Login

Access Control Mechanisms with mod_wsgi

Author:
johnnoone
Posted:
February 10, 2010
Language:
Python
Version:
1.1
Tags:
basic auth mod-wsgi config-file option-parser
Score:
0 (after 0 ratings)

Here my piece of code for managing users with WSGIAuthUserScript.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
#!/usr/bin/python
# -*- coding: utf-8 -*-

from __future__ import with_statement
from collections import defaultdict
import ConfigParser
import crypt
import random
import os

# Defaults settings
LOAD_FILE = SAVE_FILE = DEFAULT_FILE = os.path.join(os.path.dirname(__file__), 'auth.cfg')

TRACDB_PATH = '/home/tracmaster/sites/hg_trac/src/hg_trac/db/trac.db'


class groups_set(set):
    def __init__(self, arg):
        """
        Converts automatically a CSV row into a set of groups.
        """
        
        if isinstance(arg, (str, unicode)):
            arg = map(lambda x: x.strip(), arg.split())
        super(groups_set, self).__init__(arg)
    
    def remove(self, element):
        try:
            super(groups_set, self).remove(element)
        except KeyError:
            pass
    
    def __str__(self):
        return ' '.join(self)
    

def crypt_password(password):
    letters = 'abcdefghijklmnopqrstuvwxyz' \
              'ABCDEFGHIJKLMNOPQRSTUVWXYZ' \
              '0123456789/.'
    
    salt = random.choice(letters) + random.choice(letters)
    return crypt.crypt(password, salt)
    

def update_trac(users):
    import sqlite3 as sqlite
    
    connector = sqlite.connect(TRACDB_PATH)
    cursor = connector.cursor()
    
    for login, user in users.iteritems():
        cursor.executemany("replace into session_attribute values (?, 1, ?, ?)", 
            [(login, 'email', user.get('email', '')), (login, 'name', user.fullname)])
        connector.commit()
    cursor.close()
    

class User(dict):
    
    def __init__(self):
        """Default attributes"""
        
        self['groups'] = groups_set([])
    
    def __setitem__(self, name, value):
        if name == 'groups':
            # forces groups to be a groups_set
            value = groups_set(value)
        elif name == 'password':
            # crypts automatically password
            value = crypt_password(value)
            name = 'crypted_password'
        
        super(User, self).__setitem__(name, value)
    
    @property
    def fullname(self):
        fullname = "%s %s" % (self.get('firstname', ''), self.get('lastname', ''))
        return fullname.strip()
    

class UsersDict(dict):
    """
    Proxifies the configuration file."""
    
    save_pipelines = [update_trac]
    
    def __init__(self, load_file=LOAD_FILE, save_file=SAVE_FILE):
        self.load_file = load_file or DEFAULT_FILE
        self.save_file = save_file or self.load_file
    
    @property
    def _users(self):
        if not getattr(self, '_loaded', False):
            parser = ConfigParser.ConfigParser()
            parser.read(self.load_file)
            
            users = defaultdict(User)
            
            for name, value in parser.items('Users'):
                login, attr = name.rsplit('.', 1)
                users[login][attr] = value
                users[login].login = login
            
            self._loaded = users
        return self._loaded
    
    def __iter__(self):
        return self._users.__iter__()
    
    def __contains__(self, key):
        return key in self._users
    
    def __getitem__(self, name):
        return self._users[name]
    
    def __setitem__(self, name, value):
        if not isinstance(value, User): raise ValueError('Must be a User')
        
        self._users[name] = value
    
    def __delitem__(self, name):
        del self._users[name]
    
    def save(self):
        parser = ConfigParser.RawConfigParser()
        parser.add_section('Users')
        
        for login, infos in self._users.iteritems():
            for attr, value in infos.iteritems():
                if value is None: continue
                if isinstance(value, (list, tuple, set)):
                    v = ', '.join(value)
                else:
                    v = value
                parser.set('Users', '%s.%s' % (login, attr), value)
        
        with open(self.save_file, 'wb') as configfile:
            parser.write(configfile)
        
        for pipe in self.save_pipelines:
            pipe(self._users)
    

users = UsersDict()

def check_password(environ, user, password):
    if user not in users:
        return None
    return True
    
    if 'crypted_password' not in users[user]:
        # enforce password
        return False
    
    crypted_password = users[user]['crypted_password']
    return crypt.crypt(password, crypted_password) == crypted_password
    

def groups_for_user(environ, user):
    if user in users and 'groups' in users[user]:
        return list(users[user]['groups'])
    return []
    

if __name__ == '__main__':
    # des helpers
    # createuser [login] [password] [email] [firstname] [lastname]
    # set [login] [attr] [value]
    # set [login] password [new_password]
    # addgroup [login] [group]
    # delgroup [login] [group]
    
    from optparse import OptionParser
    parser = OptionParser(usage='%prog options [options [...]]',
        description='Allow you to manage authentification. '
                'Main options are : createuser, set, addgroup and delgroup.'
        )
    parser.add_option("-l", "--load-file", dest="loadfile", default=LOAD_FILE, help="set the cfg file to be read")
    parser.add_option("-s", "--save-file", dest="savefile", default=SAVE_FILE, help="set the cfg file to be written")
    parser.add_option("-t", "--tracdb-path", dest="tracdb_path", default=TRACDB_PATH, help="set the trac.db to be updated")
    
    (options, args) = parser.parse_args()
    
    LOAD_FILE = options.loadfile
    SAVE_FILE = options.savefile
    TRACDB_PATH = options.tracdb_path
    
    if not args: parser.print_help()
    
    if args[0] == 'set':
        try:
            login, attr, value = args[1], args[2], args[3:]
            users[login][attr] = ' '.join(value)
            users.save()
            print '%s.%s = %s' % (login, attr, ' '.join(value))
            exit(0)
        except IndexError:
            parser.set_usage('%prog set [login] [attr] [value]')
            parser.set_description('Exemple: set user1 password new_password')
            parser.print_help()
    elif args[0] == 'createuser':
        try:
            _, login, password, email, firstname, lastname = args
            users[login]['password'] = password
            users[login]['email'] = email
            users[login]['firstname'] = firstname
            users[login]['lastname'] = lastname
            users.save()
            print '%s.password =  %s' % (login, password)
            print '%s.email =     %s' % (login, email)
            print '%s.firstname = %s' % (login, firstname)
            print '%s.lastname =  %s' % (login, lastname)
            exit(0)
        except IndexError:
            parser.set_usage('%prog createuser [login] [password] [email] [firstname] [lastname]')
            parser.set_description('Exemple: createuser user1 new_password email@domain FirstName LastName')
            parser.print_help()
    elif args[0] == 'addgroup':
        try:
            login, groups = args[1], args[2:]
            for group in groups:
                users[login]['groups'].add(group)
            users.save()
            print '%s.group = %s' % (login, users[login]['groups'])
            exit(0)
        except IndexError:
            parser.set_usage('%prog addgroup [login] [group]')
            parser.set_description('Exemple: addgroup xba group1 group2 group3')
            parser.print_help()
    elif args[0] == 'delgroup':
        try:
            login, groups = args[1], args[2:]
            for group in groups:
                users[login]['groups'].remove(group)
            users.save()
            print '%s.group = %s' % (login, users[login]['groups'])
            exit(0)
        except IndexError:
            parser.set_usage('%prog delgroup [login] [group]')
            parser.set_description('Exemple: delgroup xba group1 group2 group3')
            parser.print_help()
    else:
        print 'Usage:   set [login] [attr] [value]'
        print 'Exemple: set user1 password new_password'
        print 'Usage:   createuser [login] [password] [email] [firstname] [lastname]'
        print 'Exemple: createuser user1 new_password email@domain FirstName LastName'
        print 'Usage:   addgroup [login] [group]'
        print 'Exemple: addgroup user1 group1 group2 group3'
        print 'Usage:   delgroup [login] [group]'
        print 'Exemple: delgroup user1 group1 group2 group3'
        exit(1)
        

More like this

  1. . by jeremydw 4 years, 10 months ago
  2. madslug by catellar 3 years, 10 months ago
  3. templatetag by faruk 6 months ago
  4. highlight text by nathantn 10 months, 2 weeks ago
  5. watermark by dingdongquan 4 years, 6 months ago

Comments

Please login first before commenting.