Skip to content

Add setup, fix bugs, introduce acl.AbstractACLGroupsCallback and new autz middleware, add pytests.#2

Open
ilex wants to merge 67 commits intognarlychicken:developfrom
ilex:develop
Open

Add setup, fix bugs, introduce acl.AbstractACLGroupsCallback and new autz middleware, add pytests.#2
ilex wants to merge 67 commits intognarlychicken:developfrom
ilex:develop

Conversation

@ilex
Copy link

@ilex ilex commented Jan 20, 2017

What do these changes do

  • Add setup functions for auth and acl middleware to install them in aiohttp fashion.
  • Add pytests: as the original tests don't run with current aiohttp version and require utils to
    be rewritten, I use a pytest lib with pytest-aiohttp plugin and unlike original tests
    with real aiohttp.Application. All tests were put into separate folder pytests:
    • All original tests were added with pytest.
    • Add some new tests to test untested functionality in auth and acl.
    • Add tests for all new functions, classes and modules.
  • Fix bugs:
    • The bug in acl_required decorator mentioned in acl_required decorator crash #1.
    • A possible security issue with acl groups. The issue is follow: the default behavior is
      to add user_id to groups for authenticated users by the acl middleware, but if
      user_id is equal to some of acl groups that user suddenly has the permissions he is not
      allowed for. So to avoid this kind of issue user_id is not added to groups any more. A test
      to reproduce the issue is also added.
  • Introduce AbstractACLGroupsCallback class in acl middleware to make it possible easily create
    callable object by inheriting from the abstract class and implementing acl_groups method. It
    can be useful to store additional information (such database connection etc.) within such class.
    An instance of this subclass can be used in place of acl_groups_callback parameter.
  • Introduce generic authorization middleware autz that performs authorization through the same
    interface (autz.permit coroutine and autz_required decorator) but using different policies.
    Middleware has the acl authorization as the built in policy which works in the same way as acl
    middleware. Users are free to add their own custom policies or to modify ACL one.
  • Add global aiohttp_auth.setup function to install auth and autz middlewares at once
    in aiohttp fashion.
  • Rewrite documentation in README.rst to reflect all changes. Introduce new modules and classes
    and usage examples in docs.

Known issues

There is one issue with auth middleware. In class TktAuthentication documentation says about
parameter reissue_time: If this value is 0, a new ticket will be reissued on every request which requires authentication.. But it seems that if two requests are handled during one second
the value of ticket would be the same. So tests which test the reissue_time should wait a second
between requests to retrieve an actually new value.

gnarlychicken and others added 30 commits February 25, 2016 18:18
@gnarlychicken
Merge branch 'develop'
3d55236
@ilex
auth: Add setup function for auth middleware.
05b00d8 
With this function auth middleware can be set up in aiohttp fashion.
@ilex
tests: Add Pytest tests for auth middleware.
0f80993 
- Add all tests that reflect original tests/test_auth.py with pytest
  library pytest-aiohttp plugin and using real aiohttp application.
- Add some new tests to test untested functions in auth.
- Add test for introduced auth.setup function.
@ilex
docs: Improve documentation in README.rst.
e3c749e 
- Add docs for introduced auth.setup function.
- Add syntax highlighting for code blocks.
- Add information how to run pytests.
@ilex
tests: Reorganize pytest utils and fixtures.
6499569 
- Move assert middleware and helper function to utils.
- Move client fixture to conftest.py.
- Edit test_auth.py in order to go with that changes.
@ilex
acl: Add setup function for acl middleware.
3667709 
With this function acl middleware can be set up in aiohttp fashion.
@ilex
tests: Add Pytest tests for acl middleware.
a0261a4 
Add all tests that reflect original tests/test_acl.py with pytest lib
and real application.
@ilex
tests: Add Pytest test for acl_required decorator.
dbd2cb7
@ilex
acl: Fixed bug in acl_required decorator.
3d39cd8 
Fixed bug with UnboundLocalError raised in acl_required decorator.
@ilex
tests: Add some Pytest tests for acl.
45ea2b1 
Add some new tests to test untested cases.
@ilex
docs: Change docs for acl middleware.
387c58e 
Change code examples in README.rst in order to show how to setup acl
middleware in aiohttp fashion.
@ilex
Add setup function for aiohttp_auth.
6dbbb8b 
auth_middleware and acl_middleware can be now set up at once in the
aiohttp fashion.

tests: Add Pytest test for this setup function.
@ilex
tests: Test to reproduce user_id_as_group bug.
1dab09e 
Add Pytest test to reproduce bug when value of user_id is equal to some
group name. As user_id is automatically added to groups by acl
middleware such user can get unauthorized permissions.
@ilex
acl: Fix bug with user_id_as_group_name.
b8bb317 
acl middleware does not add user_id to user groups any more. So that
fixes the bug when user_id is equal to group name user can have unauthorized
permissions.
@ilex
alc: Fix docs to reflect user_id_as_group bug.
ffc44a1 
Remove docs where it says that user_id is added to groups by acl
middleware for authenticated user.
@ilex
acl: Add AbstractACLGroupsCallback class.
534a797 
Add abstract base class for callable objects which can be passed to acl
setup as acl_groups_callback callable.

tests: Add Pytest tests for this class.
@ilex
docs: Add docs for AbstractACLGroupsCallback usage.
3aec9b9
@ilex
acl: Extract code into separate functions.
79d3499 
- Extract acl permit logic into separate function.
- Extract acl user groups modification logic into separate function.
@ilex
autz: Introduce universal authorization middleware.
2e8cf11 
- Add authorization middleware autz which define common authorization
  interface using different authorization policies.
- Add ACL authorization policy based on acl middleware to use with autz.

tests:
- Add pytests to test autz middleware with acl policy.
- Add pytests to test autz middleware with custom policy.
@ilex
Change global aiohttp_auth setup function.
ef30d89 
Replace setting up acl middleware with setting up autz middleware.
@ilex
autz: Fix docs errors.
2fbffe3
@ilex
Improve docs in README.rst.
125ea97 
- Introduce autz authorization plugin.
- Introduce autz ACL authorization policy usage.
- Introduce autz custom authorization policy usage.
@ilex
tests: Add tox to run pytests.
5b5e110 
Add tox to run pytests with python3.5 and python3.6.
@ilex
Add some gitignore patterns.
60c2ccf
@ilex
aiohttp_auth: Create new development version.
e130952
@ilex
docs: Improve README.rst docs.
67d52ff
@ilex
autz: Fix misspelling in AbstractACLAutzPolicy class name.
6c3fd68
@ilex
Move from aiohttp_auth to aiohttp_auth_autz.
ec23e30 
- Change name in setup.
- Remove original tests.
- Make pytests as default tests.
@ilex
Add travis ci.
5b162d3
@ilex
auth_required decorator now raises HTTPUnauthorized.
5ec1738 
In order to distinguish auth error from autz error auth_required
decorator now raises a web.HTTPUnauthorized error instead of
web.HTTPForbidden.
ilex and others added 30 commits February 14, 2017 18:07
@ilex
docs: Improve docs.
516d784
@ilex
Bump release version 0.2.0.
9bd279e
@ilex
Merge branch 'release/0.2.0'
dc60756
@ilex
Merge tag '0.2.0' into develop
cb28074 
0.2.0
@ilex
docs: Add python 3.5 env to build API docs with rtd.
6f877e3 
Readthedocs requires ``conda`` with python 3.5 to build API docs.
@ilex
Bump post release version 0.2.0.post0.
35732f6
@ilex
Merge branch 'hotfix/rtd_docs_py35'
c2a01f8
@ilex
Merge tag 'rtd_docs_py35' into develop
882262d 
0.2.0.post0
@ilex
New development version 0.2.1.dev0.
0a9def1
@ilex
Explicitly set yarl version to 0.9.0.
cf991b7 
As current aiohttp version is not ready to work with yarl>=0.9.0 it
requires to explicitly set version of the yarl lib.
@ilex
autz: Simplify ACL policy.
f74435c 
- Move permit logic from context classes to AbstractACLAutzPolicy.
- Remove AbstractACLContext, NaiveACLContext and ACLContex classes.
- Change policy.acl module docstrings to reflect changes.
@ilex
docs: Change docs to reflect acl policy changes.
888e123
@ilex
Merge branch 'feature/simplify_autz_acl' into develop
03bf99a
@ilex
Remove yarl from requirements.
e90b425 
Yarl is fixed so no need in certain version.
@ilex
Add Makefile for routine.
06aeb4b
@ilex
Improve make tasks.
4514992
@ilex
Bump release version 0.2.1.
98a32b0
@ilex
Merge branch 'release/0.2.1'
b4de030
@ilex
Merge tag '0.2.1' into develop
2175413 
0.2.1
Move to aiohttp 2.x and add decorators support for aiohttp.web.View.
762bf81 
- Move to aiohttp 2.x.
- Add support of middlewares decorators for class based views.
- Correct code in order to meet requirements of aiohttp 2.x.
- Add uvloop as IO loop in tests.
Improve docs.
b1fb280
Merge branch 'feature/view_decorator' into develop
0216264
Copy getting started to README.rst.
899a882
Bump release version 0.2.2.
6d9ec9b
Merge branch 'release/0.2.2'
6f7b55e
Merge tag '0.2.2' into develop
a062918 
0.2.2
Fix lib missed for readthedocs docs build.
e6f925b
Fix missed await in test
1c88c1d
Fix tests to meet aiohttp 3.0
a5ba033 
Add aiohttp 2.x and 3.x to tox environment
Merge branch 'feature/fix-tests' into develop
c8a2696
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ilex @gnarlychicken