AuthKit may be "ancient" but so far i have not found anything decoupled from a web framework to allow generic authentication in WSGI. Moreover, i wanted to make a proof of concept with this example to show authkit usability decoupled from Pylons.
Thanks, Etienne On Saturday, 12 April 2014 11:01:40 UTC-4, Mike Orr wrote: > > It has been four years since I've heard anything about AuthKit so I'm > not sure it's still supported. Since you're apparently writing a new > application rather than just keeping an old one running, why are you > using such ancient technologies as AuthKit, middleware, and > (apparently) Pylons? Pyramid has a built-in auth system, more complete > documentation, better support, tweens which are easier to write than > middleware, is forward-compatible with Python 3, and is "Pylons 2". > > > On Thu, Apr 10, 2014 at 7:23 AM, Etienne Robillard > <[email protected]<javascript:>> > wrote: > > > > Hello, > > > > I'm trying to make cookie authentication working with authkit and WSGI > but > > cannot > > find a healthy solution. So far here's the code which i'm trying > > to use for getting a users object into the environ: > > > > #!/usr/bin/env python > > from notmm.controllers.wsgi import WSGIController > > from notmm.controllers.auth import LoginController > > from notmm.utils.http import httpserver > > from notmm.utils.configparse import loadconf > > > > sample_app = WSGIController() > > settings = sample_app.settings > > global_conf = loadconf('auth.conf') > > auth_conf = global_conf['authkit'] > > auth_app = LoginController(sample_app, auth_conf, settings=settings) > > > > if __name__ == '__main__': > > httpserver.daemonize(auth_app, ('localhost', 8000)) > > > > > > And here's the login view to handle authentication: > > > > def authenticate_user(request, username, password, tokens='', > > user_data=time.ctime, > > authfunc='paste.auth_tkt.set_user'): > > """Authenticate the user into the site and update the last_modified > > timestamp if authentication and authorization granted user > access.""" > > > > try: > > user_setter_func = request.environ[authfunc] > > if valid_password(request.environ, username, password): > > user_setter_func(username, tokens=tokens, > user_data=user_data()) > > #trigger function here to update the last_modified timestamp > > log.debug('User %s has been authenticated and authorized > > access!!' % username) > > raise NotAuthenticatedError > > except (KeyError, Exception): > > raise NotAuthenticatedError > > return None > > > > controller: > > > > > > class AuthCookieController(SessionController): > > """ > > Authentication controller to delegate authorization to generic > > user-defined backends. > > > > """ > > > > request_class = HTTPRequest > > response_class = HTTPResponse > > > > def __init__(self, wsgi_app, auth_conf=None, **kwargs): > > > > super(AuthCookieController, self).__init__(**kwargs) > > > > #put a pointer on the previous wsgi app in the stack > > self.wsgi_app = wsgi_app > > > > self.auth_conf_wrapper = auth_middleware(wsgi_app, > > app_conf=auth_conf, > > cookie_secret='secret string', > > #handle_httpexception=False, > > valid=self.authenticate, > > #enforce=self.auth_conf['enforce'] > > ) > > > > def application(self, environ, start_response, exc_info=None): > > # apply the response middleware wrapper to > > # the WSGI stack and return a callable obj > > return self.auth_conf_wrapper(environ, start_response) > > > > > > def authenticate(self, username, password): > > """ > > Authenticate with the provided ``username`` and ``password``. > > > > Developers are expected to override this method in custom > > authentication subclasses. > > """ > > > > if username == password: > > return username > > else: > > return None > > > > LoginController = AuthCookieController > > > > the traceback: > > > >> > >> > /home/steiner/src/notmm/trunk/examples/auth/views/login.py(33)authenticate_user() > > > > -> if valid_password(request.environ, username, password): > > (Pdb) bt > > /home/steiner/src/notmm/trunk/examples/auth/redirect.py(15)<module>() > > -> httpserver.daemonize(auth_app, ('localhost', 8000)) > > > > > /home/steiner/src/notmm/trunk/lib/notmm/utils/http/httpserver.py(157)daemonize() > > > > -> server.serve() > > > > > /home/steiner/src/notmm/trunk/lib/notmm/utils/http/httpserver.py(115)serve() > > > -> self.server.serve_forever() > > /usr/local/lib/python2.7/SocketServer.py(238)serve_forever() > > -> self._handle_request_noblock() > > /usr/local/lib/python2.7/SocketServer.py(295)_handle_request_noblock() > > -> self.process_request(request, client_address) > > /usr/local/lib/python2.7/SocketServer.py(321)process_request() > > -> self.finish_request(request, client_address) > > /usr/local/lib/python2.7/SocketServer.py(334)finish_request() > > -> self.RequestHandlerClass(request, client_address, self) > > /usr/local/lib/python2.7/SocketServer.py(649)__init__() > > -> self.handle() > > /usr/local/lib/python2.7/wsgiref/simple_server.py(124)handle() > > -> handler.run(self.server.get_app()) > > /usr/local/lib/python2.7/wsgiref/handlers.py(85)run() > > -> self.result = application(self.environ, self.start_response) > > > > > /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/base.py(314)__call__() > > > > -> return self.app(environ, start_response) > > > > > /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/cookie.py(480)__call__() > > > > -> return self.app(environ, cookie_setting_start_response) > > > > > /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/multi.py(87)__call__() > > > > -> app_iter = app(environ, start_response) > > > > > /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/multi.py(55)app() > > > > -> return self.default(environ, find) > > > > > /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/base.py(304)__call__() > > > > -> return self.app(environ, start_response) > > /home/steiner/src/notmm/trunk/examples/auth/views/login.py(96)login() > > -> authenticate_user(request, username, password) > >> > >> > /home/steiner/src/notmm/trunk/examples/auth/views/login.py(33)authenticate_user() > > > > -> if valid_password(request.environ, username, password): > > > > > /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/base.py(97)valid_password() > > > > -> raise no_authkit_users_in_environ > > > > And heres the config i use: > > [authkit] > > > > authkit.setup.enable = true > > authkit.setup.method = redirect,cookie > > authkit.setup.handle_exceptions = false > > > > #authkit.authenticate.callback = authkit.authenticate.cookie2:middleware > > #authkit.digest.authenticate.user.data = visitor:open_sesame > > #authkit.digest.realm = 'Test realm' > > > > # authentication options > > authkit.redirect.url = /session_login/ > > #authkit.user.type = mainapp.accounts.model:UserManager > > > > > > as you can see authkit middleware doesnt set up a proper users > > object, which make authentication fail. Is there thus an alternative > method > > to set up the middleware to handle form authentication in authkit? > > > > Regards, > > > > Etienne > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "pylons-discuss" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > To post to this group, send email to > > [email protected]<javascript:>. > > > Visit this group at http://groups.google.com/group/pylons-discuss. > > For more options, visit https://groups.google.com/d/optout. > > > > -- > Mike Orr <[email protected] <javascript:>> > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
