 |
 |
 |
The SkunkWeb Developers Guide |  |
 |
 |
|
|
|
The SkunkWeb Developers Guide | |
|
|
class authorizer:
def __init__(self, ......):
"""
The ...... will be filled with the contents of
Configuration.authAuthorizerCtorArgs when this object is instantiated.
"""
def checkCredentials(self, conn):
"""
Examine the connection however you see fit to see if the
connection has the credentials needed to view the page
return true to accept, false to reject
"""
def login(self, conn, username, password):
"""
Take the username and password, validate them, and if they are
valid, give the connection credentials to validate them in the
future (i.e. make it so checkCredentials() returns true). If your
authorizer is doing basicauth-style authentication, this method is
not required.
"""
def logout(self, conn):
"""
Remove any credentials from the browser. This method is not required
for methods (specifically, basicauth) that do not have the concept of
logging out.
"""
def authFailed(self, conn):
"""
If the connections credentials are rejected, what to do. For
this, unless you are using a basic-auth means, inheriting from
RespAuthBase is probably sufficient (it will bring up a login
page), otherwise inheriting from BasicAuthBase and providing an
appropriate validate function is sufficient.
"""
#this method is required only if using one of the base classes that
#require it
def validate(self, username, password):
"""
Return true if the username/password combo is valid, false otherwise
"""
class RespAuthBase:
"""
This is a base class for those authorizers that need to use a login page.
That's pretty much any of them, with the exception of BasicAuth, as it
doesn't need it since the browser "puts up a login page".
The loginPage ctor arg is the page to show. It *can* be in the protected
area.
"""
class AuthFileBase: #base class for those that auth against a basicauth file
"""
Base class for authorizers that will use a simple basicauth file to
validate user/password combinations
The authFile ctor argument is the file that we will validate against
"""
class BasicAuthBase: #base class that does basicauth
"""
This class does browser based basicauth authentication where it pops up
the login box by itself.
This is a mixin class and is not usable by itself. You must provide a
way to validate (by subclassing BasicAuthBase and defining a validate
function) the username and password that is obtained."""
class CookieAuthBase: #class that does basic cookie authentication
"""
This class implements a simple cookie based authentication. Depending
on how you want to do things, you may not (and probably don't) want to
have the username and password encoded directly in the cookie, but
definitely *do* use the armor module to protect whatever you do decide to
put into the cookie as it will make them virtually tamperproof.
As with BasicAuthBase, thisis a mixin class and is not usable by
itself. You must provide a way to validate (by subclassing CookieAuthBase
and defining a function) the username and password that is obtained.
"""
class SessionAuthBase: #class to do auth using sessions
"""
This class uses the session object (you must have the sessionHandler
service loaded) to handle authentication. This is also probably not
something that you would really want to use in a production setup as:
a) you probably don't want to store the password in the session. Not that
it's inherently evil, but it's one less thing you have to worry about
leaking in the event that something gets screwed up.
b) checking the credentials might just be to check if the username is set
since all of the session info (minus the session key) is stored on
the server and not the browser, we don't have to worry as much that
somebody fooled around with us
But what is here is usable as a starting point and will run.
As with BasicAuthBase, thisis a mixin class and is not usable by
itself. You must provide a way to validate (by subclassing SessionAuthBase
and defining a function) the username and password that is obtained.
"""
|
|
|
The SkunkWeb Developers Guide | |
|
|