Keg-Auth 0.5.3

Authentication plugin for Keg

Keg Auth’s Readme

Flask extension in the Keg ecosystem to wrap authentication and authorization functionality. Keg-Auth provides helpers for auth model, view/authorization setup, protected navigation menus, and more.

Installation

• Bare functionality: pip install keg-auth

• With mail (i.e. with a mail manager configured, see below): pip install keg-auth[mail]

• JWT (for using JWT tokens as authenticators): pip install keg-auth[jwt]

• LDAP (for using LDAP target for authentication): pip install keg-auth[ldap]

• OIDC (for OAuth, e.g. Okta or Auth0): pip install keg-auth[oidc]

• Internationalization extensions: pip install keg-auth[i18n]

A Simple Example

For a simple example and a checklist of sorts for app setup, see the Getting Started guide in the docs.

Demo

Typical usage is demonstrated in https://github.com/level12/keg-app-cookiecutter

Links

• Documentation: https://keg-auth.readthedocs.io/en/stable/index.html

• Releases: https://pypi.org/project/Keg-Auth/

• Code: https://github.com/level12/keg-auth

• Issue tracker: https://github.com/level12/keg-auth/issues

• Keg framework: https://github.com/level12/keg

• Questions & comments: http://groups.google.com/group/blazelibs

Development

To run this project’s tests:

• Copy keg_auth_ta-config-example.py -> keg_auth_ta-config.py, update as needed

• Override database addr &/or port with environment vars or docker compose override if needed.

• docker-compose up [-d]

• tox …

There is a test application defined that can be ran like:

• cd keg_auth_ta

• python app.py …

Changelog

0.5.3 released 2022-02-24

• fix integrated auth tests (4318826)

0.5.2 released 2022-02-24

• add OAuth authenticator to replace deprecated OIDC implementation (606c952)

• add basic user/group/bundle CRUD tests to the integrated auth tests (0c84a2d)

• BC break require rate-limiting setup by default, simplify configuration (7d7b532)

0.5.1 released 2022-02-22

• warn on usage of OIDC authenticator due to current breakage in flask-oidc (c582781)

• potential BC break use keg-elements field ordering scheme on the User form (ee31b79)

• add class and code options to NavItems for better control of rendering (2842cc2)

• clear flask session on logout, behavior can be turned off via config setting (71e6b10)

• stop overriding a title block in templates, use config value to set the proper variable for the app template (210f227)

• load orm entity in CRUD method (89bc7d4)

0.5.0 released 2022-02-21

• use the Bootstrap 4 base form template from keg-elements (16c393a)

• shift to authlib for verification token generate/verify - support generated itsdangerous tokens for now refs #147 (e96ac2e)

0.4.2 released 2022-01-20

• replace commonmark with markdown-it-py (8b4822d)

0.4.1 released 2021-11-29

• fix navigation use of callable permissions on classes/blueprints (f19f513)

• user form: don’t assume csrf_token field exists (07fe642)

• improve testing developer ux (b687c72)

0.4.0 released 2021-09-13

• ensure grid header posts are supported (e0638dc)

• shift to use Bootstrap 4 templates by default (39335bc)

• centralize validation of permission sets in testing (9f04f1d)

• ViewTestBase no longer delete users in setup, and provide hooks into user creation (7d72fc3)

• enhance navigation menu options for login/logout cases (667a1ac)

• rename package for proper semantics (6a6a202)

0.3.0 released 2021-07-06

• click changed output for hidden inputs, resolve for set-password CLI (6cd5a09)

• update python requirements and pip usage (760da0b)

• add options to exclude specific HTTP methods from auth checks (b66d090)

• update JWT usage to reflect flask-jwt-extended 4.0 breaking changes (1cd0895)

• switch ldap requirement to python-ldap (63485f3)

0.2.28 released 2021-04-20

• support args in http head requests (97f8961)

• pin flask-jwt-extended < 4 until we support the update

0.2.27 released 2021-02-02

• fix documentation of internationalization support (8a41f03)

• make form/crud templates less opinionated about how base templates render page title (0b71303)

0.2.26 released 2021-01-29

• Provide Spinx documentation (62aca54)

• Provide a default JS handler for confirm-delete in crud-list (7b6785a)

• Use marksafe and jinja templates instead of webhelpers2 (8f68e07)

• Allow user to prevent sending welcome email after user form (3bb8f7a)

• Validate that create_form returned a value (83ff034)

• Trap integrity error on permission sync to mitigate race condition (4d7497c)

• Move disabled_utc to be with the other fields (dd1bf5e)

0.2.25 released 2020-12-08

• CRUD view passes through args set with self.assign (efeb7b7)

• CRUD view edit/delete performs authorization prior to ID lookup (efeb7b7)

• CRUD view added webgrid render limit handling (efeb7b7)

0.2.24 released 2020-07-09

• Fix inconsistent CLI argument ordering in tests (d9a62c0)

0.2.23 released 2020-06-11

• Allow applications to enforce custom password policies (7111c20)

• Check translations in CI (825d32e)

0.2.22 released 2020-04-16

• Allow rate-limiting of login and password resets (d243b75)

• Add more config flexibility for OIDC (39beae0)

0.2.21 released 2020-04-02

• Resolve fuzzy/missing translations (a78de96)

• Add inactivation date for users (requires migration to add a field) (0020fbd)

• Support latest Flask-Login (ba59925)

• Allow unverified users to reset their passwords (8888386)

• Pin keg-elements requirement to support CRUD checkboxes (e59fcc1)

• Include an Allow header for 405 responses (a2a3091)

• Support multiple LDAP targets (b895aad)

• Handle HEAD requests (b16a7e4)

• Remove six dependency (477a415)

0.2.20 released 2020-03-24

• OIDC and related updates (fab68f5)

• Add OIDC authenticator and login/logout view responders

• Fix missing page header for Permissions view

• Allow passing blueprint kwargs to make_blueprint

• Easier disabling of specific auth views

• Allow view responder flash messages to be disabled

• Drop bulk permission controls (better templating now in keg-elements)

0.2.19 released 2020-02-21

• Improve Usability of Permission Dropdown (479e985)

• Pin Flask Login (00ea957)

0.2.18 released 2020-01-10

• add CLI command for dev to set password (d488bc9)

0.2.17 released 2019-12-12

• ensure token is present for resending verification email (01b566f)

0.2.16 released 2019-12-02

• fix CRUD edit form default values for relationships (01893f9)

0.2.15 released 2019-11-27

• fix bundle grid setup for CRUD view (b772f01)

0.2.14 released 2019-11-21

• fix template issue related to select2 updates (373739b)

• make auth testing helpers more generic (b90ee96)

0.2.13 released 2019-11-08

• use select2 to render selects on the user management views (30ff332)

• fix breakage with keg 0.8.1 (3f5668d)

• adjust CI environments to use (b9b4fb4)

• auth test helpers use endpoints to find correct url (76a1222)

0.2.12 released 2019-10-03

• support decorating flask class-based views (3d8a6cb)

• fix LDAP authenticator for missing user case (19d184e)

0.2.11 released 2019-09-27

• fix permission sync method and test hook (a56eda4)

• fix FontAwesome usage on CRUD list view template (64f759a)

• support lazy strings and icons in navigation helpers and templates (4473571)

• remove flask version pin (ab47362)

0.2.10 released 2019-09-18

• fix testing utils mock import to prevent needing mock dependency (da197df)

0.2.9 released 2019-07-27

• Provide a hook on the CRUD base class to allow overriding the default add url generation (#74) (7eea8bb)

0.2.8 released 2019-06-17

• resolve bug in testing permission existence check (feccb98)

0.2.7 released 2019-06-07

• make custom action access control easier (63921ee)

• enforce test permissions are specified to the auth manager (794f320)

• correct the MRO order in CRUD forms and testing models (2f4c451)

• add get_current_user helper method (cae02a2)

• make grid action column link CSS classes customizable (aa1bc21)

• ensure CRUD view passes in desired template args (aae3dad)

0.2.6 released 2019-02-12

• Merge pull request #60 from level12/move-sync-perms-to-entity (3181691)

• update readme to remove reference to view-scoped authenticators (514c202)

0.2.5 released 2018-11-14

• Allow make_blueprint to accept a custom blueprint class (fe635b2)

• Add a link to resend verification email (f7a6191)

• Add optional i18n support using morphi (790d3ab)

• Fix intermittent test failure resulting from login timestamp (cde083b)

• Refactor CRUD form/grid render to extract template args (34d4a20)

0.2.4

• Show verification URL on CLI even if mail flag is off

0.2.3

• Fix requires_user decorator for usage with blueprints

0.2.1

• Fix nav items to cache on per user basis

• Fix token generated in CLI having an unknown timezone applied

0.2.0

• Support permissions

• Decorate blueprints, classes, methods for user/permission requirements

• Support request loaders for tokens

0.1.0

• Initial release