Clean up

2026-06-29 16:30:04 +08:00 · 2012-08-23 20:37:27 -04:00
parent 6e754ed356
commit 6322b4cbe1
4 changed files with 45 additions and 83 deletions
@@ -142,25 +142,34 @@ def _get_pwd_context(app):
    return CryptContext(schemes=[pw_hash], default=pw_hash)


-def _get_serializer(app, salt):
-    secret_key = app.config.get('SECRET_KEY', 'secret-key')
+def _get_serializer(app, name):
+    secret_key = app.config.get('SECRET_KEY')
+    salt = app.config.get('SECURITY_%s_SALT' % name.upper())
    return URLSafeTimedSerializer(secret_key=secret_key, salt=salt)


-def _get_remember_token_serializer(app):
-    return _get_serializer(app, app.config['SECURITY_REMEMBER_SALT'])
+def _get_state(app, datastore, **kwargs):
+    for key, value in get_config(app).items():
+        kwargs[key.lower()] = value
+
+    kwargs.update(dict(
+        app=app,
+        datastore=datastore,
+        login_manager=_get_login_manager(app),
+        principal=_get_principal(app),
+        pwd_context=_get_pwd_context(app),
+        context_processors={},
+        remember_token_serializer=_get_serializer(app, 'remember'),
+        login_serializer=_get_serializer(app, 'login'),
+        reset_serializer=_get_serializer(app, 'reset'),
+        confirm_serializer=_get_serializer(app, 'confirm')
+    ))
+
+    return _SecurityState(**kwargs)


-def _get_reset_serializer(app):
-    return _get_serializer(app, app.config['SECURITY_RESET_SALT'])
-
-
-def _get_confirm_serializer(app):
-    return _get_serializer(app, app.config['SECURITY_CONFIRM_SALT'])
-
-
-def _get_login_serializer(app):
-    return _get_serializer(app, app.config['SECURITY_LOGIN_SALT'])
+def _context_processor():
+    return dict(url_for_security=url_for_security, security=_security)


 class RoleMixin(object):
@@ -272,7 +281,7 @@ class Security(object):
        if app is not None and datastore is not None:
            self._state = self.init_app(app, datastore, **kwargs)

-    def init_app(self, app, datastore=None, register_blueprint=True, **kwargs):
+    def init_app(self, app, datastore=None):
        """Initializes the Flask-Security extension for the specified
        application and datastore implentation.

@@ -289,48 +298,12 @@ class Security(object):

        identity_loaded.connect_via(app)(_on_identity_loaded)

-        if register_blueprint:
-            name = cv('BLUEPRINT_NAME', app=app)
-            url_prefix = cv('URL_PREFIX', app=app)
-            bp = create_blueprint(app, name, __name__,
-                                  url_prefix=url_prefix,
-                                  template_folder='templates')
-            app.register_blueprint(bp)
-
-        state = self._get_state(app, datastore, **kwargs)
-
+        state = _get_state(app, datastore)
+        app.register_blueprint(create_blueprint(state, __name__))
+        app.context_processor(_context_processor)
        app.extensions['security'] = state

-        app.context_processor(lambda: dict(url_for_security=url_for_security,
-                                           security=state))
-
        return state

-    def _get_state(self, app, datastore, **kwargs):
-        assert app is not None
-        assert datastore is not None
-
-        for key, value in get_config(app).items():
-            kwargs[key.lower()] = value
-
-        for key, value in [
-                ('app', app),
-                ('datastore', datastore),
-                ('login_manager', _get_login_manager(app)),
-                ('principal', _get_principal(app)),
-                ('pwd_context', _get_pwd_context(app)),
-                ('remember_token_serializer', _get_remember_token_serializer(app)),
-                ('context_processors', {})]:
-            kwargs[key] = value
-
-        kwargs['login_serializer'] = (
-            _get_login_serializer(app) if kwargs['passwordless'] else None)
-        kwargs['reset_serializer'] = (
-            _get_reset_serializer(app) if kwargs['recoverable'] else None)
-        kwargs['confirm_serializer'] = (
-            _get_confirm_serializer(app) if kwargs['confirmable'] else None)
-
-        return _SecurityState(**kwargs)
-
    def __getattr__(self, name):
        return getattr(self._state, name, None)
@@ -22,8 +22,6 @@ from . import utils
 # Convenient references
 _security = LocalProxy(lambda: current_app.extensions['security'])

-_logger = LocalProxy(lambda: current_app.logger)
-

 _default_unauthorized_html = """
    <h1>Unauthorized</h1>
@@ -129,8 +127,6 @@ def roles_required(*roles):
            perms = [Permission(RoleNeed(role)) for role in roles]
            for perm in perms:
                if not perm.can():
-                    _logger.debug('Identity does not provide the '
-                                  'roles: %s' % [r for r in roles])
                    return _get_unauthorized_view()
            return fn(*args, **kwargs)
        return decorated_view
@@ -157,10 +153,6 @@ def roles_accepted(*roles):
            perm = Permission(*[RoleNeed(role) for role in roles])
            if perm.can():
                return fn(*args, **kwargs)
-            r1 = [r for r in roles]
-            r2 = [r.name for r in current_user.roles]
-            _logger.debug('Current user does not provide a required role. '
-                          'Accepted: %s Provided: %s' % (r1, r2))
            return _get_unauthorized_view()
        return decorated_view
    return wrapper
@@ -37,9 +37,6 @@ _datastore = LocalProxy(lambda: _security.datastore)

 _pwd_context = LocalProxy(lambda: _security.pwd_context)

-_logger = LocalProxy(lambda: current_app.logger)
-
-
 def anonymous_user_required(f):
    @wraps(f)
    def wrapper(*args, **kwargs):
@@ -243,45 +243,45 @@ def reset_password(token):
                           **_ctx('reset_password'))


-def create_blueprint(app, name, import_name, **kwargs):
+def create_blueprint(state, import_name):
    """Creates the security extension blueprint"""

-    bp = Blueprint(name, import_name, **kwargs)
+    bp = Blueprint(state.blueprint_name, import_name,
+                   url_prefix=state.url_prefix,
+                   template_folder='templates')

-    if config_value('PASSWORDLESS', app=app):
-        bp.route(config_value('LOGIN_URL', app=app),
+    bp.route(state.logout_url, endpoint='logout')(logout)
+
+    if state.passwordless:
+        bp.route(state.login_url,
                 methods=['GET', 'POST'],
                 endpoint='login')(send_login)
-
-        bp.route(config_value('LOGIN_URL', app=app) + '/<token>',
+        bp.route(state.login_url + '/<token>',
                 methods=['GET'],
                 endpoint='token_login')(token_login)
    else:
-        bp.route(config_value('LOGIN_URL', app=app),
+        bp.route(state.login_url,
                 methods=['GET', 'POST'],
                 endpoint='login')(login)

-    bp.route(config_value('LOGOUT_URL', app=app),
-             endpoint='logout')(logout)
-
-    if config_value('REGISTERABLE', app=app):
-        bp.route(config_value('REGISTER_URL', app=app),
+    if state.registerable:
+        bp.route(state.register_url,
                 methods=['GET', 'POST'],
                 endpoint='register')(register)

-    if config_value('RECOVERABLE', app=app):
-        bp.route(config_value('RESET_URL', app=app),
+    if state.recoverable:
+        bp.route(state.reset_url,
                 methods=['GET', 'POST'],
                 endpoint='forgot_password')(forgot_password)
-        bp.route(config_value('RESET_URL', app=app) + '/<token>',
+        bp.route(state.reset_url + '/<token>',
                 methods=['GET', 'POST'],
                 endpoint='reset_password')(reset_password)

-    if config_value('CONFIRMABLE', app=app):
-        bp.route(config_value('CONFIRM_URL', app=app),
+    if state.confirmable:
+        bp.route(state.confirm_url,
                 methods=['GET', 'POST'],
                 endpoint='send_confirmation')(send_confirmation)
-        bp.route(config_value('CONFIRM_URL', app=app) + '/<token>',
+        bp.route(state.confirm_url + '/<token>',
                 methods=['GET', 'POST'],
                 endpoint='confirm_email')(confirm_email)