~sirn/fanboi2

ref: 0e52a2d9448755b13e9989cf85879c52b7bc7b10 fanboi2/fanboi2/auth.py -rw-r--r-- 1.5 KiB View raw
0e52a2d9Kridsada Thanabulpong [build] fix broken dependencies version lock 10 months ago
                                                                                        
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
from pyramid.authentication import AuthTktAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.security import ALL_PERMISSIONS, Allow

from .interfaces import IUserLoginService


SESSION_TOKEN_VALIDITY = 3600
SESSION_TOKEN_REISSUE = 300


class Root(object):  # pragma: no cover
    __acl__ = [(Allow, "g:admin", ALL_PERMISSIONS)]

    def __init__(self, request):
        self.request = request


def groupfinder(userid, request):
    """Resolve the given :param:`userid` (the session token) into a list of
    group names prefixed with ``g:`` to indicate group permissions.
    """
    if userid is None:
        return None
    user_login_svc = request.find_service(IUserLoginService)
    groups = user_login_svc.groups_from_token(userid, request.client_addr)
    if groups is None:
        return None
    user_login_svc.mark_seen(userid, request.client_addr)
    return ["g:%s" % (g,) for g in groups]


def includeme(config):  # pragma: no cover
    authz_policy = ACLAuthorizationPolicy()
    authn_policy = AuthTktAuthenticationPolicy(
        config.registry.settings["auth.secret"],
        callback=groupfinder,
        timeout=SESSION_TOKEN_VALIDITY,
        reissue_time=SESSION_TOKEN_REISSUE,
        cookie_name="_auth",
        http_only=True,
        secure=config.registry.settings["server.secure"],
    )

    config.set_authentication_policy(authn_policy)
    config.set_authorization_policy(authz_policy)
    config.set_root_factory(Root)