EVOLUTION-MANAGER
Edit File: flask_fas_openid.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>FAS Flask OpenID Auth Plugin — python-fedora 0.10.0 documentation</title> <link rel="stylesheet" href="_static/default.css" type="text/css" /> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '', VERSION: '0.10.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="_static/jquery.js"></script> <script type="text/javascript" src="_static/underscore.js"></script> <script type="text/javascript" src="_static/doctools.js"></script> <link rel="search" type="application/opensearchdescription+xml" title="Search within python-fedora 0.10.0 documentation" href="_static/opensearch.xml"/> <link rel="top" title="python-fedora 0.10.0 documentation" href="index.html" /> <link rel="up" title="Authentication to FAS" href="auth.html" /> <link rel="next" title="FASWho Plugin" href="faswho.html" /> <link rel="prev" title="FAS Flask Auth Plugin" href="flask_fas.html" /> </head> <body> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="faswho.html" title="FASWho Plugin" accesskey="N">next</a> |</li> <li class="right" > <a href="flask_fas.html" title="FAS Flask Auth Plugin" accesskey="P">previous</a> |</li> <li><a href="index.html">python-fedora 0.10.0 documentation</a> »</li> <li><a href="auth.html" accesskey="U">Authentication to FAS</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="fas-flask-openid-auth-plugin"> <h1>FAS Flask OpenID Auth Plugin<a class="headerlink" href="#fas-flask-openid-auth-plugin" title="Permalink to this headline">¶</a></h1> <table class="docutils field-list" frame="void" rules="none"> <col class="field-name" /> <col class="field-body" /> <tbody valign="top"> <tr class="field-odd field"><th class="field-name">Authors:</th><td class="field-body">Patrick Uiterwjk</td> </tr> <tr class="field-even field"><th class="field-name">Date:</th><td class="field-body">18 February 2013</td> </tr> <tr class="field-odd field"><th class="field-name">For Version:</th><td class="field-body">0.3.x</td> </tr> </tbody> </table> <p>The <a class="reference internal" href="existing.html#fedora-account-system"><em>Fedora Account System</em></a> has a <a class="reference internal" href="glossary.html#term-openid"><em class="xref std std-term">OpenID</em></a> provider that applications can use to authenticate users in web apps. For our <a class="reference internal" href="glossary.html#term-flask"><em class="xref std std-term">Flask</em></a> applications we have an identity provider that uses this OpenID service to authenticate users. It is almost completely compatible with <a class="reference internal" href="auth.html#flask-fas"><em>Flask Auth Plugin</em></a> except that it does not use the username/password provided by the client application (it is silently ignored). It can be configured to use any OpenID authentication service that implements the OpenID Teams Extension, Simple Registration Extension and CLA Extension.</p> <div class="section" id="configuration"> <h2>Configuration<a class="headerlink" href="#configuration" title="Permalink to this headline">¶</a></h2> <p>The FAS OpenID auth plugin has several config values that can be used to control how the auth plugin functions. You can set these in your application’s config file.</p> <dl class="docutils"> <dt>FAS_OPENID_ENDPOINT</dt> <dd>Set this to the OpenID endpoint url you are authenticating against. Default is “<a class="reference external" href="http://id.fedoraproject.org/">http://id.fedoraproject.org/</a>“</dd> <dt>FAS_CHECK_CERT</dt> <dd>When set, this will check the SSL Certificate for the FAS server to make sure that it is who it claims to be. This is useful to set to False when testing against a local FAS server but should always be set to True in production. Default: True</dd> </dl> </div> <div class="section" id="sample-application"> <h2>Sample Application<a class="headerlink" href="#sample-application" title="Permalink to this headline">¶</a></h2> <p>The following is a sample, minimal flask application that uses fas_flask for authentication:</p> <div class="highlight-python"><div class="highlight"><pre><span class="c">#!/usr/bin/python -tt</span> <span class="c"># Flask-FAS-OpenID - A Flask extension for authorizing users with OpenID</span> <span class="c"># Primary maintainer: Patrick Uiterwijk <puiterwijk@fedoraproject.org></span> <span class="c">#</span> <span class="c"># Copyright (c) 2012-2013, Red Hat, Inc., Patrick Uiterwijk</span> <span class="c">#</span> <span class="c"># Redistribution and use in source and binary forms, with or without</span> <span class="c"># modification, are permitted provided that the following conditions are met:</span> <span class="c">#</span> <span class="c"># * Redistributions of source code must retain the above copyright notice, this</span> <span class="c"># list of conditions and the following disclaimer.</span> <span class="c"># * Redistributions in binary form must reproduce the above copyright notice,</span> <span class="c"># this list of conditions and the following disclaimer in the documentation</span> <span class="c"># and/or other materials provided with the distribution.</span> <span class="c"># * Neither the name of the Red Hat, Inc. nor the names of its contributors may</span> <span class="c"># be used to endorse or promote products derived from this software without</span> <span class="c"># specific prior written permission.</span> <span class="c">#</span> <span class="c"># THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ''AS IS'' AND ANY</span> <span class="c"># EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED</span> <span class="c"># WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE</span> <span class="c"># DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY</span> <span class="c"># DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES</span> <span class="c"># (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;</span> <span class="c"># LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON</span> <span class="c"># ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT</span> <span class="c"># (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS</span> <span class="c"># SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</span> <span class="c"># This is a sample application.</span> <span class="kn">import</span> <span class="nn">flask</span> <span class="kn">from</span> <span class="nn">flask_fas_openid</span> <span class="kn">import</span> <span class="n">fas_login_required</span><span class="p">,</span> <span class="n">cla_plus_one_required</span><span class="p">,</span> <span class="n">FAS</span> <span class="c"># Set up Flask application</span> <span class="n">app</span> <span class="o">=</span> <span class="n">flask</span><span class="o">.</span><span class="n">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="c"># Set up FAS extension</span> <span class="n">fas</span> <span class="o">=</span> <span class="n">FAS</span><span class="p">(</span><span class="n">app</span><span class="p">)</span> <span class="c"># Application configuration</span> <span class="c"># SECRET_KEY is necessary for the Flask session system. It nees to be secret to</span> <span class="c"># make the sessions secret but if you have multiple servers behind</span> <span class="c"># a load balancer, the key needs to be the same on each.</span> <span class="n">app</span><span class="o">.</span><span class="n">config</span><span class="p">[</span><span class="s">'SECRET_KEY'</span><span class="p">]</span> <span class="o">=</span> <span class="s">'change me!'</span> <span class="c"># Other configuration options for Flask-FAS-OpenID:</span> <span class="c"># FAS_OPENID_ENDPOINT: the OpenID endpoint URL</span> <span class="c"># (default http://id.fedoraproject.org/)</span> <span class="c"># FAS_CHECK_CERT: check the SSL certificate of FAS (default True)</span> <span class="c"># You should use these options' defaults for production applications!</span> <span class="n">app</span><span class="o">.</span><span class="n">config</span><span class="p">[</span><span class="s">'FAS_OPENID_ENDPOINT'</span><span class="p">]</span> <span class="o">=</span> <span class="s">'http://id.fedoraproject.org/'</span> <span class="n">app</span><span class="o">.</span><span class="n">config</span><span class="p">[</span><span class="s">'FAS_CHECK_CERT'</span><span class="p">]</span> <span class="o">=</span> <span class="bp">True</span> <span class="c"># Inline templates keep this test application all in one file. Don't do this in</span> <span class="c"># a real application. Please.</span> <span class="n">TEMPLATE_START</span> <span class="o">=</span> <span class="s">"""</span> <span class="s"><h1>Flask-FAS-OpenID test app</h1></span> <span class="s">{</span><span class="si">% i</span><span class="s">f g.fas_user %}</span> <span class="s"> <p>Hello, {{ g.fas_user.username }} &mdash;</span> <span class="s"> <a href="{{ url_for("logout") }}">Log out</a></span> <span class="s">{</span><span class="si">% e</span><span class="s">lse %}</span> <span class="s"> <p>You are not logged in &mdash;</span> <span class="s"> <a href="{{ url_for("auth_login", next=request.url) + '' }}">Log in</a></span> <span class="s">{</span><span class="si">% e</span><span class="s">ndif %}</span> <span class="s">&mdash; <a href="{{ url_for("index") }}">Main page</a></p></span> <span class="s">"""</span> <span class="nd">@app.route</span><span class="p">(</span><span class="s">'/'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">index</span><span class="p">():</span> <span class="n">data</span> <span class="o">=</span> <span class="n">TEMPLATE_START</span> <span class="n">data</span> <span class="o">+=</span> <span class="s">'<p><a href="</span><span class="si">%s</span><span class="s">">Check if you are cla+1</a></p>'</span> <span class="o">%</span> \ <span class="n">flask</span><span class="o">.</span><span class="n">url_for</span><span class="p">(</span><span class="s">'claplusone'</span><span class="p">)</span> <span class="n">data</span> <span class="o">+=</span> <span class="s">'<p><a href="</span><span class="si">%s</span><span class="s">">See a secret message (requires login)</a></p>'</span> <span class="o">%</span> \ <span class="n">flask</span><span class="o">.</span><span class="n">url_for</span><span class="p">(</span><span class="s">'secret'</span><span class="p">)</span> <span class="k">return</span> <span class="n">flask</span><span class="o">.</span><span class="n">render_template_string</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="s">'/login'</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="s">'GET'</span><span class="p">,</span> <span class="s">'POST'</span><span class="p">])</span> <span class="k">def</span> <span class="nf">auth_login</span><span class="p">():</span> <span class="c"># Your application should probably do some checking to make sure the URL</span> <span class="c"># given in the next request argument is sane. (For example, having next set</span> <span class="c"># to the login page will cause a redirect loop.) Some more information:</span> <span class="c"># http://flask.pocoo.org/snippets/62/</span> <span class="k">if</span> <span class="s">'next'</span> <span class="ow">in</span> <span class="n">flask</span><span class="o">.</span><span class="n">request</span><span class="o">.</span><span class="n">args</span><span class="p">:</span> <span class="n">next_url</span> <span class="o">=</span> <span class="n">flask</span><span class="o">.</span><span class="n">request</span><span class="o">.</span><span class="n">args</span><span class="p">[</span><span class="s">'next'</span><span class="p">]</span> <span class="k">else</span><span class="p">:</span> <span class="n">next_url</span> <span class="o">=</span> <span class="n">flask</span><span class="o">.</span><span class="n">url_for</span><span class="p">(</span><span class="s">'index'</span><span class="p">)</span> <span class="c"># If user is already logged in, return them to where they were last</span> <span class="k">if</span> <span class="n">flask</span><span class="o">.</span><span class="n">g</span><span class="o">.</span><span class="n">fas_user</span><span class="p">:</span> <span class="k">return</span> <span class="n">flask</span><span class="o">.</span><span class="n">redirect</span><span class="p">(</span><span class="n">next_url</span><span class="p">)</span> <span class="k">return</span> <span class="n">fas</span><span class="o">.</span><span class="n">login</span><span class="p">(</span><span class="n">return_url</span><span class="o">=</span><span class="n">next_url</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="s">'/logout'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">logout</span><span class="p">():</span> <span class="k">if</span> <span class="n">flask</span><span class="o">.</span><span class="n">g</span><span class="o">.</span><span class="n">fas_user</span><span class="p">:</span> <span class="n">fas</span><span class="o">.</span><span class="n">logout</span><span class="p">()</span> <span class="k">return</span> <span class="n">flask</span><span class="o">.</span><span class="n">redirect</span><span class="p">(</span><span class="n">flask</span><span class="o">.</span><span class="n">url_for</span><span class="p">(</span><span class="s">'index'</span><span class="p">))</span> <span class="c"># This demonstrates the use of the fas_login_required decorator. The</span> <span class="c"># secret message can only be viewed by those who are logged in.</span> <span class="nd">@app.route</span><span class="p">(</span><span class="s">'/secret'</span><span class="p">)</span> <span class="nd">@fas_login_required</span> <span class="k">def</span> <span class="nf">secret</span><span class="p">():</span> <span class="n">data</span> <span class="o">=</span> <span class="n">TEMPLATE_START</span> <span class="o">+</span> <span class="s">'<p>Be sure to drink your Ovaltine</p>'</span> <span class="k">return</span> <span class="n">flask</span><span class="o">.</span><span class="n">render_template_string</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="c"># This demonstrates checking for group membership inside of a function.</span> <span class="c"># The flask_fas adapter also provides a cla_plus_one_required decorator that</span> <span class="c"># can restrict a url so that you can only access it from an account that has</span> <span class="c"># cla +1.</span> <span class="nd">@app.route</span><span class="p">(</span><span class="s">'/claplusone'</span><span class="p">)</span> <span class="nd">@cla_plus_one_required</span> <span class="k">def</span> <span class="nf">claplusone</span><span class="p">():</span> <span class="n">data</span> <span class="o">=</span> <span class="n">TEMPLATE_START</span> <span class="n">data</span> <span class="o">+=</span> <span class="s">'<p>Your account is cla+1.</p>'</span> <span class="k">return</span> <span class="n">flask</span><span class="o">.</span><span class="n">render_template_string</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="s">'__main__'</span><span class="p">:</span> <span class="n">app</span><span class="o">.</span><span class="n">run</span><span class="p">(</span><span class="n">debug</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </pre></div> </div> </div> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="index.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#">FAS Flask OpenID Auth Plugin</a><ul> <li><a class="reference internal" href="#configuration">Configuration</a></li> <li><a class="reference internal" href="#sample-application">Sample Application</a></li> </ul> </li> </ul> <h4>Previous topic</h4> <p class="topless"><a href="flask_fas.html" title="previous chapter">FAS Flask Auth Plugin</a></p> <h4>Next topic</h4> <p class="topless"><a href="faswho.html" title="next chapter">FASWho Plugin</a></p> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="_sources/flask_fas_openid.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="faswho.html" title="FASWho Plugin" >next</a> |</li> <li class="right" > <a href="flask_fas.html" title="FAS Flask Auth Plugin" >previous</a> |</li> <li><a href="index.html">python-fedora 0.10.0 documentation</a> »</li> <li><a href="auth.html" >Authentication to FAS</a> »</li> </ul> </div> <div class="footer"> © Copyright 2007-2018 Red Hat, Inc.. Last updated on Feb 01, 2018. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>