Skip to main content

Authentication plugin for Keg

Project description

Keg Auth’s Readme

https://circleci.com/gh/level12/keg-auth.svg?&style=shield&circle-token=b90c5336d179f28df73d404a26924bc373840257 https://codecov.io/github/level12/keg-auth/coverage.svg?branch=master&token=hl15MQRPeF

Flask extension in the Keg ecosystem to wrap authentication and authorization functionality. Keg-Auth provides helpers for auth model, view/authorization setup, protected navigation menus, and more.

Installation

  • Bare functionality: pip install keg-auth

  • With mail (i.e. with a mail manager configured, see below): pip install keg-auth[mail]

  • JWT (for using JWT tokens as authenticators): pip install keg-auth[jwt]

  • LDAP (for using LDAP target for authentication): pip install keg-auth[ldap]

  • OIDC (for OAuth, e.g. Okta or Auth0): pip install keg-auth[oidc]

  • Internationalization extensions: pip install keg-auth[i18n]

A Simple Example

For a simple example and a checklist of sorts for app setup, see the Getting Started guide in the docs.

Demo

Typical usage is demonstrated in https://github.com/level12/keg-app-cookiecutter

Development

To run this project’s tests:

  • Copy keg_auth_ta-config-example.py -> keg_auth_ta-config.py, update as needed

  • Override database addr &/or port with environment vars or docker compose override if needed.

  • docker-compose up [-d]

  • tox …

There is a test application defined that can be ran like:

  • cd keg_auth_ta

  • python app.py …

Changelog

0.5.3 released 2022-02-24

  • fix integrated auth tests (4318826)

0.5.2 released 2022-02-24

  • add OAuth authenticator to replace deprecated OIDC implementation (606c952)

  • add basic user/group/bundle CRUD tests to the integrated auth tests (0c84a2d)

  • BC break require rate-limiting setup by default, simplify configuration (7d7b532)

0.5.1 released 2022-02-22

  • warn on usage of OIDC authenticator due to current breakage in flask-oidc (c582781)

  • potential BC break use keg-elements field ordering scheme on the User form (ee31b79)

  • add class and code options to NavItems for better control of rendering (2842cc2)

  • clear flask session on logout, behavior can be turned off via config setting (71e6b10)

  • stop overriding a title block in templates, use config value to set the proper variable for the app template (210f227)

  • load orm entity in CRUD method (89bc7d4)

0.5.0 released 2022-02-21

  • use the Bootstrap 4 base form template from keg-elements (16c393a)

  • shift to authlib for verification token generate/verify - support generated itsdangerous tokens for now refs #147 (e96ac2e)

0.4.2 released 2022-01-20

  • replace commonmark with markdown-it-py (8b4822d)

0.4.1 released 2021-11-29

  • fix navigation use of callable permissions on classes/blueprints (f19f513)

  • user form: don’t assume csrf_token field exists (07fe642)

  • improve testing developer ux (b687c72)

0.4.0 released 2021-09-13

  • ensure grid header posts are supported (e0638dc)

  • shift to use Bootstrap 4 templates by default (39335bc)

  • centralize validation of permission sets in testing (9f04f1d)

  • ViewTestBase no longer delete users in setup, and provide hooks into user creation (7d72fc3)

  • enhance navigation menu options for login/logout cases (667a1ac)

  • rename package for proper semantics (6a6a202)

0.3.0 released 2021-07-06

  • click changed output for hidden inputs, resolve for set-password CLI (6cd5a09)

  • update python requirements and pip usage (760da0b)

  • add options to exclude specific HTTP methods from auth checks (b66d090)

  • update JWT usage to reflect flask-jwt-extended 4.0 breaking changes (1cd0895)

  • switch ldap requirement to python-ldap (63485f3)

0.2.28 released 2021-04-20

  • support args in http head requests (97f8961)

  • pin flask-jwt-extended < 4 until we support the update

0.2.27 released 2021-02-02

  • fix documentation of internationalization support (8a41f03)

  • make form/crud templates less opinionated about how base templates render page title (0b71303)

0.2.26 released 2021-01-29

  • Provide Spinx documentation (62aca54)

  • Provide a default JS handler for confirm-delete in crud-list (7b6785a)

  • Use marksafe and jinja templates instead of webhelpers2 (8f68e07)

  • Allow user to prevent sending welcome email after user form (3bb8f7a)

  • Validate that create_form returned a value (83ff034)

  • Trap integrity error on permission sync to mitigate race condition (4d7497c)

  • Move disabled_utc to be with the other fields (dd1bf5e)

0.2.25 released 2020-12-08

  • CRUD view passes through args set with self.assign (efeb7b7)

  • CRUD view edit/delete performs authorization prior to ID lookup (efeb7b7)

  • CRUD view added webgrid render limit handling (efeb7b7)

0.2.24 released 2020-07-09

  • Fix inconsistent CLI argument ordering in tests (d9a62c0)

0.2.23 released 2020-06-11

  • Allow applications to enforce custom password policies (7111c20)

  • Check translations in CI (825d32e)

0.2.22 released 2020-04-16

  • Allow rate-limiting of login and password resets (d243b75)

  • Add more config flexibility for OIDC (39beae0)

0.2.21 released 2020-04-02

  • Resolve fuzzy/missing translations (a78de96)

  • Add inactivation date for users (requires migration to add a field) (0020fbd)

  • Support latest Flask-Login (ba59925)

  • Allow unverified users to reset their passwords (8888386)

  • Pin keg-elements requirement to support CRUD checkboxes (e59fcc1)

  • Include an Allow header for 405 responses (a2a3091)

  • Support multiple LDAP targets (b895aad)

  • Handle HEAD requests (b16a7e4)

  • Remove six dependency (477a415)

0.2.20 released 2020-03-24

  • OIDC and related updates (fab68f5)

  • Add OIDC authenticator and login/logout view responders

  • Fix missing page header for Permissions view

  • Allow passing blueprint kwargs to make_blueprint

  • Easier disabling of specific auth views

  • Allow view responder flash messages to be disabled

  • Drop bulk permission controls (better templating now in keg-elements)

0.2.19 released 2020-02-21

  • Improve Usability of Permission Dropdown (479e985)

  • Pin Flask Login (00ea957)

0.2.18 released 2020-01-10

  • add CLI command for dev to set password (d488bc9)

0.2.17 released 2019-12-12

  • ensure token is present for resending verification email (01b566f)

0.2.16 released 2019-12-02

  • fix CRUD edit form default values for relationships (01893f9)

0.2.15 released 2019-11-27

  • fix bundle grid setup for CRUD view (b772f01)

0.2.14 released 2019-11-21

  • fix template issue related to select2 updates (373739b)

  • make auth testing helpers more generic (b90ee96)

0.2.13 released 2019-11-08

  • use select2 to render selects on the user management views (30ff332)

  • fix breakage with keg 0.8.1 (3f5668d)

  • adjust CI environments to use (b9b4fb4)

  • auth test helpers use endpoints to find correct url (76a1222)

0.2.12 released 2019-10-03

  • support decorating flask class-based views (3d8a6cb)

  • fix LDAP authenticator for missing user case (19d184e)

0.2.11 released 2019-09-27

  • fix permission sync method and test hook (a56eda4)

  • fix FontAwesome usage on CRUD list view template (64f759a)

  • support lazy strings and icons in navigation helpers and templates (4473571)

  • remove flask version pin (ab47362)

0.2.10 released 2019-09-18

  • fix testing utils mock import to prevent needing mock dependency (da197df)

0.2.9 released 2019-07-27

  • Provide a hook on the CRUD base class to allow overriding the default add url generation (#74) (7eea8bb)

0.2.8 released 2019-06-17

  • resolve bug in testing permission existence check (feccb98)

0.2.7 released 2019-06-07

  • make custom action access control easier (63921ee)

  • enforce test permissions are specified to the auth manager (794f320)

  • correct the MRO order in CRUD forms and testing models (2f4c451)

  • add get_current_user helper method (cae02a2)

  • make grid action column link CSS classes customizable (aa1bc21)

  • ensure CRUD view passes in desired template args (aae3dad)

0.2.6 released 2019-02-12

  • Merge pull request #60 from level12/move-sync-perms-to-entity (3181691)

  • update readme to remove reference to view-scoped authenticators (514c202)

0.2.5 released 2018-11-14

  • Allow make_blueprint to accept a custom blueprint class (fe635b2)

  • Add a link to resend verification email (f7a6191)

  • Add optional i18n support using morphi (790d3ab)

  • Fix intermittent test failure resulting from login timestamp (cde083b)

  • Refactor CRUD form/grid render to extract template args (34d4a20)

0.2.4

  • Show verification URL on CLI even if mail flag is off

0.2.3

  • Fix requires_user decorator for usage with blueprints

0.2.1

  • Fix nav items to cache on per user basis

  • Fix token generated in CLI having an unknown timezone applied

0.2.0

  • Support permissions

  • Decorate blueprints, classes, methods for user/permission requirements

  • Support request loaders for tokens

0.1.0

  • Initial release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Keg-Auth-0.5.3.tar.gz (110.5 kB view hashes)

Uploaded Source

Built Distribution

Keg_Auth-0.5.3-py2.py3-none-any.whl (118.8 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page