[Repoze-checkins] r726 - in repoze.pam: . trunk trunk/repoze trunk/repoze/pam trunk/repoze/pam/etc
Chris McDonough
chrism at agendaless.com
Sat Feb 23 11:33:22 UTC 2008
Author: Chris McDonough <chrism at agendaless.com>
Date: Sat Feb 23 06:33:20 2008
New Revision: 726
Log:
Science fiction about PAM.
Added:
repoze.pam/
repoze.pam/trunk/
repoze.pam/trunk/CHANGES.txt
repoze.pam/trunk/COPYRIGHT.txt
repoze.pam/trunk/LICENSE.txt
repoze.pam/trunk/README.txt
repoze.pam/trunk/TODO.txt
repoze.pam/trunk/ez_setup.py (contents, props changed)
repoze.pam/trunk/repoze/
repoze.pam/trunk/repoze/__init__.py (contents, props changed)
repoze.pam/trunk/repoze/pam/
repoze.pam/trunk/repoze/pam/__init__.py (contents, props changed)
repoze.pam/trunk/repoze/pam/etc/
repoze.pam/trunk/repoze/pam/etc/sample-config.ini
repoze.pam/trunk/repoze/pam/interfaces.py (contents, props changed)
repoze.pam/trunk/setup.py (contents, props changed)
Added: repoze.pam/trunk/CHANGES.txt
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/CHANGES.txt Sat Feb 23 06:33:20 2008
@@ -0,0 +1,2 @@
+A changes file.
+
Added: repoze.pam/trunk/COPYRIGHT.txt
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/COPYRIGHT.txt Sat Feb 23 06:33:20 2008
@@ -0,0 +1,3 @@
+Copyright (c) 2007 Agendaless Consulting and Contributors.
+(http://www.agendaless.com), All Rights Reserved
+
Added: repoze.pam/trunk/LICENSE.txt
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/LICENSE.txt Sat Feb 23 06:33:20 2008
@@ -0,0 +1,41 @@
+License
+
+ A copyright notice accompanies this license document that identifies
+ the copyright holders.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+
+ 1. Redistributions in source code must retain the accompanying
+ copyright notice, this list of conditions, and the following
+ disclaimer.
+
+ 2. Redistributions in binary form must reproduce the accompanying
+ copyright notice, this list of conditions, and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
+
+ 3. Names of the copyright holders must not be used to endorse or
+ promote products derived from this software without prior
+ written permission from the copyright holders.
+
+ 4. If any files are modified, you must cause the modified files to
+ carry prominent notices stating that you changed the files and
+ the date of any change.
+
+ Disclaimer
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ``AS IS'' AND
+ ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDERS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
Added: repoze.pam/trunk/README.txt
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/README.txt Sat Feb 23 06:33:20 2008
@@ -0,0 +1,217 @@
+repoze.pam
+
+Overview
+
+ repoze.pam (Pluggable Authentication Middleware) is an
+ identification and authentication framework for WSGI.
+
+Description
+
+ repoze.pam's ideas are largely culled from Zope 2's Pluggable
+ Authentication Service (PAS) (but it is not dependent on Zope).
+ Unlike PAS, it provides no facilities for creating user objects,
+ assigning roles or groups to users, retrieving or changing user
+ properties, or enumerating users, groups, or roles. These
+ responsibilities are assumed to be the domain of the WSGI
+ application you're serving. It also provides no facility for
+ authorization (ensuring whether a user can or cannot perform the
+ operation implied by the request). This is also the domain of the
+ WSGI application.
+
+ XXX describe relationship to AuthKit
+
+Middleware Responsibilities
+
+ repoze.pam's middleware has one major function on authentication
+ success: it puts a REMOTE_USER environment variable into the WSGI
+ environment and allows the request to continue to a downstream WSGI
+ application.
+
+ repoze.pam's middleware has one major function on authentication
+ failure: it challenges the user for credentials.
+
+Plugins
+
+ repoze.pam is designed around the concept of plugins. Plugins are
+ instances that are willing to perform one or more identification-
+ and/or authentication-related duties. When you register a plugin,
+ you register a plugin factory, which is a callable that accepts
+ configuration parameters. The callable must return an instance of a
+ plugin when called. Each plugin can be configured arbitrarily using
+ values in a repoze.pam-specific configuration file.
+
+ repoze.pam consults the set of configured plugins when it intercepts
+ a WSGI request.
+
+Plugin Types
+
+ Classification Plugins
+
+ repoze.pam "classifies" each request. For example, a request from
+ a browser might be classified a different way that a request from
+ an XML-RPC client. repoze.pam uses request classifiers to decide
+ which other components to consult during subsequent identification
+ and authorization steps. Other components advertise themselves as
+ willing to participate in identification and authorization for a
+ request based on this classification.
+
+ The classification system is pluggable. repoze.pam provides a
+ number of default classifiers that you may use. You may extend
+ the classification system by making repoze.pam aware of new
+ classifier implementations.
+
+ Extractor Plugins
+
+ You can register a plugin as willing to act as an "extractor". An
+ extractor examines the WSGI environment and attempts to extract
+ credentials from the environment. These credentials are used by
+ authenticator plugins to perform authentication.
+
+ Authenticator Plugins
+
+ You may register a plugin as willing to act as an "authenticator".
+ Authenticator plugins are responsible for resolving a set of
+ credentials to a user id. Typically, authenticator plugins will
+ perform a lookup into a database or some other persistent store,
+ check the provided credentials against the stored data, and return
+ a user id if the credentials can be validated.
+
+ The user id found by repoze.pam is eventually passed to downstream
+ WSGI applications in the "REMOTE_USER' environment variable.
+
+ Challenger Plugins
+
+ You may register a plugin as willing to act as an "challenger".
+ Challenger plugins are responsible for initiating a "challenge" to
+ the requesting user. Challenger plugins typically simply raise an
+ exception which is meant to be interpreted by upstream middleware.
+ The upstream middleware is assumed to be configured to catch the
+ exception and perform the actual challenge, which might consist of
+ displaying a form or presenting the user with a basic or digest
+ authentication dialog.
+
+ XXX we almost certainly need to do allow it to do more work.
+ making upstream middleware responsible for performing the
+ challenge is a punt.
+
+Configuration File Example
+
+ repoze.pam is configured using a ConfigParser-style .INI file. The
+ configuration file has five main types of sections: plugin sections,
+ a classifiers section, an authenticators section, a challengers
+ section, and an extractors section. Each "plugin" section defines a
+ configuration for a particular plugin. The classifiers,
+ authenticators, challengers, and extractors sections refer to these
+ plugins to form a site configuration.
+
+Example Configuration File
+
+ Below is an example of a configuration file that might be used to
+ configure the repoze.pam middleware. A set of plugins are defined,
+ and they are referred to by following non-plugin sections.
+
+ In the below configuration, seven plugins are defined. The
+ cookieauth and basicauth plugins are nominated to act as both
+ challenger and extractor plugins. The filusers and sqlusers plugins
+ are nominated to act as authenticator plugins. The browser, dav,
+ and xmlrpc plugins are nominated to act as classifier plugins::
+
+ [plugin:basicauth]
+ use = egg:repoze.pam#basicauth
+ # challenge
+ realm = repoze
+ requests =
+ browser
+ dav
+ xmrpc
+
+ [plugin:cookieauth]
+ # extraction, challenge, credentials update, credentials reset
+ use = egg:repoze.pam#cookieauth
+ # challenge
+ requests = browser
+ login_path = /login_form
+ # extraction
+ cookie_name = repoze.pam.auth
+ form_name_name = __ac_name
+ form_password_name = __ac_password
+
+ [plugin:fileusers]
+ use = egg:repoze.pam#fileusersource
+ # authentication
+ filename = %(here)s/users.txt
+ encryptpwd = egg:repoze.pam#shaencrypt
+
+ [plugin:sqlusers]
+ use = egg:repoze.pam#squsersource
+ # authentication
+ db = sqlite://database?user=foo&pass=bar
+ get_userinfo = select id, password from users
+ encryptpwd = egg:repoze.pam#shaencrypt
+
+ [plugin:browser]
+ use = egg:repoze.pam#browserchooser
+
+ [plugin:dav]
+ dav = egg:repoze.pam#davchooser
+
+ [plugin:xmlrpc]
+ xmlrpc = egg:repoze.pam#xmlrpcchooser
+
+ [classifiers]
+ plugins =
+ browser
+ dav
+ xmlrpc
+
+ [extractors]
+ plugins =
+ cookieauth
+ basicauth
+
+ [authenticators]
+ plugins =
+ fileusers
+ sqlusers
+
+ [challengers]
+ plugins =
+ cookieauth
+ basicauth
+
+Further Description of Example Config
+
+ The basicauth plugin configuration nominates itself as willing to
+ participate in requests classified as "browser", "dav", and "xmlrpc"
+ (via the "requests" key). The cookieauth plugin configuration
+ nominates itself as willing to participate in requests classified as
+ "browser".
+
+ The fileusers plugin obtains its user info from a file. The
+ sqlusers plugin obtains its user info from a sqlite database.
+
+ The classifiers section indicates that the classifiers named in the
+ plugins = line each has a chance to classify the request.
+
+ The extractors seciton provides an ordered list of plugins that are
+ willing to provide extraction capability. These will be consulted
+ in the defined order, so the system will look for credentials using
+ the cookie auth plugin, then the basic auth plugin.
+
+ The authenticators section provides an ordered list of plugins that
+ provide authenticator capability. These will be consulted in the
+ defined order, so the system will look for users in the file, then
+ in the sql database when attempting to validate credentials.
+
+ The challengers section provides an ordered list of plugins that
+ provide challenger capability. These will be consulted in the
+ defined order, so the system will consult the cookie auth plugin
+ first, then the basic auth plugin. Each will have a chance, based
+ on the request, to initiate a challenge.
+
+Interfaces
+
+ The following interfaces are expected to be provided by plugins
+ which the configuration asserts they're willing to provide::
+
+ XXX see interfaces.py
Added: repoze.pam/trunk/TODO.txt
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/TODO.txt Sat Feb 23 06:33:20 2008
@@ -0,0 +1 @@
+List todo items here.
Added: repoze.pam/trunk/ez_setup.py
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/ez_setup.py Sat Feb 23 06:33:20 2008
@@ -0,0 +1,234 @@
+#!python
+"""Bootstrap setuptools installation
+
+If you want to use setuptools in your package's setup.py, just include this
+file in the same directory with it, and add this to the top of your setup.py::
+
+ from ez_setup import use_setuptools
+ use_setuptools()
+
+If you want to require a specific version of setuptools, set a download
+mirror, or use an alternate download directory, you can do so by supplying
+the appropriate options to ``use_setuptools()``.
+
+This file can also be run as a script to install or upgrade setuptools.
+"""
+import sys
+DEFAULT_VERSION = "0.6c7"
+DEFAULT_URL = "http://pypi.python.org/packages/%s/s/setuptools/" % sys.version[:3]
+
+md5_data = {
+ 'setuptools-0.6b1-py2.3.egg': '8822caf901250d848b996b7f25c6e6ca',
+ 'setuptools-0.6b1-py2.4.egg': 'b79a8a403e4502fbb85ee3f1941735cb',
+ 'setuptools-0.6b2-py2.3.egg': '5657759d8a6d8fc44070a9d07272d99b',
+ 'setuptools-0.6b2-py2.4.egg': '4996a8d169d2be661fa32a6e52e4f82a',
+ 'setuptools-0.6b3-py2.3.egg': 'bb31c0fc7399a63579975cad9f5a0618',
+ 'setuptools-0.6b3-py2.4.egg': '38a8c6b3d6ecd22247f179f7da669fac',
+ 'setuptools-0.6b4-py2.3.egg': '62045a24ed4e1ebc77fe039aa4e6f7e5',
+ 'setuptools-0.6b4-py2.4.egg': '4cb2a185d228dacffb2d17f103b3b1c4',
+ 'setuptools-0.6c1-py2.3.egg': 'b3f2b5539d65cb7f74ad79127f1a908c',
+ 'setuptools-0.6c1-py2.4.egg': 'b45adeda0667d2d2ffe14009364f2a4b',
+ 'setuptools-0.6c2-py2.3.egg': 'f0064bf6aa2b7d0f3ba0b43f20817c27',
+ 'setuptools-0.6c2-py2.4.egg': '616192eec35f47e8ea16cd6a122b7277',
+ 'setuptools-0.6c3-py2.3.egg': 'f181fa125dfe85a259c9cd6f1d7b78fa',
+ 'setuptools-0.6c3-py2.4.egg': 'e0ed74682c998bfb73bf803a50e7b71e',
+ 'setuptools-0.6c3-py2.5.egg': 'abef16fdd61955514841c7c6bd98965e',
+ 'setuptools-0.6c4-py2.3.egg': 'b0b9131acab32022bfac7f44c5d7971f',
+ 'setuptools-0.6c4-py2.4.egg': '2a1f9656d4fbf3c97bf946c0a124e6e2',
+ 'setuptools-0.6c4-py2.5.egg': '8f5a052e32cdb9c72bcf4b5526f28afc',
+ 'setuptools-0.6c5-py2.3.egg': 'ee9fd80965da04f2f3e6b3576e9d8167',
+ 'setuptools-0.6c5-py2.4.egg': 'afe2adf1c01701ee841761f5bcd8aa64',
+ 'setuptools-0.6c5-py2.5.egg': 'a8d3f61494ccaa8714dfed37bccd3d5d',
+ 'setuptools-0.6c6-py2.3.egg': '35686b78116a668847237b69d549ec20',
+ 'setuptools-0.6c6-py2.4.egg': '3c56af57be3225019260a644430065ab',
+ 'setuptools-0.6c6-py2.5.egg': 'b2f8a7520709a5b34f80946de5f02f53',
+ 'setuptools-0.6c7-py2.3.egg': '209fdf9adc3a615e5115b725658e13e2',
+ 'setuptools-0.6c7-py2.4.egg': '5a8f954807d46a0fb67cf1f26c55a82e',
+ 'setuptools-0.6c7-py2.5.egg': '45d2ad28f9750e7434111fde831e8372',
+}
+
+import sys, os
+
+def _validate_md5(egg_name, data):
+ if egg_name in md5_data:
+ from md5 import md5
+ digest = md5(data).hexdigest()
+ if digest != md5_data[egg_name]:
+ print >>sys.stderr, (
+ "md5 validation of %s failed! (Possible download problem?)"
+ % egg_name
+ )
+ sys.exit(2)
+ return data
+
+
+def use_setuptools(
+ version=DEFAULT_VERSION, download_base=DEFAULT_URL, to_dir=os.curdir,
+ download_delay=15
+):
+ """Automatically find/download setuptools and make it available on sys.path
+
+ `version` should be a valid setuptools version number that is available
+ as an egg for download under the `download_base` URL (which should end with
+ a '/'). `to_dir` is the directory where setuptools will be downloaded, if
+ it is not already available. If `download_delay` is specified, it should
+ be the number of seconds that will be paused before initiating a download,
+ should one be required. If an older version of setuptools is installed,
+ this routine will print a message to ``sys.stderr`` and raise SystemExit in
+ an attempt to abort the calling script.
+ """
+ try:
+ import setuptools
+ if setuptools.__version__ == '0.0.1':
+ print >>sys.stderr, (
+ "You have an obsolete version of setuptools installed. Please\n"
+ "remove it from your system entirely before rerunning this script."
+ )
+ sys.exit(2)
+ except ImportError:
+ egg = download_setuptools(version, download_base, to_dir, download_delay)
+ sys.path.insert(0, egg)
+ import setuptools; setuptools.bootstrap_install_from = egg
+
+ import pkg_resources
+ try:
+ pkg_resources.require("setuptools>="+version)
+
+ except pkg_resources.VersionConflict, e:
+ # XXX could we install in a subprocess here?
+ print >>sys.stderr, (
+ "The required version of setuptools (>=%s) is not available, and\n"
+ "can't be installed while this script is running. Please install\n"
+ " a more recent version first.\n\n(Currently using %r)"
+ ) % (version, e.args[0])
+ sys.exit(2)
+
+def download_setuptools(
+ version=DEFAULT_VERSION, download_base=DEFAULT_URL, to_dir=os.curdir,
+ delay = 15
+):
+ """Download setuptools from a specified location and return its filename
+
+ `version` should be a valid setuptools version number that is available
+ as an egg for download under the `download_base` URL (which should end
+ with a '/'). `to_dir` is the directory where the egg will be downloaded.
+ `delay` is the number of seconds to pause before an actual download attempt.
+ """
+ import urllib2, shutil
+ egg_name = "setuptools-%s-py%s.egg" % (version,sys.version[:3])
+ url = download_base + egg_name
+ saveto = os.path.join(to_dir, egg_name)
+ src = dst = None
+ if not os.path.exists(saveto): # Avoid repeated downloads
+ try:
+ from distutils import log
+ if delay:
+ log.warn("""
+---------------------------------------------------------------------------
+This script requires setuptools version %s to run (even to display
+help). I will attempt to download it for you (from
+%s), but
+you may need to enable firewall access for this script first.
+I will start the download in %d seconds.
+
+(Note: if this machine does not have network access, please obtain the file
+
+ %s
+
+and place it in this directory before rerunning this script.)
+---------------------------------------------------------------------------""",
+ version, download_base, delay, url
+ ); from time import sleep; sleep(delay)
+ log.warn("Downloading %s", url)
+ src = urllib2.urlopen(url)
+ # Read/write all in one block, so we don't create a corrupt file
+ # if the download is interrupted.
+ data = _validate_md5(egg_name, src.read())
+ dst = open(saveto,"wb"); dst.write(data)
+ finally:
+ if src: src.close()
+ if dst: dst.close()
+ return os.path.realpath(saveto)
+
+def main(argv, version=DEFAULT_VERSION):
+ """Install or upgrade setuptools and EasyInstall"""
+
+ try:
+ import setuptools
+ except ImportError:
+ egg = None
+ try:
+ egg = download_setuptools(version, delay=0)
+ sys.path.insert(0,egg)
+ from setuptools.command.easy_install import main
+ return main(list(argv)+[egg]) # we're done here
+ finally:
+ if egg and os.path.exists(egg):
+ os.unlink(egg)
+ else:
+ if setuptools.__version__ == '0.0.1':
+ # tell the user to uninstall obsolete version
+ use_setuptools(version)
+
+ req = "setuptools>="+version
+ import pkg_resources
+ try:
+ pkg_resources.require(req)
+ except pkg_resources.VersionConflict:
+ try:
+ from setuptools.command.easy_install import main
+ except ImportError:
+ from easy_install import main
+ main(list(argv)+[download_setuptools(delay=0)])
+ sys.exit(0) # try to force an exit
+ else:
+ if argv:
+ from setuptools.command.easy_install import main
+ main(argv)
+ else:
+ print "Setuptools version",version,"or greater has been installed."
+ print '(Run "ez_setup.py -U setuptools" to reinstall or upgrade.)'
+
+
+
+def update_md5(filenames):
+ """Update our built-in md5 registry"""
+
+ import re
+ from md5 import md5
+
+ for name in filenames:
+ base = os.path.basename(name)
+ f = open(name,'rb')
+ md5_data[base] = md5(f.read()).hexdigest()
+ f.close()
+
+ data = [" %r: %r,\n" % it for it in md5_data.items()]
+ data.sort()
+ repl = "".join(data)
+
+ import inspect
+ srcfile = inspect.getsourcefile(sys.modules[__name__])
+ f = open(srcfile, 'rb'); src = f.read(); f.close()
+
+ match = re.search("\nmd5_data = {\n([^}]+)}", src)
+ if not match:
+ print >>sys.stderr, "Internal error!"
+ sys.exit(2)
+
+ src = src[:match.start(1)] + repl + src[match.end(1):]
+ f = open(srcfile,'w')
+ f.write(src)
+ f.close()
+
+
+if __name__=='__main__':
+ if len(sys.argv)>2 and sys.argv[1]=='--md5update':
+ update_md5(sys.argv[2:])
+ else:
+ main(sys.argv[1:])
+
+
+
+
+
Added: repoze.pam/trunk/repoze/__init__.py
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/repoze/__init__.py Sat Feb 23 06:33:20 2008
@@ -0,0 +1,2 @@
+# repoze package
+__import__('pkg_resources').declare_namespace(__name__)
Added: repoze.pam/trunk/repoze/pam/__init__.py
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/repoze/pam/__init__.py Sat Feb 23 06:33:20 2008
@@ -0,0 +1 @@
+# a module
Added: repoze.pam/trunk/repoze/pam/etc/sample-config.ini
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/repoze/pam/etc/sample-config.ini Sat Feb 23 06:33:20 2008
@@ -0,0 +1,63 @@
+[plugin:basicauth]
+use = egg:repoze.pam#basicauth
+# challenge
+realm = repoze
+requests =
+ browser
+ dav
+ xmrpc
+
+[plugin:cookieauth]
+# extraction, challenge, credentials update, credentials reset
+use = egg:repoze.pam#cookieauth
+# challenge
+requests = browser
+login_path = /login_form
+# extraction
+cookie_name = repoze.pam.auth
+form_name_name = __ac_name
+form_password_name = __ac_password
+
+[plugin:fileusers]
+use = egg:repoze.pam#fileusersource
+# authentication
+filename = %(here)s/users.txt
+encryptpwd = egg:repoze.pam#shaencrypt
+
+[plugin:sqlusers]
+use = egg:repoze.pam#squsersource
+# authentication
+db = sqlite://database?user=foo&pass=bar
+get_userinfo = select id, password from users
+encryptpwd = egg:repoze.pam#shaencrypt
+
+[plugin:browser]
+use = egg:repoze.pam#browserchooser
+
+[plugin:dav]
+dav = egg:repoze.pam#davchooser
+
+[plugin:xmlrpc]
+xmlrpc = egg:repoze.pam#xmlrpcchooser
+
+[classifiers]
+plugins =
+ browser
+ dav
+ xmlrpc
+
+[extractors]
+plugins =
+ cookieauth
+ basicauth
+
+[authenticators]
+plugins =
+ fileusers
+ sqlusers
+
+[challengers]
+plugins =
+ cookieauth
+ basicauth
+
Added: repoze.pam/trunk/repoze/pam/interfaces.py
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/repoze/pam/interfaces.py Sat Feb 23 06:33:20 2008
@@ -0,0 +1,109 @@
+from zope.interface import Interface
+
+class IExtractorPlugin(Interface):
+
+ """ On ingress: Extract credentials from the WSGI environment.
+ """
+
+ def extract(environ):
+ """ environ -> { 'login' : login
+ , 'password' : password
+ , k1 : v1
+ , ...
+ , kN : vN
+ } | {}
+
+ o 'environ' is the WSGI environment.
+
+ o If credentials are found, the returned mapping will contain at
+ least 'login', 'password', 'remote_host' and 'remote_addr' keys.
+
+ o Return an empty mapping to indicate that the plugin found no
+ appropriate credentials.
+ """
+
+class IAuthenticatorPlugin(Interface):
+
+ """ On ingress: Map credentials to a user ID.
+ """
+
+ def authenticate(environ, credentials):
+ """ credentials -> userid
+
+ o 'environ' is the WSGI environment.
+
+ o 'credentials' will be a mapping, as returned by IExtractionPlugin.
+
+ o If credentials are found, the userid will be returned; this will
+ be the value placed into the REMOTE_USER key in the environ
+ to be used by downstream applications.
+
+ o If the credentials cannot be authenticated, return None.
+ """
+
+class IChallengerPlugin(Interface):
+
+ """ On ingress: Initiate a challenge to the user to provide credentials.
+
+ o 'environ' is the WSGI environment.
+
+ o Challenge plugins have an attribute 'protocols' representing
+ the protocols the plugin operates under, defaulting to None.
+
+ o Only challenge plugins which match the current request's
+ protocol will be asked to perform a challenge.
+
+ o If no challenge plugins satisfy the current request's
+ protocol, a default exception will be raised.
+
+ o If no challenge plugins themselves raise an exception, a
+ default exception will be raised.
+ """
+
+ def challenge(environ):
+
+ """ Examine the environ and perform one of the following two
+ actions:
+
+ - Raise an exception which can be interpreted by
+ left-hand-side middleware should gather credentials
+ (present a form, show a basic auth dialog).
+
+ - Do nothing.
+
+ The return value of this method is ignored.
+ """
+
+class ICredentialsUpdaterPlugin(Interface):
+
+ """ On egress: user has changed her password.
+
+ This interface is not responsible for the actual password change,
+ it is used after a successful password change event in a
+ downstream application.
+
+ It is called when the repoze.pam middleware intercepts a
+ 'repoze.pam.update' key in the WSGI environ during egress.
+ """
+
+ def update(environ, login, new_password):
+
+ """ Scribble as appropriate.
+ """
+
+class ILogoutPlugin(Interface):
+
+ """ On egress: user has logged out.
+
+ It is called when the repoze.pam middleware intercepts an
+ ResetCredentialsException from downstream middleware.
+
+ It is called when the repoze.pam middleware intercepts a
+ 'repoze.pam.reset' key in the WSGI environ during egress.
+ """
+
+ def logout(environ):
+
+ """ Scribble as appropriate.
+ """
+
Added: repoze.pam/trunk/setup.py
==============================================================================
--- (empty file)
+++ repoze.pam/trunk/setup.py Sat Feb 23 06:33:20 2008
@@ -0,0 +1,61 @@
+##############################################################################
+#
+# Copyright (c) 2007 Agendaless Consulting and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the BSD-like license at
+# http://www.repoze.org/LICENSE.txt. A copy of the license should accompany
+# this distribution. THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL
+# EXPRESS OR IMPLIED WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO,
+# THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND
+# FITNESS FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+
+__version__ = '0.1'
+
+import os
+
+from ez_setup import use_setuptools
+use_setuptools()
+
+from setuptools import setup, find_packages
+
+here = os.path.abspath(os.path.dirname(__file__))
+README = open(os.path.join(here, 'README.txt')).read()
+
+setup(name='repoze.pam',
+ version=__version__,
+ description=(
+ 'WSGI middleware which a) catches exceptions and turns them '
+ 'into an authentication challenge, b) performs authentication of'
+ 'user-supplied credentials against pluggable data sources.'),
+ long_description=README,
+ classifiers=[
+ "Development Status :: 1 - Planning",
+ "Intended Audience :: Developers",
+ "Programming Language :: Python",
+ "Topic :: Internet :: WWW/HTTP",
+ "Topic :: Internet :: WWW/HTTP :: Dynamic Content",
+ "Topic :: Internet :: WWW/HTTP :: WSGI",
+ "Topic :: Internet :: WWW/HTTP :: WSGI :: Application",
+ ],
+ keywords='web application server wsgi zope',
+ author="Agendaless Consulting",
+ author_email="repoze-dev at lists.repoze.org",
+ dependency_links=['http://dist.repoze.org'],
+ url="http://www.repoze.org",
+ license="BSD-derived (http://www.repoze.org/LICENSE.txt)",
+ packages=find_packages(),
+ include_package_data=True,
+ namespace_packages=['repoze'],
+ zip_safe=False,
+ tests_require = [],
+ install_requires=[],
+ test_suite="repoze.pam.tests",
+ entry_points = """\
+ [paste.filter_app_factory]
+ pam = repoze.pam.middleware:make_middleware
+ """
+ )
+
More information about the Repoze-checkins
mailing list