Changed configuration values to use the prefix "SECURITY_" instead of a nested dictionary for easier overidding

This commit is contained in:
Matt Wright
2012-03-08 23:02:39 -05:00
parent cd877adebe
commit 1a6cd10d09
3 changed files with 50 additions and 45 deletions
+4 -1
View File
@@ -36,7 +36,10 @@ def create_app(auth_config):
app = Flask(__name__)
app.debug = True
app.config['SECRET_KEY'] = 'secret'
app.config['AUTH'] = auth_config or {}
if auth_config:
for key, value in auth_config.items():
app.config[key] = value
@app.route('/')
def index():
+39 -37
View File
@@ -36,18 +36,16 @@ from werkzeug.local import LocalProxy
User, Role = None, None
AUTH_CONFIG_KEY = 'AUTH'
URL_PREFIX_KEY = 'url_prefix'
USER_MODEL_ENGINE_KEY = 'user_model_engine'
AUTH_PROVIDER_KEY = 'auth_provider'
PASSWORD_HASH_KEY = 'password_hash'
USER_DATASTORE_NAME_KEY = 'user_datastore_name'
LOGIN_FORM_KEY = 'login_form'
AUTH_URL_KEY = 'auth_url'
LOGOUT_URL_KEY = 'logout_url'
LOGIN_VIEW_KEY = 'login_view'
POST_LOGIN_VIEW_KEY = 'post_login_view'
POST_LOGOUT_VIEW_KEY = 'post_logout_view'
URL_PREFIX_KEY = 'SECURITY_URL_PREFIX'
AUTH_PROVIDER_KEY = 'SECURITY_AUTH_PROVIDER'
PASSWORD_HASH_KEY = 'SECURITY_PASSWORD_HASH'
USER_DATASTORE_KEY = 'SECURITY_USER_DATASTORE'
LOGIN_FORM_KEY = 'SECURITY_LOGIN_FORM'
AUTH_URL_KEY = 'SECURITY_AUTH_URL'
LOGOUT_URL_KEY = 'SECURITY_LOGOUT_URL'
LOGIN_VIEW_KEY = 'SECURITY_LOGIN_VIEW'
POST_LOGIN_KEY = 'SECURITY_POST_LOGIN'
POST_LOGOUT_KEY = 'SECURITY_POST_LOGOUT'
DEBUG_LOGIN = 'User %s logged in. Redirecting to: %s'
ERROR_LOGIN = 'Unsuccessful authentication attempt: %s. Redirecting to: %s'
@@ -56,16 +54,16 @@ FLASH_INACTIVE = 'Inactive user'
FLASH_PERMISSIONS = 'You do not have permission to view this resource.'
default_config = {
URL_PREFIX_KEY: None,
PASSWORD_HASH_KEY: 'plaintext',
USER_DATASTORE_NAME_KEY: 'user_datastore',
AUTH_PROVIDER_KEY: 'flask.ext.security.AuthenticationProvider',
LOGIN_FORM_KEY: 'flask.ext.security.LoginForm',
AUTH_URL_KEY: '/auth',
LOGOUT_URL_KEY: '/logout',
LOGIN_VIEW_KEY: '/login',
POST_LOGIN_VIEW_KEY: '/',
POST_LOGOUT_VIEW_KEY: '/',
URL_PREFIX_KEY: None,
PASSWORD_HASH_KEY: 'plaintext',
USER_DATASTORE_KEY: 'user_datastore',
AUTH_PROVIDER_KEY: 'flask.ext.security.AuthenticationProvider',
LOGIN_FORM_KEY: 'flask.ext.security.LoginForm',
AUTH_URL_KEY: '/auth',
LOGOUT_URL_KEY: '/logout',
LOGIN_VIEW_KEY: '/login',
POST_LOGIN_KEY: '/',
POST_LOGOUT_KEY: '/',
}
class BadCredentialsError(Exception):
@@ -110,7 +108,7 @@ pwd_context = LocalProxy(lambda: current_app.pwd_context)
# User service
user_datastore = LocalProxy(lambda: getattr(current_app,
current_app.config[AUTH_CONFIG_KEY][USER_DATASTORE_NAME_KEY]))
current_app.config[USER_DATASTORE_KEY]))
def roles_required(*args):
roles = args
@@ -119,8 +117,7 @@ def roles_required(*args):
@wraps(fn)
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated():
c = current_app.config[AUTH_CONFIG_KEY]
return redirect(c[LOGIN_VIEW_KEY])
return redirect(current_app.config[LOGIN_VIEW_KEY])
if perm.can():
return fn(*args, **kwargs)
@@ -140,8 +137,7 @@ def roles_accepted(*args):
@wraps(fn)
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated():
c = current_app.config[AUTH_CONFIG_KEY]
return redirect(c[LOGIN_VIEW_KEY])
return redirect(current_app.config[LOGIN_VIEW_KEY])
for perm in perms:
if perm.can():
@@ -198,11 +194,18 @@ class Security(object):
"""
if app is None or datastore is None: return
blueprint = Blueprint(AUTH_CONFIG_KEY.lower(), __name__)
blueprint = Blueprint('auth', __name__)
config = default_config.copy()
config.update(app.config.get(AUTH_CONFIG_KEY, {}))
app.config[AUTH_CONFIG_KEY] = config
configured = {}
for key, value in default_config.items():
configured[key] = app.config.get(key, value)
app.config.update(configured)
config = app.config
#config = default_config.copy()
#config.update(app.config.get(AUTH_CONFIG_KEY, {}))
#app.config[AUTH_CONFIG_KEY] = config
# setup the login manager extension
login_manager = LoginManager()
@@ -219,7 +222,7 @@ class Security(object):
app.auth_provider = Provider(Form)
app.principal = Principal(app)
setattr(app, config[USER_DATASTORE_NAME_KEY], datastore)
setattr(app, config[USER_DATASTORE_KEY], datastore)
@identity_loaded.connect_via(app)
def on_identity_loaded(sender, identity):
@@ -270,7 +273,7 @@ class Security(object):
identity_changed.send(app, identity=AnonymousIdentity())
logout_user()
redirect_url = find_redirect(POST_LOGOUT_VIEW_KEY, config)
redirect_url = find_redirect(POST_LOGOUT_KEY)
logger.debug(DEBUG_LOGOUT % redirect_url)
return redirect(redirect_url)
@@ -361,14 +364,13 @@ def get_url(value):
def get_post_login_redirect():
return (get_url(request.args.get('next')) or
get_url(request.form.get('next')) or
find_redirect(POST_LOGIN_VIEW_KEY,
current_app.config[AUTH_CONFIG_KEY]))
find_redirect(POST_LOGIN_KEY))
def find_redirect(key, config):
def find_redirect(key):
# Look in the session first, and if not there go to the config, and
# if its not there either just go to the root url
result = (get_url(session.get(key.lower(), None)) or
get_url(config[key.lower()] or None) or '/')
get_url(current_app.config[key] or None) or '/')
# Try and delete the session value if it was used
try: del session[key.lower()]
except: pass
+7 -7
View File
@@ -104,13 +104,13 @@ class DefaultSecurityTests(SecurityTest):
class ConfiguredSecurityTests(SecurityTest):
AUTH_CONFIG = {
'password_hash': 'bcrypt',
'user_datastore_name': 'custom_datastore_name',
'auth_url': '/custom_auth',
'logout_url': '/custom_logout',
'login_view': '/custom_login',
'post_login_view': '/post_login',
'post_logout_view': '/post_logout'
'SECURITY_PASSWORD_HASH': 'bcrypt',
'SECURITY_USER_DATASTORE': 'custom_datastore_name',
'SECURITY_AUTH_URL': '/custom_auth',
'SECURITY_LOGOUT_URL': '/custom_logout',
'SECURITY_LOGIN_VIEW': '/custom_login',
'SECURITY_POST_LOGIN': '/post_login',
'SECURITY_POST_LOGOUT': '/post_logout'
}
def test_login_view(self):