CherryPy Project Download

lg_authority

available at http://www.github.com/wwoods/lamegame_cherrypy_authority

About

lg_authority is an authentication and authorization control suite for CherryPy. It handles user registration, group management, and provides functions for denying access to protected resources. The module is designed to be (relatively) easy to use, but at the same time be extensible enough that it may be customized through standard CherryPy configuration.

Supported registration methods:

  • E-mail - Either required to create an account, or supplementary for account recovery
  • OpenID - If python-openid is installed, users may choose to use an OpenID instead of a password. lg_authority also allows users to use your site as an OpenID provider.
  • Admin approved only - If you only have a small number of approved users for your app (such as an internal team), lg_authority lets those users request accounts and you approve them.
  • Recaptcha - Validate that registering users are, in fact, humans (requires recaptcha-client and valid configuration)

The module also provides:

  • Namespaced, expiring, key-value storage - currently supports ram, sqlite3, and mongodb
  • Non-locking sessions - usually used in place of cherrypy.lib.sessions
  • User information in handlers - cherrypy.user.id = logged in username; cherrypy.user itself is a dict of known user attributes
  • Long-term storage for user activities - cherrypy.user.slate is like a session, except it may span multiple logins

Installation

This software should be compatible with both python 2 and 3, though features may be limited depending the python language support of the libraries that those features depend on. For instance, the mongodb storage driver requires pymongo, which is available only for Python 2 at the time of this writing.

Either download and extract the source from github or use git to clone from git://github.com/wwoods/lamegame_cherrypy_authority.git. Then run

  python setup.py install

From the source directory to install lg_authority.

Example Usage

Unlike a conventional tool, lg_authority also requires a mounted object through which it serves its special pages for authentication and user management. This object is presumed by the default configuration to be mounted at /auth on the webserver.

Complete Simple Example

The following code runs a cherrypy application that uses lg_authority for authentication.

import cherrypy
import lg_authority

#Restrict default access to logged in users
@lg_authority.groups('auth')
class Root(object):
    """CherryPy server root"""

    auth = lg_authority.AuthRoot()
    auth__doc = "The object that serves authentication pages"

    #Allow everyone to see the index page
    @cherrypy.expose
    @lg_authority.groups('any')
    def index(self):
        return '<p>Welcome!</p><p>Would you like to <a href="protected">view protected information?</a></p>'

    #This method inherits restricted access from the Root class it belongs to
    @cherrypy.expose
    def protected(self):
        return '<p>Welcome, {user}!</p>'.format(user=cherrypy.user.id)

#Turn on lg_authority for our website
cherrypy.config.update({
    'tools.lg_authority.on': True
    })

#Run the webserver
cherrypy.quickstart(Root())

Configuration

See lg_authority/common_config.py for a rather large dict of all configuration variables and their default values.

Wishlist

Features

  • Put things here that should be considered for inclusion in the library... or post an issue on github.

Documentation Complaints

  • Put things here that are issues with this page.

Hosted by WebFaction

Log in as guest/cherrypy to create/edit wiki pages