[10394] | 1 | """Components that do the real authentication stuff. |
---|
| 2 | """ |
---|
| 3 | from pkg_resources import iter_entry_points |
---|
| 4 | |
---|
| 5 | |
---|
| 6 | def get_all_authenticators(): |
---|
| 7 | """Get all authenticators registered via entry points. |
---|
| 8 | |
---|
| 9 | To create an own authenticator, in the ``setup.py`` of your |
---|
| 10 | package add a block like this:: |
---|
| 11 | |
---|
| 12 | entry_points=''' |
---|
| 13 | [waeup.cas.authenticators] |
---|
| 14 | myname = my.pkg.my.module:MyAuthenticator |
---|
| 15 | ''' |
---|
| 16 | |
---|
| 17 | where ``my.pkg.my.module`` must be a module importable at runtime |
---|
| 18 | and ``MyAuthenticator`` must be some Authenticator class defined |
---|
| 19 | in this module. |
---|
| 20 | |
---|
| 21 | ``myname`` can be chosen as you like, but must not clash with |
---|
| 22 | other ``waeup.cas.authenticators``. The name should contain ASCII |
---|
| 23 | letters and numbers only, and start with a letter. |
---|
| 24 | """ |
---|
| 25 | return dict( |
---|
| 26 | [(x.name, x.load()) |
---|
| 27 | for x in iter_entry_points(group='waeup.cas.authenticators')]) |
---|
| 28 | |
---|
| 29 | |
---|
| 30 | def get_authenticator(local_conf): |
---|
| 31 | """Get an `Authenticator` configured by ``local_conf``. |
---|
| 32 | |
---|
| 33 | `local_conf` must be a dictionary of settings. |
---|
| 34 | |
---|
| 35 | An authenticator is identified by its entry-point name which must |
---|
| 36 | be given as value of the ``auth`` key. |
---|
| 37 | |
---|
| 38 | It is created passing all keys/values where key starts with |
---|
| 39 | ``auth_``. |
---|
| 40 | |
---|
| 41 | Returns a dict of remaining keys/values in `local_conf` with the |
---|
| 42 | value of ``auth`` key replaced by an authenticator instance. |
---|
| 43 | """ |
---|
| 44 | gen_opts, auth_opts = filter_auth_opts(local_conf) |
---|
| 45 | if 'auth' in local_conf: |
---|
| 46 | auth_dict = get_all_authenticators() |
---|
| 47 | factory = auth_dict.get(local_conf['auth']) # get authenticator |
---|
| 48 | auth = factory(**auth_opts) |
---|
| 49 | gen_opts.update(auth=auth) |
---|
| 50 | return gen_opts |
---|
| 51 | |
---|
| 52 | |
---|
| 53 | def filter_auth_opts(local_conf): |
---|
| 54 | """Filter out auth-related opts in `local_conf`, a dict. |
---|
| 55 | |
---|
| 56 | Returns two dicts ``(<GENERAL_OPTS>, <AUTHENTICATOR_OPTS>)`` |
---|
| 57 | containing the general options and authenticator related options. |
---|
| 58 | |
---|
| 59 | This is designed to work with typical paste.deploy config files |
---|
| 60 | like this:: |
---|
| 61 | |
---|
| 62 | [foo] |
---|
| 63 | foo = bar |
---|
| 64 | auth = foo |
---|
| 65 | auth_opt1 = bar |
---|
| 66 | |
---|
| 67 | All settings not starting with `auth_` are put into the general |
---|
| 68 | opts dict, while other are put into the authenticator opts dict. |
---|
| 69 | """ |
---|
| 70 | auth_opts = {} |
---|
| 71 | general_opts = {} |
---|
| 72 | for name, value in local_conf.items(): |
---|
| 73 | if name.startswith('auth_'): |
---|
| 74 | auth_opts[name] = value |
---|
| 75 | else: |
---|
| 76 | general_opts[name] = value |
---|
| 77 | return general_opts, auth_opts |
---|
| 78 | |
---|
| 79 | |
---|
| 80 | class Authenticator(object): |
---|
| 81 | |
---|
| 82 | #: The name of an authenticator |
---|
| 83 | name = 'basic' |
---|
| 84 | |
---|
| 85 | def __init__(self, **kw): |
---|
| 86 | pass |
---|
| 87 | |
---|
| 88 | |
---|
| 89 | class DummyAuthenticator(Authenticator): |
---|
| 90 | """A dummy authenticator for tests. |
---|
| 91 | |
---|
| 92 | This authenticator does no real authentication. It simply approves |
---|
| 93 | credentials ``('bird', 'bebop')`` and denies all other. |
---|
| 94 | """ |
---|
| 95 | |
---|
| 96 | name = 'dummy' |
---|
| 97 | |
---|
| 98 | def check_credentials(self, username='', password=''): |
---|
[10396] | 99 | """If username is ``'bird'`` and password ``'bebop'`` check |
---|
| 100 | will succeed. |
---|
| 101 | |
---|
| 102 | Returns a tuple ``(<STATUS>, <REASON>)`` with ``<STATUS>`` |
---|
| 103 | being a boolean and ``<REASON>`` being a string giving the |
---|
| 104 | reason why login failed (if so) or an empty string. |
---|
[10394] | 105 | """ |
---|
[10396] | 106 | reason = '' |
---|
| 107 | result = username == 'bird' and password == 'bebop' |
---|
| 108 | if not result: |
---|
| 109 | reason = 'Invalid username or password.' |
---|
| 110 | return result, reason |
---|