/usr/share/doc/python-pyramid-multiauth/README.rst is in python-pyramid-multiauth 0.8.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 | =================
pyramid_multiauth
=================
An authentication policy for Pyramid that proxies to a stack of other
authentication policies.
Overview
========
MultiAuthenticationPolicy is a Pyramid authentication policy that proxies to
a stack of *other* IAuthenticationPolicy objects, to provide a combined auth
solution from individual pieces. Simply pass it a list of policies that
should be tried in order::
policies = [
IPAuthenticationPolicy("127.0.*.*", principals=["local"])
IPAuthenticationPolicy("192.168.*.*", principals=["trusted"])
]
authn_policy = MultiAuthenticationPolicy(policies)
config.set_authentication_policy(authn_policy)
This example uses the pyramid_ipauth module to assign effective principals
based on originating IP address of the request. It combines two such
policies so that requests originating from "127.0.*.*" will have principal
"local" while requests originating from "192.168.*.*" will have principal
"trusted".
In general, the results from the stacked authentication policies are combined
as follows:
* authenticated_userid: return userid from first successful policy
* unauthenticated_userid: return userid from first successful policy
* effective_principals: return union of principals from all policies
* remember: return headers from all policies
* forget: return headers from all policies
Deployment Settings
===================
It is also possible to specify the authentication policies as part of your
paste deployment settings. Consider the following example::
[app:pyramidapp]
use = egg:mypyramidapp
multiauth.policies = ipauth1 ipauth2 pyramid_browserid
multiauth.policy.ipauth1.use = pyramid_ipauth.IPAuthentictionPolicy
multiauth.policy.ipauth1.ipaddrs = 127.0.*.*
multiauth.policy.ipauth1.principals = local
multiauth.policy.ipauth2.use = pyramid_ipauth.IPAuthentictionPolicy
multiauth.policy.ipauth2.ipaddrs = 192.168.*.*
multiauth.policy.ipauth2.principals = trusted
To configure authentication from these settings, simply include the multiauth
module into your configurator::
config.include("pyramid_multiauth")
In this example you would get a MultiAuthenticationPolicy with three stacked
auth policies. The first two, ipauth1 and ipauth2, are defined as the name of
of a callable along with a set of keyword arguments. The third is defined as
the name of a module, pyramid_browserid, which will be procecesed via the
standard config.include() mechanism.
The end result would be a system that authenticates users via BrowserID, and
assigns additional principal identifiers based on the originating IP address
of the request.
If necessary, the *group finder function* and the *authorization policy* can
also be specified from configuration::
[app:pyramidapp]
use = egg:mypyramidapp
multiauth.authorization_policy = mypyramidapp.acl.Custom
multiauth.groupfinder = mypyramidapp.acl.groupfinder
...
MultiAuthPolicySelected Event
=============================
An event is triggered when one of the multiple policies configured is selected.
::
from pyramid_multiauth import MultiAuthPolicySelected
# Track policy used, for prefixing user_id and for logging.
def on_policy_selected(event):
print("%s (%s) authenticated %s for request %s" % (event.policy_name,
event.policy,
event.userid,
event.request))
config.add_subscriber(on_policy_selected, MultiAuthPolicySelected)
|