexity | 22a8afc579d31771b8fb9592fcf823d0 MD5 | raw file
1from repoze.what.plugins.quickstart import setup_sql_auth
2from repoze.who.plugins.friendlyform import FriendlyFormPlugin
3from {{package}}.model import User, Group, Permission, Session
4from pylons import request
5
6import logging
7log = logging.getLogger(__name__)
8
9# Bind values to the variables that will be provided to
10# :func:`setup_sql_auth`. This is a good example of the
11# difference between the ``.ini`` config file approach
12# and this one, i.e. of effecting the configuration within
13# the friendly confines of an executable Python source file.
14# Otherwise, the model entity classes would have to be
15# expressed as strings, to be later turned into real
16# references to the object's class.
17# The "translations" dictionary maps the repoze identity
18# model User Group, Permission and password validation
19# function to the field names and function that are actually
20# used in the standard Shabti elixir identity model.
21
22user_name = 'username'
23user_class = User
24group_class = Group
25permission_class = Permission
26dbsession = Session
27translations={'user_name': 'username',
28 'users': 'users',
29 'group_name': 'name',
30 'groups': 'groups',
31 'permission_name': 'name',
32 'permissions': 'permissions',
33 'validate_password': 'validate_password' }
34
35loginform = FriendlyFormPlugin(
36 '/login/index', # arg - login_form_url
37 login_handler_path = '/login_handler', # arg - login_handler_path
38 logout_handler_path = '/logout_handler', # arg - logout_handler_path
39 rememberer_name = 'cookie', # arg - rememberer_name
40 post_login_url = '/login/welcome_back', # The URL/path to the post-login
41 # page, if any.
42 post_logout_url = '/login/see_you_later', # The URL/path to the post-logout
43 # page, if any.
44 )
45
46# Bind values to the variables that will be provided to
47# :class:`FriendlyRedirectingFormPlugin` and create an
48# instance of same.
49# ATM, an actual (configured) instance is required, ya
50# can't just supply the class name.
51
52
53def add_auth(app, skip_authentication):
54 """Add authentication and authorization middleware to the ``app``."""
55 return setup_sql_auth(app,
56 user_class,
57 group_class,
58 permission_class,
59 dbsession,
60 form_plugin=loginform,
61 form_identifies=True,
62 cookie_secret='secretsquirrel',
63 cookie_name='authtkt',
64 login_url='/login/index',
65 post_login_url='/login/welcome_back',
66 post_logout_url='/login/see_you_later',
67 login_counter_name='__tries',
68 translations=translations,
69 skip_authentication=skip_authentication)
70
71def get_user():
72 """Return the current user's database object."""
73 if 'repoze.who.identity' in request.environ:
74 return request.environ.get('repoze.who.identity')['user']
75 else:
76 return None
77