source: main/waeup.cas/trunk/waeup/cas/authenticators.py @ 10396

Last change on this file since 10396 was 10396, checked in by uli, 11 years ago

Let authtenticators give back a reason if login fails.
File size: 3.3 KB
Line 
1"""Components that do the real authentication stuff.
2"""
3from pkg_resources import iter_entry_points
4
5
6def get_all_authenticators():
7    """Get all authenticators registered via entry points.
8
9    To create an own authenticator, in the ``setup.py`` of your
10    package add a block like this::
11
12        entry_points='''
13           [waeup.cas.authenticators]
14           myname = my.pkg.my.module:MyAuthenticator
15           '''
16
17    where ``my.pkg.my.module`` must be a module importable at runtime
18    and ``MyAuthenticator`` must be some Authenticator class defined
19    in this module.
20
21    ``myname`` can be chosen as you like, but must not clash with
22    other ``waeup.cas.authenticators``. The name should contain ASCII
23    letters and numbers only, and start with a letter.
24    """
25    return dict(
26        [(x.name, x.load())
27         for x in iter_entry_points(group='waeup.cas.authenticators')])
28
29
30def get_authenticator(local_conf):
31    """Get an `Authenticator` configured by ``local_conf``.
32
33    `local_conf` must be a dictionary of settings.
34
35    An authenticator is identified by its entry-point name which must
36    be given as value of the ``auth`` key.
37
38    It is created passing all keys/values where key starts with
39    ``auth_``.
40
41    Returns a dict of remaining keys/values in `local_conf` with the
42    value of ``auth`` key replaced by an authenticator instance.
43    """
44    gen_opts, auth_opts = filter_auth_opts(local_conf)
45    if 'auth' in local_conf:
46        auth_dict = get_all_authenticators()
47        factory = auth_dict.get(local_conf['auth'])  # get authenticator
48        auth = factory(**auth_opts)
49        gen_opts.update(auth=auth)
50    return gen_opts
51
52
53def filter_auth_opts(local_conf):
54    """Filter out auth-related opts in `local_conf`, a dict.
55
56    Returns two dicts ``(<GENERAL_OPTS>, <AUTHENTICATOR_OPTS>)``
57    containing the general options and authenticator related options.
58
59    This is designed to work with typical paste.deploy config files
60    like this::
61
62      [foo]
63      foo = bar
64      auth = foo
65      auth_opt1 = bar
66
67    All settings not starting with `auth_` are put into the general
68    opts dict, while other are put into the authenticator opts dict.
69    """
70    auth_opts = {}
71    general_opts = {}
72    for name, value in local_conf.items():
73        if name.startswith('auth_'):
74            auth_opts[name] = value
75        else:
76            general_opts[name] = value
77    return general_opts, auth_opts
78
79
80class Authenticator(object):
81
82    #: The name of an authenticator
83    name = 'basic'
84
85    def __init__(self, **kw):
86        pass
87
88
89class DummyAuthenticator(Authenticator):
90    """A dummy authenticator for tests.
91
92    This authenticator does no real authentication. It simply approves
93    credentials ``('bird', 'bebop')`` and denies all other.
94    """
95
96    name = 'dummy'
97
98    def check_credentials(self, username='', password=''):
99        """If username is ``'bird'`` and password ``'bebop'`` check
100        will succeed.
101
102        Returns a tuple ``(<STATUS>, <REASON>)`` with ``<STATUS>``
103        being a boolean and ``<REASON>`` being a string giving the
104        reason why login failed (if so) or an empty string.
105        """
106        reason = ''
107        result = username == 'bird' and password == 'bebop'
108        if not result:
109            reason = 'Invalid username or password.'
110        return result, reason
Note: See TracBrowser for help on using the repository browser.