<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Authentication to FAS — python-fedora v0.3.25.1 documentation</title>
<link rel="stylesheet" href="_static/default.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '',
VERSION: '0.3.25.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="search" type="application/opensearchdescription+xml"
title="Search within python-fedora v0.3.25.1 documentation"
href="_static/opensearch.xml"/>
<link rel="top" title="python-fedora v0.3.25.1 documentation" href="index.html" />
<link rel="next" title="Fedora Django Authentication Backend" href="django.html" />
<link rel="prev" title="CSRF Protection" href="CSRF.html" />
</head>
<body>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="django.html" title="Fedora Django Authentication Backend"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="CSRF.html" title="CSRF Protection"
accesskey="P">previous</a> |</li>
<li><a href="index.html">python-fedora v0.3.25.1 documentation</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="authentication-to-fas">
<h1>Authentication to FAS<a class="headerlink" href="#authentication-to-fas" title="Permalink to this headline">¶</a></h1>
<p>The <a class="reference internal" href="existing.html#fedora-account-system"><em>Fedora Account System</em></a> has a <a class="reference internal" href="glossary.html#term-json"><em class="xref std std-term">JSON</em></a> interface that we make use
of to authenticate users in our web apps. Currently, there are two modes of
operation. Some web apps have <a class="reference internal" href="glossary.html#term-single-sign-on"><em class="xref std std-term">single sign-on</em></a> capability with
<a class="reference internal" href="existing.html#fas"><em>Fedora Account System</em></a>. These are the <a class="reference internal" href="glossary.html#term-turbogears"><em class="xref std std-term">TurboGears</em></a> applications that use the
<tt class="xref py py-mod docutils literal"><span class="pre">jsonfasprovider</span></tt>. Other apps do not have
<a class="reference internal" href="glossary.html#term-single-sign-on"><em class="xref std std-term">single sign-on</em></a> but they do connect to <a class="reference internal" href="existing.html#fas"><em>Fedora Account System</em></a> to verify the
username and password so changing the password in <a class="reference internal" href="existing.html#fas"><em>Fedora Account System</em></a> changes it
everywhere.</p>
<div class="section" id="turbogears-identity-provider-2">
<span id="jsonfas2"></span><h2>TurboGears Identity Provider 2<a class="headerlink" href="#turbogears-identity-provider-2" title="Permalink to this headline">¶</a></h2>
<p>An identity provider with <a class="reference internal" href="glossary.html#term-csrf"><em class="xref std std-term">CSRF</em></a> protection.</p>
<p>This will install as a TurboGears identity plugin. To use it, set the
following in your <tt class="file docutils literal"><span class="pre">APPNAME/config/app.cfg</span></tt> file:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">identity</span><span class="o">.</span><span class="n">provider</span><span class="o">=</span><span class="s">'jsonfas2'</span>
<span class="n">visit</span><span class="o">.</span><span class="n">manager</span><span class="o">=</span><span class="s">'jsonfas2'</span>
</pre></div>
</div>
<div class="admonition-see-also admonition seealso">
<p class="first admonition-title">See also</p>
<p class="last"><a class="reference internal" href="CSRF.html#csrf-protection"><em>CSRF Protection</em></a></p>
</div>
<span class="target" id="module-fedora.tg.identity.jsonfasprovider2"></span><p>This plugin provides authentication by integrating with the Fedora Account
System using JSON calls.</p>
<p><em>Module author: Toshio Kuratomi <<a class="reference external" href="mailto:tkuratom%40redhat.com">tkuratom<span>@</span>redhat<span>.</span>com</a>></em></p>
<p><em>Module author: Ricky Zhou <<a class="reference external" href="mailto:ricky%40fedoraproject.org">ricky<span>@</span>fedoraproject<span>.</span>org</a>></em></p>
<dl class="class">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity">
<em class="property">class </em><tt class="descclassname">fedora.tg.identity.jsonfasprovider2.</tt><tt class="descname">JsonFasIdentity</tt><big>(</big><em>visit_key=None</em>, <em>user=None</em>, <em>username=None</em>, <em>password=None</em>, <em>using_ssl=False</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity" title="Permalink to this definition">¶</a></dt>
<dd><p>Associate an identity with a person in the auth system.</p>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.anonymous">
<tt class="descname">anonymous</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.anonymous" title="Permalink to this definition">¶</a></dt>
<dd><p>Return True if not logged in.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.csrf_token">
<tt class="descname">csrf_token</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.csrf_token" title="Permalink to this definition">¶</a></dt>
<dd><p>Get the csrf token for this identity</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.display_name">
<tt class="descname">display_name</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.display_name" title="Permalink to this definition">¶</a></dt>
<dd><p>Return the user’s display name.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">This is not a TG standard attribute. Don’t use this if you want
to be compatible with other identity providers.</p>
</div>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.group_ids">
<tt class="descname">group_ids</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.group_ids" title="Permalink to this definition">¶</a></dt>
<dd><p>Get set of group IDs of this identity.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.groups">
<tt class="descname">groups</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.groups" title="Permalink to this definition">¶</a></dt>
<dd><p>Return the groups that a user is a member of.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.login">
<tt class="descname">login</tt><big>(</big><em>using_ssl=False</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.login" title="Permalink to this definition">¶</a></dt>
<dd><p>Send a request so that we associate the visit_cookie with the user</p>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">Parameters:</th><td class="field-body"><strong>using_ssl</strong> – Boolean that tells whether ssl was used to authenticate</td>
</tr>
</tbody>
</table>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.login_url">
<tt class="descname">login_url</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.login_url" title="Permalink to this definition">¶</a></dt>
<dd><p>Get the URL for the login page.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.logout">
<tt class="descname">logout</tt><big>(</big><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.logout" title="Permalink to this definition">¶</a></dt>
<dd><p>Remove the link between this identity and the visit.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.only_token">
<tt class="descname">only_token</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.only_token" title="Permalink to this definition">¶</a></dt>
<dd><p>In one specific instance in the login template we need to know whether
an anonymous user is just lacking a token.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.permissions">
<tt class="descname">permissions</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.permissions" title="Permalink to this definition">¶</a></dt>
<dd><p>Get set of permission names of this identity.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.send_request">
<tt class="descname">send_request</tt><big>(</big><em>method</em>, <em>req_params=None</em>, <em>auth=False</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.send_request" title="Permalink to this definition">¶</a></dt>
<dd><p>Make an HTTP Request to a server method.</p>
<p>We need to override the send_request provided by <tt class="docutils literal"><span class="pre">BaseClient</span></tt> to
keep the visit_key in sync.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.user">
<tt class="descname">user</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.user" title="Permalink to this definition">¶</a></dt>
<dd><p>Get user instance for this identity.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.user_id">
<tt class="descname">user_id</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.user_id" title="Permalink to this definition">¶</a></dt>
<dd><p>Get user id of this identity.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.user_name">
<tt class="descname">user_name</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentity.user_name" title="Permalink to this definition">¶</a></dt>
<dd><p>Get user name of this identity.</p>
</dd></dl>
</dd></dl>
<dl class="class">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider">
<em class="property">class </em><tt class="descclassname">fedora.tg.identity.jsonfasprovider2.</tt><tt class="descname">JsonFasIdentityProvider</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider" title="Permalink to this definition">¶</a></dt>
<dd><p>IdentityProvider that authenticates users against the fedora account system</p>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.anonymous_identity">
<tt class="descname">anonymous_identity</tt><big>(</big><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.anonymous_identity" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns an anonymous user object</p>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">Returns:</th><td class="field-body">an object with the following properties:
:user_name: original user name
:user: a provider dependant object (TG_User or similar)
:groups: a set of group IDs
:permissions: a set of permission IDs</td>
</tr>
</tbody>
</table>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.authenticated_identity">
<tt class="descname">authenticated_identity</tt><big>(</big><em>user</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.authenticated_identity" title="Permalink to this definition">¶</a></dt>
<dd><p>Constructs Identity object for user that has no associated visit_key.</p>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">Parameters:</th><td class="field-body"><strong>user</strong> – The user structure the identity is constructed from</td>
</tr>
<tr class="field"><th class="field-name">Returns:</th><td class="field-body">an object with the following properties:
:user_name: original user name
:user: a provider dependant object (TG_User or similar)
:groups: a set of group IDs
:permissions: a set of permission IDs</td>
</tr>
</tbody>
</table>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.create_provider_model">
<tt class="descname">create_provider_model</tt><big>(</big><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.create_provider_model" title="Permalink to this definition">¶</a></dt>
<dd><p>Create the database tables if they don’t already exist.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.load_identity">
<tt class="descname">load_identity</tt><big>(</big><em>visit_key</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.load_identity" title="Permalink to this definition">¶</a></dt>
<dd><p>Lookup the principal represented by visit_key.</p>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">Parameters:</th><td class="field-body"><strong>visit_key</strong> – The session key for whom we’re looking up an identity.</td>
</tr>
<tr class="field"><th class="field-name">Returns:</th><td class="field-body">an object with the following properties:
:user_name: original user name
:user: a provider dependant object (TG_User or similar)
:groups: a set of group IDs
:permissions: a set of permission IDs</td>
</tr>
</tbody>
</table>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.validate_identity">
<tt class="descname">validate_identity</tt><big>(</big><em>user_name</em>, <em>password</em>, <em>visit_key</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.validate_identity" title="Permalink to this definition">¶</a></dt>
<dd><p>Look up the identity represented by user_name and determine whether the
password is correct.</p>
<p>Must return either None if the credentials weren’t valid or an object
with the following properties:</p>
<blockquote>
<div><table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">user_name:</th><td class="field-body">original user name</td>
</tr>
<tr class="field"><th class="field-name">user:</th><td class="field-body">a provider dependant object (TG_User or similar)</td>
</tr>
<tr class="field"><th class="field-name">groups:</th><td class="field-body">a set of group IDs</td>
</tr>
<tr class="field"><th class="field-name">permissions:</th><td class="field-body">a set of permission IDs</td>
</tr>
</tbody>
</table>
</div></blockquote>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first last simple">
<li><strong>user_name</strong> – user_name we’re authenticating. If None, we’ll try
to lookup a username from SSL variables</li>
<li><strong>password</strong> – password to authenticate user_name with</li>
<li><strong>visit_key</strong> – visit_key from the user’s session</li>
</ul>
</td>
</tr>
</tbody>
</table>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.validate_password">
<tt class="descname">validate_password</tt><big>(</big><em>user</em>, <em>user_name</em>, <em>password</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider2.JsonFasIdentityProvider.validate_password" title="Permalink to this definition">¶</a></dt>
<dd><p>Check the supplied user_name and password against existing credentials.
Note: user_name is not used here, but is required by external
password validation schemes that might override this method.
If you use SqlAlchemyIdentityProvider, but want to check the passwords
against an external source (i.e. PAM, LDAP, Windows domain, etc),
subclass SqlAlchemyIdentityProvider, and override this method.</p>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple">
<li><strong>user</strong> – User information.</li>
<li><strong>user_name</strong> – Given username. Not used.</li>
<li><strong>password</strong> – Given, plaintext password.</li>
</ul>
</td>
</tr>
<tr class="field"><th class="field-name">Returns:</th><td class="field-body"><p class="first last">True if the password matches the username. Otherwise False.
Can return False for problems within the Account System as well.</p>
</td>
</tr>
</tbody>
</table>
</dd></dl>
</dd></dl>
<span class="target" id="module-fedora.tg.visit.jsonfasvisit2"></span><p>This plugin provides integration with the Fedora Account System using JSON
calls to the account system server.</p>
<p><em>Module author: Toshio Kuratomi <<a class="reference external" href="mailto:tkuratom%40redhat.com">tkuratom<span>@</span>redhat<span>.</span>com</a>></em></p>
<dl class="class">
<dt id="fedora.tg.visit.jsonfasvisit2.JsonFasVisitManager">
<em class="property">class </em><tt class="descclassname">fedora.tg.visit.jsonfasvisit2.</tt><tt class="descname">JsonFasVisitManager</tt><big>(</big><em>timeout</em><big>)</big><a class="headerlink" href="#fedora.tg.visit.jsonfasvisit2.JsonFasVisitManager" title="Permalink to this definition">¶</a></dt>
<dd><p>This proxies visit requests to the Account System Server running remotely.</p>
<dl class="method">
<dt id="fedora.tg.visit.jsonfasvisit2.JsonFasVisitManager.create_model">
<tt class="descname">create_model</tt><big>(</big><big>)</big><a class="headerlink" href="#fedora.tg.visit.jsonfasvisit2.JsonFasVisitManager.create_model" title="Permalink to this definition">¶</a></dt>
<dd><p>Create the Visit table if it doesn’t already exist.</p>
<p>Not needed as the visit tables reside remotely in the FAS2 database.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.visit.jsonfasvisit2.JsonFasVisitManager.new_visit_with_key">
<tt class="descname">new_visit_with_key</tt><big>(</big><em>visit_key</em><big>)</big><a class="headerlink" href="#fedora.tg.visit.jsonfasvisit2.JsonFasVisitManager.new_visit_with_key" title="Permalink to this definition">¶</a></dt>
<dd><p>Return a new Visit object with the given key.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.visit.jsonfasvisit2.JsonFasVisitManager.update_queued_visits">
<tt class="descname">update_queued_visits</tt><big>(</big><em>queue</em><big>)</big><a class="headerlink" href="#fedora.tg.visit.jsonfasvisit2.JsonFasVisitManager.update_queued_visits" title="Permalink to this definition">¶</a></dt>
<dd><p>Update the visit information on the server</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.visit.jsonfasvisit2.JsonFasVisitManager.visit_for_key">
<tt class="descname">visit_for_key</tt><big>(</big><em>visit_key</em><big>)</big><a class="headerlink" href="#fedora.tg.visit.jsonfasvisit2.JsonFasVisitManager.visit_for_key" title="Permalink to this definition">¶</a></dt>
<dd><p>Return the visit for this key or None if the visit doesn’t exist or has
expired.</p>
</dd></dl>
</dd></dl>
</div>
<div class="section" id="turbogears-identity-provider-1">
<span id="jsonfas1"></span><h2>Turbogears Identity Provider 1<a class="headerlink" href="#turbogears-identity-provider-1" title="Permalink to this headline">¶</a></h2>
<p>These methods are <strong>deprecated</strong> because they do not provide the <a class="reference internal" href="glossary.html#term-csrf"><em class="xref std std-term">CSRF</em></a>
protection of <a class="reference internal" href="#jsonfas2"><em>TurboGears Identity Provider 2</em></a>. Please use that identity provider instead.</p>
<span class="target" id="module-fedora.tg.identity.jsonfasprovider1"></span><p><strong>Deprecated</strong> Use jsonfasprovider2 instead a it provides CSRF protection.</p>
<p>This plugin provides integration with the Fedora Account System using
<a class="reference internal" href="glossary.html#term-json"><em class="xref std std-term">JSON</em></a> calls.</p>
<p><em>Module author: Toshio Kuratomi <<a class="reference external" href="mailto:tkuratom%40redhat.com">tkuratom<span>@</span>redhat<span>.</span>com</a>></em></p>
<p><em>Module author: Ricky Zhou <<a class="reference external" href="mailto:ricky%40fedoraproject.org">ricky<span>@</span>fedoraproject<span>.</span>org</a>></em></p>
<dl class="class">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentity">
<em class="property">class </em><tt class="descclassname">fedora.tg.identity.jsonfasprovider1.</tt><tt class="descname">JsonFasIdentity</tt><big>(</big><em>visit_key</em>, <em>user=None</em>, <em>username=None</em>, <em>password=None</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentity" title="Permalink to this definition">¶</a></dt>
<dd><p>Associate an identity with a person in the auth system.</p>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.anonymous">
<tt class="descname">anonymous</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.anonymous" title="Permalink to this definition">¶</a></dt>
<dd><p>Return True if there’s no user logged in.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.display_name">
<tt class="descname">display_name</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.display_name" title="Permalink to this definition">¶</a></dt>
<dd><p>Return the user’s display name.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.groups">
<tt class="descname">groups</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.groups" title="Permalink to this definition">¶</a></dt>
<dd><p>Return the groups that a user is a member of.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.logout">
<tt class="descname">logout</tt><big>(</big><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.logout" title="Permalink to this definition">¶</a></dt>
<dd><p>Remove the link between this identity and the visit.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.send_request">
<tt class="descname">send_request</tt><big>(</big><em>method</em>, <em>req_params=None</em>, <em>auth=False</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.send_request" title="Permalink to this definition">¶</a></dt>
<dd><p>Make an HTTP Request to a server method.</p>
<p>We need to override the send_request provided by <tt class="docutils literal"><span class="pre">BaseClient</span></tt> to
keep the visit_key in sync.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.user">
<tt class="descname">user</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.user" title="Permalink to this definition">¶</a></dt>
<dd><p>Retrieve information about the user from cache or network.</p>
</dd></dl>
<dl class="attribute">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.user_name">
<tt class="descname">user_name</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentity.user_name" title="Permalink to this definition">¶</a></dt>
<dd><p>Return the username for the user.</p>
</dd></dl>
</dd></dl>
<dl class="class">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider">
<em class="property">class </em><tt class="descclassname">fedora.tg.identity.jsonfasprovider1.</tt><tt class="descname">JsonFasIdentityProvider</tt><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider" title="Permalink to this definition">¶</a></dt>
<dd><p>IdentityProvider that authenticates users against the fedora account system</p>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.anonymous_identity">
<tt class="descname">anonymous_identity</tt><big>(</big><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.anonymous_identity" title="Permalink to this definition">¶</a></dt>
<dd><p>Must return an object with the following properties:</p>
<blockquote>
<div><table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">user_name:</th><td class="field-body">original user name</td>
</tr>
<tr class="field"><th class="field-name">user:</th><td class="field-body">a provider dependant object (TG_User or similar)</td>
</tr>
<tr class="field"><th class="field-name">groups:</th><td class="field-body">a set of group IDs</td>
</tr>
<tr class="field"><th class="field-name">permissions:</th><td class="field-body">a set of permission IDs</td>
</tr>
</tbody>
</table>
</div></blockquote>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.authenticated_identity">
<tt class="descname">authenticated_identity</tt><big>(</big><em>user</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.authenticated_identity" title="Permalink to this definition">¶</a></dt>
<dd><p>Constructs Identity object for user that has no associated visit_key.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.create_provider_model">
<tt class="descname">create_provider_model</tt><big>(</big><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.create_provider_model" title="Permalink to this definition">¶</a></dt>
<dd><p>Create the database tables if they don’t already exist.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.load_identity">
<tt class="descname">load_identity</tt><big>(</big><em>visit_key</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.load_identity" title="Permalink to this definition">¶</a></dt>
<dd><p>Lookup the principal represented by visit_key.</p>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">Parameters:</th><td class="field-body"><strong>visit_key</strong> – The session key for whom we’re looking up an identity.</td>
</tr>
<tr class="field"><th class="field-name">Returns:</th><td class="field-body">an object with the following properties:<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">user_name:</th><td class="field-body">original user name</td>
</tr>
<tr class="field"><th class="field-name">user:</th><td class="field-body">a provider dependant object (TG_User or similar)</td>
</tr>
<tr class="field"><th class="field-name">groups:</th><td class="field-body">a set of group IDs</td>
</tr>
<tr class="field"><th class="field-name">permissions:</th><td class="field-body">a set of permission IDs</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.validate_identity">
<tt class="descname">validate_identity</tt><big>(</big><em>user_name</em>, <em>password</em>, <em>visit_key</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.validate_identity" title="Permalink to this definition">¶</a></dt>
<dd><p>Look up the identity represented by user_name and determine whether the
password is correct.</p>
<p>Must return either None if the credentials weren’t valid or an object
with the following properties:</p>
<blockquote>
<div><table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">user_name:</th><td class="field-body">original user name</td>
</tr>
<tr class="field"><th class="field-name">user:</th><td class="field-body">a provider dependant object (TG_User or similar)</td>
</tr>
<tr class="field"><th class="field-name">groups:</th><td class="field-body">a set of group IDs</td>
</tr>
<tr class="field"><th class="field-name">permissions:</th><td class="field-body">a set of permission IDs</td>
</tr>
</tbody>
</table>
</div></blockquote>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.validate_password">
<tt class="descname">validate_password</tt><big>(</big><em>user</em>, <em>user_name</em>, <em>password</em><big>)</big><a class="headerlink" href="#fedora.tg.identity.jsonfasprovider1.JsonFasIdentityProvider.validate_password" title="Permalink to this definition">¶</a></dt>
<dd><p>Check the supplied user_name and password against existing credentials.
Note: user_name is not used here, but is required by external
password validation schemes that might override this method.
If you use SqlAlchemyIdentityProvider, but want to check the passwords
against an external source (i.e. PAM, LDAP, Windows domain, etc),
subclass SqlAlchemyIdentityProvider, and override this method.</p>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple">
<li><strong>user</strong> – User information. Not used.</li>
<li><strong>user_name</strong> – Given username.</li>
<li><strong>password</strong> – Given, plaintext password.</li>
</ul>
</td>
</tr>
<tr class="field"><th class="field-name">Returns:</th><td class="field-body"><p class="first last">True if the password matches the username. Otherwise False.
Can return False for problems within the Account System as well.</p>
</td>
</tr>
</tbody>
</table>
</dd></dl>
</dd></dl>
<span class="target" id="module-fedora.tg.visit.jsonfasvisit1"></span><p>This plugin provides integration with the Fedora Account System using JSON
calls to the account system server.</p>
<p><em>Module author: Toshio Kuratomi <<a class="reference external" href="mailto:tkuratom%40redhat.com">tkuratom<span>@</span>redhat<span>.</span>com</a>></em></p>
<dl class="class">
<dt id="fedora.tg.visit.jsonfasvisit1.JsonFasVisitManager">
<em class="property">class </em><tt class="descclassname">fedora.tg.visit.jsonfasvisit1.</tt><tt class="descname">JsonFasVisitManager</tt><big>(</big><em>timeout</em><big>)</big><a class="headerlink" href="#fedora.tg.visit.jsonfasvisit1.JsonFasVisitManager" title="Permalink to this definition">¶</a></dt>
<dd><p>This proxies visit requests to the Account System Server running remotely.</p>
<dl class="method">
<dt id="fedora.tg.visit.jsonfasvisit1.JsonFasVisitManager.create_model">
<tt class="descname">create_model</tt><big>(</big><big>)</big><a class="headerlink" href="#fedora.tg.visit.jsonfasvisit1.JsonFasVisitManager.create_model" title="Permalink to this definition">¶</a></dt>
<dd><p>Create the Visit table if it doesn’t already exist.</p>
<p>Not needed as the visit tables reside remotely in the FAS2 database.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.visit.jsonfasvisit1.JsonFasVisitManager.new_visit_with_key">
<tt class="descname">new_visit_with_key</tt><big>(</big><em>visit_key</em><big>)</big><a class="headerlink" href="#fedora.tg.visit.jsonfasvisit1.JsonFasVisitManager.new_visit_with_key" title="Permalink to this definition">¶</a></dt>
<dd><p>Return a new Visit object with the given key.</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.visit.jsonfasvisit1.JsonFasVisitManager.update_queued_visits">
<tt class="descname">update_queued_visits</tt><big>(</big><em>queue</em><big>)</big><a class="headerlink" href="#fedora.tg.visit.jsonfasvisit1.JsonFasVisitManager.update_queued_visits" title="Permalink to this definition">¶</a></dt>
<dd><p>Update the visit information on the server</p>
</dd></dl>
<dl class="method">
<dt id="fedora.tg.visit.jsonfasvisit1.JsonFasVisitManager.visit_for_key">
<tt class="descname">visit_for_key</tt><big>(</big><em>visit_key</em><big>)</big><a class="headerlink" href="#fedora.tg.visit.jsonfasvisit1.JsonFasVisitManager.visit_for_key" title="Permalink to this definition">¶</a></dt>
<dd><p>Return the visit for this key or None if the visit doesn’t exist or has
expired.</p>
</dd></dl>
</dd></dl>
</div>
<div class="section" id="django-authentication-backend">
<span id="djangoauth"></span><h2>Django Authentication Backend<a class="headerlink" href="#django-authentication-backend" title="Permalink to this headline">¶</a></h2>
<div class="toctree-wrapper compound">
<ul>
<li class="toctree-l1"><a class="reference internal" href="django.html">Fedora Django Authentication Backend</a><ul>
<li class="toctree-l2"><a class="reference internal" href="django.html#fedora-django-auth">fedora.django.auth</a></li>
</ul>
</li>
</ul>
</div>
</div>
<div class="section" id="fas-who-plugin-for-turbogears2">
<span id="faswho"></span><h2>FAS Who Plugin for TurboGears2<a class="headerlink" href="#fas-who-plugin-for-turbogears2" title="Permalink to this headline">¶</a></h2>
<div class="toctree-wrapper compound">
<ul>
<li class="toctree-l1"><a class="reference internal" href="faswho.html">FASWho Plugin</a><ul>
<li class="toctree-l2"><a class="reference internal" href="faswho.html#authenticating-against-fas-with-turbogears2">Authenticating against FAS with TurboGears2</a></li>
<li class="toctree-l2"><a class="reference internal" href="faswho.html#using-csrf-middleware-with-other-auth-methods">Using CSRF middleware with other Auth Methods</a></li>
<li class="toctree-l2"><a class="reference internal" href="faswho.html#templates">Templates</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h3><a href="index.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">Authentication to FAS</a><ul>
<li><a class="reference internal" href="#turbogears-identity-provider-2">TurboGears Identity Provider 2</a></li>
<li><a class="reference internal" href="#turbogears-identity-provider-1">Turbogears Identity Provider 1</a></li>
<li><a class="reference internal" href="#django-authentication-backend">Django Authentication Backend</a><ul>
</ul>
</li>
<li><a class="reference internal" href="#fas-who-plugin-for-turbogears2">FAS Who Plugin for TurboGears2</a><ul>
</ul>
</li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="CSRF.html"
title="previous chapter">CSRF Protection</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="django.html"
title="next chapter">Fedora Django Authentication Backend</a></p>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="_sources/auth.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="search.html" method="get">
<input type="text" name="q" size="18" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="django.html" title="Fedora Django Authentication Backend"
>next</a> |</li>
<li class="right" >
<a href="CSRF.html" title="CSRF Protection"
>previous</a> |</li>
<li><a href="index.html">python-fedora v0.3.25.1 documentation</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2007-2011 Red Hat, Inc..
Last updated on Nov 02, 2011.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.0.7.
</div>
</body>
</html>
distrib
>
Fedora
>
14
>
x86_64
>
media
>
updates
>
by-pkgid
>
762e4b4e451f9de4722602c03fda2c9b
>
files
>
217
