September 06, 2010
shabti_authplus – Auth’n’auth plus user-managed signup¶
Note
This template does not use the standard Shabti basic auth’n’auth. In this template, the authentication and authorization code and that of the user-managed registration have been adapted from the source code of Kai, written by Ben Bangert — “Kai” is the Pylons app that implements the PylonHQ web site.
This template is an advanced authentication (signin) and authorization (permissions) setup plus a user-managed self-registration facility with OpenID login, password replacements, etc. that has been configured to use the Formalchemy package to provide an administration interface. The PylonsHQ CouchDB identity model is re-expressed in SQL (via Elixir) and paired with FormAlchemy’s “Pylons Admin” facility to produce an auto-generated facility for adminstering the population of the identity model.
In essence this template provides an out-of-the-box web interface for maintaining a lightweight identity model of Users, Groups and Permissions. Using the Pylons Admin interface is straightforward, direct and the interface itself is quite self-explanatory.
Warning
In an effort to cut to the chase with respect to password cryptography and achieve maximum developer comfort, this template uses Blowfish password hashing courtesy of the bcrypt library. This introduces a necessary dependency.
Note
shabti_authplus source code is in the bitbucket code repository
About Formalchemy¶
The following description is taken from the Formalchemy project web site ...
“FormAlchemy greatly speeds development with SQLAlchemy mapped classes (models) in a HTML forms environment.
FormAlchemy eliminates boilerplate by autogenerating HTML input fields from a given model. FormAlchemy will try to figure out what kind of HTML code should be returned by introspecting the model’s properties and generate ready-to-use HTML code that will fit the developer’s application.
Of course, FormAlchemy can’t figure out everything, i.e, the developer might want to display only a few columns from the given model. Thus, FormAlchemy is also highly customizable.”
See also
For further details, see the project documentation
Dependencies¶
You need to easy-install bcrypt, easy-install FormAlchemy and easy-install fa.jquery before using the template.
Using the template¶
After successfully installing Shabti, additional paster templates will be available. Simply create a Shabti-configured project by specifying that paster should use the shabti_authplus template:
$ paster create -t shabti_authplus myproj template_engine=mako sqlalchemy=True
If the template_engine and sqlalchemy options are omitted, a console-based option-setting dialogue will be initiated. These are the option dialogue choices appropriate for the Shabti auth shabti_formalchemy template — which uses mako templates and requires SQLAlchemy ...
(mako/genshi/jinja/etc: Template language) ['mako']:
(True/False: Include SQLAlchemy 0.4 configuration) [False]: True
Once the project has been created, navigate to the project directory.
Create the translation file that Pylons will need:
$ python setup.py compile_catalog
The next step is to initialise the database by running the project setup script which will create the initial entries and set a new administrator password.
$ paster setup-app development.ini
Running setup_config() from authplus.websetup
/.../authplus/authplus/public/index.html
Administrator login is: [ admin@example.com ] and [ FlvFpWBq ]
The administrator login is fixed as admin@example.com, the password changes each time that the command is successfully executed.
The next (optional) step after initialising the relational store is to run the tests.
$ nosetests
All tests should run successfully.
Running the generated app¶
After initialising and testing, start the Pylons web app with:
$ paster serve --reload development.ini
The Shabti AuthPlus template’s variant on the standard Pylons welcome screen is browsable at at http://localhost:5000/.
Also, there are more options than usual …
Welcome screen¶
Also …
Warning
Do take careful note: the administrator password is publicly visible on this page.
Sign-in dialog¶
This, as is plainly evident, is the Kai sign-in page. OpenID sign-in works. (Heck, it’s code written by Ben Bangert, it all works.)
Model view, public¶
The fixtures for this template have been beefed up to provide programmatic creation of Users and the app is initialised with 500 users, randomly assigned to one or more of the existing groups. The aim is to be able to exercise the Formalchemy model population administration interface.
In this template, the public version of the model index page has a faint blue background to the column headers.
Model view, private¶
The private version of the model index page has a faint red background to the column headers.
User admin - index¶
FormAlchemy’s JQuery-enhanced active grid presentation of the User population.
The bottom bar holds icons for standard CRUD+ model admin operations: Create, Edit, Delete, Search and Filter.
User admin - edit¶
User admin - edit, monster drop-down menu¶
It’s evident that we have reached the limits of the default Formalchemy configuration but even so, the excessive number of options doesn’t faze FormAlchemy one bit.
User admin new¶
Permissions admin index¶
Group admin index¶
Again, an excessive number of entries shows that we have moved into a position that requires more detailed configuration of the FormAlchemy ModelsController — but as before the page remains quite functional.
Adapting controllers/accounts.py¶
controllers/accounts.py implements the signon/off and user-managed registration. The code in this controller is littered with string references to “PylonsHQ”. There is an paster variable, “project” which looks like it can be used for configuring these references appropriately at application creation time. This is likely to be included in a future revision of this template but, until then, these references to “PylonsHQ” will need to be edited manually.
Note
shabti_authplus source code is in the bitbucket code repository
| author: | Graham Higgins <gjh@bel-epa.com> |
|---|
September 06, 2010