Added an entry point for paste.auth.cookie; added/currected a little info to the docstrings

author: ianb <devnull@localhost> 2006-08-19 19:28:25 +0000
committer: ianb <devnull@localhost> 2006-08-19 19:28:25 +0000
commit: c968f38a0ed2529915d11207ea5b99497176ac07 (patch)
tree: 7bc0d2469de0cd36020cd9446f3add609dc8d4d1 /paste/auth
parent: fe432984501841f5b0a7ef9479a1f86f6f7bf36d (diff)
download: paste-c968f38a0ed2529915d11207ea5b99497176ac07.tar.gz
1 files changed, 91 insertions, 10 deletions
diff --git a/paste/auth/cookie.py b/paste/auth/cookie.py
index 5c49905..8dede14 100644
--- a/paste/auth/cookie.py
+++ b/paste/auth/cookie.py
@@ -185,10 +185,11 @@ class AuthCookieHandler:
     all use the same cookie_name and secret.
 
     By default, this handler scans the `environ` for the REMOTE_USER
-    key; if found, it is stored. It can be configured to scan other
-    `environ` keys as well -- but be careful not to exceed 2-3k (so that
-    the encoded and signed cookie does not exceed 4k). You can ask it
-    to handle other environment variables by doing:
+    and REMOTE_SESSION key; if found, it is stored. It can be
+    configured to scan other `environ` keys as well -- but be careful
+    not to exceed 2-3k (so that the encoded and signed cookie does not
+    exceed 4k). You can ask it to handle other environment variables
+    by doing:
 
        ``environ['paste.auth.cookie'].append('your.environ.variable')``
 
@@ -207,11 +208,11 @@ class AuthCookieHandler:
 
         ``scanlist``
 
-            This is the initial set of ``environ`` keys to save/restore
-            to the signed cookie.  By default is consists only of
-            ``REMOTE_USER``; any tuple or list of environment keys
-            will work.  However, be careful, as the total saved size is
-            limited to around 3k.
+            This is the initial set of ``environ`` keys to
+            save/restore to the signed cookie.  By default is consists
+            only of ``REMOTE_USER`` and ``REMOTE_SESSION``; any tuple
+            or list of environment keys will work.  However, be
+            careful, as the total saved size is limited to around 3k.
 
         ``signer``
 
@@ -287,8 +288,88 @@ class AuthCookieHandler:
 
 middleware = AuthCookieHandler
 
-__all__ = ['AuthCookieHandler', 'AuthCookieSigner', 'AuthCookieEnviron']
+# Paste Deploy entry point:
+def make_auth_cookie(
+    app, global_conf,
+    # Should this get picked up from global_conf somehow?:
+    cookie_name='PASTE_AUTH_COOKIE',
+    scanlist=('REMOTE_USER', 'REMOTE_SESSION'),
+    # signer cannot be set
+    secret=None,
+    timeout=30,
+    maxlen=4096):
+    """
+    This middleware uses cookies to stash-away a previously
+    authenticated user (and perhaps other variables) so that
+    re-authentication is not needed.  This does not implement
+    sessions; and therefore N servers can be syncronized to accept the
+    same saved authentication if they all use the same cookie_name and
+    secret.
+
+    By default, this handler scans the `environ` for the REMOTE_USER
+    and REMOTE_SESSION key; if found, it is stored. It can be
+    configured to scan other `environ` keys as well -- but be careful
+    not to exceed 2-3k (so that the encoded and signed cookie does not
+    exceed 4k). You can ask it to handle other environment variables
+    by doing:
+
+       ``environ['paste.auth.cookie'].append('your.environ.variable')``
+
+    Configuration:
+
+        ``cookie_name``
+
+            The name of the cookie used to store this content, by
+            default it is ``PASTE_AUTH_COOKIE``.
+
+        ``scanlist``
 
+            This is the initial set of ``environ`` keys to
+            save/restore to the signed cookie.  By default is consists
+            only of ``REMOTE_USER`` and ``REMOTE_SESSION``; any
+            space-separated list of environment keys will work.
+            However, be careful, as the total saved size is limited to
+            around 3k.
+
+        ``secret``
+
+            The secret that will be used to sign the cookies.  If you
+            don't provide one (and none is set globally) then a random
+            secret will be created.  Each time the server is restarted
+            a new secret will then be created and all cookies will
+            become invalid!  This can be any string value.
+
+        ``timeout``
+
+            The time to keep the cookie, expressed in minutes.  This
+            is handled server-side, so a new cookie with a new timeout
+            is added to every response.
+
+        ``maxlen``
+
+            The maximum length of the cookie that is sent (default 4k,
+            which is a typical browser maximum)
+        
+    """
+    if isinstance(scanlist, basestring):
+        scanlist = scanlist.split()
+    if secret is None and global_conf.get('secret'):
+        secret = global_conf['secret']
+    try:
+        timeout = int(timeout)
+    except ValueError:
+        raise ValueError('Bad value for timeout (must be int): %r'
+                         % timeout)
+    try:
+        maxlen = int(maxlen)
+    except ValueError:
+        raise ValieError('Bad value for maxlen (must be int): %r'
+                         % maxlen)
+    return AuthCookieHandler(
+        app, cookie_name=cookie_name, scanlist=scanlist,
+        secret=secret, timeout=timeout, maxlen=maxlen)
+
+__all__ = ['AuthCookieHandler', 'AuthCookieSigner', 'AuthCookieEnviron']
 
 if "__main__" == __name__:
     import doctest
author	ianb <devnull@localhost>	2006-08-19 19:28:25 +0000
committer	ianb <devnull@localhost>	2006-08-19 19:28:25 +0000
commit	c968f38a0ed2529915d11207ea5b99497176ac07 (patch)
tree	7bc0d2469de0cd36020cd9446f3add609dc8d4d1 /paste/auth
parent	fe432984501841f5b0a7ef9479a1f86f6f7bf36d (diff)
download	paste-c968f38a0ed2529915d11207ea5b99497176ac07.tar.gz