Source code for rest_api_framework.authentication

"""
Handle the authentication process
"""
from werkzeug.exceptions import Unauthorized, NotFound



[docs]class Authorization(object):
    """
    Check if an authenticated request can perform the given action.
    """

    def __init__(self, authentication):
        self.authentication = authentication


[docs]    def check_auth(self, request):
        """
        Return None if the request user is authorized to perform this
        action, raise Unauthorized otherwise

        :param request:
        :type request: :class:`werkzeug.wrappers.Request`
        """
        if self.authentication.get_user(request):
            return
        else:
            raise Unauthorized




[docs]class Authentication(object):
    """
    Manage the authentication of a request. Must implement the get_user method
    """

[docs]    def get_user(self, identifier):
        """
        Must return a user if authentication is successfull, None otherwise
        """
        raise NotImplementedError




[docs]class ApiKeyAuthentication(Authentication):
    """
    Authentication based on an apikey stored in a datastore.
    """

    def __init__(self, datastore, identifier="apikey"):
        self.identifier = identifier
        self.datastore = datastore


[docs]    def get_user(self, request):
        """
        return a user or None based on the identifier found in the
        request query parameters.
        """
        data = request.values.to_dict()
        if self.identifier in data:
            try:
                user = self.datastore.get(data[self.identifier])
                return user
            except NotFound:
                return None
        return None




[docs]class BasicAuthentication(Authentication):
    """
    Implement the Basic Auth authentication
    http://fr.wikipedia.org/wiki/HTTP_Authentification
    """
    def __init__(self, datastore):
        self.datastore = datastore


[docs]    def get_user(self, request):
        """
        return a user or None based on the Authorization: Basic header
        found in the request. login and password are Base64 encoded
        string : "login:password"
        """
        from base64 import b64decode
        auth = request.headers.get('Authorization: Basic', None)
        if auth:
            login, password = b64decode(auth).split(':')
            user = self.datastore.get_list(username=login, password=password)
            if user:
                return user[0]



class ApiKeyAuthorization(Authorization):
    """
    This authentication backend use an api key to authenticate and
    authorize users
    """

    pass