Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
An authentication policy for Pyramid that proxies to a stack of other authentication policies
|pypi| |ci| |coverage|
.. |pypi| image:: https://img.shields.io/pypi/v/pyramid_multiauth.svg :target: https://pypi.python.org/pypi/pyramid_multiauth
.. |ci| image:: https://github.com/mozilla-services/pyramid_multiauth/actions/workflows/test.yml/badge.svg :target: https://github.com/mozilla-services/pyramid_multiauth/actions
.. |coverage| image:: https://coveralls.io/repos/github/mozilla-services/pyramid_multiauth/badge.svg?branch=main :target: https://coveralls.io/github/mozilla-services/pyramid_multiauth?branch=main
An authentication policy for Pyramid that proxies to a stack of other authentication policies.
MultiAuthenticationPolicy is a Pyramid authentication policy that proxies to a stack of other IAuthenticationPolicy objects, to provide a combined auth solution from individual pieces. Simply pass it a list of policies that should be tried in order::
policies = [
IPAuthenticationPolicy("127.0.*.*", principals=["local"])
IPAuthenticationPolicy("192.168.*.*", principals=["trusted"])
]
authn_policy = MultiAuthenticationPolicy(policies)
config.set_authentication_policy(authn_policy)
This example uses the pyramid_ipauth module to assign effective principals based on originating IP address of the request. It combines two such policies so that requests originating from "127.0.." will have principal "local" while requests originating from "192.168.." will have principal "trusted".
In general, the results from the stacked authentication policies are combined as follows:
* authenticated_userid: return userid from first successful policy
* unauthenticated_userid: return userid from first successful policy
* effective_principals: return union of principals from all policies
* remember: return headers from all policies
* forget: return headers from all policies
It is also possible to specify the authentication policies as part of your paste deployment settings. Consider the following example::
[app:pyramidapp]
use = egg:mypyramidapp
multiauth.policies = ipauth1 ipauth2 pyramid_browserid
multiauth.policy.ipauth1.use = pyramid_ipauth.IPAuthentictionPolicy
multiauth.policy.ipauth1.ipaddrs = 127.0.*.*
multiauth.policy.ipauth1.principals = local
multiauth.policy.ipauth2.use = pyramid_ipauth.IPAuthentictionPolicy
multiauth.policy.ipauth2.ipaddrs = 192.168.*.*
multiauth.policy.ipauth2.principals = trusted
To configure authentication from these settings, simply include the multiauth module into your configurator::
config.include("pyramid_multiauth")
In this example you would get a MultiAuthenticationPolicy with three stacked auth policies. The first two, ipauth1 and ipauth2, are defined as the name of of a callable along with a set of keyword arguments. The third is defined as the name of a module, pyramid_browserid, which will be processed via the standard config.include() mechanism.
The end result would be a system that authenticates users via BrowserID, and assigns additional principal identifiers based on the originating IP address of the request.
If necessary, the group finder function and the authorization policy can also be specified from configuration::
[app:pyramidapp]
use = egg:mypyramidapp
multiauth.authorization_policy = mypyramidapp.acl.Custom
multiauth.groupfinder = mypyramidapp.acl.groupfinder
...
An event is triggered when one of the multiple policies configured is selected.
::
from pyramid_multiauth import MultiAuthPolicySelected
# Track policy used, for prefixing user_id and for logging.
def on_policy_selected(event):
print("%s (%s) authenticated %s for request %s" % (event.policy_name,
event.policy,
event.userid,
event.request))
config.add_subscriber(on_policy_selected, MultiAuthPolicySelected)
FAQs
An authentication policy for Pyramid that proxies to a stack of other authentication policies
We found that pyramid-multiauth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.