HTTP Basic Authentication PolicyΒΆ
To adopt basic HTTP authentication, you can use Pyramid's built-in authentication policy, pyramid.authentication.BasicAuthAuthenticationPolicy
.
This is a complete working example with very simple authentication and authorization:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | from pyramid.authentication import BasicAuthAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.config import Configurator
from pyramid.httpexceptions import HTTPForbidden
from pyramid.httpexceptions import HTTPUnauthorized
from pyramid.security import ALL_PERMISSIONS
from pyramid.security import Allow
from pyramid.security import Authenticated
from pyramid.security import forget
from pyramid.view import forbidden_view_config
from pyramid.view import view_config
@view_config(route_name='home', renderer='json', permission='view')
def home_view(request):
return {
'page': 'home',
'userid': request.authenticated_userid,
'principals': request.effective_principals,
'context_type': str(type(request.context)),
}
@forbidden_view_config()
def forbidden_view(request):
if request.authenticated_userid is None:
response = HTTPUnauthorized()
response.headers.update(forget(request))
# user is logged in but doesn't have permissions, reject wholesale
else:
response = HTTPForbidden()
return response
def check_credentials(username, password, request):
if username == 'admin' and password == 'admin':
# an empty list is enough to indicate logged-in... watch how this
# affects the principals returned in the home view if you want to
# expand ACLs later
return []
class Root:
# dead simple, give everyone who is logged in any permission
# (see the home_view for an example permission)
__acl__ = (
(Allow, Authenticated, ALL_PERMISSIONS),
)
def main(global_conf, **settings):
config = Configurator(settings=settings)
authn_policy = BasicAuthAuthenticationPolicy(check_credentials)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_root_factory(lambda request: Root())
config.add_route('home', '/')
config.scan(__name__)
return config.make_wsgi_app()
if __name__ == '__main__':
from waitress import serve
app = main({})
serve(app, listen='localhost:8000')
|