seganndb_login

Release 1.0

Pyramid login module for SegAnnDB login

Homepage PyPI Python

Keywords
wsgi, pylons, pyramid, auth, authentication, debug
License
Other
Install
pip install seganndb_login==1.0

Documentation

SegAnnDB-login

This repository is a clone of original pyramid_google_login

It contains modifications done in code to make it work with SegAnnDB

Approach

pyramid_google_login does not handle any kind of authentication policy by itself. It only helped in fetching the user profile details from google. I made a workaround, now it sets a cookie in the response which is equivalent to the user_id (email)

Some bugs were also fixed, turns out the original version did not work with the a latest version of pyramid anymore, so a couple bugs were fixed as well.

On pypi -

This package will be uploaded to pypi as well, under the same name.

Setup: Application

Once seganndb_login is installed, you must use the config.include mechanism to include it into your Pyramid project's configuration. In your Pyramid project's __init__.py:

 config = Configurator(.....)
 config.include('pyramid_google_login')

Alternately you can use the pyramid.includes configuration value in your .ini file:

   [app:myapp]
   pyramid.includes = pyramid_google_login

Setup: settings

Mandatory settings:

   security.google_login.client_id = xxxxxxx.apps.googleusercontent.com
   security.google_login.client_secret = xxxxxxxxxxxxxxxxxxxxxxxxx

Optional settings:

   # List of Google scopes (`email` is automatically included)
   security.google_login.scopes = email

   # Set the access type to `offline` to get a refresh_token (default: online)
   security.google_login.access_type = online

   # Field used to extract the userid (generally `email` or `id`)
   security.google_login.user_id_field = email

   # Restrict authentication to a Google Apps domain
   security.google_login.hosted_domain = example.net

   # Redirect destination for logged in user.
   security.google_login.landing_url = /
   security.google_login.landing_route = my_frontend_route
   security.google_login.landing_route = mymodule:static/

   # Add a banner on the sign in page
   security.google_login.signin_banner = Welcome on Project Euler

   # Add an advice on the sign in page
   security.google_login.signin_advice = Ask Dilbert for access

Setup: Google project

  • Create a project on https://console.developers.google.com

  • Create a OAuth Client ID

    • Choose a Web Application application type

    • Add all variants of your host in Javascript Origins

      • Secure and non secure url are differentiated
      • Optionally include your development host with http://localhost:6543 rather than an http://127.0.0.1:6543 (it would be refused)

Notes:

  • No Permissions are needed by pyramid_google_login itself.
  • Client ID parameters are heavily cached. In development, re-creating a client id is often the best idea.

General Usage

When a user must be authenticated by Google, he must be sent to the auth_signin route url. The helper method pyramid_google_login.redirect_to_signin redirect the user to the sign in page. This helper is handy to specify the next url and an optional message.

   @forbidden_view_config()
   def unauthenticated(context, request):
       return redirect_to_signin(request, url=request.path_qs)

Once the user is authenticated, the UserLoggedIn pyramid event is broadcasted. The application can perform subsequent validations, create the user profile or update it.

After that, the pyramid.security.remember helper is called.

Then, the user will be redirected to an url specified by:

  • query parameter (signin page): url
  • setting: security.google_login.landing_url
  • fallback: /

When a user must be logged out, he must be directed on the auth_logout route url. Once logged out, he will be redirected back to the sign in page.

Offline Usage

If you want to call the Google APIs on behalf of the user, you must store the OAuth2 tokens provided in the UserLoggedIn event. The access_token is usable for an expires_in period. Then the refresh_token must be used to refresh the access_token. This refresh_token is valide until the user revoke the application permissions.

By default, the only scope requested is email to identify the user. To call other Google APIs, you must add the related scopes as this:

   [app:myapp]

   security.google_login.scopes =
       email
       https://www.googleapis.com/auth/admin.directory.user.readonly

Events

UserLoggedIn

The user has logged in by Google.

Properties:

  • userid

  • oauth2_token

    • access_token
    • expires_in
    • refresh_token

  • user_info

    • Google user_info properties...

UserLoggedOut

The user has logged out.

Properties:

  • userid

All the related information to user_profiles can be found in file views.py

Remembering User Authentication

To remember user authentication, we set a cookie in response. You will have to handle client side login/logout by yourself.

Development

Running tests::

$ pip install -r requirements-test.txt $ nosetests

Running pylama (linters)::

$ pip install pylama ... $ pylama

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
1
Latest release
First release
Stars
0
Forks
0
Watchers
1
Contributors
1
Repository size
28.3 KB
SourceRank
5

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.0

Contributors

Abhishek Shrivastava


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-21 15:35:05 UTC

Login to resync this project