Navigation

September 06, 2010

shabti_auth_repozewhat – auth’n’auth using repoze.what

This template brings both repoze.who’s authentication and repoze.what’s authorisation functions to Pylons, plus an identity model expressed in SQLAlchemy, making it immediately accessible to extension and development.

(This document and the associated template are based on Gustavo Narea’s tutorial on the PylonsHQ wiki).

Warning

Documentation still not complete as at September 06, 2010 but tests pass and the app is functioning as expected.

About repoze.who auth

Chris McDonough’s repoze.who runs as middleware. The overview show below is lifted straight from the repoze.who docs .

Note

Overview

repoze.who is an identification and authentication framework for arbitrary WSGI applications. It acts as WSGI middleware.

repoze.who is inspired by Zope 2’s Pluggable Authentication Service (PAS) (but repoze.who is not dependent on Zope in any way; it is useful for any WSGI application). It provides no facility for authorization (ensuring whether a user can or cannot perform the operation implied by the request). This is considered to be the domain of the WSGI application.

It attempts to reuse implementations from paste.auth for some of its functionality.

Note

shabti_auth_repozewho source code is in the bitbucket code repository

Using the template

After successfully installing Shabti, additional paster templates will be available. Simply create a Shabti-configured project by specifying that paster should use the shabti auth repozewhat template:

$ paster create -t shabti_auth_repozewhat myproj

These are the option dialogue choices appropriate for the Shabti auth repozewhat template — which uses mako templates and SQLAlchemy ...

(mako/genshi/jinja/etc: Template language) ['mako']:
(True/False: Include SQLAlchemy 0.4 configuration) [False]: True
(True/False: Setup default appropriate for Google App Engine) [False]:

Once the project has been created, navigate to the project directory and initialise the store by running the project setup script:

$ paster setup-app development.ini

If successful, the setup script will stream the log of database transactions to stdout, e.g.:

CREATE TABLE user_groups__group_users (
    user_id INTEGER NOT NULL,
    group_id INTEGER NOT NULL,
    PRIMARY KEY (user_id, group_id),
     CONSTRAINT user_groups_fk FOREIGN KEY(user_id)
                    REFERENCES user (id),
     CONSTRAINT group_users_fk FOREIGN KEY(group_id)
                    REFERENCES "group" (id)
)

Once the database has been initialised, start the Pylons web app with:

$ paster serve --reload development.ini

The Shabti repoze.what auth template’s variant on the standard Pylons welcome screen is browsable at at http://localhost:5000/ ...

Welcome screen

../_images/shabti_auth_repozewhat_welcome.jpg

signin page

../_images/shabti_auth_repozewhat_signin.jpg

shabti model unauthenticated

../_images/shabti_auth_repozewhat_model_unauth.jpg

shabti model authenticated

../_images/shabti_auth_repozewhat_model_auth.jpg

Notes on the template

See also

More information generally about creating and using repoze.who predicates can be found in Controlling access with predicates .

author:Graham Higgins <gjh@bel-epa.com>

September 06, 2010

Table Of Contents

Previous topic

shabti_auth_repozewho – authentication using repoze.who

Next topic

shabti_auth_repozepylons – auth’n’auth in Pylons using repoze.wh[o|at]

This Page

Navigation

© Copyright 2009, Graham Higgins. Created using Sphinx 1.0b1+.