Skip to content

Instantly share code, notes, and snippets.

@mmerickel
Last active April 27, 2021 18:27
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save mmerickel/e530f16dae61cf2960d301c7c01309b0 to your computer and use it in GitHub Desktop.
Save mmerickel/e530f16dae61cf2960d301c7c01309b0 to your computer and use it in GitHub Desktop.
Basic Auth in Pyramid with simple ACLs
from pyramid.authentication import BasicAuthAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.config import Configurator
from pyramid.httpexceptions import HTTPForbidden
from pyramid.httpexceptions import HTTPUnauthorized
from pyramid.security import ALL_PERMISSIONS
from pyramid.security import Allow
from pyramid.security import Authenticated
from pyramid.security import forget
from pyramid.view import forbidden_view_config
from pyramid.view import view_config
@view_config(route_name='home', renderer='json', permission='view')
def home_view(request):
return {
'page': 'home',
'userid': request.authenticated_userid,
'principals': request.effective_principals,
'context_type': str(type(request.context)),
}
@forbidden_view_config()
def forbidden_view(request):
if request.authenticated_userid is None:
response = HTTPUnauthorized()
response.headers.update(forget(request))
# user is logged in but doesn't have permissions, reject wholesale
else:
response = HTTPForbidden()
return response
def check_credentials(username, password, request):
if username == 'admin' and password == 'admin':
# an empty list is enough to indicate logged-in... watch how this
# affects the principals returned in the home view if you want to
# expand ACLs later
return []
class Root:
# dead simple, give everyone who is logged in any permission
# (see the home_view for an example permission)
__acl__ = (
(Allow, Authenticated, ALL_PERMISSIONS),
)
def main(global_conf, **settings):
config = Configurator(settings=settings)
authn_policy = BasicAuthAuthenticationPolicy(check_credentials)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_root_factory(lambda request: Root())
config.add_route('home', '/')
config.scan(__name__)
return config.make_wsgi_app()
if __name__ == '__main__':
from waitress import serve
app = main({})
serve(app, listen='localhost:8000')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment