{"id":13805893,"url":"https://github.com/thruflo/pyramid_simpleauth","last_synced_at":"2025-05-13T21:31:43.944Z","repository":{"id":2738148,"uuid":"3733869","full_name":"thruflo/pyramid_simpleauth","owner":"thruflo","description":"Session based authentication and role based security for a Pyramid web application.","archived":false,"fork":false,"pushed_at":"2022-11-30T22:11:23.000Z","size":123,"stargazers_count":33,"open_issues_count":5,"forks_count":13,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-04-24T12:06:10.225Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://pypi.python.org/pypi/pyramid_simpleauth","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thruflo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-03-15T23:12:34.000Z","updated_at":"2024-02-06T10:26:39.000Z","dependencies_parsed_at":"2023-01-13T12:03:40.451Z","dependency_job_id":null,"html_url":"https://github.com/thruflo/pyramid_simpleauth","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thruflo%2Fpyramid_simpleauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thruflo%2Fpyramid_simpleauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thruflo%2Fpyramid_simpleauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thruflo%2Fpyramid_simpleauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thruflo","download_url":"https://codeload.github.com/thruflo/pyramid_simpleauth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225260364,"owners_count":17446085,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T01:01:06.025Z","updated_at":"2024-11-18T22:30:53.792Z","avatar_url":"https://github.com/thruflo.png","language":"Python","readme":"[![Build Status](https://travis-ci.org/thruflo/pyramid_simpleauth.svg?branch=master)](https://travis-ci.org/thruflo/pyramid_simpleauth)\n\n[pyramid_simpleauth][] is a package that implements session based authentication\nand role based security for a [Pyramid][] web application.\n\nThere are many other auth implementations for Pyramid, including [apex][] and \n[pyramid_signup][] and you can, of course, easily roll your own, for example\nfollowing the excellent [pyramid_auth_demo][]. This package aims to be:\n\n* relatively simple: with a limited feature set\n* extensible: with event hooks and overridable templates\n* performant: minimising db queries\n\n# Features\n\nIf you install the package and include it in your Pyramid application, it will\nlock down your application and expose views at:\n\n* /auth/signup\n* /auth/login\n* /auth/authenticate (login via AJAX)\n* /auth/logout\n* /auth/change\\_username\n* /auth/change\\_password\n* /auth/confirm (email confirmation)\n* /auth/prefer\\_email (set email as the user's preferred email)\n\nYou get a `user` instance and an `is_authenticated` flag added to the `request`:\n\n # e.g.: in a view callable\n if request.is_authenticated:\n display = request.user.username\n\nPlus `UserSignedUp`, `UserloggedIn`, `UserLoggedOut`, `UserChangedPassword`,\n`UserChangedUsername`, `EmailPreferred` and `EmailAddressConfirmed` events to\nsubscribe to:\n\n @subscriber(UserSignedUp)\n def my_event_handler(event):\n request = event.request\n user = event.user\n # e.g.: send confirmation email\n\nFlags at `request.is_post_login` and `request.is_post_signup`, stored in the session, \nthat allow you to test whether the current request is immediately after a login or \nsignup event. And a `request.user_json` property (useful to write into a template \nto pass data to the client side).\n\n`model.get_confirmation_link(request, email)` returns a `confirmation_link`\nthat will be accepted by `/auth/confirm` and that can typically be included in\nan email sent to a user who wish to validate an email address.\n\nThe `EmailAddressConfirmed` and `EmailPreferred` events give you access to the\n`Email` object as `event.data['email']`, eg:\n\n @subscriber(EmailAddressConfirmed)\n def email_address_confirmed(event):\n email_address = event.data['email'].address\n session = event.request.session\n session.flash(\"%s has been confirmed successfully\" % email_address)\n\n\n# Install\n\nInstall using `pip` or `easy_install`, e.g.:\n\n pip install pyramid_simpleauth\n\n# Configure\n\nInclude the package along with a session factory, `pyramid_tm` and `pyramid_basemodel`\nin the configuration portion of your Pyramid app:\n\n # Configure a session factory, here, we're using `pyramid_beaker`.\n config.include('pyramid_beaker')\n config.set_session_factory(session_factory_from_settings(settings))\n \n # Either include `pyramid_tm` or deal with committing transactions yourself.\n config.include('pyramid_tm')\n \n # Either include `pyramid_basemodel` and provide an `sqlalchemy.url` in your\n # `.ini` settings, or bind the SQLAlchemy models and scoped `Session` to a\n # database engine yourself.\n config.include('pyramid_basemodel')\n \n # Include the package.\n config.include('pyramid_simpleauth')\n\nThe signup and login forms inherit from a base layout template. You can override\nthis base layout template by writing your own, e.g.:\n\n # my_package:my_templates/layout.mako\n \u003c!DOCTYPE HTML\u003e\n \u003chtml\u003e\n \u003chead\u003e\n \u003ctitle\u003e${self.subtitle()}\u003c/title\u003e\n \u003clink href=\"my_great.css\" rel=\"stylesheet\" type=\"text/css\" /\u003e\n \u003c/head\u003e\n \u003cbody\u003e\n \u003cdiv class=\"my-great-markup\"\u003e\n ${next.body()}\n \u003c/duv\u003e\n \u003c/body\u003e\n \u003c/html\u003e\n \nThen in your main app factory / package configuration use, e.g.:\n\n config.override_asset(to_override='pyramid_simpleauth:templates/layout.mako',\n override_with='my_package:my_templates/layout.mako')\n\nOr you can nuke the signup and login templates directly, e.g.:\n\n config.override_asset(to_override='pyramid_simpleauth:templates/signup.mako',\n override_with='my_package:my_templates/foo.mako')\n config.override_asset(to_override='pyramid_simpleauth:templates/login.mako',\n override_with='my_package:my_templates/bar.mako')\n\nTo change the url path for the authentication views, specify a \n`simpleauth.url_prefix` in your application's `.ini` configuration:\n\n # defaults to 'auth', resulting in urls that start with `/auth/...`\n simpleauth.url_prefix = 'another'\n\nYou can also specify where to redirect to after signup, login, logout, username\nchange, password change, email confirmation or preferred email selection. These\nare all configured using *route names*, with the route being provided the\nadditional traversal information of the user's username and an optional view\nname. (This means you can expose a simple named route, or a hybrid route, as\nyou prefer. The hybrid route will attempt traversal on the username).\n\nTo redirect to a different named route after signup / login or logout use:\n\n simpleauth.after_signup_route = 'another' # defaults to 'users'\n simpleauth.after_login_route = 'another' # defaults to 'index'\n simpleauth.after_logout_route = 'another' # defaults to 'index'\n\nNote that a `next` parameter passed to the login page, password\nchange page, username change page, email confirmation page or preferred email\nselection page will take precedence over the specific routes.\n\nTo redirect to a different route and view after login, password change, username\nchange, email confirmation or preferred email selection, use configuration\ndirectives such as:\n\n simpleauth.after_confirm_email_route = 'basepath' # defaults to 'users'\n simpleauth.after_confirm_email_view = 'viewname', # defaults to 'account'\n\nThis would redirect user bob to `/basepath/bob/viewname`. Redirect configuration\ndirectives for each of those views are named following the patterns\n`simpleauth.after_\u003cview_name\u003e_route` and `simpleauth.after_\u003cview_name\u003e_view`,\nwhere `\u003cview_name\u003e` can be any of `login`, `change_username`,\n`change_password`, `confirm_email` and `prefer_email`.\n\nBe careful in the case of username change because if your `next` URL contains a\nusername, it won't be valid anymore after the username has changed, eg. if you\ninstruct the username change page to redirect to `/basepath/bob/viewname` but\nthe username changes to become alice, the redirect will cause a \"page not found\"\nerror. In this case, if you want to include a username in your custom redirect,\nyou should use the configuration-based redirect location will take into account\nthe new username.\n\nBy default the app redirects after signup to a route named 'users'. This is\nnot exposed by `pyramid_simpleauth` by default but the package does provide a \n`.tree.UserRoot` root factory that looks up `.model.User`s by username and a\ndefault `__acl__` property on the `.model.User` class. These are entirely\noptional: you can choose instead to use a different named route, or expose\na simple named route using, e.g.:\n\n config.add_route('users', 'some/path')\n\nHowever, if you want to use the machinery provided, with the baked in security\nand traversal, you can expose a user profile view, or perhaps a welcome page at \n`/users/:username` using, e.g.:\n\n config.add_route('users', 'users/*traverse', factory=UserRoot,\n use_global_views=True)\n\nTo avoid configuring the authorisation and authentication policies (e.g.: if you're\ngoing to set these up yourself) use:\n\n simpleauth.set_auth_policies = false\n\nTo avoid locking down your app to require a 'view' permission for all views by\ndefault (secure but perhaps draconian):\n\n simpleauth.set_default_permission = False\n\n# Tests\n\nI've only tested the package under Python 2.6 and 2.7 atm. It should work under\nPython 3 but I have problems installing the `passlib` dependency (or any decent\npassword encryption library) under Python 3.\n\nYou'll need `nose`, `coverage`, `mock` and `WebTest`. Then, e.g.:\n\n $ nosetests --cover-package=pyramid_simpleauth --cover-tests --with-doctest --with-coverage\n ..........................................\n Name Stmts Miss Cover Missing\n ---------------------------------------------------------\n pyramid_simpleauth 19 0 100% \n pyramid_simpleauth.events 26 0 100% \n pyramid_simpleauth.hooks 13 0 100% \n pyramid_simpleauth.model 56 0 100% \n pyramid_simpleauth.schema 83 0 100% \n pyramid_simpleauth.tests 197 0 100% \n pyramid_simpleauth.tree 18 0 100% \n pyramid_simpleauth.view 76 0 100% \n ---------------------------------------------------------\n TOTAL 488 0 100% \n ----------------------------------------------------------------------\n Ran 42 tests in 16.408s\n\n OK\n\n[apex]: https://github.com/cd34/apex\n[pyramid]: http://pyramid.readthedocs.org\n[pyramid_auth_demo]: https://github.com/mmerickel/pyramid_auth_demo\n[pyramid_signup]: https://github.com/sontek/pyramid_signup\n[pyramid_simpleauth]: http://github.com/thruflo/pyramid_simpleauth\n","funding_links":[],"categories":["Authentication"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthruflo%2Fpyramid_simpleauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthruflo%2Fpyramid_simpleauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthruflo%2Fpyramid_simpleauth/lists"}