Mercurial > kallithea

annotate pylons_app/lib/auth.py @ 201:5af2cd31c99b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
logging info change on login form
author Marcin Kuzminski <marcin@python-works.com>
date Sat, 22 May 2010 20:49:38 +0200
parents b48ebda822a4
children a0116e944da1
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
1 from functools import wraps
52
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
2 from pylons import session, url
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
3 from pylons.controllers.util import abort, redirect
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
4 from pylons_app.model import meta
197
da59b7e07e3c Changed import to base. Removed action logging from auth to simplehg.
Marcin Kuzminski <marcin@python-works.com>
parents: 194
diff changeset
5 from pylons_app.model.db import Users
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
6 from sqlalchemy.exc import OperationalError
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
7 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
8 import crypt
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
9 import logging
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
10 log = logging.getLogger(__name__)
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
11
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
12 def get_crypt_password(password):
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
13 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
14 Cryptographic function used for password hashing
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
15 @param password: password to hash
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
16 """
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
17 return crypt.crypt(password, '6a')
46
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
18
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
19 def authfunc(environ, username, password):
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
20 sa = meta.Session
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
21 password_crypt = get_crypt_password(password)
42
b2bc08f2974b try except error on non existing user table
marcink
parents: 41
diff changeset
22 try:
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
23 user = sa.query(Users).filter(Users.username == username).one()
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
24 except (NoResultFound, MultipleResultsFound, OperationalError) as e:
42
b2bc08f2974b try except error on non existing user table
marcink
parents: 41
diff changeset
25 log.error(e)
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
26 user = None
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
27
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
28 if user:
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
29 if user.active:
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
30 if user.username == username and user.password == password_crypt:
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
31 log.info('user %s authenticated correctly', username)
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
32 return True
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
33 else:
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
34 log.error('user %s is disabled', username)
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
35
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
36 return False
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
37
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
38 class AuthUser(object):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
39 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
40 A simple object that handles a mercurial username for authentication
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
41 """
199
78e406a4c58e moved checking for user in session to wrapper function of LoginRequired decorator since it was working quite strange.
Marcin Kuzminski <marcin@python-works.com>
parents: 197
diff changeset
42 username = 'None'
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
43 is_authenticated = False
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
44 is_admin = False
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
45 permissions = set()
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
46 group = set()
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
47
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
48 def __init__(self):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
49 pass
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
50
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
51 #===============================================================================
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
52 # DECORATORS
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
53 #===============================================================================
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
54 class LoginRequired(object):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
55 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
56 Must be logged in to execute this function else redirect to login page
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
57 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
58 def __init__(self):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
59 pass
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
60
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
61 def __call__(self, func):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
62
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
63 @wraps(func)
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
64 def _wrapper(*fargs, **fkwargs):
199
78e406a4c58e moved checking for user in session to wrapper function of LoginRequired decorator since it was working quite strange.
Marcin Kuzminski <marcin@python-works.com>
parents: 197
diff changeset
65 user = session.get('hg_app_user', AuthUser())
78e406a4c58e moved checking for user in session to wrapper function of LoginRequired decorator since it was working quite strange.
Marcin Kuzminski <marcin@python-works.com>
parents: 197
diff changeset
66 log.info('Checking login required for user:%s', user.username)
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
67 if user.is_authenticated:
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
68 log.info('user %s is authenticated', user.username)
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
69 func(*fargs)
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
70 else:
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
71 logging.info('user %s not authenticated', user.username)
199
78e406a4c58e moved checking for user in session to wrapper function of LoginRequired decorator since it was working quite strange.
Marcin Kuzminski <marcin@python-works.com>
parents: 197
diff changeset
72 logging.info('redirecting to login page')
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
73 return redirect(url('login_home'))
52
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
74
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
75 return _wrapper