[Web-SIG] no_authkit_users_in_environ

Etienne Robillard tkadm30 at yandex.com
Wed Apr 9 17:19:58 CEST 2014 

Hello,

I'm trying to make cookie auth working with authkit but cannot
find a healthy solution. So far here's the code which i'm trying
to use for getting a users object into the environ:

#!/usr/bin/env python
from notmm.controllers.wsgi import WSGIController
from notmm.controllers.auth import LoginController
from notmm.utils.http import httpserver
from notmm.utils.configparse import loadconf

sample_app = WSGIController()
settings = sample_app.settings
global_conf = loadconf('auth.conf')
auth_conf = global_conf['authkit']
auth_app = LoginController(sample_app, auth_conf, settings=settings)

if __name__ == '__main__':
    httpserver.daemonize(auth_app, ('localhost', 8000))


And here's the login view to handle authentication:

def authenticate_user(request, username, password, tokens='', user_data=time.ctime,
    authfunc='paste.auth_tkt.set_user'):
    """Authenticate the user into the site and update the last_modified
    timestamp if authentication and authorization granted user access."""

    try:
        user_setter_func = request.environ[authfunc]
        if valid_password(request.environ, username, password):
            user_setter_func(username, tokens=tokens, user_data=user_data())
            #trigger function here to update the last_modified timestamp 
            log.debug('User %s has been authenticated and authorized access!!' % username)
        raise NotAuthenticatedError
    except (KeyError, Exception):
        raise NotAuthenticatedError
    return None

controller:


class AuthCookieController(SessionController):
    """
    Authentication controller to delegate authorization to generic
    user-defined backends.
    
    """

    request_class = HTTPRequest
    response_class = HTTPResponse

    def __init__(self, wsgi_app, auth_conf=None, **kwargs):
            
        super(AuthCookieController, self).__init__(**kwargs)

        #put a pointer on the previous wsgi app in the stack
        self.wsgi_app = wsgi_app

        self.auth_conf_wrapper = auth_middleware(wsgi_app,
            app_conf=auth_conf,
            cookie_secret='secret string',
            #handle_httpexception=False,
            valid=self.authenticate,
            #enforce=self.auth_conf['enforce']
            )
    
    def application(self, environ, start_response, exc_info=None):
        # apply the response middleware wrapper to
        # the WSGI stack and return a callable obj
        return self.auth_conf_wrapper(environ, start_response)


    def authenticate(self, username, password):
        """
        Authenticate with the provided ``username`` and ``password``. 
        
        Developers are expected to override this method in custom
        authentication subclasses.
        """

        if username == password:
            return username
        else:
            return None

LoginController = AuthCookieController

the traceback:

> /home/steiner/src/notmm/trunk/examples/auth/views/login.py(33)authenticate_user()
-> if valid_password(request.environ, username, password):
(Pdb) bt
  /home/steiner/src/notmm/trunk/examples/auth/redirect.py(15)<module>()
-> httpserver.daemonize(auth_app, ('localhost', 8000))
  /home/steiner/src/notmm/trunk/lib/notmm/utils/http/httpserver.py(157)daemonize()
-> server.serve()
  /home/steiner/src/notmm/trunk/lib/notmm/utils/http/httpserver.py(115)serve()
-> self.server.serve_forever()
  /usr/local/lib/python2.7/SocketServer.py(238)serve_forever()
-> self._handle_request_noblock()
  /usr/local/lib/python2.7/SocketServer.py(295)_handle_request_noblock()
-> self.process_request(request, client_address)
  /usr/local/lib/python2.7/SocketServer.py(321)process_request()
-> self.finish_request(request, client_address)
  /usr/local/lib/python2.7/SocketServer.py(334)finish_request()
-> self.RequestHandlerClass(request, client_address, self)
  /usr/local/lib/python2.7/SocketServer.py(649)__init__()
-> self.handle()
  /usr/local/lib/python2.7/wsgiref/simple_server.py(124)handle()
-> handler.run(self.server.get_app())
  /usr/local/lib/python2.7/wsgiref/handlers.py(85)run()
-> self.result = application(self.environ, self.start_response)
  /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/base.py(314)__call__()
-> return self.app(environ, start_response)
  /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/cookie.py(480)__call__()
-> return self.app(environ, cookie_setting_start_response)
  /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/multi.py(87)__call__()
-> app_iter = app(environ, start_response)
  /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/multi.py(55)app()
-> return self.default(environ, find)
  /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/base.py(304)__call__()
-> return self.app(environ, start_response)
  /home/steiner/src/notmm/trunk/examples/auth/views/login.py(96)login()
-> authenticate_user(request, username, password)
> /home/steiner/src/notmm/trunk/examples/auth/views/login.py(33)authenticate_user()
-> if valid_password(request.environ, username, password):
  /home/steiner/src/notmm/trunk/extras/libauthkit/authkit/authenticate/base.py(97)valid_password()
-> raise no_authkit_users_in_environ

And heres the config i use:
[authkit]

authkit.setup.enable = true
authkit.setup.method = redirect,cookie
authkit.setup.handle_exceptions = false

#authkit.authenticate.callback = authkit.authenticate.cookie2:middleware
#authkit.digest.authenticate.user.data = visitor:open_sesame
#authkit.digest.realm = 'Test realm'

# authentication options
authkit.redirect.url = /session_login/
#authkit.user.type = mainapp.accounts.model:UserManager


as you can see authkit middleware doesnt set up a proper users
object, which make authentication fail. Is there thus an alternative method
to set up the middleware to handle form authentication in authkit?

Regards,

Etienne

More information about the Web-SIG mailing list