10 # FOR A PARTICULAR PURPOSE. |
10 # FOR A PARTICULAR PURPOSE. |
11 # |
11 # |
12 |
12 |
13 __docformat__ = 'restructuredtext' |
13 __docformat__ = 'restructuredtext' |
14 |
14 |
15 |
|
16 # import standard library |
|
17 import logging |
15 import logging |
18 logger = logging.getLogger('PyAMS (security)') |
16 logger = logging.getLogger('PyAMS (security)') |
19 |
17 |
20 from functools import lru_cache |
18 from functools import lru_cache |
21 |
19 |
22 # import interfaces |
20 from beaker.cache import cache_region |
23 from pyams_security.interfaces import ISecurityManager, ICredentialsPlugin, IAuthenticationPlugin, \ |
21 from pyramid.authentication import AuthTktCookieHelper |
24 IDirectoryPlugin, AuthenticatedPrincipalEvent, IProtectedObject, IGroupsAwareDirectoryPlugin |
22 from pyramid.decorator import reify |
25 from pyramid.interfaces import IAuthenticationPolicy |
23 from pyramid.interfaces import IAuthenticationPolicy |
26 |
24 from pyramid.location import lineage |
27 # import packages |
25 from pyramid.security import Authenticated, Everyone |
28 from pyams_security.principal import UnknownPrincipal, MissingPrincipal |
26 from zope.container.folder import Folder |
|
27 from zope.interface import implementer |
|
28 from zope.schema.fieldproperty import FieldProperty |
|
29 |
|
30 from pyams_security.interfaces import AuthenticatedPrincipalEvent, IAuthenticationPlugin, ICredentialsPlugin, \ |
|
31 IDirectoryPlugin, IGroupsAwareDirectoryPlugin, IProtectedObject, ISecurityManager |
|
32 from pyams_security.principal import MissingPrincipal, UnknownPrincipal |
29 from pyams_utils.registry import query_utility |
33 from pyams_utils.registry import query_utility |
30 from pyams_utils.request import check_request, request_property |
34 from pyams_utils.request import check_request, request_property |
31 from pyams_utils.wsgi import wsgi_environ_cache |
35 from pyams_utils.wsgi import wsgi_environ_cache |
32 from pyramid.authentication import AuthTktCookieHelper |
|
33 from pyramid.decorator import reify |
|
34 from pyramid.location import lineage |
|
35 from pyramid.security import Everyone, Authenticated |
|
36 from zope.container.folder import Folder |
|
37 from zope.interface import implementer |
|
38 from zope.schema.fieldproperty import FieldProperty |
|
39 |
36 |
40 |
37 |
41 @implementer(ISecurityManager) |
38 @implementer(ISecurityManager) |
42 class SecurityManager(Folder): |
39 class SecurityManager(Folder): |
43 """Security manager utility""" |
40 """Security manager utility""" |
131 if principal is not None: |
128 if principal is not None: |
132 principal = self.get_principal(principal.id) |
129 principal = self.get_principal(principal.id) |
133 if principal is not None: |
130 if principal is not None: |
134 return principal.id |
131 return principal.id |
135 |
132 |
136 # @cache_region('short', 'security_plugins_principals') |
133 @cache_region('short', 'security_plugins_principals') |
137 def _get_plugins_principals(self, principal_id): |
134 def _get_plugins_principals(self, principal_id): |
138 principals = set() |
135 principals = set() |
139 # get direct principals |
136 # get direct principals |
140 for plugin in self.get_directory_plugins(): |
137 for plugin in self.get_directory_plugins(): |
141 principals |= set(plugin.get_all_principals(principal_id)) |
138 principals |= set(plugin.get_all_principals(principal_id)) |
211 See `pyramid.authentication.AuthTktAuthenticationPolicy` to get description |
208 See `pyramid.authentication.AuthTktAuthenticationPolicy` to get description |
212 of other constructor arguments. |
209 of other constructor arguments. |
213 """ |
210 """ |
214 |
211 |
215 def __init__(self, secret, |
212 def __init__(self, secret, |
216 credentials=('http', ), |
213 credentials=('http',), |
217 cookie_name='auth_ticket', |
214 cookie_name='auth_ticket', |
218 secure=False, |
215 secure=False, |
219 include_ip=False, |
216 include_ip=False, |
220 timeout=None, |
217 timeout=None, |
221 reissue_time=None, |
218 reissue_time=None, |