Repoze Notes

Version 1.0 of the repoze.who WSGI authentication framework has been released. You can get it via easy_install -i http://dist.repoze.org/who/latest/simple repoze.who.

Version 1.0 has optional support for middleware configuration via a config file (thanks to Tres). Being a framework, repoze.who is configuration-heavy, and it can provide a better separation of concerns and more convenience to wire it up via a configuration file than via Python code. So rather than configuring the middleware and attendant plugins via straight Python code, you can now wire who configuration up in an .ini file:

    # who.ini

    [plugin:form]
    # identification and challenge
    use = repoze.who.plugins.form:make_plugin
    login_form_qs = __do_login
    rememberer_name = cookie
    form = %(here)s/login_form.html

    [plugin:auth_tkt]
    # identification
    use = repoze.who.plugins.auth_tkt:make_plugin
    secret = s33kr1t
    cookie_name = oatmeal
    secure = False
    include_ip = False

    [plugin:basicauth]
    # identification and challenge
    use = repoze.who.plugins.basicauth:make_plugin
    realm = 'sample'

    [plugin:htpasswd]
    # authentication
    use = repoze.who.plugins.htpasswd:make_plugin
    filename = %(here)s/passwd
    check_fn = repoze.who.plugins.htpasswd:crypt_check

    [plugin:sqlusers]
    # authentication
    use = repoze.who.plugins.sql:make_authenticator_plugin
    query = "SELECT userid, password FROM users where login = %(login)s;"
    conn_factory = repoze.who.plugins.sql:make_psycopg_conn_factory
    compare_fn = repoze.who.plugins.sql:default_password_compare

    [plugin:sqlproperties]
    name = properties
    use = repoze.who.plugins.sql:make_metadata_plugin
    query = "SELECT firstname, lastname FROM users where userid = %(__userid)s;"
    filter = my.package:filter_propmd
    conn_factory = repoze.who.plugins.sql:make_psycopg_conn_factory

    [general]
    request_classifier = repoze.who.classifiers:default_request_classifier
    challenge_decider = repoze.who.classifiers:default_challenge_decider

    [identifiers]
    # plugin_name;classifier_name:.. or just plugin_name (good for any)
    plugins =
          form;browser
          auth_tkt
          basicauth

    [authenticators]
    # plugin_name;classifier_name.. or just plugin_name (good for any)
    plugins =
          htpasswd
          sqlusers

    [challengers]
    # plugin_name;classifier_name:.. or just plugin_name (good for any)
    plugins =
          form;browser
          basicauth

    [mdproviders]
    plugins =
          sqlproperties

Then you can use a constructor to create the configuration based on the .ini file, e.g.:

from repoze.who.config import WhoConfig

app = {next app in pipeline}
here = os.path.dirname(__file__)
config_file = os.path.join(here, 'who.ini')
parser = WhoConfig(here)
parser.parse(open(config_file))
middleware = PluggableAuthenticationMiddleware(app,
             parser.identifiers,
             parser.authenticators,
             parser.challengers,
             parser.mdproviders,
             parser.request_classifier,
             parser_challenge_decider,
             log_stream = sys.stdout,
             log_level = logging.DEBUG,
             )

There is a PasteScript-compatible constructor available via the egg name egg:repoze.who#config that does just this, so you can also just wire it up via a paste config file equivalently, ala:

[filter:who]
use = egg:repoze.who#config
config_file = %(here)s/etc/who.ini
log_level = debug
log_stream = stdout

You can read the documentation for more information about configuration.

- Chris

posted at: 14:46 | permanent link to this entry