Authentication Plugins

commissaire’s authentication is handled by a simple WSGI based plugin based system. To create a new authentication plugin you must:

  • subclass commissaire_http.authentication.Authenticator
  • name the class PluginClass
  • override the authenticate method

If you need to have configuration items passed when used you will also need to override __init__ adding in keyword arguments.

Note

The authenticate should always return True for success, False for general failure, or handle responses itself as a WSGI application.

Examples

Basic

from commissaire_http.authentication import Authenticator

class AlwaysAllowOnSSL(Authenticator):
    """
    Example: Allows anyone if they use https.
    """

    def authenticate(self, environ, start_response):
        """
        Allows access if https is in use.

        :param environ: WSGI environment instance.
        :type environ: dict
        :param start_response: WSGI start response callable.
        :type start_response: callable
        :returns: True on success, False on failure
        :rtype: bool
        """
        if environ.get('wsgi.url_scheme', 'http') == 'https':
            return True
        return False

#: Alias AlwaysAllowOnSSL
PluginClass = AlwaysAllowOnSSL

As a WSGI Application

from commissaire_http.authentication import Authenticator

class AlwaysAllowOnSSL(Authenticator):
    """
    Example: Allows anyone if they use https but pretends to be a teapot
    if they use http.
    """

    def authenticate(self, environ, start_response):
        """
        Allows access if https is in use.

        :param environ: WSGI environment instance.
        :type environ: dict
        :param start_response: WSGI start response callable.
        :type start_response: callable
        :returns: True on success, False on failure
        :rtype: bool
        """
        if environ.get('wsgi.url_scheme', 'http') == 'https':
            return True
        start_response("418 I'm a teapot", [('content-type', 'text/plain')])
        return [bytes('Whiiiiieee', 'utf8')]

#: Alias AlwaysAllowOnSSL
PluginClass = AlwaysAllowOnSSL

Real Code

See httpauthclientcert