1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>paste.auth.form – HTML form/cookie authentication — Paste v1.7.5 documentation</title>
<link rel="stylesheet" href="../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '1.7.5',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<link rel="top" title="Paste v1.7.5 documentation" href="../index.html" />
<link rel="stylesheet" type="text/css"
href="../_static/paste.css.html">
</head>
<body>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li><a href="../index.html">Paste v1.7.5 documentation</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="module-paste.auth.form">
<span id="paste-auth-form-html-form-cookie-authentication"></span><h1><a class="reference internal" href="#module-paste.auth.form"><tt class="xref py py-mod docutils literal"><span class="pre">paste.auth.form</span></tt></a> – HTML form/cookie authentication<a class="headerlink" href="#module-paste.auth.form" title="Permalink to this headline">¶</a></h1>
<p>Authentication via HTML Form</p>
<p>This is a very simple HTML form login screen that asks for the username
and password. This middleware component requires that an authorization
function taking the name and passsword and that it be placed in your
application stack. This class does not include any session management
code or way to save the user’s authorization; however, it is easy enough
to put <tt class="docutils literal"><span class="pre">paste.auth.cookie</span></tt> in your application stack.</p>
<div class="highlight-python"><div class="highlight"><pre><span class="gp">>>> </span><span class="kn">from</span> <span class="nn">paste.wsgilib</span> <span class="kn">import</span> <span class="n">dump_environ</span>
<span class="gp">>>> </span><span class="kn">from</span> <span class="nn">paste.httpserver</span> <span class="kn">import</span> <span class="n">serve</span>
<span class="gp">>>> </span><span class="kn">from</span> <span class="nn">paste.auth.cookie</span> <span class="kn">import</span> <span class="n">AuthCookieHandler</span>
<span class="gp">>>> </span><span class="kn">from</span> <span class="nn">paste.auth.form</span> <span class="kn">import</span> <span class="n">AuthFormHandler</span>
<span class="gp">>>> </span><span class="k">def</span> <span class="nf">authfunc</span><span class="p">(</span><span class="n">environ</span><span class="p">,</span> <span class="n">username</span><span class="p">,</span> <span class="n">password</span><span class="p">):</span>
<span class="gp">... </span> <span class="k">return</span> <span class="n">username</span> <span class="o">==</span> <span class="n">password</span>
<span class="gp">>>> </span><span class="n">serve</span><span class="p">(</span><span class="n">AuthCookieHandler</span><span class="p">(</span>
<span class="gp">... </span> <span class="n">AuthFormHandler</span><span class="p">(</span><span class="n">dump_environ</span><span class="p">,</span> <span class="n">authfunc</span><span class="p">)))</span>
<span class="go">serving on...</span>
</pre></div>
</div>
<div class="section" id="module-contents">
<h2>Module Contents<a class="headerlink" href="#module-contents" title="Permalink to this headline">¶</a></h2>
<dl class="class">
<dt id="paste.auth.form.AuthFormHandler">
<em class="property">class </em><tt class="descclassname">paste.auth.form.</tt><tt class="descname">AuthFormHandler</tt><big>(</big><em>application</em>, <em>authfunc</em>, <em>template=None</em><big>)</big><a class="headerlink" href="#paste.auth.form.AuthFormHandler" title="Permalink to this definition">¶</a></dt>
<dd><p>HTML-based login middleware</p>
<p>This causes a HTML form to be returned if <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt> is
not found in the <tt class="docutils literal"><span class="pre">environ</span></tt>. If the form is returned, the
<tt class="docutils literal"><span class="pre">username</span></tt> and <tt class="docutils literal"><span class="pre">password</span></tt> combination are given to a
user-supplied authentication function, <tt class="docutils literal"><span class="pre">authfunc</span></tt>. If this
is successful, then application processing continues.</p>
<p>Parameters:</p>
<blockquote>
<p><tt class="docutils literal"><span class="pre">application</span></tt></p>
<blockquote>
The application object is called only upon successful
authentication, and can assume <tt class="docutils literal"><span class="pre">environ['REMOTE_USER']</span></tt>
is set. If the <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt> is already set, this
middleware is simply pass-through.</blockquote>
<p><tt class="docutils literal"><span class="pre">authfunc</span></tt></p>
<blockquote>
This is a mandatory user-defined function which takes a
<tt class="docutils literal"><span class="pre">environ</span></tt>, <tt class="docutils literal"><span class="pre">username</span></tt> and <tt class="docutils literal"><span class="pre">password</span></tt> for its first
three arguments. It should return <tt class="xref docutils literal"><span class="pre">True</span></tt> if the user is
authenticated.</blockquote>
<p><tt class="docutils literal"><span class="pre">template</span></tt></p>
<blockquote>
This is an optional (a default is provided) HTML
fragment that takes exactly one <tt class="docutils literal"><span class="pre">%s</span></tt> substution
argument; which <em>must</em> be used for the form’s <tt class="docutils literal"><span class="pre">action</span></tt>
to ensure that this middleware component does not alter
the current path. The HTML form must use <tt class="docutils literal"><span class="pre">POST</span></tt> and
have two input names: <tt class="docutils literal"><span class="pre">username</span></tt> and <tt class="docutils literal"><span class="pre">password</span></tt>.</blockquote>
</blockquote>
<p>Since the authentication form is submitted (via <tt class="docutils literal"><span class="pre">POST</span></tt>)
neither the <tt class="docutils literal"><span class="pre">PATH_INFO</span></tt> nor the <tt class="docutils literal"><span class="pre">QUERY_STRING</span></tt> are accessed,
and hence the current path remains _unaltered_ through the
entire authentication process. If authentication succeeds, the
<tt class="docutils literal"><span class="pre">REQUEST_METHOD</span></tt> is converted from a <tt class="docutils literal"><span class="pre">POST</span></tt> to a <tt class="docutils literal"><span class="pre">GET</span></tt>,
so that a redirect is unnecessary (unlike most form auth
implementations)</p>
</dd></dl>
<dl class="function">
<dt id="paste.auth.form.make_form">
<tt class="descclassname">paste.auth.form.</tt><tt class="descname">make_form</tt><big>(</big><em>app</em>, <em>global_conf</em>, <em>realm</em>, <em>authfunc</em>, <em>**kw</em><big>)</big><a class="headerlink" href="#paste.auth.form.make_form" title="Permalink to this definition">¶</a></dt>
<dd><p>Grant access via form authentication</p>
<p>Config looks like this:</p>
<div class="highlight-python"><pre>[filter:grant]
use = egg:Paste#auth_form
realm=myrealm
authfunc=somepackage.somemodule:somefunction</pre>
</div>
</dd></dl>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h3><a href="http://pythonpaste.org/" class="invisible-link">Python Paste</a></h3>
<ul>
<li><a href="http://trac.pythonpaste.org">Issue tracker</a></li>
<li><a href="http://pythonpaste.org/">Paste core</a></li>
<li><a href="http://pythonpaste.org/webob/">WebOb</a></li>
<li><a href="http://pythonpaste.org/deploy/">Paste Deploy</a></li>
<li><a href="http://pythonpaste.org/script/">Paste Script</a></li>
<li><a href="http://pythonpaste.org/webtest/">WebTest</a></li>
<li><a href="http://pythonpaste.org/scripttest/">ScriptType</a></li>
<li><a href="http://pythonpaste.org/initools/">INITools</a></li>
<li><a href="http://pythonpaste.org/tempita/">Tempita</a></li>
<li><a href="http://pythonpaste.org/waitforit/">WaitForIt</a></li>
<li><a href="http://pythonpaste.org/wphp/">WPHP</a></li>
<li><a href="http://pythonpaste.org/wsgifilter/">WSGIFilter</a></li>
<li><a href="http://pythonpaste.org/wsgiproxy/">WSGIProxy</a></li>
</ul>
<h3><a href="../index.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#"><tt class="docutils literal"><span class="pre">paste.auth.form</span></tt> – HTML form/cookie authentication</a><ul>
<li><a class="reference internal" href="#module-contents">Module Contents</a></li>
</ul>
</li>
</ul>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../_sources/modules/auth.form.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
<input type="text" name="q" size="18" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li><a href="../index.html">Paste v1.7.5 documentation</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2008, Ian Bicking.
Last updated on Sep 14, 2010.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.0.1.
</div>
</body>
</html>
|
