This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

Pyramid authentication stack

The pyramid_authstack package makes it possible to stack multiple authentication policies in a pyramid project. This can be useful in several scenarios:

  • You need to be able to identify a user for a long period of time, while requiting a recent login to access personal information. Amazon is an example of a site doing this.
  • You want to send a newsletter to users and log the user in automatically when they follow a link in the newsletter, but not give automatically give them access to sensitive information.

Confusing a multi-authentication policy is simple: create an instance of the AuthenticationStackPolicy object, add the authentication policies you want to it and then tell Pyramid to use it.

from pyramid.authentication import AuthTktAuthenticationPolicy
from pyramid_authstack import AuthenticationStackPolicy

auth_policy = AuthenticationStackPolicy()
# Add an authentication policy with a one-hour timeout to control
# access to sensitive information.
auth_policy.add_policy(
    'sensitive',
    AuthTktAuthenticationPolicy('secret', timeout=60 * 60))
# Add a second authentication policy with a one-year timeout so
# we can identify the user.
auth_policy.add_policy(
    'identity',
    AuthTktAuthenticationPolicy('secret', timeout=60 * 60 * 24 * 365))
config.set_authentication_policy(auth_policy)

The name used for the sub-policy (sensitive and identity in the example above) will be added to the principals if the sub-policy can authenticate the user. This makes it very easy to check which authentication policies matched in an ACL:

class MyModel(object):
    # Only allow access if user authenticated recently.
    __acl__ = [(Allow, 'auth:sensitive', 'view')]

When you call remember() or forget() all sub-policies will be trigged. You can filter the list of policies used by adding a policies parameter. A use case where this is important is a user coming to the site via a link in a newsletter: in that scenario you can identify the user, but do not want to give access to sensitive information without asking for extra credentials.

from pyramid.security import remember

# Only set identity-authentication.
headers = remember(request, 'chrism', policies=['identity'])

Comparison to pyramid_multiauth

Mozilla has a similar project: pyramid_multiauth. There are a few difference between that package and this one:

  • pyramid_multiauth has no way to indicate which authentication policy matched, which makes it unusable for my uses causes unless you always use custom authentication sub-policies which add custom an extra principal. This could be fixed, but it would require changing the API in a non-backward compatible way.
  • pyramid_multiauth duplicates some of the callback-handling code instead of reusing pyramid’s CallbackAuthenticationPolicy.
  • pyramid_multiauth allows configuration via the PasteDeploy .ini file, which pyramid_authstack does not support.

Changelog

1.0.1 - August 10, 2013

  • Fix use of obsolete naming in the README.
  • Add callback parameter to constructor.

1.0.0 - August 10, 2013

  • First release.
Release History

Release History

1.0.1

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.0.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
pyramid_authstack-1.0.1.tar.gz (5.2 kB) Copy SHA256 Checksum SHA256 Source Aug 10, 2013

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting