close Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Version 3 (modified by cmlenz, 13 years ago) (diff)

Note about refactored filter registration

Framework for Authentication and Authorization

This page describes an experimental branch that adds a simple generic auth framework to Diva.

The main goals of this framework are:

  • Enable relatively easy switching between HTTP authentication (such as Basic or Digest authentication performed by the web server) and form-based authentication.
  • Provide convenience functions for checking authorization to perform certain actions.
  • No reliance on a specific backend storage for user profiles and credentials.
  • No restriction to a specific method of controlling access to resources (such as ACLs). Applications can use whatever access control granularity they need.
  • Storage-independent generation and verification of authentication cookies for form-based login.

Possible/peripheral goals:

  • Utility functions for generating and verifying encrypted passwords.
  • WSGI middleware for using Basic and Digest authentication, primarily in the context of the DevelopmentServer

Non-goals include:

  • Built-in processes and UI for user registration, activation, password resetting, and other high-level features.

Application Mixin Approach

The current branch defines an AuthMixIn class that auth-enabled applications are supposed to subclass. It adds a couple of method stubs to the Application class, and contributes a request filter that performs authentication.

Filters Refactoring

Due to the way application mix-in classes can contribute filters, ordering request filters explicitly becomes too painful. The branch enhances the way request filters are defined by allowing them to declare the abstract service they provide (such as "localization" or "error-handling"), and also declare what services they rely on to do their job. For example:

@filters.register('form-processing', requires=['templating', 'localization'])
def form_filter(request, response, chain):
    ...

The ordering of request filters is then inferred from this dependency information.