Skip to main content

An authentication policy for Pyramid that proxies to a stack of other authentication policies

Project description

pypi ci coverage

An authentication policy for Pyramid that proxies to a stack of other authentication policies.

Overview

MultiAuthenticationPolicy is a Pyramid authentication policy that proxies to a stack of other IAuthenticationPolicy objects, to provide a combined auth solution from individual pieces. Simply pass it a list of policies that should be tried in order:

policies = [
    IPAuthenticationPolicy("127.0.*.*", principals=["local"])
    IPAuthenticationPolicy("192.168.*.*", principals=["trusted"])
]
authn_policy = MultiAuthenticationPolicy(policies)
config.set_authentication_policy(authn_policy)

This example uses the pyramid_ipauth module to assign effective principals based on originating IP address of the request. It combines two such policies so that requests originating from “127.0.*.*” will have principal “local” while requests originating from “192.168.*.*” will have principal “trusted”.

In general, the results from the stacked authentication policies are combined as follows:

  • authenticated_userid: return userid from first successful policy

  • unauthenticated_userid: return userid from first successful policy

  • effective_principals: return union of principals from all policies

  • remember: return headers from all policies

  • forget: return headers from all policies

Deployment Settings

It is also possible to specify the authentication policies as part of your paste deployment settings. Consider the following example:

[app:pyramidapp]
use = egg:mypyramidapp

multiauth.policies = ipauth1 ipauth2 pyramid_browserid

multiauth.policy.ipauth1.use = pyramid_ipauth.IPAuthentictionPolicy
multiauth.policy.ipauth1.ipaddrs = 127.0.*.*
multiauth.policy.ipauth1.principals = local

multiauth.policy.ipauth2.use = pyramid_ipauth.IPAuthentictionPolicy
multiauth.policy.ipauth2.ipaddrs = 192.168.*.*
multiauth.policy.ipauth2.principals = trusted

To configure authentication from these settings, simply include the multiauth module into your configurator:

config.include("pyramid_multiauth")

In this example you would get a MultiAuthenticationPolicy with three stacked auth policies. The first two, ipauth1 and ipauth2, are defined as the name of of a callable along with a set of keyword arguments. The third is defined as the name of a module, pyramid_browserid, which will be processed via the standard config.include() mechanism.

The end result would be a system that authenticates users via BrowserID, and assigns additional principal identifiers based on the originating IP address of the request.

If necessary, the group finder function and the authorization policy can also be specified from configuration:

[app:pyramidapp]
use = egg:mypyramidapp

multiauth.authorization_policy = mypyramidapp.acl.Custom
multiauth.groupfinder  = mypyramidapp.acl.groupfinder

...

MultiAuthPolicySelected Event

An event is triggered when one of the multiple policies configured is selected.

from pyramid_multiauth import MultiAuthPolicySelected


# Track policy used, for prefixing user_id and for logging.
def on_policy_selected(event):
    print("%s (%s) authenticated %s for request %s" % (event.policy_name,
                                                       event.policy,
                                                       event.userid,
                                                       event.request))

config.add_subscriber(on_policy_selected, MultiAuthPolicySelected)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyramid_multiauth-1.1.0.tar.gz (34.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pyramid_multiauth-1.1.0-py3-none-any.whl (19.8 kB view details)

Uploaded Python 3

File details

Details for the file pyramid_multiauth-1.1.0.tar.gz.

File metadata

  • Download URL: pyramid_multiauth-1.1.0.tar.gz
  • Upload date:
  • Size: 34.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pyramid_multiauth-1.1.0.tar.gz
Algorithm Hash digest
SHA256 aba7d9697b5888c5958d22bdd01e05d254b8707d222027afe95c16078759ea69
MD5 da6f7a36a4049d90717db7ea0c2578a1
BLAKE2b-256 b74417b576b4b01237f6bc4161f0c5aeff07a5eae6f0e0205c8d47296e4f1092

See more details on using hashes here.

Provenance

The following attestation bundles were made for pyramid_multiauth-1.1.0.tar.gz:

Publisher: publish.yml on mozilla-services/pyramid_multiauth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pyramid_multiauth-1.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for pyramid_multiauth-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 341ceed277c1d80aa0e62a4d0ef31dfd0bf33c75b5dd020856d0c4d8d1e3f77e
MD5 e32c1a7aca4adc372ecb4d250549cf04
BLAKE2b-256 0ee74b15c454ec192d8212f88b4e8cef28a444909b9519382de37a7f28af88c7

See more details on using hashes here.

Provenance

The following attestation bundles were made for pyramid_multiauth-1.1.0-py3-none-any.whl:

Publisher: publish.yml on mozilla-services/pyramid_multiauth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page