Skip to main content

A WSGI app that allows you to add another factor of authentication to any application server.

Project description


factored is a wsgi application that forces authentication before is passed to the wsgi application.

This can also be used as a proxy for non-wsgi apps.


using virtualenv:

virtualenv factored
cd factored
git clone git://
cd factored
../bin/python develop
../bin/initializedb develop.ini
../bin/adduser develop.ini
../bin/paster serve develop.ini
../bin/removeuser develop.ini


Must follow the example develop.ini provided. You’ll probably want to copy that file into your own and change the settings.

Edit server and port settings for application server if not using with another wsgi application.

Paste configuration options

Appened to google auth keys so it doesn’t overwrite others.
The secret (a string) used for auth_tkt cookie signing.
The cookie name used
Only send the cookie back over a secure conn.
Make the requesting IP address part of the authentication data in the cookie.
The path for which the auth_tkt cookie is valid. May be desirable if the application only serves part of a domain.
Hide cookie from JavaScript by setting the HttpOnly flag. Not honored by all browsers.
An auth_tkt cookie will be generated for the wildcard domain.
To set the cookie on an additional different domain.
Set to use a different hashing algorithm. Defaults to sha512
The amount of time in seconds a normal authentication session is valid for.
The amount of time in seconds the authentication seesion is valid for when the user clicks “remember me.”
Base url all authentication urls and resources are based off of. Useful if you’re only looking to authenticate a portion of a site.
Supported authentication schemes.
If using email authentication, the window of time the user has to enter correct code in.
Email authencation subject used.
Email authentication from address.
Email Authentication text body. {code} will be replaced with the code.
pyramid. prefixed options
Configuration passed directly into pyramid configuration.
Connection string for sql backend. Most configurations will work fine with normal sqlite.
mail. prefixed options
Configuration passed directly to the mailer plugin. Options can be found at
Specify a plugin that will automatically find users for the system to allow authentication for. Pre-packaged plugins include SQL and Email Domain.
(true|false) value defaulting to false that allows the user, if the username is an email, to get a reminder of their code sent to them.
If using allowing code reminders, the email subject of reminder
If using allowing code reminders, the email from address of reminder
If using allowing code reminders, the email body of reminder
customize title of form
customize legend of form
customize username label
customize username description
customize code label
customize code description
customize username buttion text
customize athenticate buttion text
customize code reminder buttion text
customize invalid username code text
customize invalid code text
customize invalid username text
customize invalid code reminder text

autouserfinder SQL configuration options

sqlalchemy connection string to connection to the database.
Name of the table to lookup users in.
Name of the field to find the usernames(could be username or email field).

autouserfinder Email Domain configuration options

List of valid domains to automatically create users for.

Nginx Example Configuration

An example setup with nginx and load balancing:

server {
    listen  80;
    include proxy.conf;

    # paths to protect
    location ~ ^/admin.* {

    location / {
        proxy_pass http://app;

server {
    listen 8090;
    include proxy.conf;
    location / {
        proxy_pass http://app;

Then factored would be configured to run on port 8000 and proxy to 8090 and have base_auth_url url set to /admin/auth.

Sample Paste Configuration

An example to follow if you’re not using a git checkout:

use = egg:factored#simpleproxy
server =
port = 8090

use = egg:factored#main
next = proxy
appname = REPLACEME

auth_tkt.secret = REPLACEME
auth_tkt.cookie_name = factored = false
auth_tkt.include_ip = true

auth_timeout = 7200
auth_remember_timeout = 604800
base_auth_url = /auth
supported_auth_schemes =
    Google Auth

email_auth_window = 120
# in seconds
em.subject = Authentication Request
em.sender =
em.body =
    You have requested authentication.
    Your temporary access code is: {code}

autouserfinder = SQL
autouserfinder.table_name = users
autouserfinder.email_field = email
autouserfinder.connection_string = sqlite:///%(here)s/users.db

allowcodereminder = true
allowcodereminder.subject = Authentication code reminder
allowcodereminder.sender =
allowcodereminder.body =
    You have requested code reminder.
    Your google auth code url is: {code}

pyramid.reload_templates = true
pyramid.debug_authorization = true
pyramid.debug_notfound = true
pyramid.debug_routematch = true
pyramid.default_locale_name = en
pyramid.includes =

sqlalchemy.url = sqlite:///%(here)s/test.db

# all mail settings can be found at = localhost
mail.port = 25

use = egg:Paste#http
# Change to to make public:
host =
port = 8000

With Gunicorn


../bin/easy_install gunicorn

to run:

../bin/gunicorn_paste --workers=2 develop.ini

Customizing Templates

Use pcreate to generate package skeleton:

./bin/pcreate –template=starter factored_customize cd factored_customize

To register template overrides customize

from factored.templates import registerTemplateCustomizations

def includeme(config):
import factored_customize as pkg registerTemplateCustomizations(config, ‘templates’, pkg)

Modify paster ini file to include pyramid addon:

pyramid.includes =
… factored_customize

Available Customizable Templates
Override metadata in the head tag.
Override includes in the head tag.
Add additional html to the bottom of the head tag. Empty by default.
Renders at top of container. Empty by default.
Renders title of application.
Renders above content. Empty by default.
Authentication layout template.
Code input.
Email input.
Form controls.
Authentication system chooser.
Below the content. Empty by default.
Application footer.
Very bottom of layout. Empty by default.


Work was sponsored by


2.0rc1 (2013-01-31)

  • more robust multi-use environment with database connections
  • support more algorythms for auth ticket
  • refactor so it’s more modular
  • be able to easily customize all templates
  • be able to customize text
  • pull out auth_tkt module of paste so we can customize a bit

1.1a2 (2012-03-26)

  • specify appname to customize google auth code entry.
  • redirect to original url if possible
  • be able to provide “remember me” functionality

1.1a1 (2012-03-26)

  • add auto user finder support
  • add ability to send google code reminders. This can work well with the autouserfinder

1.0a1 (2012-03-23)

  • Initial release

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for factored, version 2.0rc1
Filename, size File type Python version Upload date Hashes
Filename, size (138.3 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page