Broken auth customization using ApplicationAuthMetadata
70 views
Skip to first unread message
Juraj Variny
Oct 13, 2012, 5:51:46 AM10/13/12
to turbo...@googlegroups.com
Hi, added straight-from-the-manual ApplicationAuthMetadata to my app_cfg.py:
and immediately got exception below. If I comment out the base_config.sa_auth.authmetadata setting, all works normally.
TIA,
Juraj
#This tells to TurboGears how to retrieve the data for your user
class ApplicationAuthMetadata(TGAuthMetadata):
def __init__(self, sa_auth):
self.sa_auth = sa_auth
def get_user(self, identity, userid):
return self.sa_auth.dbsession.query(self.sa_auth.user_class).filter_by(user_name=userid).first()
def get_groups(self, identity, userid):
return [g.group_name for g in identity['user'].groups]
def get_permissions(self, identity, userid):
return [p.permission_name for p in identity['user'].permissions]
base_config.sa_auth.authmetadata = ApplicationAuthMetadata(base_config.sa_auth)
and immediately got exception below. If I comment out the base_config.sa_auth.authmetadata setting, all works normally.
TIA,
Juraj
-------------------- Restarting --------------------
Traceback (most recent call last):
File "/home/juro/work/coinbr/tg2env/bin/paster", line 8, in <module>
load_entry_point('PasteScript==1.7.5', 'console_scripts', 'paster')()
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteScript-1.7.5-py2.7.egg/paste/script/command.py", line 104, in run
invoke(command, command_name, options, args[1:])
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteScript-1.7.5-py2.7.egg/paste/script/command.py", line 143, in invoke
exit_code = runner.run(args)
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteScript-1.7.5-py2.7.egg/paste/script/command.py", line 238, in run
result = self.command()
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteScript-1.7.5-py2.7.egg/paste/script/serve.py", line 284, in command
relative_to=base, global_conf=vars)
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteScript-1.7.5-py2.7.egg/paste/script/serve.py", line 321, in loadapp
**kw)
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 247, in loadapp
return loadobj(APP, uri, name=name, **kw)
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 272, in loadobj
return context.create()
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 710, in create
return self.object_type.invoke(self)
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 146, in invoke
return fix_call(context.object, context.global_conf, **context.local_conf)
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/util.py", line 59, in fix_call
reraise(*exc_info)
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/compat.py", line 22, in reraise
exec('raise t, e, tb', dict(t=t, e=e, tb=tb))
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/util.py", line 56, in fix_call
val = callable(*args, **kw)
File "/home/juro/work/coinbr/tg2env/Coin-Broker/coinbr/config/middleware.py", line 35, in make_app
app = make_base_app(global_conf, full_stack=True, **app_conf)
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/TurboGears2-2.2.0-py2.7.egg/tg/configuration/app_config.py", line 962, in make_base_app
app = self.add_auth_middleware(app, skip_authentication)
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/TurboGears2-2.2.0-py2.7.egg/tg/configuration/app_config.py", line 721, in add_auth_middleware
app = setup_auth(app, skip_authentication=skip_authentication, **auth_args)
File "/home/juro/work/coinbr/tg2env/lib/python2.7/site-packages/TurboGears2-2.2.0-py2.7.egg/tg/configuration/auth.py", line 229, in setup_auth
return PluggableAuthenticationMiddleware(app, **who_args)
TypeError: __init__() got an unexpected keyword argument 'permission_class'
Juraj Variny
Oct 13, 2012, 6:51:37 AM10/13/12
to turbo...@googlegroups.com
After some digging, I found out following:
It is necessary to comment out following settings in app_cfg.py . They were inherited from TG 2.1:
and commenting out line 169 (starting with who_args['authenticators']) in TurboGears2-2.2.0-py2.7.egg/tg/configuration/auth.py seems to fix the problem:
Dňa sobota, 13. októbra 2012 11:51:46 UTC+2 Juraj Variny napísal(-a):
It is necessary to comment out following settings in app_cfg.py . They were inherited from TG 2.1:
#base_config.sa_auth.group_class = model.Group
#base_config.sa_auth.permission_class = model.Permissionand commenting out line 169 (starting with who_args['authenticators']) in TurboGears2-2.2.0-py2.7.egg/tg/configuration/auth.py seems to fix the problem:
# If no identifiers are provided in repoze setup arguments
# then create a default one using AuthTktCookiePlugin.
if 'identifiers' not in who_args:
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
cookie = AuthTktCookiePlugin(cookie_secret, cookie_name,
timeout=cookie_timeout,
reissue_time=cookie_reissue_time)
who_args['identifiers'] = [('cookie', cookie)]
#who_args['authenticators'].insert(0, ('cookie', cookie))
# If no form plugin is provided then create a default
# one using the provided options.
Can anyone please confirm this so that I'm not inadvertently crippling something?
Juraj
Dňa sobota, 13. októbra 2012 11:51:46 UTC+2 Juraj Variny napísal(-a):
Alessandro Molina
Oct 13, 2012, 12:19:33 PM10/13/12
to turbo...@googlegroups.com
If you had to make a change to TurboGears itself then there is
something wrong in the way authentication is configured for your
application.
A working 2.2 authentication setup should look like:
base_config.sa_auth.cookie_secret = "ChangeME"
base_config.auth_backend = 'sqlalchemy'
base_config.sa_auth.user_class = model.User
from tg.configuration.auth import TGAuthMetadata
class ApplicationAuthMetadata(TGAuthMetadata):
[...]
base_config.sa_auth.dbsession = model.DBSession
base_config.sa_auth.authmetadata = ApplicationAuthMetadata(base_config.sa_auth)
base_config.sa_auth.form_plugin = None
base_config.sa_auth.charset = 'utf-8'
base_config.sa_auth.post_login_url = '/post_login'
base_config.sa_auth.post_logout_url = '/post_logout'
Nothing else should be required and might actually cause issues as
everything that is available inside sa_auth property is passed to
repoze setup and can actually change the way your authentication is
configured.
> --
> You received this message because you are subscribed to the Google Groups
> "TurboGears" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/turbogears/-/73dmR4UrHo0J.
>
> To post to this group, send email to turbo...@googlegroups.com.
> To unsubscribe from this group, send email to
> turbogears+...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/turbogears?hl=en.
something wrong in the way authentication is configured for your
application.
A working 2.2 authentication setup should look like:
base_config.sa_auth.cookie_secret = "ChangeME"
base_config.auth_backend = 'sqlalchemy'
base_config.sa_auth.user_class = model.User
from tg.configuration.auth import TGAuthMetadata
class ApplicationAuthMetadata(TGAuthMetadata):
[...]
base_config.sa_auth.dbsession = model.DBSession
base_config.sa_auth.authmetadata = ApplicationAuthMetadata(base_config.sa_auth)
base_config.sa_auth.form_plugin = None
base_config.sa_auth.charset = 'utf-8'
base_config.sa_auth.post_login_url = '/post_login'
base_config.sa_auth.post_logout_url = '/post_logout'
Nothing else should be required and might actually cause issues as
everything that is available inside sa_auth property is passed to
repoze setup and can actually change the way your authentication is
configured.
> You received this message because you are subscribed to the Google Groups
> "TurboGears" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/turbogears/-/73dmR4UrHo0J.
>
> To post to this group, send email to turbo...@googlegroups.com.
> To unsubscribe from this group, send email to
> turbogears+...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/turbogears?hl=en.
Juraj Variny
Oct 13, 2012, 4:25:42 PM10/13/12
to turbo...@googlegroups.com
The cause of the problem was that I had conflicting repoze.what libraries installed. So I removed repoze.* from site-packages, updated setup.py and setup.cfg from another newly quickstarted TG 2.2 project and ran it to install correct versions.
All this left me with question: How do you update files coming from quickstart process like setup.py when you upgrade TG? By hand?
Other problem was that I misunderstood the role of ApplicationAuthMetadata - it does not authenticate, only fetches the metadata after successful authentication is done. Can you please add this to the documentation? It maybe is not clear on first reading and I was under impression I can modify the authentication there (for example, to allow case-insensitive logins).
Regards and thanks for help!
Juraj
Dňa sobota, 13. októbra 2012 18:19:39 UTC+2 Alessandro Molina napísal(-a):
All this left me with question: How do you update files coming from quickstart process like setup.py when you upgrade TG? By hand?
Other problem was that I misunderstood the role of ApplicationAuthMetadata - it does not authenticate, only fetches the metadata after successful authentication is done. Can you please add this to the documentation? It maybe is not clear on first reading and I was under impression I can modify the authentication there (for example, to allow case-insensitive logins).
Regards and thanks for help!
Juraj
Dňa sobota, 13. októbra 2012 18:19:39 UTC+2 Alessandro Molina napísal(-a):
Reply all
Reply to author
Forward
0 new messages