Skip to main content

pyramid_fullauth provides full authentication / authorisation implementation for pyramid applications

Project description

pyramid_fullauth

Latest PyPI version Documentation Status Number of PyPI downloads Wheel Status License

Pyramid fullauth’s provides full user registration and management functionality for pyramid based web applications.

Package resources

Tests

You’ll need: packages defined in extra_requires[tests] to run tests, and then:

py.test

CHANGELOG

1.0.0

  • [packaging] use setup.cfg to define package metadata nad options

  • [cleanup] blackify codebase

  • [enhancement] move CI to github-actions

  • [breaking] removed dependency on tzf.pyramid_yml and pymlconf. All configuration has to be handled within .ini file now.

  • [enhancement] refactored route_predicates. Now user_path_hash can handle all user hashes.

  • [enhancement] Changed default cookie session factory from UnencryptedCookieSessionFactoryConfig to SignedCookieSessionFactory.

  • [enhancement] Use require_csrf instead of use_csrf view decorator predicate. This raises now 400 http error instead of 401 in case of bad or no csrf token when required.

  • [enhancement] Set default session serializer as JSONSerializer to comply with pyramid’s 2.0 change

  • [enhancement] Require minimum pyramid 1.10.

  • [enhancement] properly lint code through pylint an fix found issues

  • [security] Set minimum requirement for SQLAlchemy to be at least 1.3.0 to protect against CVE-2019-7164 and CVE-2019-7548

0.6.0

  • increased the size of password and salt fields to 128 characters each

  • default password hashing algorithm is sha256

0.5.0

  • full python3 compatibility, since velruse migrated to py3 enabled requests-oauth

  • require velruse 1.1.1

  • run tests with sqlalchemy 1.0.x

  • small updates to conform with new linters versions embedded in pylama

0.4.1

  • fixed spelling for error message when user does not exist while trying to reset password.

  • require pyramid_basemodel at least version 0.3

0.4.0

  • python 3 compatibility (without oauth2 though)

  • cleared use of deprecated function pyramid.security.authenticated_userid in favour of pyramid.request.Request.authenticated_userid attribute.

  • make email fields case insensitive by using hybrid properties and CaseInsensitive comparator for model.

0.3.3

  • Fix issue where groupfined was returning empty list instead of None when user did not existed

0.3.2

  • catch all HTTPRedirect instead of just HTTPFound.

  • redirect with HTTPSeeOther instead of HTTPFound where applicable.

0.3.1

  • fixes MANIFEST.in to include yaml files - fixes #33.

0.3.0

Features

  • configure root factory if it hasn’t been already done

  • configure session factory only if it hasn’t been configured before

  • configure authorization policy only if it hasn’t been configured before

  • configure authentication policy only if it hasn’t been configured before

  • logged in user will be redirected always away from login page

  • views reorganisation - grouping by their function

  • replaced force_logout decorator with logout request method

  • small login view simplification

tests

  • rewritten tests to use pytest_pyramid

  • unified session with pyramid_basemodel’s

  • parametrize tests against two most recent pyramid versions and sqlalchemy

  • turned on pylama to check code with linters:
    • pep8

    • pep257

    • pyflakes

    • mccabe

  • add pytest-dbfixtures, and run tests against postgresql and mysql as well

  • drop python 2.6 from tests

  • 100% test coverage

0.2.3

  • weaker pyramid_yml requirements. Use registry['config'] instead of request.config which gets added only when explicitly including tzf.pyramid_yml package.

  • remove default_config with permission set for forbidden views. Throwning errors in pyramid 1.5a3

  • remove lazy=’load’ for relationship between AuthenticationProvider and User models as it was incorrect. Fixes error while using with sqlalchemy 0.9

0.2.2

  • copy all headers when login user. fixes issue, when headers set in AfterLogin event would not get passed

0.2.1

  • fixed csrf_check in password:reset:continue action

  • updated translation files

0.2.0

  • migrated tests to py.test

  • removed nose and lxml from test requirements

  • extracted UserEmailMixin from User model

  • validation exception improvements

  • set licensing to MIT License

  • fixed general error message for register_POST processing

  • activate action no longer gives 404 error after first use. Default is message about token being invalid or used [veronicazgirvaci]

  • extending csrf_check predicate:
    • Can be turned on/off in settings.

    • Failed check rises 401 Unauthorised error

Backwards Incompatibilities

  • token variable is changed into csrf_token in fullatuh views

  • view no longer returns error messages on failed csrf token. Rises 401 Unauthorised error instead.

0.1.0

  • add localize to requirements. Ability to translate registerlogin communicates

  • ability to set custom session factory [with Veronica Zgirvaci help]

  • moved password validation to one place

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyramid_fullauth-1.0.0.tar.gz (29.5 kB view details)

Uploaded Source

Built Distribution

pyramid_fullauth-1.0.0-py3-none-any.whl (44.3 kB view details)

Uploaded Python 3

File details

Details for the file pyramid_fullauth-1.0.0.tar.gz.

File metadata

  • Download URL: pyramid_fullauth-1.0.0.tar.gz
  • Upload date:
  • Size: 29.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/53.0.0 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.1

File hashes

Hashes for pyramid_fullauth-1.0.0.tar.gz
Algorithm Hash digest
SHA256 f47f57891b4549c5de07ec7cb744407812588ea90305ebc848ae587a64c84e57
MD5 7b85295cc4207c56496cfb643926ef58
BLAKE2b-256 ff3bf102c83e33b66f435b0f1541bdd3342906e93ddb9a6de47c361386b646a0

See more details on using hashes here.

File details

Details for the file pyramid_fullauth-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: pyramid_fullauth-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 44.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/53.0.0 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.1

File hashes

Hashes for pyramid_fullauth-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8c93c381744e84779f86eef75fe90352c70a4c7ed5beefe0649faec04ce90fcc
MD5 2e91d1ba3735544153d3612cd151f50b
BLAKE2b-256 08a0ba21e993178797d667285f1e1116ccd965c9ad9930cf7a1e76328c4fe9b3

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page