Up One Level Module Reference Contents Module Index Index
Previous: Up: 1.15.4 The PythonWeb Middleware Next:

1.15.4.6 web.wsgi.auth - User Permission Handling

Auth handling middleware determines which user is currently signed in and provides a User object which has information about that user. Auth sign in functionality is left to the application but is made extremely easy through the use of an sign in handler class.

The web.wsgi.auth module provides one class Auth which adds the following information to the environ dictionary based on the parameters specified in the class constructor.

environ['web.auth.username'] and environ['REMOTE_USER']
The username of the user who is currently signed in.

environ['web.auth.user']
A User for the user who is currently signed in.

environ['web.auth.session']
An AuthSession object as returned by web.auth.session() used to manage whether a user is currently signed in or not.

environ['web.auth.manager']
A session UserManager object as returned by web.auth.manager() used to manage applications and users.

The example below demonstrates how to check if a user is signed in and if they are not signed in, provide them with a sign in form and handle the submissions until they are signed in. 

import sys; sys.path.append('../')
from web.wsgi import *

# Sign In Application
class simpleApp(base.BaseApplication):
    def start(self):
        # Create some sample data
        if not self.environ['web.auth.manager'].applicationExists('app'):
            self.environ['web.auth.manager'].addApplication('app')
            self.environ['web.auth.manager'].addUser(
                'john',
                'bananas',
                'John',
                'Smith',
                'johnsmith@example.com',
            )
            self.environ['web.auth.manager'].setAccessLevel('john', 'app', 1)
        # See if anyone is signed in
        if self.environ.has_key('web.auth.user'):
            self.output('Already signed in')
        else: 
            # Try to login
            import web.auth.handler.signIn
            signInHandler = web.auth.handler.signIn.SignInHandler(
                session = self.environ['web.auth.session'], 
                manager = self.environ['web.auth.manager'],
                cgi = self.environ['web.cgi'],
            )
            error = signInHandler.handle()
            if error:  
                # Display the error form
                self.output('<html><body><h1>Please Sign In</h1>%s</body></html>'%error)
            else:
                # We have just signed in
                self.output('Signed in successfully')
        self.environ['web.database.connection'].commit()

# Middleware Setup
application = error.Error(
    database.Database(
        environment.Environment(
            session.Session(
                cgi.CGI(
                    auth.Auth(
                        simpleApp(), 
                        app='test', 
                        setupEnvironment=1,
                        expire=30,
                        idle=10,
                    ),
                ),
                app = 'testApp',
                expire = 1000,
                setupEnvironment = 1,
            ),
            name = 'testEnv',
            storage = 'database',
        ),
        adapter = 'snakesql',
        database = 'wsgi-auth',
        autoCreate = 1,
    ),
)
Download as text (original file name: wsgiAuth.py).

You can test this example by running the WSGI server scripts/WSGIServer.py and visiting http://localhost:8000/auth

Up One Level Module Reference Contents Module Index Index
Previous: Up: 1.15.4 The PythonWeb Middleware Next:
Documentation released on January 31, 2005.