Hi all,
Been working on improving the documentation for customizing the Auth
framework. This section is on how to use repoze.who's standard who.ini
mechanism, and how to use who.ini to get something similar to the
quickstart configuration (so you can "tweak" a single feature) so that
you can use repoze.who's documentation to guide your further
explorations. Could gurus review it for correctness? The code seems to
work in my limited test, but I'm basically just hacking this together by
spelunking through the code.
Thanks,
Mike
Disabling authentication and authorization
------------------------------------------
If you need more flexibility than that provided by the quickstart, or
you are
not going to use :mod:`repoze.who` and :mod:`repoze.what`, you should
prevent
TurboGears from dealing with authentication/authorization by removing (or
commenting) the following line from
``{yourproject}.config.app_cfg``::
base_config.auth_backend = '{whatever you find here}'
Then you may also want to delete those settings like
``base_config.sa_auth.*``
-- they'll be ignored.
.. _using-who.ini:
Using who.ini
~~~~~~~~~~~~~
Once you have disabled your quickstart configuration, you may find yourself
wanting to use the `who.ini` configuration mechanism which is referenced in
most `repoze.who` documentation. This section describes how to create a
`who.ini`-based configuration that looks much like the quickstart
configuration
above.
Since `repoze.who` is WSGI middleware, you will need to alter your project's
`project.config.middleware.py` file to create your middleware from your
.ini
file::
from repoze.who.config import make_middleware_with_config as
make_who_with_config
...
# Wrap your base TurboGears 2 application with custom middleware
here
app = make_who_with_config(
app,
global_conf,
app_conf.get('who.config_file','who.ini'),
app_conf.get('who.log_file','stdout'),
app_conf.get('who.log_level','debug')
)
and add the following to your config file's app:main section::
who.config_file = %(here)s/who.ini
who.log_level = debug
who.log_file = stdout
at this point, you are using the standard `repoze.who` configuration
mechanism,
so should be able to follow most `repoze.who` documentation to complete
your
configurations.
Quickstart via `who.ini`
~~~~~~~~~~~~~~~~~~~~~~~~
If you would like to start off your customizations with something similar
to the `repoze.who.quickstart` mechanism, you can use standard mechanisms
to set up most of the machinery that the quickstart provides. Here is a
sample `who.ini` that provides much of the quickstart behaviour::
# Sample of a who.ini file from which to begin configuring
# this looks a lot like the "quickstart" application's setup,
# minus the translation capability...
[plugin:auth_tkt]
use = repoze.who.plugins.auth_tkt:make_plugin
secret = 'this secret is not really very SECRET!'
[plugin:friendlyform]
use = repoze.who.plugins.friendlyform:FriendlyFormPlugin
login_form_url= /login
login_handler_path = /login_handler
logout_handler_path = /logout_handler
rememberer_name = auth_tkt
post_login_url =
post_logout_url =
[plugin:sqlauth]
use = customwho.lib.auth:auth_plugin
[general]
request_classifier = repoze.who.classifiers:default_request_classifier
challenge_decider = repoze.who.classifiers:default_challenge_decider
[identifiers]
plugins =
friendlyform;browser
auth_tkt
[authenticators]
plugins =
sqlauth
[challengers]
plugins =
friendlyform;browser
[mdproviders]
plugins =
customwho.lib.auth:md_plugin
customwho.lib.auth:md_group_plugin
Note that "customwho" is the project name here. Also note that the
`who.ini`
file references a custom Python module `customwho.lib.auth` which is where
we set up our `repoze.who` plugins in the normal manner for `repoze.who`::
"""Example of a simplistic, importable authenticator plugin
Intended to work like a quick-started SQLAlchemy plugin"""
from repoze.who.plugins.sa import (
SQLAlchemyAuthenticatorPlugin,
SQLAlchemyUserMDPlugin,
)
from repoze.what.plugins.sql import configure_sql_adapters
from repoze.what.middleware import AuthorizationMetadata
from customwho import model
auth_plugin = SQLAlchemyAuthenticatorPlugin(model.User, model.DBSession)
md_plugin = SQLAlchemyUserMDPlugin(model.User, model.DBSession )
_source_adapters = configure_sql_adapters(
model.User,
model.Group,
model.Permission,
model.DBSession,
)
md_group_plugin = AuthorizationMetadata(
{'sqlauth': _source_adapters['group']},
{'sqlauth': _source_adapters['permission']},
)
This module creates a number of plugins which the `who.ini` file references.
It is also possible to configure plugins to accept parameters from the
`who.ini` configuration file (by specifying a plugin: section and providing
the parameters).
References
~~~~~~~~~~
* `Pylons Repoze.who Cookbook`_ -- describes how the `repoze.who`
middleware is fitted into a Pylons application (TurboGears 2.x is a
Pylons application)
.. _`Pylons Repoze.who Cookbook`:
http://wiki.pylonshq.com/display/pylonscookbook/Authentication+and+Authorization+with+%60repoze.who%60
--
________________________________________________
Mike C. Fletcher
Designer, VR Plumber, Coder
http://www.vrplumber.com
http://blog.vrplumber.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
